posts - 189,comments - 115,trackbacks - 0
google 真好 google 你真好(Google Hack) □Evil[xiaoyu] 发表于 2006-1-13 23:41:00 其实早应该发出来的,国内关于google技巧方面的整理,我大概算是最早一批人吧,后来sniper都写了google hack,就更懒的发了。如今帮老婆找论文,关键字匹配累的要死。这些技巧是我整理以后淘汰的后的,最好的那些如有兴趣可以找我直接索取 Http://www.feelids.com By swap (慕容小雨) 站内搜索地址为: http://www.google.com/custom?domains=(这里写我们要搜索的站点,比如feelids.com) 进去可以选择www和feelids.com, 当然再选我们要的站内搜索哦! 黑客专用信息和资料搜索地址为: http://www.google.com/custom?hl=xx-hacker 这里是google关键字的用法,要设置它为中文,则是 http://www.google.com/custom?hl=zh-CN 英文则是http://www.google.com/custom?hl=en 常用的google关键字: foo1 foo2 (也就是关联,比如搜索xx公司 xx美女) operator:foo filetype:123 类型 site:foo.com 相对直接看网站更有意思,可以得到许多意外的信息 intext:foo intitle: fooltitle 标题哦 allinurl:foo 搜索xx网站的所有相关连接。(踩点必备) links:foo 不要说就知道是它的相关链接 allintilte:foo.com 我们可以辅助"-" "+"来调整搜索的精确程度 直接搜索密码:(引号表示为精确搜索) 当然我们可以再延伸到上面的结果里进行二次搜索 "index of" htpasswd / passwd filetype:xls username password email "ws_ftp.log" "config.php" allinurl:admin mdb service filetype:pwd ....或者某个比如pcanywhere的密码后缀cif等 越来越有意思了,再来点更敏感信息 "robots.txt" "Disallow:" filetype:txt inurl:_vti_cnf (FrontPage的关键索引啦,扫描器的CGI库一般都有地) allinurl: /msadc/Samples/selector/showcode.asp /../../../passwd /examples/jsp/snp/snoop.jsp phpsysinfo intitle:index of /admin intitle:"documetation" inurl: 5800(vnc的端口)或者desktop port等多个关键字检索 webmin port 10000 inurl:/admin/login.asp intext:Powered by GBook365 intitle:"php shell*" "Enable stderr" filetype:php 直接搜索到phpwebshell foo.org filetype:inc ipsec filetype:conf intilte:"error occurred" ODBC request WHERE (select|insert) 说白了就是说,可以直接试着查查数据库检索,针对目前流行的sql注射,会发达哦 intitle:"php shell*" "Enable stderr" filetype:php "Dumping data for table" username password intitle:"Error using Hypernews" "Server Software" intitle:"HTTP_USER_AGENT=Googlebot" "HTTP_USER_ANGET=Googlebot" THS ADMIN filetype:.doc site:.mil classified 直接搜索军方相关word 检查多个关键字: intitle:config confixx login password "mydomain.com" nessus report "report generated by" "ipconfig" "winipconfig" google缓存利用(hoho,最有影响力的东西)推荐大家搜索时候多"选搜索所有网站" 特别推荐:administrator users 等相关的东西,比如名字,生日等……最惨也可以拿来做字典嘛 cache:foo.com 可以查阅类似结果 先找找网站的管理后台地址: site:xxxx.com intext:管理 site:xxxx.com inurl:login site:xxxx.com intitle:管理 site:a2.xxxx.com inurl:file site:a3.xxxx.com inurl:load site:a2.xxxx.com intext:ftp://*:* site:a2.xxxx.com filetype:asp site:xxxx.com //得到N个二级域名 site:xxxx.com intext:*@xxxx.com //得到N个邮件地址,还有邮箱的主人的名字什么的 site:xxxx.com intext:电话 //N个电话 intitle:"index of" etc intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd "# -FrontPage-" inurl:service.pwd allinurl:bbs data filetype:mdb inurl:database filetype:inc conn inurl:data filetype:mdb intitle:"index of" data …… 一些技巧集合: 3) "http://*:*@www" domainname 找一些ISP站点,可以查对方ip的虚拟主机 3 4) auth_user_file.txt 不实用了,太老了 5) The Master List 寻找邮件列表的 6) intitle:"welcome.to.squeezebox" 一种特殊的管理系统,默认开放端口90 7) passlist.txt (a better way) 字典 8) "A syntax error has occurred" filetype:ihtml 9) ext:php program_listing intitle:MythWeb.Program.Listing 10) intitle:index.of abyss.conf 11)ext:nbe nbe 12)intitle:"SWW link" "Please wait....." 13) 14) intitle:"Freifunk.Net - Status" -site:commando.de 15) intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies." 17) intitle:open-xchange inurl:login.pl 20) intitle:"site administration: please log in" "site designed by emarketsouth" 21) ORA-00921: unexpected end of SQL command 22)intitle:"YALA: Yet Another LDAP Administrator" 23)welcome.to phpqladmin "Please login" -cvsweb 24)intitle:"SWW link" "Please wait....." 25)inurl:"port_255" -htm 27)intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies." 