Monday, 30 July 2018

Google Hacking

Google Queries for Locating Various Web Servers

“Apache/1.3.28 Server at” intitle:index.of
Apache 1.3.2
“Apache/2.0 Server at” intitle:index.of
Apache 2.0
“Apache/* Server at” intitle:index.of
any version of Apache
“Microsoft-IIS/4.0 Server at” intitle:index.of
Microsoft Internet Information Services 4.0
“Microsoft-IIS/5.0 Server at” intitle:index.ofMicrosoft Internet Information Services 5.0
“Microsoft-IIS/6.0 Server at” intitle:index.of
Microsoft Internet Information Services 6.0
“Microsoft-IIS/* Server at” intitle:index.of
any version of Microsoft Internet Information Services
“Oracle HTTP Server/* Server at” intitle:index.of
any version of Oracle HTTP Server
“IBM _ HTTP _ Server/* * Server at” intitle:index.of
any version of IBM HTTP Server
“Netscape/* Server at” intitle:index.of
any version of Netscape Server
“Red Hat Secure/*” intitle:index.of
any version of the Red Hat Secure server
“HP Apache-based Web Server/*” intitle:index.of
any version of the HP server
Queries for discovering standard post-installation
intitle:”Test Page for Apache Installation” “You are free”
Apache 1.2.6
intitle:”Test Page for Apache Installation” “It worked!” “this Web site!”
Apache 1.3.0 – 1.3.9
intitle:”Test Page for Apache Installation” “Seeing this instead”
Apache 1.3.11 – 1.3.33, 2.0
intitle:”Test Page for the SSL/TLS-aware Apache Installation” “Hey, it worked!”
Apache SSL/TLS
intitle:”Test Page for the Apache Web Server on Red Hat Linux”
Apache on Red Hat
intitle:”Test Page for the Apache Http Server on Fedora Core”
Apache on Fedora
intitle:”Welcome to Your New Home Page!”
Debian Apache on Debian
intitle:”Welcome to IIS 4.0!”
IIS 4.0
intitle:”Welcome to Windows 2000 Internet Services”
IIS 5.0
intitle:”Welcome to Windows XP Server Internet Services”
IIS 6.0
Querying for application-generated system reports
“Generated by phpSystem”

Operating system type and version, hardware configuration, logged users, open connections, free memory and disk space, mount points
“This summary was generated by wwwstat”
web server statistics, system file structure
“These statistics were produced by getstats”
web server statistics, system file structure
“This report was generated by WebLog”
web server statistics, system file structure
intext:”Tobias Oetiker” “traffic analysis”
systemperformance statistics as MRTG charts, network configuration
intitle:”Apache::Status” (inurl:server-status | inurl:status.html | inurl:apache.html)
server version, operating system type, child process list, current connections
intitle:”ASP Stats Generator *.*” “ASP Stats Generator” “2003-2004 weppos”
web server activity, lots of visitor information
intitle:”Multimon UPS status page”
UPS device performance statistics
intitle:”statistics of” “advanced web statistics”
web server statistics, visitor information
intitle:”System Statistics” +”System and Network Information Center”

System performance statistics as MRTG charts, hardware configuration, running services
intitle:”Usage Statistics for” “Generated by Webalizer”
web server statistics, visitor information, system file structure
intitle:”Web Server Statistics for ****”
web server statistics, visitor information
nurl:”/axs/ax-admin.pl” -script
web server statistics, visitor information
inurl:”/cricket/grapher.cgi”
MRTG charts of network interface performance
inurl:server-info “Apache Server Information”
web server version and configuration, operating system type, system file structure
“Output produced by SysWatch *”
operating system type and version, logged users, free memory and disk space, mount points, running processes, system logs.

Dorks for Finding Admin Page


admin1.php
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpmyadmin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
phpSQLiteAdmin/
server_admin_small/
database_administration/
system_administration/

Update Important Dorks


Dork: “inurl:dettaglio.php?id=”

Exploit :
www.victim.com/sito/dettaglio.php?id=[SQL]

Example :
http://www.cicloposse.com/dettaglio.php?id=61′

Dork: inurl:prodotto.php?id)

Exploit:
www.victim.com/prodotto.php?id=[SQL]

Example:
http://www.poderimorini.com/en/prodotto.php?id=14′

Sql Injection Dorks


allinurl: \”index php go buy\”
allinurl: \”index.php?go=sell\”
allinurl: \”index php go linkdir\”
allinurl: \”index.php?go=resource_center\”
allinurl: \”resource_center.html\”
allinurl: \”index.php?go=properties\”
allinurl: \”index.php?go=register\”

