October 1, 2009

கூகுள் தேடலில் பாஸ்வேர்டுகள்...

* ஒரு FTP Client அதனுடைய log file ஐ சேமித்து வைத்திருக்கிறது. அந்த பைலின் பெயர் ws_ftp.ini. இதனை access செய்வதன் மூலம் ftp ன் தகவல்களை பெற முடியும். அதற்கான keyword,
"intitle:index of ws_ftp.ini"

* Front Page மூலம் தயாரிக்கப்படும் தளங்களில் அதன் பயனர் பெயர் மற்றும் கடவுச்சொல் http://domainame/_vti_pvt/service.pwd என்னும் இடத்தில் சேமிக்கப்பட்டிருக்கும். அந்த கடவுச்சொல் Encrypted ஆக இருக்கும். அதனை Decrypt செய்ய John the Ripper பயன்படுத்தலாம். அதற்கான Keyword,

"inurl:service.pwd"

* சில தளங்களில் பயனர் பெயர் மற்றும் கடவுச்சொல் ஒரு log பைல் ஆக சேமித்து வைக்கப்பட்டிருக்கும் அவற்றை பெற,

file type:log inurl:"password.log"


* VNC Desktop கணிணிகளை login செய்ய,
"VNC Desktop" inurl:5800 (இங்கு 5800 என்பது Port Number) இவை பெரும்பாலும் Password Protected ஆக இருக்கும்.

* சில Folder களில் கடவுச் சொற்களை சேமித்து வைக்கப்பட்டிருக்கும். அவற்றை பார்க்க,
intitle:"index of' passwords.