这些是新的一些漏洞技巧,在0days公告公布 ext:php program_listing intitle:MythWeb.Program.Listing inurl:preferences.ini "[emule]" intitle:"Index of /CFIDE/" administrator "access denied for user" "using password" ext:php intext:"Powered by phpNewMan Version" 可以看到:path/to/news/browse.php?clang=../../../../../../file/i/want inurl:"/becommunity/community/index.php?pageurl=" intitle:"ASP FileMan" Resend -site:iisworks.com "Enter ip" inurl:"php-ping.php" ext:conf inurl:rsyncd.conf -cvs -man intitle: private, protected, secret, secure, winnt intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu "#mysql dump" filetype:sql "allow_call_time_pass_reference" "PATH_INFO" "Certificate Practice Statement" inurl:(PDF | DOC) LeapFTP intitle:"index.of./" sites.ini modified master.passwd mysql history files NickServ registration passwords passlist passlist.txt (a better way) passwd passwd / etc (reliable) people.lst psyBNC config files pwd.db signin filetype:url spwd.db / passwd trillian.ini wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin "# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd "AutoCreate=TRUE password=*" "http://*:*@www" domainname "index of/" "ws_ftp.ini" "parent directory" "liveice configuration file" ext:cfg -site:sourceforge.net "powered by ducalendar" -site:duware.com "Powered by Duclassified" -site:duware.com "Powered by Duclassified" -site:duware.com "DUware All Rights reserved" "powered by duclassmate" -site:duware.com "Powered by Dudirectory" -site:duware.com "powered by dudownload" -site:duware.com "Powered By Elite Forum Version *.*" "Powered by Link Department" "sets mode: +k" "Powered by DUpaypal" -site:duware.com allinurl: admin mdb auth_user_file.txt config.php eggdrop filetype:user user etc (index.of) ext:ini eudora.ini ext:ini Version=... password ext:txt inurl:unattend.txt filetype:bak inurl:"htaccess|passwd|shadow|htusers" filetype:cfg mrtg "target[*]" -sample -cvs -example filetype:cfm "cfapplication name" password filetype:conf oekakibbs filetype:conf sc_serv.conf filetype:conf slapd.conf filetype:config config intext:appSettings "User ID" filetype:dat "password.dat" filetype:dat wand.dat filetype:inc dbconn filetype:inc intext:mysql_connect filetype:inc mysql_connect OR mysql_pconnect filetype:inf sysprep filetype:ini inurl:"serv-u.ini" filetype:ini inurl:flashFXP.ini filetype:ini ServUDaemon filetype:ini wcx_ftp filetype:ini ws_ftp pwd filetype:ldb admin filetype:log "See `ipsec copyright" filetype:log inurl:"password.log" filetype:mdb inurl:users.mdb filetype:mdb wwforum filetype:netrc password filetype:pass pass intext:userid filetype:pem intext:private filetype:properties inurl:db intext:password filetype:pwd service filetype:pwl pwl filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword" filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS filetype:sql ("values * MD" | "values * password" | "values * encrypt") filetype:sql ("passwd values" | "password values" | "pass values" ) filetype:sql +"IDENTIFIED BY" -cvs filetype:sql password filetype:url +inurl:"ftp://" +inurl:";@" filetype:xls username password email htpasswd htpasswd / htgroup htpasswd / htpasswd.bak intext:"enable secret $" intext:"powered by Web Wiz Journal" intitle:"index of" intext:connect.inc intitle:"index of" intext:globals.inc intitle:"Index of" passwords modified intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com ---------------------------------------------------------------------------------------------------------------------- intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak" inurl:"GRC.DAT" intext:"password" inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample inurl:"wvdial.conf" intext:"password" inurl:/db/main.mdb inurl:chap-secrets -cvs inurl:config.php dbuname dbpass inurl:filezilla.xml -cvs inurl:lilo.conf filetype:conf password -tatercounter -bootpwd -man inurl:nuke filetype:sql inurl:ospfd.conf intext:password -sample -test -tutorial -download 路由配置 inurl:pap-secrets -cvs inurl:perform filetype:ini inurl:secring ext:skr | ext:pgp | ext:bak inurl:vtund.conf intext:pass -cvs inurl:zebra.conf intext:password -sample -test -tutorial -download "Generated by phpSystem" "generated by wwwstat" "Host Vulnerability Summary Report" ] "HTTP_FROM=googlebot" googlebot.com "Server_Software=" "Index of" / "chat/logs" 聊天室 "Installed Objects Scanner" inurl:default.asp "Mecury Version" "Infastructure Group" "Microsoft (R) Windows * (TM) Version * DrWtsn Copyright (C)" ext:log "Most Submitted Forms and Scripts" "this section" "Network Vulnerability Assessment Report" "not for distribution" confidential "phone * * *" "address *" "e-mail" intitle:"curriculum vitae" "phpMyAdmin" "running on" inurl:"main.php" "produced by getstats" "Request Details" "Control Tree" "Server Variables" "robots.txt" "Disallow:" filetype:txt "Running in Child mode" "sets mode: +p" "sets mode: +s" "Thank you for your order" +receipt "This is a Shareaza Node" "This report was generated by WebLog" ( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject (inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt -site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp FBR "ADOBE PHOTOSHOP" AIM buddy lists allinurl:/examples/jsp/snp/snoop.jsp allinurl:servlet/SnoopServlet cgiirc.conf data filetype:mdb -site:gov -site:mil exported email addresses ext:asp inurl:pathto.asp ext:cgi inurl:editcgi.cgi inurl:file= ext:conf inurl:rsyncd.conf -cvs -man ext:conf NoCatAuth -cvs ext:dat bpk.dat ext:gho gho ext:ini intext:env.ini ext:ldif ldif ext:log "Software: Microsoft Internet Information Services *.*" ------------------------------------------------------------------------------------------ ext:mdb inurl:*.mdb inurl:fpdb shop.mdb filetype:bkf bkf filetype:blt "buddylist" filetype:blt blt +intext:screenname filetype:cfg auto_inst.cfg filetype:conf inurl:firewall -intitle:cvs filetype:config web.config -CVS filetype:ctt ctt messenger filetype:fp fp filetype:fp fp -site:gov -site:mil -"cvs log" filetype:inf inurl:capolicy.inf filetype:lic lic intext:key filetype:myd myd -CVS filetype:ns ns filetype:ora ora filetype:ora tnsnames filetype:pdb pdb backup (Pilot | Pluckerdb) filetype:pot inurl:john.pot ------------------------------------------------------------------------------------------------------------------ filetype:pst inurl:"outlook.pst" filetype:pst pst -from -to -date filetype:qbb qbb filetype:rdp rdp filetype:reg "Terminal Server Client" filetype:vcs vcs filetype:wab wab filetype:xls -site:gov inurl:contact filetype:xls inurl:"email.xls" Financial spreadsheets: finance.xls Financial spreadsheets: finances.xls Ganglia Cluster Reports haccess.ctl (one way) haccess.ctl (VERY reliable) ICQ chat logs, please... iletype:log cron.log intext:"Session Start * * * *:*:* *" filetype:log intext:"Tobias Oetiker" "traffic analysis" intext:(password | passcode) intext:(username | userid | user) filetype:csv intext:gmail invite intext:http://gmail.google.com/gmail/a intext:SQLiteManager inurl:main.php intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html) intitle:"AppServ Open Project" -site:www.appservnetwork.com intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "- weppos" intitle:"FTP root at" intitle:"index of" +myd size intitle:"Index Of" -inurl:maillog maillog size intitle:"Index Of" cookies.txt size intitle:"index of" mysql.conf OR mysql_config intitle:"Index of" upload size parent directory intitle:"index.of" .diz .nfo last modified intitle:"Multimon UPS status page" intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php ) intitle:"PhpMyExplorer" inurl:"index.php" -cvs --------------------------------------------------------------------- intitle:"statistics of" "advanced web statistics" intitle:"System Statistics" +"System and Network Information Center" intitle:"Usage Statistics for" "Generated by Webalizer" intitle:"wbem" compaq login "Compaq Information Technologies Group" intitle:"Web Server Statistics for ****" intitle:"web server status" SSH Telnet intitle:"welcome.to.squeezebox" intitle:admin intitle:login intitle:index.of "Apache" "server at" intitle:index.of cleanup.log intitle:index.of dead.letter intitle:index.of inbox intitle:index.of inbox dbx intitle:intranet inurl:intranet +intext:"phone" inurl:"/axs/ax-admin.pl" -script inurl:"/cricket/grapher.cgi" inurl:"bookmark.htm" inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM inurl:"newsletter/admin/" inurl:"newsletter/admin/" intitle:"newsletter admin" inurl:"putty.reg" inurl:"smb.conf" intext:"workgroup" filetype:conf conf ---------------------------------------------------------------------------------------------------------- Welcome to ntop! "adding new user" inurl:addnewuser -"there are no domains" (inurl:/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ") filetype:php HAXPLORER "Server Files Browser" intitle:"Web Data Administrator - Login" inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx PHP Shell (unprotected) PHPKonsole PHPShell filetype:php -echo Public PHP FileManagers "index of" / picasa.ini "index of" inurl:recycler "Index of" rar r nfo Modified "intitle:Index.Of /" stats merchant cgi-* etc "Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" ) "Web File Browser" "Use regular expression" filetype:ini Desktop.ini intext:mydocs.dll intext:"d.aspx?id" || inurl:"d.aspx?id" intext:"Powered By: TotalIndex" intitle:"TotalIndex" intitle:"album permissions" "Users who can modify photos" "EVERYBODY" intitle:"Directory Listing For" intext:Tomcat -intitle:Tomcat intitle:"HFS /" +"HttpFileServer" intitle:"Index of *" inurl:"my shared folder" size modified ------------------------------------------------------------------------------------------------------------------- "File Upload Manager v." "rename to" ext:asp "powered by DUForum" inurl:(messages|details|login|default|register) -site:duware.com ext:asp inurl:DUgallery intitle:"." -site:dugallery.com -site:duware.com ext:cgi inurl:ubb_test ezBOO "Administrator Panel" -cvs filetype:cgi inurl:cachemgr.cgi filetype:cnf my.cnf -cvs -example filetype:inc inc intext:setcookie filetype:php inurl:"viewfile" -"index.php" -"idfil filetype:wsdl wsdl intitle:"ASP FileMan" Resend -site:iisworks.com intitle:"Index of /" modified php.exe intitle:"phpremoteview" filetype:php "Name, Size, Type, Modify" inurl:" WWWADMIN.PL" intitle:"wwwadmin" inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy" inurl:"plog/register.php" inurl:cgi.asx?StoreID inurl:robpoll.cgi filetype:cgi The Master List "More Info about MetaCart Free" 原文地址 http://www.blog.edu.cn/user2/61451/archives/2006/1093748.shtml
posted on 2007-05-26 13:08 MEYE 阅读(1279) 评论(0)  编辑  收藏

只有注册用户登录后才能发表评论。


网站导航: