INI ADALAH TABEL KATA-KATA KUNCI
UNTUK MENDAPATKAN PASSWORD
-------------------
KATA KUNCI | KETERANGAN
-------------------
inurl:/db/main.mdb |ASP-Nuke passwords
-------------------
filetype:cfm "cfapplication |ColdFusion source with potential passwords
name" password
-------------------
filetypeass |dbman credentials
pass intext:userid
-------------------
allinurl:auth_user_file.txt |DCForum user passwords
-------------------
eggdrop filetype:user user |Eggdrop IRC user credentials
-------------------
filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
-------------------
filetype:url +inurl:"ftp://" |FTP bookmarks cleartext passwords
+inurl:"@"
-------------------
inurl:zebra.conf intext: |GNU Zebra passwords
password -sample -test
-tutorial -download
-------------------
filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
-------------------
intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
"htgroup" -intitle:"dist"
-apache -htpasswd.c
-------------------
intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
htpasswd.bak
-------------------
"http://*:*@www" bob:bob |HTTP passwords (bob is a sample username)
-------------------
"sets mode: +k" |IRC channel keys (passwords)
-------------------
"Your password is * |Remember IRC NickServ registration passwords
this for later use"
-------------------
signin filetype:url |JavaScript authentication credentials
-------------------
LeapFTP intitle:"index.of./" |LeapFTP client login credentials
sites.ini modified
-------------------
inurl:lilo.conf filetype:conf |LILO passwords
password -tatercounter2000
-bootpwd -man
-------------------
filetype:config config intext: |Microsoft .NET application credentials
appSettings "User ID"
-------------------
filetypewd service |Microsoft FrontPage Service Web passwords
-------------------
intitle:index.of |Microsoft FrontPage Web credentials
administrators.pwd
-------------------
"# -FrontPage-" |Microsoft FrontPage Web passwords
inurl:service.pwd
extwd inurl:_vti_pvt inurl: |Microsoft FrontPage Web passwords
(Service | authors | administrators)
-------------------
inurlerform filetype:ini |mIRC nickserv credentials
-------------------
intitle:"index of" intext: |mySQL database credentials
connect.inc
-------------------
intitle:"index of" intext: |mySQL database credentials
globals.inc
-------------------
filetype:conf oekakibbs |Oekakibss user passwords
-------------------
filetype:dat wand.dat |Opera' ÄúMagic Wand'Äù Web credentials
-------------------
inurl:ospfd.conf intext: |OSPF Daemon Passwords
password -sample -test
-tutorial -download
-------------------
index.of passlist |Passlist user credentials
-------------------
inurlasslist.txt |passlist.txt file user credentials
-------------------
filetype:dat "password.dat" |password.dat files
-------------------
inurlassword.log filetype:log |password.log file reveals usernames,
|passwords,and hostnames
-------------------
filetype:log inurl:"password.log" |password.log files cleartext
|passwords
-------------------
inurleople.lst filetype:lst |People.lst generic password file
-------------------
intitle:index.of config.php |PHP Configuration File database
|credentials
-------------------
inurl:config.php dbuname dbpass |PHP Configuration File database
|credentials
-------------------
inurl:nuke filetype:sql |PHP-Nuke credentials
-------------------
filetype:conf inurlsybnc.conf |psyBNC IRC user credentials
"USER.PASS="
-------------------
filetype:ini ServUDaemon |servU FTP Daemon credentials
-------------------
filetype:conf slapd.conf |slapd configuration files root password
-------------------
inurl:"slapd.conf" intext: |slapd LDAP credentials
"credentials" -manpage
-"Manual Page" -man: -sample
-------------------
inurl:"slapd.conf" intext: |slapd LDAP root password
"rootpw" -manpage
-"Manual Page" -man: -sample
-------------------
filetype:sql "IDENTIFIED BY" -cvs |SQL passwords
-------------------
filetype:sql password |SQL passwords
-------------------
filetype:ini wcx_ftp |Total Commander FTP passwords
-------------------
filetype:netrc password |UNIX .netrc user credentials
-------------------
index.of.etc |UNIX /etc directories contain
|various credential files
-------------------
intitle:"Index of..etc" passwd |UNIX /etc/passwd user credentials
-------------------
intitle:index.of passwd |UNIX /etc/passwd user credentials
passwd.bak
-------------------
intitle:"Index of" pwd.db |UNIX /etc/pwd.db credentials
-------------------
intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
-------------------
