ebook img

Google Dorks PDF

476 Pages·2013·2.75 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Google Dorks

Here is a collection of Dorks Submitted to Exploit-db.com. Collected on December 24, 2013 . Google Dorks This below tables shows the title of the dork, the actual dork that we use and third description of the dork. I copied raw data fromwww.exploit-db.com. No changes have done. You are free to use these dorks collection for any purpose. TITTLE DORK DESCRIPTION These are squid server cache reports. Fairly benign, really except when you consider using them for evil purposes. For example, an institution stands up a proxy server for their internal users to get to the outside world. Then, the internal user surf all over to their hearts content (including intranet pages cuz well, the admins are stupid) Voila, intranet links show up in the external cache report. Want to make matters worse for yourself as an admin? OK, "cacheserverreport for" "This configure your external proxy server as squid cache server analysis was produced by a trusted internal host. Load up your reports calamaris" web browser, set your proxy as their proxy and surf your way into their intranet. Not that I've noticed any examples of this in this google list. *COUGH* *COUGH* *COUGH* unresolved DNS lookups give clues *COUGH* *COUGH* ('scuse me. must be a furball) OK, lets say BEST CASE scenario. Let's say there's not security problems revealed in these logs. Best case scenario is that outsiders can see what your company/agency/workers are surfing. These are server cluster reports, great Ganglia Cluster intitle:"Ganglia" "Cluster Report for info gathering. Lesse, what were Reports for" those server names again? ICQ (http://www.icq.com) allows you ICQ chat logs, intitle:"Index of" dbconvert.exe to store the contents of your online please... chats chats into a file. These folks have their entire ICQ directories online. On purpose? When you install the Apache web server, you get a nice set of online documentation. When you learn how to Apache online intitle:"Apache HTTP Server" use Apache, your supposed to delete documentation intitle:"documentation" these online Apache manuals. These sites didn't. If they're in such a hurry with Apache installs, I wonder what else they rushed through? These aren't too horribly bad, but there are SO MANY of them. These sites got Coldfusion Error "Error Diagnostic Information" googlebotted while the site was having Pages intitle:"Error Occurred While" "technical difficulties." The resulting cached error message gives lots of juicy tidbits about the target site. "Hey! I have a great idea! Let's put our Financial finances on our website in a secret spreadsheets: intitle:"Index of" finance.xls directory so we can get to it whenever finance.xls we need to!" "Hey! I have a great idea! Let's put our Financial finances on our website in a secret spreadsheets: intitle:index.of finances.xls directory so we can get to it whenever finances.xls we need to!" sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r sQL data dumps "# Dumping data for table" would like to know about a target database.. What's that? Usernames and passwords you say? Patience, grasshopper..... Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* bash_history files intitle:index.of .bash_history Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations... Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* sh_history files intitle:index.of .sh_history Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations... The .mysql_history file contains commands that were performed against a mysql database. A "history" of said commands. First, you shouldn't show this file to anyone, especially not a mysql history files intitle:"Index of" .mysql_history MAJOR SEARCH ENGINE! Secondly, I sure hope you wouldn't type anything sensitive while interacting with your databases, like oh say USERNAMES AND PASSWORDS... These folks had the technical prowess to unpack the movable type files, but mt-db-pass.cgi intitle:index.of mt-db-pass.cgi couldn't manage to set up their web files servers properly. Check the mt.cfg files for interesting stuffs... At first glance, this search reveals even more examples of operating system users enabling the operating system default web server software. This is generally accepted to be a Bad Idea(TM) as mentioned in the previous example. However, the googleDork Windows 2000 intitle:"Welcome to Windows 2000 index on this particular category gets Internet Services Internet Services" quite a boost from the fact that this particular screen should NEVER be seen by the general public. To quote the default index screen: "Any users attempting to connect to this site are currently receiving an 'Under Construction page'" THIS is not the 'Under Construction page.' I was only able to generate this screen while sitting at the console of the server. The fact that this screen is revealed to the general public may indicate a misconfiguration of a much more insidious nature... Moving from personal, lightweight web servers into more production- ready software, we find that even administrators of Microsoft's Internet