Error Message Queries

“A syntax error has occurred”filetype:ihtml
Informix database errors, potentially containing function names, filenames, file structure information, pieces of SQL code and passwords

“Access denied for user” “Using password”

authorization errors, potentially containing user names, function names, file structure information and pieces of SQL code

The script whose uid is ” “is not allowed to access”

access-related PHP errors, potentially containing filenames, function names and file structure information

“ORA-00921: unexpected end of SQL command”

Oracle database errors, potentially containing filenames, function names and file structure information

“error found handling the request” cocoon filetype:xml

Cocoon errors, potentially containing Cocoon version information, filenames, function names and file structure information

“Invision Power Board Database Error”

Invision Power Board bulletin board errors, potentially containing function names, filenames, file structure information and piece of SQL code

“Warning: mysql _ query()” “invalid query”

MySQL database errors, potentially containing user names, function names, filenames and file structure information

“Error Message : Error loading required libraries.”

CGI script errors, potentially containing information about operating system and program versions, user names, filenames and file structure information

“#mysql dump” filetype:sql

MySQL database errors, potentially containing information about database structure and contents

Dork for locating passwords

http://*:*@www” site

passwords for site, stored as the string “http://username:password@www…”

filetype:bak inurl:”htaccess|passwd|shadow|ht users”

file backups, potentially containing user names and passwords

filetype:mdb inurl:”account|users|admin|admin istrators|passwd|password”

mdb files, potentially containing password information

intitle:”Index of” pwd.db

pwd.db files, potentially containing user names and encrypted passwords

inurl:admin inurl:backup intitle:index.of

directories whose names contain the words admin and backup

“Index of/” “Parent Directory” “WS _ FTP.ini”

filetype:ini WS _ FTP PWD

WS_FTP configuration files, potentially containing FTP server access passwords

ext:pwd inurl:(service|authors|administrators |users) “# -FrontPage-”

files containing Microsoft FrontPage passwords

filetype:sql (“passwd values ****” | “password values ****” | “pass values ****” )

files containing SQL code and passwords inserted into a database

intitle:index.of trillian.ini

configuration files for the Trillian IM

eggdrop filetype:user

user configuration files for the Eggdrop ircbot

filetype:conf slapd.conf

configuration files for OpenLDAP

inurl:”wvdial.conf” intext:”password”

configuration files for WV Dial

ext:ini eudora.ini

configuration files for the Eudora mail client

filetype:mdb inurl:users.mdb

Microsoft Access files, potentially containing user account information

Searching for personal data and confidential documents

filetype:xls inurl:”email.xls”

email.xls files, potentially containing contact information

“phone * * *” “address *” “e-mail” intitle: “curriculum vitae”

CVs

“not for distribution”

confidential documents containing the confidential clause

buddylist.blt

AIM contacts list

intitle:index.of mystuff.xml

Trillian IM contacts list

filetype:ctt “msn”

MSN contacts list

filetype:QDF

QDF database files for the Quicken financial application

intitle:index.of finances.xls

finances.xls files, potentially containing information on bank accounts, financial summaries and credit card numbers

intitle:”Index Of” -inurl:maillog maillog size

maillog files, potentially containing e-mail

Network Vulnerability Assessment Report”
“Host Vulnerability Summary Report”
filetype:pdf “Assessment Report”
“This file was generated by Nessus”

reports for network security scans, penetration tests etc

Dork for locating network devices

“Copyright (c) Tektronix, Inc.” “printer status”

PhaserLink printers

inurl:”printer/main.html” intext:”settings”

Brother HL printers

intitle:”Dell Laser Printer” ews

Dell printers with EWS technology

intext:centreware inurl:status

Xerox Phaser 4500/6250/8200/8400 printers

inurl:hp/device/this.LCDispatcher

HP printers

intitle:liveapplet inurl:LvAppl

Canon Webview webcams

intitle:”EvoCam” inurl:”webcam.html”

Evocam webcams

inurl:”ViewerFrame?Mode=”

Panasonic Network Camera webcams

(intext:”MOBOTIX M1? | intext:”MOBOTIX M10?) intext:”Open Menu” Shift-Reload

Mobotix webcams

inurl:indexFrame.shtml Axis

Axis webcams

intitle:”my webcamXP server!” inurl:”:8080?

webcams accessible via WebcamXP Server

allintitle:Brains, Corp.

camera webcams accessible via mmEye

intitle:”active webcam page”.

0 comments:

Post a Comment