mercoledì 3 agosto 2011

GOOGLE HACKING

  1. Google Hacking 
  2. allintitle:Brains, Corp. camera 
  3. allintitle:"index of/admin"
  4. allintitle:"index of/root"
  5. allintitle:restricted filetype:doc site:gov
  6. allintitle:restricted filetype :mail
  7. allintitle:sensitive filetype:doc
  8. allinurl:/bash_history
  9. allinurl:winnt/system32/ (get cmd.exe)
  10. ext:ini eudora.ini
  11. ext:pwd inurl:(service|authors|administrators |users) "# -FrontPage-" 
  12. filetype:bak inurl:"htaccess|passwd|shadow|htusers"
  13. filetype:conf slapd.conf
  14. filetype:ctt "msn"
  15. filetype:mdb inurl:"account|users|admin|administrators|passwd|password"
  16. filetype:mdb inurl:users.mdb
  17. filetype:QDF QDF
  18. filetype:pdf "Host Vulnerability Summary Report" "Assessment Report"
  19. filetype:sql ("passwd values ****" | "password values ****" | "pass values ****" )
  20. filetype:xls inurl:"email.xls"
  21. filetype:user eggdrop user
  22. "Index of /admin"
  23. "Index of /" +.htaccess
  24. "Index of /mail"
  25. "Index of /" "Parent Directory" "WS_FTP.ini" filetype:ini
  26. "Index of /" +passwd
  27. "Index of /password"
  28. "Index of /" +password.txt
  29. intext:"BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board"
  30. intext:centreware inurl:status
  31. intext:"MOBOTIX M1"
  32. intext:"MOBOTIX M10"
  33. intext:"Open Menu"
  34. intext:"powered by Web Wiz Journal"
  35. intext:"Tobias Oetiker" "traffic analysis"
  36.  
  37. intitle:index.of "Apache/1.3.28 Server at"
  38. intitle:index.of "Apache/2.0 Server at"
  39. intitle:index.of "Apache/* Server at"
  40. intitle:index.of "HP Apache-based Web Server/*"
  41. intitle:index.of "IBM _ HTTP _ Server/* * Server at"
  42. intitle:index.of "Microsoft-IIS/4.0 Server at"
  43. intitle:index.of "Microsoft-IIS/5.0 Server at"
  44. intitle:index.of "Microsoft-IIS/6.0 Server at"
  45. intitle:index.of "Microsoft-IIS/* Server at"
  46. intitle:index.of "Netscape/* Server at"
  47. intitle:index.of "Oracle HTTP Server/* Server at"
  48. intitle:index.of "Red Hat Secure/*" 
  49. intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)
  50. intitle:"Welcome to IIS 4.0!"
  51. intitle:"Welcome to Windows 2000 Internet Services"
  52. intitle:"Welcome to Windows XP Server Internet Services"
  53. intitle:"Welcome to Your New Home Page!"
  54. intitle:"Test Page for Apache Installation" "It worked!" "this Web site!"
  55. intitle:"Test Page for Apache Installation" "Seeing this instead"
  56. intitle:"Test Page for Apache Installation" "You are free"
  57. intitle:"Test Page for the Apache Http Server on Fedora Core"
  58. intitle:"Test Page for the Apache Web Server on RedHat Linux"
  59. intitle:"Test Page for the SSL/TLS-aware Apache Installation" "Hey, it worked!" 
  60. intitle:"index of" .bash_history
  61. intitle:"index of" etc/shadow
  62. intitle:"index.of" finances.xls
  63. intitle:"index of" htpasswd
  64. intitle:"Index Of" inurl:maillog
  65. intitle:"index of" master.passwd
  66. intitle:"index of" members OR accounts
  67. intitle:"index.of" mystuff.xml
  68. intitle:"index of" passwd
  69. intitle:"index of" people.lst
  70. intitle:"index of" pwd.db
  71. intitle:"Index of" pwd.db
  72. intitle:"Index of" .sh_history
  73. intitle:"index of" spwd
  74. intitle:"index.of" trillian.ini
  75. intitle:"index of" user_carts OR user_cart
  76. intitle:"active webcam page"
  77. intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"
  78. intitle:"curriculum vitae" "phone * * *" "address *"
  79. intitle:"Dell Laser Printer" ews
  80. intitle:"EvoCam" inurl:"webcam.html"
  81. intitle:liveapplet inurl:LvAppl
  82. intitle:"Multimon UPS status page"
  83. intitle:"my webcamXP server!" inurl:":8080"
  84. intitle:"statistics of" "advanced web statistics"
  85. intitle:"System Statistics" +"System and Network Information Center"
  86. intitle:"Terminal Services Web Connection"
  87. intitle:"Usage Statistics for" "Generated by Webalizer"
  88. intitle:"VNC Desktop" inurl:5800
  89. intitle:"Web Server Statistics for ****"
  90. inurl:admin filetype:db
  91. inurl:admin inurl:backup intitle:index.of
  92. inurl:"auth_user_file.txt"
  93. inurl:"/axs/ax-admin.pl" -script
  94. inurl:"/cricket/grapher.cgi"
  95. inurl:hp/device/this.LCDispatcher
  96. inurl:iisadmin
  97. inurl:indexFrame.shtml Axis
  98. inurl:"main.php" "phpMyAdmin" "running on"
  99. inurl:passwd filetype:txt
  100. inurl:"printer/main.html" intext:"settings"
  101. inurl:server-info "Apache Server Information"
  102. inurl:"ViewerFrame?Mode="
  103. inurl:"wvdial.conf" intext:"password"
  104. inurl:"wwwroot/*."
  105. site:gov confidential
  106. site:mil confidential
  107. site:mil "top secret"
  108. "Copyright (c) Tektronix, Inc." "printer status"
  109. "Host Vulnerability Summary Report"
  110. "http://*:*@www"
  111. "Network Vulnerability Assessment Report"
  112. "not for distribution"
  113. "Output produced by SysWatch *"
  114. "These statistics were produced by getstats"
  115. "This file was generated by Nessus"
  116. "This report was generated by WebLog"
  117. "This summary was generated by wwwstat"
  118. "Generated by phpSystem"
