| 查看: 772 | 回复: 3 | |||
| 当前主题已经存档。 | |||
杨过至尊木虫 (职业作家)
|
[交流]
[google][转帖]google检索入门
|
||
|
这是在国外论坛上http://johnny.ihackstuff.com看到的一些东西,最近没有时间,本来想着应该把google好好整理一下的。大家可以去这个论坛上学点东西。 It can be hard in the beginning to find your first dork, because as a newbie you don't know how to start. I'll show you how to get started with Google hacking. This is only a primer to Google hacking. The definite guide is the Google Hacker's guide from http://www.ihackgoogle.com by j0hnny. The first thing one must know are Google's advanced operators. Searching for a complete sentence / multiple words Google's normal behavior is to concat words with AND, but some times you have to add a word using the + operator, because Google ommits common words. Masters +of Google If you want to search for a complete sentence just surround your sentence with double quotes “Google hacking” The NOT operator If you have to negate any operator you can use a minus (-). intitle”Php myadmin” -CVS Wildcard Searches A very important issue in searches are wildcards. A wildcard is a character which can match any character. Google is not exact with wildcards so be careful when you use them. The dot (.) will match one character. The asterisk (*) matches a word. "login to * admin" "powered by phpbb v2.0.." Searching for the filetype / extension Sometimes it's useful to search for a files extension. You can't use the ext: operator alone, Google won't return any results! If you want to get all files of a type use the query below. ext:xls xls Searching in the Title Searches for a term in the website's title. intitle:login Searching in the URL URL searches are very similar to tile searches inurl:admin Limiting the search to a domain It's very easy to limit a search to a domain site:microsoft.com linux Number searches A quite interesting search is the number search. Google allows you to search for number ranges. Search from version 2 to version 5 Version 2..5 Search from version 2 up to any Version 2.. Searching in the text Normally searching the text does not require an extra operator, but sometimes it does. For these occasions Google has the intext operator. intext:login Three types of dorks Open directories Well, everyone knows web servers displaying their directories as website with the title “index of /directory”. As we have seen above Google offers an operator to search for the title. So it's quite easy to search for open directories: intitle:”index of /” "parent directory" This will list all open directories on the web! But that's not what we want. Basically two things are interesting directories like My Documents or files like passwords.txt. Directories appear in the title and files in the text. Now you should be able to create you own directory searches. Filetype searches Many users store their private files on their web servers, as they have an ADSL connection at home. And these files are found by Google. Using the ext operator, it's easy to find them. If you want to search for a user's Outlook PST file you can use something like. ext:pst pst You will get some false positives, try to use the negation operator to remove them. The complete dork is in the GHDB. Script searches / Devices Another type of dorks are scripts & devices, which is very wide. In the DB this type of dork is divided into multiple categories. To get an idea of a script search follow the step by step guide below. A step by step guide to your first Google dork At first you will need an idea what you want to search for – this is most complicated part of dorking. Google for the website and try to find if they provide a demo. The demo doesn't look very promising, because no unique strings can be found on the site. But maybe we are lucky and this is new to the latest release. So we'll open Google again. Our next query is “phprojekt administration login” And what do we find? A page with the title “PHProjekt – Login”. This looks interesting. A click on the link shows us, that we are right. It's an older version of PHProjekt So we can try intitle:"PHProjekt – Login" Results 61 - 70 of about 1,310 for intitle:"PHProjekt - Login". (1.73 seconds) The Good Stuff 1. Vulnerable Servers (Microsoft Based) http://www.google.com/search?num ... tm+-filetype%3Ahtml Runs this Query intitle:"index of /" "parent directory" intitle:"mp3" -filetype:htm -filetype:html DESCRIPTION : searches for misconfigured web-servers with an open "/" root path and a folder named MP3s 2. Vulnerable Apache Servers (UNIX Based) http://www.google.com/search?num ... 2Fmp3%22+%2Bbeatles Runs this Query +"index +of/mp3" +beatles DESCRIPTION : searches for misconfigured paths containing mp3s 3. Password Snatching http://www.google.com/search?hl= ... ;btnG=Google+Search Runs this Query "http://bob:bob@www" or "http://12345:54321@www" DESCRIPTION : Searches for password files people save on their hard drives 4. Locate specific site info and passes http://www.google.com/search?hl= ... ;btnG=Google+Search Runs this Query "http://*:*@www" teenagepanties 5. Warez locator Queries http://www.google.com/search?hl= ... ;btnG=Google+Search Runs this Query intitle:"index of /" "parent directory" +"*.nfo" +"*.rar" +"*.r05" +"*.r10" -filetype:htm -filetype:html intitle:"paris hilton"+"index of " +"parent directory" +"mpg" -filetype:htm -filetype:html |
回复此楼» 猜你喜欢
国自然申请面上模板最新2026版出了吗?
