Free Advertising Forums | Free Advertising Board | Post Free Ads Forum | Free Advertising Forums Directory | Best Free Advertising Methods | Advertising Forums - View Single Post - #▷▷ Trendz Sport Slip Resistant Work Boot Leather Low Mens ...

09-16-2011, 04:45 AM

常用的google关键字：
foo1 foo2 (也就是关联，比如搜索xx公司 xx美女)
operator:foo
filetype:123 类型
site:foo.com 相对直接看网站更有意思，可以得到许多意外的信息
intext:foo
intitle: fooltitle 标题哦
allinurl:foo 搜索xx网站的所有相关连接。（踩点必备）
links:foo 不要说就知道是它的相关链接
allintilte:foo.com
我们可以辅助"-" "+"来调整搜索的精确程度
直接搜索密码：(引号表示为精确搜索)
当然我们可以再延伸到上面的结果里进行二次搜索
"index of" htpasswd / passwd
filetype:xls username password email
"ws_ftp.log"
"config.php"
allinurl:admin mdb
service filetype:pwd ....或者某个比如pcanywhere的密码后缀cif等
越来越有意思了，再来点更敏感信息
"robots.txt" "Disallow:" filetype:txt
inurl:_vti_cnf (FrontPage的关键索引啦,skechers women，扫描器的CGI库一般都有地)
allinurl: /msadc/Samples/selector/showcode.asp
/../../../passwd
/examples/jsp/snp/snoop.jsp
phpsysinfo
intitle:index of /admin
intitle:"documetation"
inurl: 5800(vnc的端口)或者desktop port等多个关键字检索
webmin port 10000
inurl:/admin/login.asp
intext:Powered by GBook365
intitle:"php shell*" "Enable stderr" filetype:php 直接搜索到phpwebshell
foo.org filetype:inc
ipsec filetype:conf
intilte:"error occurred" ODBC request WHERE (select|insert) 说白了就是说,skechers shape up shoes，可以直接试着查查数据库检索，针对目前流行的sql注射，会发达哦
intitle:"php shell*" "Enable stderr" filetype:php
"Dumping data for table" username password
intitle:"Error using Hypernews"
"Server Software"
intitle:"HTTP_USER_AGENT=Googlebot"
"HTTP_USER_ANGET=Googlebot" THS ADMIN
filetype:.doc site:.mil classified 直接搜索军方相关word
检查多个关键字：
intitle:config confixx login password
"mydomain.com" nessus report
"report generated by"
"ipconfig"
"winipconfig"
google缓存利用（hoho，最有影响力的东西）推荐大家搜索时候多"选搜索所有网站"
特别推荐：administrator users 等相关的东西，比如名字,shape up skechers，生日等……最惨也可以拿来做字典嘛
cache:foo.com
可以查阅类似结果
先找找网站的管理后台地址：
site:xxxx.com intext:管理
site:xxxx.com inurl:login
site:xxxx.com intitle:管理
site:a2.xxxx.com inurl:file
site:a3.xxxx.com inurl:load
site:a2.xxxx.com intext:ftp://*:*
site:a2.xxxx.com filetype:asp
site:xxxx.com //得到N个二级域名
site:xxxx.com intext:*@xxxx.com //得到N个邮件地址,skechers shape ups，还有邮箱的主人的名字什么的
site:xxxx.com intext:电话 //N个电话
intitle:"index of" etc
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
"# -FrontPage-" inurl:service.pwd
allinurl:bbs data
filetype:mdb inurl:database
filetype:inc conn
inurl:data filetype:mdb
intitle:"index of" data
……
一些技巧集合：
3) "http://*:*@www" domainname 找一些ISP站点，可以查对方ip的虚拟主机
3
4) auth_user_file.txt 不实用了，太老了
5) The Master List 寻找邮件列表的
6) intitle:"welcome.to.squeezebox" 一种特殊的管理系统，默认开放端口90
7) passlist.txt (a better way) 字典
8) "A syntax error has occurred" filetype:ihtml
9) ext:php program_listing intitle:MythWeb.Program.Listing
10) intitle:index.of abyss.conf
11)ext:nbe nbe
12)intitle:"SWW link" "Please wait....."
13)
14) intitle:"Freifunk.Net - Status" -site:commando.de
15) intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."
17) intitle:open-xchange inurl:login.pl
20) intitle:"site administration: please log in" "site designed by emarketsouth"
21) ORA-00921: unexpected end of SQL command
22)intitle:"YALA: Yet Another LDAP Administrator"
23)welcome.to phpqladmin "Please login" -cvsweb
24)intitle:"SWW link" "Please wait....."
25)inurl:"port_255" -htm
27)intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."
