1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Article] Google Hacking: Part 2 of 4

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, May 1, 2008.

  1. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    789
    Likes Received:
    3,129
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    Google a Dream Come True.
    Article by: ComSec.
    Date: May 25, 2003

    SUMMARY:
    =======

    Everyone knows Google in the security sector...and what a powerful tool it is. Just by entering certain search strings you can gain a vast amount of knowledge and information of your chosen target...often revealing sensitive data...this is all down to badly configured systems...brought on by sloppy administration allowing directory indexing and accessing, password files, log entrys, files, paths, etc.

    Search Tips:
    The common search inputs below will give you an idea...for instance if you want to search for the index of "root", in the search box put in exactly as you see it below.

    Example 1:

    allintitle: "index of/root"

    Result:

    2,510 pages that you can browse at your will...

    ====================

    Example 2:

    inurl:"auth_user_file.txt"

    This result spawned 414 possible files to access.

    Here's an actual file retrieved from a site and edited, we know who the admin is, and we have the hashes that's a job for John the Ripper.

    txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on
    qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on

    The many variations below should keep you busy for a long time. Mixing them reveals many different permutations.

    *************************************

    SEARCH PATHS.......

    *************************************

    "Index of /admin"
    "Index of /password"
    "Index of /mail"
    "Index of /" +passwd
    "Index of /" +password.txt
    "Index of /" +.htaccess
    "Index of ftp" +.mdb allinurl:/cgi-bin/ +mailto

    administrators.pwd.index
    authors.pwd.index
    service.pwd.index
    filetype:config web
    gobal.asax index

    allintitle:"index of/admin"
    allintitle:"index of/root"
    allintitle:sensitive filetype:doc
    allintitle:restricted filetype :mail
    allintitle:restricted filetype:doc site:gov

    inurl:passwd filetype:txt
    inurl:admin filetype:db
    inurl:iisadmin
    inurl:"auth_user_file.txt"
    inurl:"wwwroot/*."

    top secret site:mil
    confidential site:mil

    allinurl:winnt/system32/ (get cmd.exe)
    allinurl:/bash_history

    intitle:"index of" .sh_history
    intitle:"index of" .bash_history
    intitle:"index of" passwd
    intitle:"index of" people.lst
    intitle:"index of" pwd.db
    intitle:"index of" etc/shadow
    intitle:"index of" spwd
    intitle:"index of" master.passwd
    intitle:"index of" htpasswd
    intitle:"index of" members OR accounts
    intitle:"index of" user_carts OR user_cart

    ALTERNATIVE INPUTS:
    ====================

    _vti_inf.html
    service.pwd
    users.pwd
    authors.pwd
    administrators.pwd
    shtml.dll
    shtml.exe
    fpcount.exe
    default.asp
    showcode.asp
    sendmail.cfm
    getFile.cfm
    imagemap.exe
    test.bat
    msadcs.dll
    htimage.exe
    counter.exe
    browser.inc
    hello.bat
    default.asp
    dvwssr.dll
    cart32.exe
    add.exe
    index.jsp
    SessionServlet
    shtml.dll
    index.cfm
    page.cfm
    shtml.exe
    web_store.cgi
    shop.cgi
    upload.asp
    default.asp
    pbserver.dll
    phf
    test-cgi
    finger
    Count.cgi
    jj
    php.cgi
    php
    nph-test-cgi
    handler
    webdist.cgi
    webgais
    websendmail
    faxsurvey
    htmlscript
    perl.exe
    wwwboard.pl
    www-sql
    view-source
    campas
    aglimpse
    glimpse
    man.sh
    AT-admin.cgi
    AT-generate.cgi
    filemail.pl
    maillist.pl
    info2www
    files.pl
    bnbform.cgi
    survey.cgi
    classifieds.cgi
    wrap
    cgiwrap
    edit.pl
    perl
    names.nsf
    webgais
    dumpenv.pl
    test.cgi
    submit.cgi
    guestbook.cgi
    guestbook.pl
    cachemgr.cgi
    responder.cgi
    perlshop.cgi
    query
    w3-msql
    plusmail
    htsearch
    infosrch.cgi
    publisher
    ultraboard.cgi
    db.cgi
    formmail.cgi
    allmanage.pl
    ssi
    adpassword.txt
    redirect.cgi
    cvsweb.cgi
    login.jsp
    dbconnect.inc
    admin
    htgrep
    wais.pl
    amadmin.pl
    subscribe.pl
    news.cgi
    auctionweaver.pl
    .htpasswd
    acid_main.php
    access.log
    log.htm
    log.html
    log.txt
    logfile
    logfile.htm
    logfile.html
    logfile.txt
    logger.html
    stat.htm
    stats.htm
    stats.html
    stats.txt
    webaccess.htm
    wwwstats.html
    source.asp
    perl
    mailto.cgi
    YaBB.pl
    mailform.pl
    cached_feed.cgi
    global.cgi
    Search.pl
    build.cgi
    common.php
    show
    global.inc
    ad.cgi
    WSFTP.LOG
    index.html~
    index.php~
    index.html.bak
    index.php.bak
    print.cgi
    register.cgi
    webdriver
    bbs_forum.cgi
    mysql.class
    sendmail.inc
    CrazyWWWBoard.cgi
    search.pl
    way-board.cgi
    webpage.cgi
    pwd.dat
    adcycle
    post-query
    help.cgi

    ====================================

    http://comsec.governmentsecurity.org

    http://governmentsecurity.org/forum

    ---

    End of Part Two.