已经有14人回复
-
计算机、0854电子信息(085401-058412)调剂
已经有5人回复
-
基金委咋了?2026年的指南还没有出来?
已经有3人回复
-
Materials Today Chemistry审稿周期
已经有5人回复
-
溴的反应液脱色
已经有7人回复
-
推荐一本书
已经有12人回复
-
基金申报
已经有4人回复
-
纳米粒子粒径的测量
已经有7人回复
-
常年博士招收(双一流,工科)
已经有4人回复
-
有没有人能给点建议
已经有5人回复
杨过
至尊木虫 (职业作家)
- 应助: 4 (幼儿园)
- 金币: 15997.3
- 红花: 6
- 帖子: 3349
- 在线: 233.1小时
- 虫号: 152906
- 注册: 2006-01-02
- 专业: 矿物学(含矿物物理学)
|
well here is the list what i ve been searching and FOUND some sEXY THINGS this list should be good enough for your pass time ! inurl:index.of.password Directory listing contains password file(s)? intitle:"Index of" service.pwd Directory listing contains service.pwd file(s) intitle:"Index of" view-source Directory listing contains view-source file(s) intitle:"Index of" admin Direcory listing contains administrative files or directories intitle:"Index of" .htpasswd Directory listing contains .htpasswd file! intitle:"Index of" log.txt Directory listing contians log text files intitle:"Index of" stats.html Directory listing contains stats.html which may contain useful web server statistics "access denied for user" "using password" Web page contains error message which might provide useful application information "A syntax error has occurred" filetype:ihtml Web page contains error message which might provide useful application information "ORA-00921: unexpected end of SQL command" Web page contains error message which might provide useful application information inurl:passlist.txt The passlist.txt file may contain user passwords "Index of /backup" Directory may contain sensitive backup files intitle:"Index of" .bash_history Directory listing contains bash history information intitle:"Index of" index.html.bak Directory listing contains backup index file (index.html.bak) intitle:"Index of" index.php.bak Directory listing contains backup index file (index.html.bak) intitle:"Index of" guestbook.cgi Directory listing contains backup index file (index.html.bak) intitle"Test Page for Apache" Default test page for Apache intitle:index.of.etc Directory listing of /etc ? filetype:xls username password XLS spreadseet containing usernames and passwords? "This file was generated by Nessus" Nessus report! intitle:"Index of" secring.bak Secret key file intitle:"Terminal Services Web Connection" Access terminal services! intitle:"Remote Desktop Web Connection" Access Remote Desktop! intitle:"Index of" access_log Directory listing contains access_log file which may store sensitive information intitle:"Index of" finance.xls Directory listing contains finance.xls which may contain sensitive information intitle:"Usage Statistics for" Statistical information may contain sensitive data intitle:"Index of" WSFTP.LOG WSFTP.LOG file contains information about FTP transactions intitle:"Index of" ws_ftp.ini The ws_ftp.ini file may contain usernames and passwords of FTP users "not for distribution" confidential URL may contain confidential or sensitive information "phpMyAdmin" "running on" inurl:"main.php" phpMyAdmin allows remote mysql database administration "#mysql dump" filetype:sql mysql database dumps inurl:php.ini filetype:ini The php.ini file may contain sensitive PHP environment details. BEGIN (CERTIFICATE│DSA│RSA) filetype:key Private key(s)! BEGIN (CERTIFICATE│DSA│RSA) filetype:csr Private key(s)! BEGIN (CERTIFICATE│DSA│RSA) filetype:crt Private key(s)! intitle:"Index of" passwd passwd.bak passwd file! intitle:"Index of" master.passwd master.passwd file! intitle:"Index of" pwd.db pwd.db file may contain password information intitle:"Index of..etc" passwd passwd file! filetype:cfg ks intext:rootpw -sample -test -howto This file may contain the root password (encrypted) intitle:"index.of.personal" Directory may contain sensitive information intitle:"Index of" login.jsp The login.jsp file may contain database username or password information intitle:"Index of" logfile Directory may contain sensitive log files filetype:php inurl:"viewfile" -"index.php" -"idfil File may contain PHP source code allinurl:intranet admin INTITLE - search for string in title intitle:"michael moore" ALLINTITLE - search strings in title allintitle:"michael moore" films INURL - search for string in the url inurl:"michael moore" INTEXT - search for the string in the site body intext:"angry white men" SITE - search specific domains "virus" site:infosec.navy.mil LINK - locate sites linking to the site entered link:www.pogo.com CACHE - search google site cache cache:www.whitehouse.gov DATERANGE - search within a date range (julian) "michael moore" daterange:2452389-2452389 FILETYPE - locate files (don't list any html pages, just the files) "economic disaster" filetype:pdf -filetype:htm -filetype:html RELATED - locate pages that are related (similar) related:www.usatoday.com INFO - locates links about site info:www.2600.com PHONEBOOK - locates phone numbers phonebook:"fred stanley" STOCKS - stock info stocks:msft Triggers and Switches - ! = Initializes the "I'm Feeling Lucky" search option intitle:"Directory of" sexually transmitted diseases -inurl:book -inurl:products - ?? = searches the google directory ?? "michael moore" - , = searches usenet database (google groups) , group:sci.med* hiv /images = searches google images intitle:cheerleaders -filetype:htm -filetype:html /images /news = searches google news intitle:"saddam