Google Searches All Codes.:)

****************************************************************************

WARNING:::i hold no responsibility for what you do via the information

supplied here...this is for educational purpose only , use at your own risk

you have been warned

****************************************************************************

Index of /admin

Index of /passwd

Index of /password



Index of /mail

"Index of /" +passwd

"Index of /" +password.txt

"Index of /" +.htaccess

"Index of /secret"


"Index of /confidential"

"Index of /root"

"Index of /cgi-bin"

"Index of /credit-card"

"Index of /logs"

"Index of /config"

Looking for vulnerable sites or servers using “inurl:” or “allinurl:”

a. Using “allinurl:winnt/system32/” (without quotes) will list

down all the links to the server which gives access to

restricted directories like “system32” through web. If you are

lucky enough then you might get access to the cmd.exe in the

“system32” directory. Once you have the access to “cmd.exe”

and are able to execute it then you can go ahead in further

escalating your privileges over the server and compromise it.

b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the

Google search will list down all the links to the server which

are vulnerable to “WWWBoard Password vulnerability”.





Google a Dream come true

****************************** ComSec ***********************************

article by: ComSec

date: 25.5.2003

Simplified

INTRO=========

a week or so back i had an e-mail from a friend (FLW) asking me if i had any

info on google search tips

he was surprised on the amount of info available and open via google...this

got me thinking , well i have seen many various search strings in several

papers....so i thought i would put them all together on the one page...and

up-date as new one are discovered...so if i missed any to be added to the

list please let me know and i shall add some more....

ComSec aka ZSL

SUMMERY=======

Everyone knows google in the security sector...and what a powerful tool it is,

just by entering certain search strings you can gain a vast amount of knowledge

and information of your chosen target...often revealing sensitive data...this

is all down to badly configured systems...brought on by sloppy administration

allowing directory indexing and accessing , password files , log entrys ,

files , paths ,etc , etc

Search Tips

so how do we start ?

the common search inputs below will give you an idea...for instance if you

want to search for the an index of "root"

in the search box put in exactly as you see it below

==================

example 1:

allintitle: "index of/root"

result:

http://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search

what it reveals is 2,510 pages that you can possible browse at your will...

====================

example 2

inurl:"auth_user_file.txt"

http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search

this result spawned 414 possible files to access

here is an actual file retrieved from a site and edited , we know who the

admin is and we have the hashes thats a job for JTR (john the ripper)

txUKhXYi4xeFs
master
admin
Worasit
Junsawang
xxx@xxx
on

qk6GaDj9iBfNg
tomjang

Bug
Tom
xxx@xxx
on

with the many variations below it should keep you busy for a long time mixing

them reveals many different permutations

*************************************

SEARCH PATHS....... more to be added

*************************************

"Index of /admin"

"Index of /password"

"Index of /mail"

"Index of /" +passwd

"Index of /" +password.txt

"Index of /" +.htaccess

index of ftp +.mdb allinurl:/cgi-bin/ +mailto

administrators.pwd.index

authors.pwd.index

service.pwd.index

filetype:config web

gobal.asax index

allintitle: "index of/admin"

allintitle: "index of/root"

allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov

inurl:passwd filetype:txt

inurl:admin filetype:db

inurl:iisadmin

inurl:"auth_user_file.txt"

inurl:"wwwroot/*."

top secret site:mil

confidential site:mil

allinurl: winnt/system32/ (get cmd.exe)

allinurl:/bash_history

intitle:"Index of" .sh_history

intitle:"Index of" .bash_history

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"index of" etc/shadow

intitle:"index of" spwd

intitle:"index of" master.passwd

intitle:"index of" htpasswd

intitle:"index of" members OR accounts

intitle:"index of" user_carts OR user_cart

ALTERNATIVE INPUTS====================

_vti_inf.html

service.pwd

users.pwd

authors.pwd

administrators.pwd

shtml.dll

shtml.exe

fpcount.exe

default.asp

showcode.asp

sendmail.cfm

getFile.cfm

imagemap.exe

test.bat

msadcs.dll

htimage.exe

counter.exe

browser.inc

hello.bat

default.asp\

dvwssr.dll

cart32.exe

add.exe

index.jsp

SessionServlet

shtml.dll

index.cfm

page.cfm

shtml.exe

web_store.cgi

shop.cgi

upload.asp

default.asp

pbserver.dll

phf

test-cgi

finger

Count.cgi

jj

php.cgi

php

nph-test-cgi

handler

webdist.cgi

webgais

websendmail

faxsurvey

htmlscript

perl.exe

wwwboard.pl

www-sql

view-source

campas

aglimpse

glimpse

man.sh

AT-admin.cgi

AT-generate.cgi

filemail.pl

maillist.pl

info2www

files.pl

bnbform.cgi

survey.cgi

classifieds.cgi

wrap

cgiwrap

edit.pl

perl

names.nsf

webgais

dumpenv.pl

test.cgi

submit.cgi

guestbook.cgi

guestbook.pl

cachemgr.cgi

responder.cgi

perlshop.cgi

query

w3-msql

plusmail

htsearch

infosrch.cgi

publisher

ultraboard.cgi

db.cgi

formmail.cgi

allmanage.pl

ssi

adpassword.txt

redirect.cgi

cvsweb.cgi

login.jsp

dbconnect.inc

admin

htgrep

wais.pl

amadmin.pl

subscribe.pl

news.cgi

auctionweaver.pl

.htpasswd

acid_main.php

access.log

log.htm

log.html

log.txt

logfile

logfile.htm

logfile.html

logfile.txt

logger.html

stat.htm

ZEESHAN HACKER