Silence Still, this site gives us tools to do the most dangerous hacking around the world, although this google tools can only provide up to the level footprinting have also get to the next level. why I call it the tools? because we use google to search for the unsecure media, that is easy to hack in the air, the pitch has not been updated, because google has the power to it all.
of this tutorial is to be established:
* How do I use google to find sources of personal information and other confidential data
* How do I find information about Vulnerable systems and Web services
* How do I find publicly available network devices.
Of the first things that should be in the know is Google Query operators
Query operator is functioning as a rough filtering its search google based on a more specific query that we want, each query has its own function itself. following description and its cone ....
site
filtering based on an existing domain
example: site: google.com fox -> akan search word fox in the google.com site
intitle
Filter documents that have a specific title
example: intitle: fox fire -> akan explore all the site have said there are fox and fire text
allintitle
Filter to search for documents intitle intile
example: allintitle: fox fire -> akan explore all the site has a title that has a fox and fire or title = intitle: fox intitle: fire
inurl
Filter search with a specific url
example: inurl: fox fire -> akan searched for fire in the website url that is there is a fox
allinurl
Same with Allintitle (only this url)
filetype, ext
Filter the search for a specific document
example: filetype: pdf fire -> akan search PDF files in which there said fire
cool example: filetype: doc university IT
numrange
Filter on a specific document based on the range
example: numrange :1-100 fire -> akan find that there is a range of 1-100 words fire
link
Filter site site that has a link to a specific site
example: link: www.google.com -> search site akan aja site which has links to google.com
inanchor
Filtering based on the existing site description
example: inanchor: fire -> akan find that fire has a description
think about that is the query that queries google cool cool, I have the rest, such as:
/ * - + "" (Yes this is a normal regular ekspression, so it needs to explain in more detail)
nah, from there, kia can kreasikan to the various types of query to filter out anything, even to something more in, for example, database files ......
Web Servers
to find the target with the easy to use google with the following syntax:
"Apache/1.3.28 Server at" intitle: index.of
-> Apache 1.3.28
"Apache/2.0 Server at" intitle: index.of
-> Apache 2.0
"Apache / * Server at" intitle: index.of
-> All versions of Apache
"Microsoft-IIS/4.0 Server at" intitle: index.of
-> Microsoft Internet Information Services 4.0
"Microsoft-IIS/5.0 Server at" intitle: index.of
-> Microsoft Internet Information Services 5.0
"Microsoft-IIS/6.0 Server at" intitle: index.of
-> Microsoft Internet Information Services 6.0
"Microsoft-IIS / * Server at" intitle: index.of
-> All versions of Microsoft Internet Information Services
"Oracle HTTP Server / * Server at" intitle: index.of
-> All versions of the Oracle HTTP Server
"IBM _ HTTP _ Server / * * Server at" intitle: index.of
-> All versions of IBM HTTP Server
"Netscape / * Server at" intitle: index.of
-> All versions of Netscape Server
"Red Hat Secure / *" intitle: index.of
-> All versions of the Red Hat Secure server
"HP Apache-based Web Server / *" intitle: index.of
-> All versions of the HP server
Some Bug Skripts can be found on google:
"Generated by phpSystem"
-> Can find the operating system type and version, hardware configuration, logged users, open connections, free memory and disk space, mount points
"This summary was generated by wwwstat"
-> Web server statistics, system file structure
"These statistics were produced by getstats"
-> web server statistics, system file structure
"This report was generated by Weblog"
-> web server statistics, system file structure
intext: "Tobias Oetiker" "traffic analysis"
-> system performance statistics as MRTG charts, network configuration
intitle: "Apache: Status" (inurl: server-status | inurl: status.html | inurl: apache.html)
-> the server version, operating system type, child process list, current connections
intitle: "ASP Stats Generator *.*" "
-> ASP Stats
Generator "" 2003-2004 weppos "
-> web server activity, lots of visitor information
intitle: "Multimon UPS status page"
-> UPS device performance statistics
intitle: "statistics of" "advanced web statistics"
-> web server statistics, visitor information
intitle: "System Statistics" + "System and Network Information Center"
-> system performance statistics as MRTG charts, hardware configuration, running services
intitle: "Usage Statistics for" "Generated by Webalizer"
-> web server statistics, visitor information, system file structure
intitle: "Web Server Statistics for ****"
-> web server statistics, visitor information
inurl: "/ axs / ax-admin.pl"-script
-> web server statistics, visitor information
inurl: "/ cricket / grapher.cgi"
-> MRTG charts of network interface performance
inurlerver-info "Apache Server Information"
-> web server version and configuration, operating system type, system file structure
"The output produced by SysWatch *"
-> operating system type and version, logged users, free memory and disk space, mount points, running processes, system logs
Error message queries
One set of error message query, can be found so that we can begin hacking on the next stage.