hussein" /news /since = days ago "george bush" /since:365 [3楼] | IP:已记录| Posted:2005-11-1 17:21| 夏日雨 级别: 军区司令员 发贴: 450 威望: 200 金钱: 703 注册时间:2005-08-17 最后登陆:2006-01-03 -------------------------------------------------------------------------------- "index of/root" "auth_user_file.txt" "index of/root" "Index of /admin" "Index of /password" "Index of /mail" "Index of /" +passwd "Index of /" +password.txt "Index of /" +.htaccess index of ftp +.mdb allinurl:/cgi-bin/ +mailto administrators.pwd.index authors.pwd.index service.pwd.index filetype:config web gobal.asax index allintitle: "index of/admin" allintitle: "index of/root" allintitle: sensitive filetype oc allintitle: restricted filetype :mail allintitle: restricted filetype oc site:gov allinurl: winnt/systpem32/ intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd intitle:"index of" members OR accounts intitle:"index of" user_carts OR user_cart |
2楼2006-01-03 22:50:44
杨过
至尊木虫 (职业作家)
- 应助: 4 (幼儿园)
- 金币: 15997.3
- 红花: 6
- 帖子: 3349
- 在线: 233.1小时
- 虫号: 152906
- 注册: 2006-01-02
- 专业: 矿物学(含矿物物理学)
|
*** Google Hacking - Quick Start Guide *** Millions of web servers connected and in theory, all data can be reached In the last few years a number of news articles appeared that warned of the fact that hackers (or crackers if you will) make use of the google search engine to gain access to files they shouldn't be allowed to see or have access to. This knowledge is nothing new to some people but personally I have always wondered how exactly a thing like this works. VNUnet’s James Middleton wrote an article in 2001 talking about hackers using a special search string on google to find sensitive banking data: "One such posting on a security newsgroup claimed that searching using the string 'Index of / +banques +filetype:xls' eventually turned up sensitive Excel spreadsheets from French banks. The same technique could also be used to find password files"[1] Another article that appeared on wired.com told us how Adrian Lamo, a hacker who made the news often the last couple of years, explained that google could be used to gain access to websites of big corporations. “For example, typing the phrase "Select a database to view" -- a common phrase in the FileMaker Pro database interface -- into Google recently yielded about 200 links, almost all of which led to FileMaker databases accessible online.”[2] These articles kept on coming up in the online news. U.S. Military and Government websites were vulnerable because admin scripts could be found using google, medical files, personal records, everything suddenly seemed just one google search away. But these articles seemed to show up once every half year and always talked about it as if it was something new. Another thing was, the articles never explained how one would actually go about doing this. Almost never an example of a search string was given. The last time I read one of these articles I decided it was time to find out for myself, whether google actually could do all they say it can. The following is a report of my findings and a description of some techniques and search strings one could use. Theory The theory behind this is actually quite simple. Either you think of certain data you would like to acquire and try and imagine in what files this kind of data could be stored and you search for these files directly. (Search for *.xls files for example) Or you take the more interesting approach and you try to think of a certain software that allows you to perform certain tasks or to access certain things and you search for critical files of this software. An example could be a content management system. You read up on this particular content management system, check out of what files it exists and search for those. A great example is that of the databases mentioned above, where you know the string “view database” is used on pages that shouldn’t be accessible to you and you then search for pages containing that string, or you check the software and notice that the option to view a database is linked on a webpage within this software called “viewdbase.htm” and you search for “viewdbase.htm” The most important thing is to have a clear goal, to know what it is you want to find. Then search for these specific files or trademarks that these files have. Google Search Options Specific file types: *.xls, *.doc, *.pdf *.ps *.ppt *.rtf Google allows you to search for specific file types, so instead of getting html-files as a result (websites) you get Microsoft excel files for example. The search string you would use would be this: Filetype:xls (for excel files) or filetype:doc for word files. But maybe more interesting would be searching for *.db files and *.mdb files. Google by the way doesn’t tell you you can search for *.db and *mdb files. I wonder what other file types one can search for. Things that come to mind are *.cfg files or *.pwd files, *.dat files, stuff like that. Try and think of something that might get you some interesting results. Inurl Another useful search option is the inurl: option which allows one to search for a certain word one would want to be in the url. This gives you the opportunity to search for specific directories/folders, especially in combination with the “index of” option, about which I will talk later on. An example would