sabato 30 luglio 2011

GOOGLE HACK AGAIN 2

Ecco a voi alcune delle query per google:

allinurl:admin.php site:.edu
Filetype: trova archivio .pdf, .ps, .doc, .xls, .txt, .ppt, .rtf, .asp, .wpd...
"Index of /admin"
"Index of /root"
"Index of /password"
"Index of /" +passwd
allintitle: "index of/admin"
allintitle: restricted filetype:doc site:gov
intitle:"index of private"
allinurl:auth_user_file.txt
intitle:"Index of" config.php
intitle:index.of.etc
filetype:xls username password email
intitle:"Index of" ".htpasswd" "htgroup" -intitle:"dist" -apache -htpasswd.c
intitle:"Index of" ".htpasswd" htpasswd.bak
inurl:config.php dbuname dbpass
intitle:"Index of" master.passwd
intitle:"Index of" .mysql_history
intitle:"index of" trillian.ini
intitle:"Index of" spwd.db passwd -pam.conf
intitle:"Index of" pwd.db
intitle:"Index of" secring.bak
intitle:"Index of" "people.lst"
intitle:"Index of..etc" passwd
intitle:"Index of" passwd passwd.bak
intitle:index.of passlist
intitle:"Index of" .bash_history
intitle:"Index of" .sh_history
site:edu grades admin
filetype:htaccess basic
intitle:"Index of" finances.xls
"This report was generated by WebLog"
"phpinfo.php" –manual
intitle:Index.of robots.txt
intitle:"Index of" _vti_inf.html
intitle:"Index of" service.pwd
intitle:"Index of" shtml.dll
intitle:"Index of" shtml.exe
intitle:"Index of" fpcount.exe
intitle:"Index of" default.asp
intitle:"Index of" htimage.exe
intitle:"Index of" default.asp
intitle:"Index of" AT-admin.cgi
intitle:"Index of" glimpse
intitle:"Index of" guestbook.cgi
intitle:"Index of" perl
intitle:"Index of" show
intitle:"Index of" index.html~
intitle:"Index of" stats.html
inurl:shop "Hassan Consulting's Shopping Cart Version 1.18"
intitle:"Welcome to Windows 2000 Internet Services"
intitle:"Welcome to IIS 4.0"
"powered by openbsd" +"powered by apache"
"Powered by phpBB 2.0.0"

Le Query ALLINURL: e INURL: vi serviranno
se volete ricevere nelle vostre ricerche
i link contenete l'indirizzo che cercate allora
queste fanno a caso vostro!
Quindi se volete ad esempio scovare il modulo
login dell'admin (In siti ASP)
utilizeremo in google:

Allinurl:/admin.asp
Inurl:/admin.asp


Poi ci sono anche:

intitle:"Live View / - AXIS"

intitle:"EvoCam" inurl:"webcam.html"

Servono per trovate telecamere sprotette da pilotare


intitle:index.of "parent directory"

Con questa Google cerca tutti i siti con le cartelle non protette


filetype:htpasswd htpasswd

Con questa invece Google cerca tutti i siti dove il file htpasswd non è protetto


intitle:index.of passwd passwd.bak

Questa cerca tutti i siti dove le password dei sistemi Linux sono sprotette;


inurl:admin.php -mysql_fetch_row

Infine questa: Google cerca tutti i CMS PHP-Nuke sprovvisti di account administrator, e con la pagina di creazione god
admin libera

Nessun commento:

Posta un commento