Information Server (IIS) sometimes don't have a clue what they're doing. By searching on web pages with titles of "Welcome to IIS 4.0" we find that even if they've taken the time to change their main page, some dorks forget to change the titles of their default- installed web pages. This is an indicator that their web server is most likely running, or was upgraded from, IIS 4.0 intitle:"Welcome to IIS 4.0" the now considered OLD IIS 4.0 and that at least portions of their main pages are still exactly the same as they were out of the box. Conclusion? The rest of the factory-installed stuff is most likely lingering around on these servers as well. Old code: FREE with operating system.Poor content management: an average of $40/hour. Factory-installed default scripts: FREE with operating system.Getting hacked by a script kiddie that found you on Google: PRICELESS.For all the things money can't buy, there's a googleDork award. Backup directories are often very interesting places to explore. More than one server has been compromised by a hacker's discovery of sensitive Look in my information contained in backup files backup directories! "Index of /backup" or directories. Some of the sites in this Please? search meant to reveal the contents of their backup directories, others did not. Think about it. What.s in YOUR backup directories? Would you care to share the contents with the whole of the online world? Probably not. Whether intentional or not, bsp.gsa.gov reveals backup directory through Google. Is this simply yet another misconfigured .gov site? You decide. BSP stands for "best security practices," winning this site the Top GoogleDork award for this category. I like the OpenBSD operating system. I really do. And I like the Apache web server software. Honestly. I admire the mettle of administrators who take the time to run quality, secure software. The problem is that you never know when security problems will pop up. A BIG security problem popped up OpenBSD running "powered by openbsd" +"powered within the OpenBSD/Apache combo Apache by apache" back in the day.Now, every administrator that advertised this particular combo with cute little banners has a problem. Hackers can find them with Google. I go easy on these folks since the odds are they.ve patched their sites already. Then again, they may just show up on zone-h.. PGP is a great encryption technology. It keeps secrets safe. Everyone from drug lords to the head of the DEA can download PGP to encrypt their sensitive documents. Everyone, that is intitle:index.of intitle:index.of except googleDorks. GoogleDorks, it intext:"secring.skr intext:"secring.skr"|"secring.pgp"|"s seems, don't understand that anyone in "|"secring.pgp"|"se ecring.bak" possession of your private keyring cring.bak" (secring) can get to your secret stuff. It should noever be given out, and should certainly not be posted on the Internet. The highest ranking is awarded for this surprising level of ineptitude. people.lst intitle:index.of people.lst *sigh* There's nothing that defines a googleDork more than getting your passwd intitle:index.of passwd passwd.bak PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The hits in this search show "passwd" files which contain encrypted passwords which may look like this: "guest MMCHhvZ6ODgFo" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show! There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The hits in this search show "master.passwd" files which contain encrypted passwords which master.passwd intitle:index.of master.passwd may look like this: "guest MMCHhvZ6ODgFo" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!For master.passwd, be sure to check other files in the same directory... There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Trulythe epitome of a googleDork. The his in this search show "pwd.db" files which contain pwd.db intitle:"Index of" pwd.db encrypted passwords which may look like this: "guest MMCHhvZ6ODgFo" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show! There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a htpasswd / intitle:"Index of" ".htpasswd" googleDork. And what if the htpasswd.bak htpasswd.bak passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show! intitle:"Index of" ".htpasswd" There's nothing that defines a htpasswd / htgroup "htgroup"-intitle:"dist" -apache - googleDork more than getting your htpasswd.c PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!You'll need to sift through these results a bit... There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a intitle:"Index of" spwd.db passwd - spwd.db / passwd googleDork. And what if the pam.conf passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show! There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a passwd / etc intitle:"Index of..etc" passwd googleDork. And what if the (reliable) passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show! These searches bring up common names for AOL Instant Messenger "buddylists". These lists contain screen names of your "online buddies" in Instant Messenger. Not that's not too terribly exciting or stupid unless you want to mess with