be inurl:admin which would give you results of website urls that have the word “admin” in the url. Index of The index of option is another option that isn’t especially thought of by the creators of google, but comes in very handy. If you use the “index of” string you will find directory listings of specific folders on servers. An example could be: ‘index of” admin or index.of.admin which would get you many directory listings of admin folders. (don’t forget to use the quotes in this case since you are looking for the entire “index of” string, not just for “index” and “of”) Site The site option allows you to come up with results that only belong to a certain domain name extension or to a specific site. For example one could search for .com sites or .box.sk sites or .nl sites, but also for results from just one site, but more interesting might be to search for specific military or government websites. An example of a search string would be: Site:mil or site:gov Site:neworder.box.sk “board” Intitle Intitle is another nice option. It allows you to search for html files that have a certain word or words in the title. The format would be intitle:wordhere. You could check out what words appear in the title of some online control panel or content management system and then search google for this word with the intitle option, to find these control panel pages. Link The Link option allows you to check which sites link to a specific site. As described in Hacking Exposed Third Edition, this could be useful: These search engines provide a handy facility that allows you to search for all sites that have links back to the target organization’s domain. This may not seem significant at first but let’s explore the implications. Suppose someone in an organization decides to put up a rogue website at home or on the target network’s site.“”[4] Combining Search Options The above mentioned search options might or might not be known to you, but even though they can amount to some interesting results, it’s a fact that when you start combining them, that’s when google’s magic starts to show. For example, one could try this search string: inurl:nasa.gov filetype:xls "restricted" or this one: site:mil filetype:xls "password" or maybe site:mil “index of” admin (I’m just producing these from the top of my head, I don’t know whether they’d result in anything interesting, that’s where you come in. You got to find a search string that gets the results you want.) Examples; The Good Stuff |
3楼2006-01-03 22:51:11
杨过
至尊木虫 (职业作家)
- 应助: 4 (幼儿园)
- 金币: 15997.3
- 红花: 6
- 帖子: 3349
- 在线: 233.1小时
- 虫号: 152906
- 注册: 2006-01-02
- 专业: 矿物学(含矿物物理学)
|
Specific file types: *.xls, *.doc, *.pdf *.ps *.ppt *.rtf To start out simple, you can try and search directly for files that you believe might hold interesting information. The obvious choices for me were things like: Password, passwords, pwd, account, accounts, userid, uid, login, logins, secret, secrets, all followed by either *.doc or *.xls or *.db This led me to quite some interesting results, especially with the *.db option but I actually also found some passwords.doc files, containing working passwords. [REMOVE]NO SITE .MIL!!!!! OKAS? Read to faq.[/REMOVE] Admin.cfg Admin.cfg is, most of the times, an admin configuration file of some sort. Many different software obviously use names like “config” or “admin” or “setup”, etc. And most of the times these files contain sensitive information and thus, shouldn’t be accessible for people browsing the web. I tried a search for admin.cfg, using the following search string on google: inurl:admin.cfg “index of” This led me to many results of which many were useless. But some paid out. I found for example: hxxxxxxxx/xx/cgi-bin/directimi/admin.cfg Which contained a password. This was the admin password for a database located at hxxx://www.xxxxgn.com/cgi-bin/directimi/database.cgi?admin.cfg This database contained sensitive client data of this particular company. I then proceeded to e-mail the company and tell them about the flaw. They replied to me in a very friendly manner and told me they appreciated my help and that they would take the necessary steps to solve the problem. Webadmin A short while back, while working on this article, I ran into this website: http://wacker-welt.de/webadmin/ The website explains that “webadmin” is a small piece of software that allows one to remotely edit parts of a website, upload files, etc. The main page for the webadmin control centre is called ‘webeditor.php”. So obviously, my next step was to visit google and use the inurl tag to find webeditor.php pages that I could reach. I used the following search string: inurl:webeditor.php and I found the following results: [REMOVE]REMOVE URLS[/REMOVE] All these webeditor.php files were reachable by anyone, merely because the owners failed to (correctly) protect these pages by using .htacces. This mistake allows whomever to change the webpages on the server and thus defacing the site, uploading files and thus possible gaining full access to the server. In browsing through these sites I noticed that the file that allows one to upload files is called “file_upload.php”, which I could then search for at google and find more examples. [REMOVE]NO SITES .EDU[/REMOVE] A good example: hxxx://xxxxx.com/admin/webeditor.php