இதே போல சில Keywords,

ftp://” “www.eastgame.net”
“html allowed” guestbook
“Powered by: vBulletin Version 1.1.5″
“Select a database to view” intitle:”filemaker pro”
“set up the administrator user” inurl:pivot
“There are no Administrators Accounts” inurl:admin.php -mysql_fetch_row
“Welcome to Administration” “General” “Local Domains” “SMTP Authentication” inurl:admin
“Welcome to Intranet”
“Welcome to PHP-Nuke” congratulations
“Welcome to the Prestige Web-Based Configurator”
“YaBB SE Dev Team”
“you can now password” | “this is a special page only seen by you. your profile visitors” inurl:imchaos
(”Indexed.By”|”Monitored.By”) hAcxFtpScan
(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)
allinurl:”index.php” “site=sglinks”
allinurl:install/install.php
allinurl:intranet admin
filetype:cgi inurl:”fileman.cgi”
filetype:cgi inurl:”Web_Store.cgi”
filetype:php inurl:vAuthenticate
filetype:pl intitle:”Ultraboard Setup”
Gallery in configuration mode
Hassan Consulting’s Shopping Cart Version 1.18
intext:”Warning: * am able * write ** configuration file” “includes/configure.php” -Forums
intitle:”Gateway Configuration Menu”
intitle:”Horde :: My Portal” -”[Tickets”
intitle:”Mail Server CMailServer Webmail” “5.2″
intitle:”MvBlog powered”
intitle:”Remote Desktop Web Connection”
intitle:”Samba Web Administration Tool” intext:”Help Workgroup”
intitle:”Terminal Services Web Connection”
intitle:”Uploader - Uploader v6″ -pixloads.com
intitle:osCommerce inurl:admin intext:”redistributable under the GNU” intext:”Online Catalog” -demo -site:oscommerce.com
intitle:phpMyAdmin “Welcome to phpMyAdmin ***” “running on * as root@*”
intitle:phpMyAdmin “Welcome to phpMyAdmin ***” “running on * as root@*”
inurl:”/NSearch/AdminServlet”
inurl:”index.php? module=ew_filemanager”
inurl:aol*/_do/rss_popup?blogID=
inurl:footer.inc.php
inurl:info.inc.php
inurl:ManyServers.htm
inurl:newsdesk.cgi? inurl:”t=”
inurl:pls/admin_/gateway.htm
inurl:rpSys.html
inurl:search.php vbulletin
inurl:servlet/webacc
natterchat inurl:home.asp -site:natterchat.co.uk
XOOPS Custom Installation
intitle:”Welcome to the Advanced Extranet Server, ADVX!”
“About Mac OS Personal Web Sharing”
“AnWeb/1.42h” intitle:index.of
“CERN httpd 3.0B (VAX VMS)”
“httpd+ssl/kttd” * server at intitle:index.of
“JRun Web Server” intitle:index.of
“MaXX/3.1″ intitle:index.of
“Microsoft-IIS/* server at” intitle:index.of
“Microsoft-IIS/4.0″ intitle:index.of
“Microsoft-IIS/5.0 server at”
“Microsoft-IIS/6.0″ intitle:index.of
“Netware * Home” inurl:nav.html
“Novell, Inc” WEBACCESS Username Password “Version *.*” Copyright -inurl:help -guides|guide
“OmniHTTPd/2.10″ intitle:index.of
“OpenSA/1.0.4″ intitle:index.of
“powered by” “shoutstats” hourly daily
“Red Hat Secure/2.0″
“Red Hat Secure/3.0 server at”
“seeing this instead” intitle:”test page for apache”
“Switch to table format” inurl:table|plain
(intitle:”502 Proxy Error”)|(intitle:”503 Proxy Error”) “The proxy server could not handle the request” -topic -mail -4suite -list -site:geocrawler.co
(inurl:81-cobalt | inurl:cgi-bin/.cobalt)
aboutprinter.shtml (More Xerox printers on the web!)
allintext:”Powered by LionMax Software” “WWW File Share”
allintitle:Netscape FastTrack Server Home Page
allinurl:”.nsconfig” -sample -howto -tutorial
Apache online documentation
Environment vars
fitweb-wwws * server at intitle:index.of
IIS 4.0
index_i.shtml Ready (Xerox printers on the web!)
intext:”404 Object Not Found” Microsoft-IIS/5.0
intext:”Target Multicast Group” “beacon”
intitle:”300 multiple choices”
intitle:”Apache Status” “Apache Server Status for”
intitle:”Directory Listing, Index of /*/”
intitle:”Document title goes here” intitle:”used by web search tools” ” example of a simple Home Page”
intitle:”error 404″ “From RFC 2068 ”
intitle:”IPC@CHIP Infopage”
intitle:”Lotus Domino Go Webserver:” “Tuning your webserver” -site:ibm.com
intitle:”Object not found!” intext:”Apache/2.0.* (Linux/SuSE)”
intitle:”Object not found” netware “apache 1..”
intitle:”Open WebMail” “Open WebMail version (2.20|2.21|2.30) ”
intitle:”Resin Default Home Page”
intitle:”Shoutcast Administrator”
intitle:”Test Page for Apache”
intitle:”Test Page for Apache” “It Worked!”
intitle:”Test Page for Apache” “It Worked!” “on this web”
intitle:”Test Page for the Apache HTTP Server on Fedora Core” intext:”Fedora Core Test Page”
intitle:”Welcome to 602LAN SUITE *”
intitle:”welcome to mono xsp”
intitle:”Welcome to Windows Small Business Server 2003″
intitle:”Welcome To Xitami” -site:xitami.com
intitle:”Welcome to Your New Home Page!” “by the Debian release”
intitle:”Welcome To Your WebSTAR Home Page”
intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889)
intitle:Snap.Server inurl:Func=
inurl:2506/jana-admin
inurl:domcfg.nsf
inurl:nnls_brand.html OR inurl:nnls_nav.html
inurl:oraweb -site:oraweb.org
inurl:tech-support inurl:show Cisco
inurl:wl.exe inurl:?SS1= intext:”Operating system:” -edu -gov -mil
OpenBSD running Apache
Powered.by.RaidenHTTPD intitle:index.of
Red Hat Unix Administration
SEDWebserver * server +at intitle:index.of
thttpd webserver
Windows 2000 Internet Services
XAMPP “inurl:xampp/index”
yaws.*.server.at