someone's mind, and besides, some people make these public on purpose. The thing that's AIM buddy lists buddylist.blt interesting are the files that get stored ALONG WITH buddylists. Often this stuff includes downloaded pictures, resumes, all sorts of things. This is really for the peepers out there, and it' possible to spend countless hours rifling through people's personal crap. Also try buddylist.blt, buddy.blt, buddies.blt. This search brings up sites with config.php intitle:index.of config.php "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. Way to go, googleDorks!! this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system phpinfo() intitle:phpinfo "PHP Version" versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apache env vars, *sigh* the list goes on and on! Thanks "joe!" =) Oneof many potential error messages that spew interesting information. The MYSQL error "supplied argument is not a valid results of this message give you real message: supplied MySQL result resource" path names inside the webserver as argument.... well as more php scripts for potential "crawling" activities. Therobots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini- roadmap of what's somewhat public robots.txt intitle:index.of robots.txt and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff.However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server! I'm not sure what uses this, but the passlist and passlist.txt files contain passwords in CLEARTEXT! That's passlist index.of passlist right, no decoding/decrypting/encrypting required. How easy is this?*sigh*Supreme googledorkage What kinds of goodies lurk in secret index.of.secret directories marked as "secret?" Find out... What kinds of things might you find in private index.of.private directories marked "private?" let's find out.... This search gets you access to the etc directory, where many many many etc (index.of) index.of.etc types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun! The \WINNT directory is the directory that Windows NT is installed into by default. Now just because google can find them, this doesn't necessarily mean that these are Windows NT winnt index.of.winnt directories that made their way onto the web. However, sometimes this happens. Other times, they aren't Windows NT directories, but backup directories for Windows NT data. Wither way, worthy of a nomination. What could be hiding in directories secure index.of.secure marked as "secure?" let's find out... What could be in a directory marked as protected index.of.protected "protected?" Let's find out... These directories are named "password." I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named "password" and index.of.password index.of.password single html files inside named things liks "horny.htm" or "brittany.htm." These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn... These are weblog-generated statistics "This report was "This report was generated by for web sites... A roadmap of files, generated by WebLog" referrers, errors, statistics... yummy... a WebLog" schmorgasbord! =P Another web statistics package. This "produced by "These statistics were produced by one originated from a google scan of an getstats" getstats" ivy league college. *sigh*There's sooo much stuff in here! More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email "generated by "This summary was generated by addresses.. lots os good stuff.You wwwstat" wwwstat" know, these are SOOO dangerous, especially if INTRANET users get logged... talk about mapping out an intranet quickly...thanks, sac =) this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file haccess.ctl (one intitle:index.of haccess.ctl describes who can access the directory way) of the web server and where the other authorization files are. nice find. haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribes who can access a web page, and should not be shown to web surfers. Way to go, googledork. haccess.ctl (VERY filetype:ctl Basic =PThis method is very reliable due to reliable) the use of this google query:filetype:ctl BasicThis pulls out the file by name then searches for a string inside of it (Basic) which appears in the standard template for this file. This search shows Microsoft Excel spreadsheets containing the words username, password and email. Beware filetype:xls filetype:xls username password that there are a ton of blank "template" username email forms to weed through, but you can tell password email from the Google summary that some of these are winners... err losers.. depending on your perspective. These servers can be messed with in Hassan many ways. One specific way is by Consulting's inurl:shop "Hassan Consulting's way of the "../" bug. This lets you Shopping Cart Shopping Cart Version 1.18" cruise around the web server in a Version 1.18 somewhat limited fashion. I never really thought about this until I started coming up with juicy examples site:edu admin for DEFCON 11.. A few site:edu admin grades grades GLARINGLY bad examples contain not only student grades and names, but also social security numbers, securing

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.