The script allows you to change files, like in the above examples, including the index.php. In theory one could write or download whatever malicious script one wants, paste this code into an existing file or just upload it and well, the consequences are obvious. there was also a link “Return Administration” and clicking on it took me to: xxxp://xxxxxx.com/admin/administration.html Where there were customer addresses, where one could change pricing, etc. Content Management Systems Content Management Systems are software programs that allow a webmaster to edit, alter and control the content of his website. But the same goes for online control panels of websites. The idea is to find out what files are for example the main files of these software programs. “cms.html” could be one or “panel.html” or “control.cfg” You find out what filenames a certain package uses, you then think of a good search string and hope you strike gold. Frontpage Server Extensions HTML Administration Forms “You can remotely administer the FrontPage Server Extensions from any computer connected to the Internet by using the FrontPage Server Extensions HTML Administration Forms, a set of Web pages that allow you to administer the FrontPage Server Extensions remotely.[3] Well, that’s what Microsoft’s manual has to say about it. This means, users with access to these forms are able to perform a number of administrative functions, remotely. And that means, these forms should be well protected from non-authorized people. Now how would one go about finding non-protected forms over the internet? The first thing we do is try to find out what files these scripts consist of. A short visit to the Microsoft website or a peek into the frontpage manual tells us that the main page for these administration forms is a file called “fpadmin.htm”. So that’s what we need to search for. Now to find a correct search string that will get us the results we want. When a default install is performed, the files get installed in a directory called “admin”. Putting to use what we have learned about google search options and the theory behind this technique, a good search string might be: inurl:fpadmin.htm “index of” admin or maybe inurl:admin/fpadmin.htm Well, these were the results I got: [REMOVE]READ TO FAQ[/REMOVE] But the frontpage manual says more: “Because of the security implications of making remote FrontPage administration possible from Web browsers, the HTML Administration Forms are not active when they are first installed.”[3] This means that some of these could be active and thus useful to us and some might not. There is of course, only one way to find out and that is to perform one of the possible administrative functions and see if you get results. I for one decided not to go that far, because it would mean breaking the law. But I’m not here to teach ethics, or at least not today. Freesco Router The Freesco router software for Linux as a default, installs a small web browser which allows owners to control the router through the http protocol. In other words, a website automatically gets setup that allows you to control the router. The default password and login for this control panel is “admin” and “admin”. Many people who use freesco don’t know this. You could search for these Freesco router control websites by using a string such as: intitle:”freesco control panel” or “check the connection” which are words that either are in the title of these pages or on the pages itself. That’s what it’s all about; you check out a certain software, find the part you’d want to be able to reach and figure out which search string would get you the good results. Extra Tips • Remember English is the most used language online, but it’s not the only one. Try and search for words or strings that are specific to your language or French or German, etc. For example “beheer” is a Dutch word for “administration” or “privat” is German for “private”. • You can check vulnerability scanners’ scan lists for interesting search strings you might want to use or combine with your own strings. Check http://paris2k.at.box.sk/tools/listings/ for some examples. • Search for files like “config.inc.php” or “mysql.cfg” that could contain mySQL password and username combinations. Try to think of good search strings using words like PHP, SQL, mySQl, etc. • Try things like: inurl:admin "index of" "database" or inurl:phpmyadmin "index of" or inurl:mysql "index of" site:neworder.box.sk intitle:index.of or intitle:index.of.private( = intitle:"index of private"  Conclusion The internet is a network to which hundreds of thousands, if not millions of web servers are connected and in theory, all data can be reached, unless properly protected. Both software designers and end users should pay more attention to default installation security configuration and security policy. In the end, there are always going to be people who make mistakes, use default installs, use poorly secured software or just don’t care or still believe there’s no danger in putting this kind of data online. And in the end there’s also always going to be curious people who love to find that interesting information they have been hoping for. Google can help you considerably, in locating this kind of information and it’s easy and fun |
4楼2006-01-03 22:51:47