  119. "Host Vulnerability Summary Report"
  120.  "my webcamXP server!"
  121.  sample/LvAppl/
  122. "TOSHIBA Network Camera - User Login"
  123. /home/homeJ.html
  124. /ViewerFrame?Mode=Motion
  125. This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitive information. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23mysql+dump%22+filetype%3Asql&btnG=Search
  126.  
  127. These log files record info about the SSH client PUTTY. These files contain usernames, site names, IP addresses, ports and various other information about the SSH server connected to. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+username+putty
  128.  
  129. These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3A%22password.log%22
  130.  
  131. This file contains port number, version number and path info to MySQL server. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22index+of%22+mysql.conf+OR+mysql_config
  132.  
  133. This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site. The usernames and passwords for this type of login mechanism are often stored in plaintext inside the source of the .swl file. http://www.google.com/search?hl=en&lr=&q=inurl%3Alogin+filetype%3Aswf+swf
  134.  
  135. These are oulook express email files which contain emails, with full headers. The information in these emails can be useful for information gathering about a target. http://www.google.com/search?hl=en&lr=&q=filetype%3Aeml+eml+%2Bintext%3A%22Subject%22+%2Bintext%3A%22From%22+%2Bintext%3A%22To%22
  136.  
  137. This google search reveals users names, pop3 passwords, email addresses, servers connected to and more. The IP addresses of the users can also be revealed in some cases. http://www.google.com/search?num=100&hl=en&lr=&q=filetype%3Areg+reg+%2Bintext%3A%22internet+account+manager
  138.  
  139.  
  140.  
  141.  
  142. Footprinting Websites and Information Gathering Resources
  143.  
  144. A hacker or pen tester  may also do a Google search or a site search to locate information about employees. Some sites useful to find more information about an organization and its employees include:
  145.  
  146. www.trula.com - real estate
  147.  
  148. www.zillow.com - real estate
  149.  
  150. www.netronline.com - real estate
  151.  
  152. www.whosarat.com - informants
  153.  
  154. www.zabaseach.com - name, address, location info
  155.  
  156. www.zoominfo.com - person & company data
  157.  
  158. www.vitalrec.com - people info
  159.  
  160. www.pipl.com - people search
  161.  
  162. www.skipease.com/blog/ - people search
  163.  
  164. www.pretrieve.com - people search
  165.  
  166. www.publicdata.com - people search
  167.  
  168. www.urapi.com - people search
  169.  
  170. https://addons.mozilla.org/en-US/firefox/addon/1912 (who is this person)
  171.  
  172. www.nndb.com – people activity tracker
  173.  
  174. www.willyancey.com/finding.htm  online info
  175.  
  176. www.courthousedirect.com  - property records
  177.  
  178. www.turboscout.com - multisearch engine tool
  179.  
  180. www.theultimates.com - phone number lookup
  181.  
  182. http://skipease.whitepages.com/reverse_address - address lookup
  183.  
  184. www.thevault.com - company search / profile
  185.  
  186. www.blogsearchengine.com - search blogs for info or person
  187.  
  188. www.ccrs.info - China based company search /profile
  189.  
  190. www.hoovers.com - company search / profile
  191.  
  192. www.lexisnexis.com - company search / profile
  193.  
  194. www.topix.net - region specific news articles
  195.  
  196. www.pacer.uscourts.gov/natsuit.html - Court records
  197.  
  198. www.oihweb.com - online investigation techniques
  199.  
  200. www.linkedin.com - business person's network
  201.  
  202.  
  203. Footprinting Links
  204.  
  205. Google Hacking Database
  206. A search that finds password hashes
  207. Nessus Reports from Google
  208. More Passwords from Google
  209. Google Hacks Volume III by Halla
  210. G-Zapper Blocks the Google Cookie to Search Anonymously
  211. SiteDigger 2.0 searches Google’s cache to look for vulnerabilities
  212. BeTheBot - View Pages as the Googlebot Sees Them
  213. An experts-exchange page to demonstrate the Googlebot
  214. HTTP Header Viewer
  215. Masquerading Your Browser
  216. User Agent Switcher :: Firefox Add-ons
  217. Modify Headers :: Firefox Add-ons
  218. User Agent Sniffer for Project 1
  219. GNU Wget - Tool to Mirror Websites
  220. Teleport Pro - Tool to Mirror Websites
  221. Google Earth
  222. Finding Subdomains (Zone Transfers)
  223. Dakota Judge rules that Zone Transfers are Hacking
  224. Internet Archive - Wayback Machine
  225. Wikto - Web Server Assessment Tool - With Google Hacking
  226. VeriSign Whois Search from VeriSign, Inc.
  227. whois.com
  228. ARIN: WHOIS Database Search
  229. Border Gateway Protocol (BGP) and AS Numbers
  230. Internic | Whois - the only one that finds hackthissite.org
  231. Teenager admits eBay domain hijack
  232. NeoTrace
  233. VisualRoute traceroute: connection test, trace IP address, IP trace, IP address locations

Nessun commento:

Posta un commento