intitle:index.of master.passwd |UNIX master.passwd user credentials
-------------------
intitle:"Index of" spwd.db |UNIX spwd.db credentials
passwd -pam.conf
-------------------
filetype:bak inurl:"htaccess| |UNIX various password file backups
passwd|shadow|htusers
-------------------
filetype:inc dbconn |Various database credentials
-------------------
filetype:inc intext:mysql_ |Various database credentials, server names
connect
-------------------
filetyperoperties inurl:db |Various database credentials, server names
intextassword
-------------------
inurl:vtund.conf intextass -cvs |Virtual Tunnel Daemon passwords
-------------------
inurl:"wvdial.conf" intext: |wdial dialup user credentials
"password"
-------------------
filetype:mdb wwforum |Web Wiz Forums Web credentials
-------------------
"AutoCreate=TRUE password=*" |Website Access Analyzer user passwords
-------------------
filetypewl pwl |Windows Password List user credentials
-------------------
filetype:reg reg +intext: |Windows Registry Keys containing user
"defaultusername" intext: |credentials
"defaultpassword"
-------------------
filetype:reg reg +intext: |Windows Registry Keys containing user
"internet account manager" |credentials
-------------------
"index of/" "ws_ftp.ini" |WS_FTP FTP credentials
"parent directory"
-------------------
filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
-------------------
inurl:/wwwboard |wwwboard user credentials
site:google.com fox -> akan mencari kata fox di situs google.com
intitle:fox fire -> akan mencari semua site yang ada kata fox dan didalamnya terdapat teks fire
allintitle:fox fire -> akan mencari semua site yang memiliki title fox dan yang memiliki title fire atau = intitle:fox intitle:fire
inurl:fox fire -> akan mencari kata fire di website yang url nya terdapat fox
filetype:pdf fire -> akan mencari file PDF yang didalamnya terdapat kata fire
numrange:1-100 fire -> akan mencari range 1-100 yang terdapat kata fire
link:www.google.com -> akan mencari site site mana aja yang memiliki links ke google.com
inanchor:fire -> akan mencari web yang memiliki deskripsi fire
/ * - + ""
"Apache/1.3.28 Server at" intitle:index.of
-> Apache 1.3.28
"Apache/2.0 Server at" intitle:index.of
-> Apache 2.0
"Apache/* Server at" intitle:index.of
-> semua versi dari Apache
"Microsoft-IIS/4.0 Server at" intitle:index.of
-> Microsoft Internet Information Services 4.0
"Microsoft-IIS/5.0 Server at" intitle:index.of
-> Microsoft Internet Information Services 5.0
"Microsoft-IIS/6.0 Server at" intitle:index.of
-> Microsoft Internet Information Services 6.0
"Microsoft-IIS/* Server at" intitle:index.of
-> semua versi dari Microsoft Internet Information Services
"Oracle HTTP Server/* Server at" intitle:index.of
-> semua versi dari Oracle HTTP Server
"IBM _ HTTP _ Server/* * Server at" intitle:index.of
-> semua versi dari IBM HTTP Server
"Netscape/* Server at" intitle:index.of
-> semua versi dari Netscape Server
"Red Hat Secure/*" intitle:index.of
-> semua versi dari the Red Hat Secure server
"HP Apache-based Web Server/*" intitle:index.of
-> semua versi dari the HP server
Beberapa Bug pada Skripts dapat ditemukan google:
"Generated by phpSystem"
-> dapat menemukan operating system type and version, hardware configuration, logged users, open connections, free memory dan disk space, mount points
"This summary was generated by wwwstat"
-> web server statistics, system file structure
"These statistics were produced by getstats"
->web server statistics, system file structure
"This report was generated by WebLog"
->web server statistics, system file structure
intext:"Tobias Oetiker" "traffic analysis"
->system performance statistics as MRTG charts, network configuration
intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)
->server version, operating system type, child process list,current connections
intitle:"ASP Stats Generator *.*" "
->ASP Stats
Generator" "2003-2004 weppos"
->web server activity, lots of visitor information
intitle:"Multimon UPS status page"
->UPS device performance statistics
intitle:"statistics of" "advanced web statistics"
->web server statistics, visitor information
intitle:"System Statistics" +"System and Network Information Center"
->system performance statistics as MRTG charts, hardware configuration, running services
intitle:"Usage Statistics for" "Generated by Webalizer"
->web server statistics, visitor information, system file structure
intitle:"Web Server Statistics for ****"
->web server statistics, visitor information
inurl:"/axs/ax-admin.pl" -script
->web server statistics, visitor information
