|
| 1 |
2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 | 24 | 25 | 26 | 27 | 28 | 29 |
30 | 31 | |
|
|
|
|
|
|
|
วิธีใช้ google hack
วิธีใช้ google hack
เนื่องจากความเก่งกาจของ google จึงไม่แปลกที่มีผู้ใช้เป็นจำนวนมากแต่ทุกๆอย่างย่อมมีทั้งดี-เสีย ลองดูเองแล้วกันนะครับ
//johnny.ihackstuff.com/index.php?module=prodreviews //petjka.blogspot.com/
SEARCH PATHS :
"Index of /admin" "Index of /password" "Index of /mail" "Index of /" +passwd "Index of /" +password.txt "Index of /" +.htaccess index of ftp +.mdb allinurl:/cgi-bin/ +mailto
administrators.pwd.index authors.pwd.index service.pwd.index filetype:config web gobal.asax index
allintitle: "index of/admin" allintitle: "index of/root" allintitle: sensitive filetype:doc allintitle: restricted filetype :mail allintitle: restricted filetype:doc site:gov
inurl: passwd filetype:txt inurl: admin filetype:db inurl: iisadmin inurl: "auth_user_file.txt" inurl: "wwwroot/*."
top secret site:mil confidential site:mil
allinurl: winnt/system32/ (get cmd.exe) allinurl:/bash_history
intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd intitle:"index of" members OR accounts intitle:"index of" user_carts OR user_cart
ALTERNATIVE INPUTS====================
_vti_inf.html service.pwd users.pwd authors.pwd administrators.pwd shtml.dll shtml.exe fpcount.exe default.asp showcode.asp sendmail.cfm getFile.cfm imagemap.exe test.bat msadcs.dll htimage.exe counter.exe browser.inc hello.bat default.aspdvwssr.dll cart32.exe add.exe index.jsp SessionServlet shtml.dll index.cfm page.cfm shtml.exe web_store.cgi shop.cgi upload.asp default.asp pbserver.dll phf test-cgi finger Count.cgi jj php.cgi php nph-test-cgi handler webdist.cgi webgais websendmail faxsurvey htmlscript perl.exe //www.oard.pl //www.sql view-source campas aglimpse glimpse man.sh AT-admin.cgi AT-generate.cgi filemail.pl maillist.pl info2www files.pl bnbform.cgi survey.cgi classifieds.cgi wrap cgiwrap edit.pl perl names.nsf webgais dumpenv.pl test.cgi submit.cgi guestbook.cgi guestbook.pl cachemgr.cgi responder.cgi perlshop.cgi query w3-msql plusmail htsearch infosrch.cgi publisher ultraboard.cgi db.cgi formmail.cgi allmanage.pl ssi adpassword.txt redirect.cgi cvsweb.cgi login.jsp dbconnect.inc admin htgrep wais.pl amadmin.pl subscribe.pl news.cgi auctionweaver.pl .htpasswd acid_main.php access.log log.htm log.html log.txt logfile logfile.htm logfile.html logfile.txt logger.html stat.htm stats.htm stats.html stats.txt webaccess.htm //www.tats.html source.asp perl mailto.cgi YaBB.pl mailform.pl cached_feed.cgi global.cgi Search.pl build.cgi common.php show global.inc ad.cgi WSFTP.LOG index.html~ index.php~ index.html.bak index.php.bak print.cgi register.cgi webdriver bbs_forum.cgi mysql.class sendmail.inc CrazyWWWBoard.cgi search.pl way-board.cgi webpage.cgi pwd.dat adcycle post-query help.cgi
Dont make war, make love or learn...
posted by AGRESSSORS @ 6:13 PM Again Google
This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitive information.
//www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23mysql+dump%22+filetype%3Asql&btnG=Search ---------------------------------------------------------------------------------------- These log files record info about the SSH client PUTTY. These files contain usernames, site names, IP addresses, ports and various other information about the SSH server connected to.
//www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+username+putty ---------------------------------------------------------------------------------------- These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user.
//www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3A%22password.log%22 ---------------------------------------------------------------------------------------
This file contains port number, version number and path info to MySQL server.
//www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22index+of%22+mysql.conf+OR+mysql_config -----------------------------------------------------------------------------------------
This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site. The usernames and passwords for this type of login mechanism are often stored in plaintext inside the source of the .swl file.
//www.google.com/search?hl=en&lr=&q=inurl%3Alogin+filetype%3Aswf+swf --------------------------------------------------------------------------------------
These are oulook express email files which contain emails, with full headers. The information in these emails can be useful for information gathering about a target.
//www.google.com/search?hl=en&lr=&q=filetype%3Aeml+eml+%2Bintext%3A%22Subject%22+%2Bintext%3A%22From%22+%2Bintext%3A%22To%22 ----------------------------------------------------------------------------------------
This google search reveals users names, pop3 passwords, email addresses, servers connected to and more. The IP addresses of the users can also be revealed in some cases.
//www.google.com/search?num=100&hl=en&lr=&q=filetype%3Areg+reg+%2Bintext%3A%22internet+account+manager ---------------------------------------------------------------------------------------
Create Date : 01 สิงหาคม 2552 |
Last Update : 1 สิงหาคม 2552 23:29:00 น. |
|
1 comments
|
Counter : 122809 Pageviews. |
|
|
|
| |
|
|