Iklan IT

Selasa, 06 Oktober 2009

Google Hacking Final

*Output produced by SysWatch *?
->operating system type and version, logged users, free memory and disk space, mount points, running processes,system logs

Error message queries
Salah satu kumpulan error message query, dapat ditemukan sehingga kita bisa mulai melakukan hacking pada tahap selanjutnya.

*A syntax error has occurred? filetype:ihtml
->Informix database errors, berpotensial untuk mengambil function names, filenames, file structure information, pieces of SQL code and passwords

*Access denied for user? *Using password?
->authorisation errors, berpotensial untuk mengambil user names, function names, file structure information and pieces of SQL code

*The script whose uid is ? *is not allowed to access?
->access-related PHP errors, berpotensial untuk mengambil filenames, function names and file structure information

*ORA-00921: unexpected end of SQL command?
->Oracle database errors, berpotensial untuk mengambil filenames, function names and file structure information

*error found handling the request? cocoon filetypeml
->Cocoon errors, berpotensial untuk mengambil Cocoon version information, filenames, function names and file structure information

*Invision Power Board Database Error?
->Invision Power Board bulletin board errors, berpotensial untuk mengambil function names, filenames, file structure information and piece of SQL code

*Warning: mysql _ query()? *invalid query?
->MySQL database errors, berpotensial untuk mengambil user names, function names, filenames and file structure information

*Error Message : Error loading required libraries.?
->CGI script errors, berpotensial untuk mengambil information about operating system and program versions, user names, filenames and file structure information

*#mysql dump? filetype:sql
->MySQL database errors, berpotensial untuk mengambil informasi database structure dan contents

Google queries untuk mencari lokasi passwords
kumpulan secara garis besar lokasi password sebuah sistem yang dapat diakses oleh google

*http://*:*@www?
site passwords for site, stored as the string

*http://username: password@www?? filetype:bak inurl:?htaccess|passwd|shadow|ht users?
file backups, berpotensial untuk mengambil user names and passwords

filetype:mdb inurl:?account|users|admin|administrators|passwd|p assword?
mdb files, berpotensial untuk mengambil password information

intitle:?Index of? pwd.db
pwd.db files, berpotensial untuk mengambil user names and encrypted passwords

inurl:admin inurl:backup intitle:index.of
directories whose names contain the words admin and backup

*Index of *Parent Directory? *WS _ FTP.ini? filetype:ini WS _ FTP PWD
WS_FTP configuration files, berpotensial untuk mengambil FTP server access passwords

extwd inurlservice|authors|administrators|users) *# -FrontPage-?
Terdapat Microsoft FrontPage passwords

filetype:sql (?passwd values ****? |?password values ****? | *pass values ****? )
Terdapat SQL code and passwords yang disimpan dalam a database

intitle:index.of trillian.ini
configuration files for the Trillian IM

eggdrop filetype:user
user configuration files for the Eggdrop ircbot

filetype:conf slapd.conf configuration files for OpenLDAP

inurl:?wvdial.conf? intext:?password? configuration files for WV Dial

ext:ini eudora.ini configuration files for the Eudora mail client

filetype:mdb inurl:users.mdb
Microsoft Access files, berpotensial untuk mengambil user account information

intext:?powered by Web Wiz Journal?
websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file - just enter http:///journal/journal.mdb instead of the default http:///journal/

*Powered by DUclassified? -site:duware.com
*Powered by DUcalendar? -site:duware.com
*Powered by DUdirectory? -site:duware.com
*Powered by DUclassmate? -site:duware.com
*Powered by DUdownload? -site:duware.com
*Powered by DUpaypal? -site:duware.com
*Powered by DUforum? -site:duware.com
intitle:dupics inurladd.asp | default.asp |view.asp | voting.asp) -site:duware.com
websites yang menggunakan DUclassified, DUcalendar, DUdirectory, DUclassmate, DUdownload, DUpaypal, DUforum or DUpics applications, secara default memungkinkan kita untuk mengambil passwords file
- untuk DUclassified, just enter http:///duClassified/ _private/duclassified.mdb
atau http:///duClassified/

intext:?BiTBOARD v2.0? *BiTSHiFTERS Bulletin Board?
website yang menggunakan Bitboard2 bulletin board, secara default settings memungkinkan kita untuk mengambil passwords file to be obtained
- dengan cara http:///forum/admin/data _ passwd.dat
atau http:///forum/forum.php

Mencari Dokumen khusus ?
filetypels inurl:?email.xls? email.xls
files, berpotensial untuk mengambil contact information

*phone * * *? *address *? *e-mail? intitle:?curriculum vitae?
CVs

*not for distribution?
confidential documents containing the confidential clause

buddylist.blt
AIM contacts list

intitle:index.of mystuff.xml
Trillian IM contacts list

filetype:ctt *msn?
MSN contacts list

filetype:QDF
QDF database files for the Quicken financial application

intitle:index.of finances.xls
finances.xls files, berpotensial untuk mengambil information on bank accounts, financial summaries and credit card numbers

intitle:?Index Of? -inurl:maillog maillog size maillog files, berpotensial untuk mengambil e-mail

Tidak ada komentar:

Posting Komentar

Semangat