inurl:"/cricket/grapher.cgi"
->MRTG charts of network interface performance
inurl:server-info "Apache Server Information"
->web server version and configuration, operating system type, system file structure
"Output produced by SysWatch *"
->operating system type and version, logged users, free memory and disk space, mount points, running processes,system logs
"A syntax error has occurred" filetype:ihtml
->Informix database errors, berpotensial untuk mengambil function names, filenames, file structure information, pieces of SQL code and passwords
"Access denied for user" "Using password"
->authorisation errors, berpotensial untuk mengambil user names, function names, file structure information and pieces of SQL code
"The script whose uid is " "is not allowed to access"
->access-related PHP errors, berpotensial untuk mengambil filenames, function names and file structure information
"ORA-00921: unexpected end of SQL command"
->Oracle database errors, berpotensial untuk mengambil filenames, function names and file structure information
"error found handling the request" cocoon filetype:xml
->Cocoon errors, berpotensial untuk mengambil Cocoon version information, filenames, function names and file structure information
"Invision Power Board Database Error"
->Invision Power Board bulletin board errors, berpotensial untuk mengambil function names, filenames, file structure information and piece of SQL code
"Warning: mysql _ query()" "invalid query"
->MySQL database errors, berpotensial untuk mengambil user names, function names, filenames and file structure information
"Error Message : Error loading required libraries."
->CGI script errors, berpotensial untuk mengambil information about operating system and program versions, user names, filenames and file structure information
"#mysql dump" filetype:sql
->MySQL database errors, berpotensial untuk mengambil informasi database structure dan contents
kumpulan secara garis besar lokasi password sebuah sistem yang dapat diakses oleh google
"http://*:*@www"
site passwords for site, stored as the string
"http://username: password@www…" filetype:bak inurl:"htaccess|passwd|shadow|ht users"
file backups, berpotensial untuk mengambil user names and passwords
filetype:mdb inurl:"account|users|admin|administrators|passwd|password"
mdb files, berpotensial untuk mengambil password information
intitle:"Index of" pwd.db
pwd.db files, berpotensial untuk mengambil user names and encrypted passwords
inurl:admin inurl:backup intitle:index.of
directories whose names contain the words admin and backup
"Index of/" "Parent Directory" "WS _ FTP.ini" filetype:ini WS _ FTP PWD
WS_FTP configuration files, berpotensial untuk mengambil FTP server access passwords
ext:pwd inurl:(service|authors|administrators|users) "# -FrontPage-"
Terdapat Microsoft FrontPage passwords
filetype:sql ("passwd values ****" |"password values ****" | "pass values ****" )
Terdapat SQL code and passwords yang disimpan dalam a database
intitle:index.of trillian.ini
configuration files for the Trillian IM
eggdrop filetype:user
user configuration files for the Eggdrop ircbot
filetype:conf slapd.conf configuration files for OpenLDAP
inurl:"wvdial.conf" intext:"password" configuration files for WV Dial
ext:ini eudora.ini configuration files for the Eudora mail client
filetype:mdb inurl:users.mdb
Microsoft Access files, berpotensial untuk mengambil user account information
intext:"powered by Web Wiz Journal"
websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file - just enter http:///journal/journal.mdb instead of the default http:///journal/
"Powered by DUclassified" -site:duware.com
"Powered by DUcalendar" -site:duware.com
"Powered by DUdirectory" -site:duware.com
"Powered by DUclassmate" -site:duware.com
"Powered by DUdownload" -site:duware.com
"Powered by DUpaypal" -site:duware.com
"Powered by DUforum" -site:duware.com
intitle:dupics inurl:(add.asp | default.asp |view.asp | voting.asp) -site:duware.com
websites yang menggunakan DUclassified, DUcalendar, DUdirectory, DUclassmate, DUdownload, DUpaypal, DUforum or DUpics applications, secara default memungkinkan kita untuk mengambil passwords file
- untuk DUclassified, just enter http:///duClassified/ _private/duclassified.mdb
atau http:///duClassified/
intext:"BiTBOARD v2.0? "BiTSHiFTERS Bulletin Board"
website yang menggunakan Bitboard2 bulletin board, secara default settings memungkinkan kita untuk mengambil passwords file to be obtained
- dengan cara http:///forum/admin/data _ passwd.dat
atau http:///forum/forum.php
Mencari Dokumen khusus ?
filetype:xls inurl:"email.xls" email.xls
files, berpotensial untuk mengambil contact information
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
CVs
"not for distribution"
confidential documents containing the confidential clause
buddylist.blt
AIM contacts list
intitle:index.of mystuff.xml
Trillian IM contacts list
filetype:ctt "msn"
MSN contacts list
filetype:QDF
QDF database files for the Quicken financial application
intitle:index.of finances.xls
finances.xls files, berpotensial untuk mengambil information on bank accounts, financial summaries and credit card numbers
intitle:"Index Of" -inurl:maillog maillog size maillog files, berpotensial untuk mengambil e-mail
"Network Vulnerability Assessment Report"
"Host Vulnerability Summary Report"
filetype:pdf "Assessment Report"
"This file was generated by Nessus"
reports for network security scans, penetration tests etc. On the Net
untuk lebih kreatifnya bisa di coba coba sendiri, okeh
reference:
http://johnny.ihackstuff.com - largest repository of data on Google hacking,
http://insecure.org/nmap/ - Nmap network scanner,
http://thc.org/thc-amap/ - amap network scanner.
pdf 55 ways to have fun with google (dapet dari downloadshare.info tapi udah closed situsnya) tapi ngga sampe segitu parah deh, but anyway thank for info
ColorPicker.com : Quick Online Color Picker Tool
yah, website ini memudahkan kita untuk memilih dan mengambil warna,
lockbox
Freeware ini bisa dipake untuk nyembunyiin folder, mpassword folder, dll, cocok untuk menghindari serangan orang IT
KATA KUNCI | KETERANGAN
-------------------
inurl:admin inurl: |userlist Generic userlist files
-------------------
inurl:admin filetype: |asp Generic userlist files
inurl:userlist |
-------------------
inurl: |Half-life statistics file, lists username and
hlstats intext: |other information
Server Username |
-------------------
filetype:ctl |
inurl:haccess. |Microsoft FrontPage equivalent of htaccess
ctl Basic |shows Web user credentials
-------------------
filetype:reg |
reg intext: |Microsoft Internet Account Manager can
-------------------
"internet account manager" |reveal usernames and more
filetype:wab wab |Microsoft Outlook Express Mail address
|books
-------------------
filetype:mdb inurlrofiles |Microsoft Access databases containing
|profiles.
-------------------
index.of perform.ini |mIRC IRC ini file can list IRC usernames and
|other information
-------------------
inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
|used to discover usernames
-------------------
filetype:conf inurlroftpd. |PROFTP FTP server configuration file
conf -sample |reveals
|username and server information
-------------------
filetype:log username putty |PUTTY SSH client logs can reveal
|usernames
|and server information
-------------------
filetype:rdp rdp |Remote Desktop Connection files reveal user
|credentials
-------------------
intitle:index.of |UNIX bash shell history reveals commands
.bash_history |typed at a bash command prompt; usernames
|are often typed as argument strings
-------------------
intitle:index.of |UNIX shell history reveals commands typed at
.sh_history |a shell command prompt; usernames are
|often typed as argument strings
-------------------
"index of " lck |Various lock files list the user currently using
|a file
-------------------
+intext:webalizer +intext: |Webalizer Web statistics page lists Web user-
Total Usernames +intext: |names and statistical information
"Usage Statistics for"
-------------------
filetype:reg reg HKEY_ |Windows Registry exports can reveal
CURRENT_USER |username usernames and other information