"A syntax error has occurred" filetype: ihtml
-> Informix database errors, potentially to function names, filenames, file structure information, pieces of SQL code and passwords
"Access denied for user" "Using password"
-> authorisation errors, potentially to retrieve user names, function names, file structure information and pieces of SQL code
"The script whose uid is" "is not allowed to access"
-> access-related PHP errors, potentially to take filenames, function names and file structure information
"Ora-00921: unexpected end of SQL command"
-> Oracle database errors, potentially to take filenames, function names and file structure information
"error found handling the request" cocoon filetype: xml
-> Cocoon errors, potentially to take the Cocoon version information, filenames, function names and file structure information
"Invision Power Board Database Error"
-> Invision Power Board bulletin board errors, potentially to function names, filenames, file structure information and piece of SQL code
"Warning: mysql _ query ()" "invalid query"
-> MySQL database errors, potentially to retrieve user names, function names, filenames and file structure information
"Error Message: Error loading required libraries."
-> CGI script errors, potentially to retrieve information about operating system and program versions, user names, filenames and file structure information
"# mysql dump" filetype: sql
-> MySQL database errors, potentially to the information database structure and contents
Google queries to find the location of passwords
outline of the location of a password system that can be accessed by google
"http:// *: * @ www"
site passwords for site, stored as the string
"http://username: password @ www ..." filetype: bak inurl: "htaccess | passwd | shadow | ht users"
file backups, potentially to take the user names and passwords
filetype: mdb inurl: "account | users | admin | administrators | passwd | password"
mdb files, potentially to retrieve password information
intitle: "Index of" pwd.db
pwd.db files, potentially to take the user names and encrypted passwords
inurl: admin inurl: backup intitle: index.of
directories whose names contain the words admin and backup
"Index of /" "Parent Directory" "WAS _ FTP.ini" filetype: this WAS FTP pwd _
WS_FTP configuration files, potentially to take the FTP server access passwords
ext: pwd inurlservice | authors | administrators | users) "#-FrontPage-"
There are Microsoft FrontPage passwords
filetypeql ( "passwd values ****" |" password values ****" | "pass values ****")
There is a SQL code and passwords stored in a database
intitle: index.of trillian.ini
configuration files for the Trillian IM
EGGDROP filetype: user
user configuration files for the EGGDROP ircbot
filetype: conf slapd.conf configuration files for OpenLDAP
inurl: "wvdial.conf" intext: "password" configuration files for WV Dial
ext: This eudora.ini configuration files for the Eudora mail client
filetype: mdb inurl: users.mdb
Microsoft Access files, potentially to retrieve user account information
intext: "powered by Web Wiz Journal"
websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file - just enter http:///journal/journal.mdb instead of the default http:///journal/
"Powered by DUclassified"-site: duware.com
"Powered by DUcalendar"-site: duware.com
"Powered by DUdirectory"-site: duware.com
"Powered by DUclassmate"-site: duware.com
"Powered by DUdownload"-site: duware.com
"Powered by DUpaypal"-site: duware.com
"Powered by DUforum"-site: duware.com
intitle: dupics inurl: (add.asp | default.asp | view.asp | voting.asp)-siteuware.com
websites that use DUclassified, DUcalendar, DUdirectory, DUclassmate, DUdownload, DUpaypal, DUforum or DUpics applications, by default allows us to retrieve passwords file
- To DUclassified, just enter http:///duClassified/ _private / duclassified.mdb
or http:///duClassified/
intext: "BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board"
Bitboard2 use the website bulletin board, the default settings make it possible to retrieve passwords file to be obtained
- The way http:///forum/admin/data _ passwd.dat
or http:///forum/forum.php
Search for specific documents?
filetype: xls inurl: "email.xls" email.xls
files, potentially to take contact information
"phone * * *" "address *" "e-mail" intitle: "curriculum vitae"
CVs
"not for distribution"
confidential documents containing the confidential clause
buddylist.blt
AIM contacts list
intitle: index.of mystuff.xml
Trillian IM contacts list
filetype: Note "msn"
MSN contacts list
filetype: QDF
QDF database files for the Quicken financial application
intitle: index.of finances.xls
finances.xls files, potentially to take the information on bank accounts, financial Summaries and credit card numbers
intitle: "Index Of"-inurl: maillog maillog size maillog files, potentially to retrieve e-mail
"Network Vulnerability Assessment Report"
"Host Vulnerability Summary Report"
filetype: pdf "Assessment Report"
"This file was generated by Nessus"
reports for network security scans, penetration tests etc.. On the Net
to be more creative in trying to try their own, okeh
reference:
* Http://johnny.ihackstuff.com - largest repository of data on Google hacking,
* Http://insecure.org/nmap/ - Nmap network scanner,
* Http://thc.org/thc-amap/ - amap network scanner.
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar