Google queries for locating various Web servers
“Apache/1.3.28 Server at” intitle:index.of Apache 1.3.2 “Apache/2.0 Server at” intitle:index.of Apache 2.0 “Apache/* Server at” intitle:index.of any version of Apache “Microsoft-IIS/4.0 Server at” intitle:index.of Microsoft Internet Information Services 4.0 “Microsoft-IIS/5.0 Server at” intitle:index.ofMicrosoft Internet Information Services 5.0 “Microsoft-IIS/6.0 Server at” intitle:index.of Microsoft Internet Information Services 6.0 “Microsoft-IIS/* Server at” intitle:index.of any version of Microsoft Internet Information Services “Oracle HTTP Server/* Server at” intitle:index.of any version of Oracle HTTP Server “IBM _ HTTP _ Server/* * Server at” intitle:index.of any version of IBM HTTP Server “Netscape/* Server at” intitle:index.of any version of Netscape Server “Red Hat Secure/*” intitle:index.of any version of the Red Hat Secure server “HP Apache-based Web Server/*” intitle:index.of any version of the HP server Queries for discovering standard post-installation intitle:”Test Page for Apache Installation” “You are free” Apache 1.2.6 intitle:”Test Page for Apache Installation” “It worked!” “this Web site!” Apache 1.3.0 – 1.3.9 intitle:”Test Page for Apache Installation” “Seeing this instead” Apache 1.3.11 – 1.3.33, 2.0 intitle:”Test Page for the SSL/TLS-aware Apache Installation” “Hey, it worked!” Apache SSL/TLS intitle:”Test Page for the Apache Web Server on Red Hat Linux” Apache on Red Hat intitle:”Test Page for the Apache Http Server on Fedora Core” Apache on Fedora intitle:”Welcome to Your New Home Page!” Debian Apache on Debian intitle:”Welcome to IIS 4.0!” IIS 4.0 intitle:”Welcome to Windows 2000 Internet Services” IIS 5.0 intitle:”Welcome to Windows XP Server Internet Services” IIS 6.0 Querying for application-generated system reports “Generated by phpSystem” operating system type and version, hardware configuration, logged users, open connections, free memory and disk space, mount points “This summary was generated by wwwstat” web server statistics, system file structure “These statistics were produced by getstats” web server statistics, system file structure “This report was generated by WebLog” web server statistics, system file structure intext:”Tobias Oetiker” “traffic analysis” systemperformance statistics as MRTG charts, network configuration intitle:”Apache::Status” (inurl:server-status | inurl:status.html | inurl:apache.html) server version, operating system type, child process list, current connections intitle:”ASP Stats Generator *.*” “ASP Stats Generator” “2003-2004 weppos” web server activity, lots of visitor information intitle:”Multimon UPS status page” UPS device performance statistics intitle:”statistics of” “advanced web statistics” web server statistics, visitor information intitle:”System Statistics” +”System and Network Information Center” system performance statistics as MRTG charts, hardware configuration, running services intitle:”Usage Statistics for” “Generated by Webalizer” web server statistics, visitor information, system file structure intitle:”Web Server Statistics for ****” web server statistics, visitor information nurl:”/axs/ax-admin.pl” -script web server statistics, visitor information inurl:”/cricket/grapher.cgi” MRTG charts of network interface performance inurl:server-info “Apache Server Information” web server version and configuration, operating system type, system file structure “Output produced by SysWatch *” operating system type and version, logged users, free memory and disk space, mount points, running processes, system logs dork for finding admin page admin1.php admin1.html admin2.php admin2.html yonetim.php yonetim.html yonetici.php yonetici.html admin/account.php admin/account.html admin/index.php admin/index.html admin/login.php admin/login.html admin/home.php admin/controlpanel.html admin/controlpanel.php admin.php admin.html admin/cp.php admin/cp.html cp.php cp.html administrator/ administrator/index.html administrator/index.php administrator/login.html administrator/login.php administrator/account.html administrator/account.php