这些是新的一些漏洞技巧,skechers shoes，在0days公告公布
ext:php program_listing intitle:MythWeb.Program.Listing
inurl:preferences.ini "[emule]"
intitle:"Index of /CFIDE/" administrator
"access denied for user" "using password"
ext:php intext:"Powered by phpNewMan Version" 可以看到：path/to/news/browse.php?clang=../../../../../../file/i/want
inurl:"/becommunity/community/index.php?pageurl="
intitle:"ASP FileMan" Resend -site:iisworks.com
"Enter ip" inurl:"php-ping.php"
ext:conf inurl:rsyncd.conf -cvs -man
intitle: private,shape up shoes, protected, secret, secure, winnt
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql
"allow_call_time_pass_reference" "PATH_INFO"
"Certificate Practice Statement" inurl:(PDF | DOC)
LeapFTP intitle:"index.of./" sites.ini modified
master.passwd
mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"
inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"powered by ducalendar" -site:duware.com
"Powered by Duclassified" -site:duware.com
"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
"powered by duclassmate" -site:duware.com
"Powered by Dudirectory" -site:duware.com
"powered by dudownload" -site:duware.com
"Powered By Elite Forum Version *.*"
"Powered by Link Department"
"sets mode: +k"
"Powered by DUpaypal" -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
etc (index.of)
ext:ini eudora.ini
ext:ini Version=... password
ext:txt inurl:unattend.txt
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:cfg mrtg "target[*]" -sample -cvs -example
filetype:cfm "cfapplication name" password
filetype:conf oekakibbs
filetype:conf sc_serv.conf
filetype:conf slapd.conf
filetype:config config intext:appSettings "User ID"
filetype:dat "password.dat"
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec copyright"
filetype:log inurl:"password.log"
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:netrc password
filetype:pass pass intext:userid
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pwd service
filetype:pwl pwl
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql ("values * MD" | "values * password" | "values * encrypt")
filetype:sql ("passwd values" | "password values" | "pass values" )
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password

09-16-2011, 04:45 AM	#4
ug4phggd Posts: n/a	常用的google关键字： foo1 foo2 (也就是关联，比如搜索xx公司 xx美女) operator:foo filetype:123 类型 site:foo.com 相对直接看网站更有意思，可以得到许多意外的信息 intext:foo intitle: fooltitle 标题哦 allinurl:foo 搜索xx网站的所有相关连接。（踩点必备） links:foo 不要说就知道是它的相关链接 allintilte:foo.com 我们可以辅助"-" "+"来调整搜索的精确程度直接搜索密码：(引号表示为精确搜索) 当然我们可以再延伸到上面的结果里进行二次搜索 "index of" htpasswd / passwd filetype:xls username password email "ws_ftp.log" "config.php" allinurl:admin mdb service filetype:pwd ....或者某个比如pcanywhere的密码后缀cif等越来越有意思了，再来点更敏感信息 "robots.txt" "Disallow:" filetype:txt inurl:_vti_cnf (FrontPage的关键索引啦,skechers women，扫描器的CGI库一般都有地) allinurl: /msadc/Samples/selector/showcode.asp /../../../passwd /examples/jsp/snp/snoop.jsp phpsysinfo intitle:index of /admin intitle:"documetation" inurl: 5800(vnc的端口)或者desktop port等多个关键字检索 webmin port 10000 inurl:/admin/login.asp intext:Powered by GBook365 intitle:"php shell" "Enable stderr" filetype:php 直接搜索到phpwebshell foo.org filetype:inc ipsec filetype:conf intilte:"error occurred" ODBC request WHERE (select\|insert) 说白了就是说,skechers shape up shoes，可以直接试着查查数据库检索，针对目前流行的sql注射，会发达哦 intitle:"php shell" "Enable stderr" filetype:php "Dumping data for table" username password intitle:"Error using Hypernews" "Server Software" intitle:"HTTP_USER_AGENT=Googlebot" "HTTP_USER_ANGET=Googlebot" THS ADMIN filetype:.doc site:.mil classified 直接搜索军方相关word 检查多个关键字： intitle:config confixx login password "mydomain.com" nessus report "report generated by" "ipconfig" "winipconfig" google缓存利用（hoho，最有影响力的东西）推荐大家搜索时候多"选搜索所有网站" 特别推荐：administrator users 等相关的东西，比如名字,shape up skechers，生日等……最惨也可以拿来做字典嘛 cache:foo.com 可以查阅类似结果先找找网站的管理后台地址： site:xxxx.com intext:管理 site:xxxx.com inurl:login site:xxxx.com intitle:管理 site:a2.xxxx.com inurl:file site:a3.xxxx.com inurl:load site:a2.xxxx.com intext:ftp://: site:a2.xxxx.com filetype:asp site:xxxx.com //得到N个二级域名 site:xxxx.com intext:@xxxx.com //得到N个邮件地址,skechers shape ups，还有邮箱的主人的名字什么的 site:xxxx.com intext:电话 //N个电话 intitle:"index of" etc intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd "# -FrontPage-" inurl:service.pwd allinurl:bbs data filetype:mdb inurl:database filetype:inc conn inurl:data filetype:mdb intitle:"index of" data …… 一些技巧集合： 3) "http://:@www" domainname 找一些ISP站点，可以查对方ip的虚拟主机 3 4) auth_user_file.txt 不实用了，太老了 5) The Master List 寻找邮件列表的 6) intitle:"welcome.to.squeezebox" 一种特殊的管理系统，默认开放端口90 7) passlist.txt (a better way) 字典 8) "A syntax error has occurred" filetype:ihtml 9) ext:php program_listing intitle:MythWeb.Program.Listing 10) intitle:index.of abyss.conf 11)ext:nbe nbe 12)intitle:"SWW link" "Please wait....." 13) 14) intitle:"Freifunk.Net - Status" -site:commando.de 15) intitle:"WorldClient" intext:"? (2003\|2004) Alt-N Technologies." 17) intitle:open-xchange inurl:login.pl 20) intitle:"site administration: please log in" "site designed by emarketsouth" 21) ORA-00921: unexpected end of SQL command 22)intitle:"YALA: Yet Another LDAP Administrator" 23)welcome.to phpqladmin "Please login" -cvsweb 24)intitle:"SWW link" "Please wait....." 25)inurl:"port_255" -htm 27)intitle:"WorldClient" intext:"? (2003\|2004) Alt-N Technologies." 这些是新的一些漏洞技巧,skechers shoes，在0days公告公布 ext:php program_listing intitle:MythWeb.Program.Listing inurl:preferences.ini "[emule]" intitle:"Index of /CFIDE/" administrator "access denied for user" "using password" ext:php intext:"Powered by phpNewMan Version" 可以看到：path/to/news/browse.php?clang=../../../../../../file/i/want inurl:"/becommunity/community/index.php?pageurl=" intitle:"ASP FileMan" Resend -site:iisworks.com "Enter ip" inurl:"php-ping.php" ext:conf inurl:rsyncd.conf -cvs -man intitle: private,shape up shoes, protected, secret, secure, winnt intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu "#mysql dump" filetype:sql "allow_call_time_pass_reference" "PATH_INFO" "Certificate Practice Statement" inurl:(PDF \| DOC) LeapFTP intitle:"index.of./" sites.ini modified master.passwd mysql history files NickServ registration passwords passlist passlist.txt (a better way) passwd passwd / etc (reliable) people.lst psyBNC config files pwd.db signin filetype:url spwd.db / passwd trillian.ini wwwboard WebAdmin inurl:passwd.txt wwwboard\|webadmin "# -FrontPage-" ext:pwd inurl:(service \| authors \| administrators \| users) "# -FrontPage-" inurl:service.pwd "AutoCreate=TRUE password=" "http://:@www" domainname "index of/" "ws_ftp.ini" "parent directory" "liveice configuration file" ext:cfg -site:sourceforge.net "powered by ducalendar" -site:duware.com "Powered by Duclassified" -site:duware.com "Powered by Duclassified" -site:duware.com "DUware All Rights reserved" "powered by duclassmate" -site:duware.com "Powered by Dudirectory" -site:duware.com "powered by dudownload" -site:duware.com "Powered By Elite Forum Version ." "Powered by Link Department" "sets mode: +k" "Powered by DUpaypal" -site:duware.com allinurl: admin mdb auth_user_file.txt config.php eggdrop filetype:user user etc (index.of) ext:ini eudora.ini ext:ini Version=... password ext:txt inurl:unattend.txt filetype:bak inurl:"htaccess\|passwd\|shadow\|htusers" filetype:cfg mrtg "target[]" -sample -cvs -example filetype:cfm "cfapplication name" password filetype:conf oekakibbs filetype:conf sc_serv.conf filetype:conf slapd.conf filetype:config config intext:appSettings "User ID" filetype:dat "password.dat" filetype:dat wand.dat filetype:inc dbconn filetype:inc intext:mysql_connect filetype:inc mysql_connect OR mysql_pconnect filetype:inf sysprep filetype:ini inurl:"serv-u.ini" filetype:ini inurl:flashFXP.ini filetype:ini ServUDaemon filetype:ini wcx_ftp filetype:ini ws_ftp pwd filetype:ldb admin filetype:log "See `ipsec copyright" filetype:log inurl:"password.log" filetype:mdb inurl:users.mdb filetype:mdb wwforum filetype:netrc password filetype:pass pass intext:userid filetype:pem intext:private filetype:properties inurl:db intext:password filetype:pwd service filetype:pwl pwl filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword" filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS filetype:sql ("values MD" \| "values * password" \| "values * encrypt") filetype:sql ("passwd values" \| "password values" \| "pass values" ) filetype:sql +"IDENTIFIED BY" -cvs filetype:sql password

Sponsored Links