z archiwum XGoogle - prawda jest tu

pneuma · 15 Czerwca 2004

Dziś spróbujmy znaleźć to czego jako uzytkownicy stron nie powinniśmy znaleźć i do czego najczęściej nie mamy dostepu, mają za to roboty wyszukujące jak googlebot.
Poszukajmy uzywając google,

disallow inurl:robots

w końcu w robots.txt są katalogi i pliki, których użytkownicy z zewnątrz nie powinni ogladać.

Macie rację robots.txt tez najczęściej jest "zabronione", ale przecież google indeksuje robots.txt i ma je w caechu!.

Podobnie jest z szukaniem

disallow phpmyadmin inurl:robots

(exploity https://www.packetstormsecurity.org/0402-ex...dmin255pl1.txt)

warto zobaczyć:

Google - https://www.google.com/robots.txt

Biały dom: https://www.whitehouse.gov/robots.txt

i jeszcze

Google a Dream come true





****************************** ComSec ***********************************



article by: ComSec



date: 25.5.2003



Simplified







INTRO=========



a week or so back i had an e-mail from a friend (FLW) asking me if i had any info on google search tips



he was surprised on the amount of info available and open via google...this got me thinking , well i have seen many various search strings in several papers....so i thought i would put them all together on the one page...and up-date as new one are discovered...so if i missed any to be added to the list please let me know and i shall add some more....







*********************************************************************************************************************************************

WARNING:::i hold no responsibility for what you do via the information supplied here...this is for educational purpose only , use at your own risk you have been warned

*********************************************************************************************************************************************



thanks



ComSec aka ZSL





SUMMERY=======



Everyone knows google in the security sector...and what a powerful tool it is , just by entering certain search strings you can gain a vast amount of knowledge and information of your chosen target...often revealing sensitive data...this is all down to badly configured systems...brought on by sloppy administration allowing directory indexing and accessing , password files , log entrys , files , paths ,etc , etc





Search Tips



so how do we start ?



the common search inputs below will give you an idea...for instance if you want to search for the an index of "root"



in the search box put in exactly as you see it below



==================



example 1:





allintitle: "index of/root"





result:



<a href="<a href="<a href="<a href="https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search">https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search</a>"><a href="https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search">https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search</a></a>"><a href="<a href="https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search">https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search</a>"><a href="https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search">https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search</a></a></a>"><a href="<a href="<a href="https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search">https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search</a>"><a href="https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search">https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search</a></a>"><a href="<a href="https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search">https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search</a>"><a href="https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search">https://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search</a></a></a></a>



what it reveals is 2,510 pages that you can possible browse at your will...



====================



example 2





inurl:"auth_user_file.txt"



<a href="<a href="<a href="<a href="https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search">https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search</a>"><a href="https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search">https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search</a></a>"><a href="<a href="https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search">https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search</a>"><a href="https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search">https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search</a></a></a>"><a href="<a href="<a href="https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search">https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search</a>"><a href="https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search">https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search</a></a>"><a href="<a href="https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search">https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search</a>"><a href="https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search">https://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search</a></a></a></a>



this result spawned 414 possible files to access



here is an actual file retrieved from a site and edited , we know who the admin is and we have the hashes thats a job for JTR (john the ripper)



txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on

qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on



with the many variations below it should keep you busy for a long time mixing them  reveals many different permutations



*************************************



SEARCH PATHS....... more to be added



*************************************



"Index of /admin" 

"Index of /password"

"Index of /mail"

"Index of /" +passwd

"Index of /" +password.txt

"Index of /" +.htaccess

index of ftp +.mdb allinurl:/cgi-bin/ +mailto



administrators.pwd.index

authors.pwd.index

service.pwd.index

filetype:config web

gobal.asax index



allintitle: "index of/admin"

allintitle: "index of/root"

allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov



inurl:passwd filetype:txt

inurl:admin filetype:db

inurl:iisadmin

inurl:"auth_user_file.txt"

inurl:"wwwroot/*."





top secret site:mil

confidential site:mil



allinurl: winnt/system32/ (get cmd.exe)

allinurl:/bash_history



intitle:"Index of" .sh_history

intitle:"Index of" .bash_history

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"index of" etc/shadow

intitle:"index of" spwd

intitle:"index of" master.passwd

intitle:"index of" htpasswd

intitle:"index of" members OR accounts 

intitle:"index of" user_carts OR user_cart



ALTERNATIVE INPUTS====================



_vti_inf.html 

service.pwd 

users.pwd 

authors.pwd 

administrators.pwd 

shtml.dll 

shtml.exe 

fpcount.exe 

default.asp 

showcode.asp 

sendmail.cfm 

getFile.cfm 

imagemap.exe 

test.bat 

msadcs.dll 

htimage.exe 

counter.exe 

browser.inc 

hello.bat 

default.asp 

dvwssr.dll 

cart32.exe 

add.exe 

index.jsp 

SessionServlet 

shtml.dll 

index.cfm 

page.cfm 

shtml.exe 

web_store.cgi 

shop.cgi 

upload.asp 

default.asp 

pbserver.dll 

phf 

test-cgi 

finger 

Count.cgi 

jj 

php.cgi 

php 

nph-test-cgi 

handler 

webdist.cgi 

webgais 

websendmail 

faxsurvey 

htmlscript 

perl.exe 

wwwboard.pl 

www-sql 

view-source 

campas 

aglimpse 

glimpse 

man.sh 

AT-admin.cgi 

AT-generate.cgi 

filemail.pl 

maillist.pl 

info2www 

files.pl 

bnbform.cgi 

survey.cgi 

classifieds.cgi 

wrap 

cgiwrap 

edit.pl 

perl 

names.nsf 

webgais 

dumpenv.pl 

test.cgi 

submit.cgi 

guestbook.cgi 

guestbook.pl 

cachemgr.cgi 

responder.cgi 

perlshop.cgi 

query 

w3-msql 

plusmail 

htsearch 

infosrch.cgi 

publisher 

ultraboard.cgi 

db.cgi 

formmail.cgi 

allmanage.pl 

ssi 

adpassword.txt 

redirect.cgi 

cvsweb.cgi 

login.jsp 

dbconnect.inc 

admin 

htgrep 

wais.pl 

amadmin.pl 

subscribe.pl 

news.cgi 

auctionweaver.pl 

.htpasswd 

acid_main.php 

access.log 

log.htm 

log.html 

log.txt 

logfile 

logfile.htm 

logfile.html 

logfile.txt 

logger.html 

stat.htm 

stats.htm 

stats.html 

stats.txt 

webaccess.htm 

wwwstats.html 

source.asp 

perl 

mailto.cgi 

YaBB.pl 

mailform.pl 

cached_feed.cgi 

global.cgi 

Search.pl 

build.cgi 

common.php 

show 

global.inc 

ad.cgi 

WSFTP.LOG 

index.html~ 

index.php~ 

index.html.bak 

index.php.bak 

print.cgi 

register.cgi 

webdriver 

bbs_forum.cgi 

mysql.class 

sendmail.inc 

CrazyWWWBoard.cgi 

search.pl 

way-board.cgi 

webpage.cgi 

pwd.dat 

adcycle 

post-query 

help.cgi 





there are to many people to thank for the bits of information cut and pasted and added to form this paper

most have been collected from various forums , txt , doc's etc...like to thank you all, its not intended to rip anyone

its just a combo of various search inputs...put on the one Paper to use as a reference.





EOF

https://comsec.governmentsecurity.org