administrator.php administrator.html login.html modelsearch/login.php moderator.php moderator.html moderator/login.php moderator/login.html moderator/admin.php moderator/admin.html account.php account.html controlpanel/ controlpanel.php controlpanel.html admincontrol.php admincontrol.html adminpanel.php adminpanel.html admin1.asp admin2.asp yonetim.asp yonetici.asp admin/account.asp admin/index.asp admin/login.asp admin/home.asp admin/controlpanel.asp admin.asp admin/cp.asp cp.asp administrator/index.asp administrator/login.asp administrator/account.asp administrator.asp login.asp modelsearch/login.asp moderator.asp moderator/login.asp moderator/admin.asp account.asp controlpanel.asp admincontrol.asp adminpanel.asp fileadmin/ fileadmin.php fileadmin.asp fileadmin.html administration/ administration.php administration.html sysadmin.php sysadmin.html phpmyadmin/ myadmin/ sysadmin.asp sysadmin/ ur-admin.asp ur-admin.php ur-admin.html ur-admin/ Server.php Server.html Server.asp Server/ wp-admin/ administr8.php administr8.html administr8/ administr8.asp webadmin/ webadmin.php webadmin.asp webadmin.html administratie/ admins/ admins.php admins.asp admins.html administrivia/ Database_Administration/ WebAdmin/ useradmin/ sysadmins/ admin1/ system-administration/ administrators/ pgadmin/ directadmin/ staradmin/ ServerAdministrator/ SysAdmin/ administer/ LiveUser_Admin/ sys-admin/ typo3/ panel/ cpanel/ cPanel/ cpanel_file/ platz_login/ rcLogin/ blogindex/ formslogin/ autologin/ support_login/ meta_login/ manuallogin/ simpleLogin/ loginflat/ utility_login/ showlogin/ memlogin/ members/ login-redirect/ sub-login/ wp-login/ login1/ dir-login/ login_db/ xlogin/ smblogin/ customer_login/ UserLogin/ login-us/ acct_login/ admin_area/ bigadmin/ project-admins/ phppgadmin/ pureadmin/ sql-admin/ openvpnadmin/ wizmysqladmin/ vadmind/ ezsqliteadmin/ hpwebjetadmin/ newsadmin/ adminpro/ Lotus_Domino_Admin/ bbadmin/ vmailadmin/ ccp14admin/ irc-macadmin/ banneradmin/ sshadmin/ phpldapadmin/ macadmin/ administratoraccounts/ admin4_account/ admin4_colon/ radmind-1/ Super-Admin/ AdminTools/ cmsadmin/ phpSQLiteAdmin/ server_admin_small/ database_administration/ system_administration/
Update Imp. Dorks.
Dork : "inurl:dettaglio.php?id=" Exploit :www.victim.com/sito/dettaglio.php?id=[SQL] Example :http://www.cicloposse.com/dettaglio.php?id=61' ----------------------------------------------------------------------------------------------------------------Dork: inurl:prodotto.php?id)
Exploit:
www.victim.com/prodotto.php?id=[SQL]
Example:http://www.poderimorini.com/en/prodotto.php?id=14'
sql injection dorks
allinurl: \”index php go buy\”
allinurl: \”index.php?go=sell\”
allinurl: \”index php go linkdir\”
allinurl: \”index.php?go=resource_center\”
allinurl: \”resource_center.html\”
allinurl: \”index.php?go=properties\”
allinurl: \”index.php?go=register\”
Error message queries
“A syntax error has occurred”filetype:ihtml
Informix database errors, potentially containing function names, filenames, file structure information, pieces of SQL code and passwords
“Access denied for user” “Using password”
authorisation errors, potentially containing user names, function names, file structure information and pieces of SQL code
“The script whose uid is ” “is not allowed to access”
access-related PHP errors, potentially containing filenames, function names and file structure information
“ORA-00921: unexpected end of SQL command”
Oracle database errors, potentially containing filenames, function names and file structure information
“error found handling the request” cocoon filetype:xml
Cocoon errors, potentially containing Cocoon version information, filenames, function names and file structure information
“Invision Power Board Database Error”
Invision Power Board bulletin board errors, potentially containing function names, filenames, file structure information and piece of SQL code
“Warning: mysql _ query()” “invalid query”
MySQL database errors, potentially containing user names, function names, filenames and file structure information
“Error Message : Error loading required libraries.”
CGI script errors, potentially containing information about operating system and program versions, user names, filenames and file structure information
“#mysql dump” filetype:sql
MySQL database errors, potentially containing information about database structure and contents
Dork for locating passwords
http://*:*@www” site
passwords for site, stored as the string “http://username:password@www…”
filetype:bak inurl:”htaccess|passwd|shadow|ht users”
file backups, potentially containing user names and passwords
filetype:mdb inurl:”account|users|admin|admin istrators|passwd|password”
mdb files, potentially containing password information
intitle:”Index of” pwd.db
pwd.db files, potentially containing user names and encrypted passwords
inurl:admin inurl:backup intitle:index.of
directories whose names contain the words admin and backup
“Index of/” “Parent Directory” “WS _ FTP.ini”
filetype:ini WS _ FTP PWD
WS_FTP configuration files, potentially containing FTP server access passwords
ext:pwd inurl:(service|authors|administrators |users) “# -FrontPage-”
files containing Microsoft FrontPage passwords
filetype:sql (“passwd values ****” | “password values ****” | “pass values ****” )
files containing SQL code and passwords inserted into a database
intitle:index.of trillian.ini
configuration files for the Trillian IM
eggdrop filetype:user
user configuration files for the Eggdrop ircbot
filetype:conf slapd.conf
configuration files for OpenLDAP
inurl:”wvdial.conf” intext:”password”
configuration files for WV Dial
ext:ini eudora.ini
configuration files for the Eudora mail client
filetype:mdb inurl:users.mdb
Microsoft Access files, potentially containing user account information
Searching for personal data and confidential documents
filetype:xls inurl:”email.xls”
email.xls files, potentially containing contact information
“phone * * *” “address *” “e-mail” intitle: “curriculum vitae”
CVs
“not for distribution”
confidential documents containing the confidential clause
buddylist.blt
AIM contacts list
intitle:index.of mystuff.xml
Trillian IM contacts list
filetype:ctt “msn”
MSN contacts list
filetype:QDF
QDF database files for the Quicken financial application
intitle:index.of finances.xls
finances.xls files, potentially containing information on bank accounts, financial summaries and credit card numbers
intitle:”Index Of” -inurl:maillog maillog size
maillog files, potentially containing e-mail
Network Vulnerability Assessment Report”
“Host Vulnerability Summary Report” filetype:pdf “Assessment Report” “This file was generated by Nessus”
reports for network security scans, penetration tests etc
dork for locating network devices
“Copyright (c) Tektronix, Inc.” “printer status”
PhaserLink printers
inurl:”printer/main.html” intext:”settings”
Brother HL printers
intitle:”Dell Laser Printer” ews
Dell printers with EWS technology
intext:centreware inurl:status
Xerox Phaser 4500/6250/8200/8400 printers
inurl:hp/device/this.LCDispatcher
HP printers
intitle:liveapplet inurl:LvAppl
Canon Webview webcams
intitle:”EvoCam” inurl:”webcam.html”
Evocam webcams
inurl:”ViewerFrame?Mode=”
Panasonic Network Camera webcams
(intext:”MOBOTIX M1″ | intext:”MOBOTIX M10″) intext:”Open Menu” Shift-Reload
Mobotix webcams
inurl:indexFrame.shtml Axis
Axis webcams
intitle:”my webcamXP server!” inurl:”:8080″
webcams accessible via WebcamXP Server
allintitle:Brains, Corp.
camera webcams accessible via mmEye
intitle:”active webcam page”
|
.jpg)
0 comments:
Post a Comment