I am only expressing one of the few tricks can still dig this from Google Dork.
One example is: filetype: sql password
The result can be viewed at: Google Dork (http://www.google.co.id/search?hl=id&q=filetype% 3Asql + password & btnG = Search & meta ==)
We take one .... well
PENTEST LIMITED - - --------------- - - - - File Name:% M ... -
dbms_output.put_line ( 'Display Database links where there is a password set'); dbms_output.put_line ('============================ ========================'); ...
http://www.pentest.co.uk/sql/scanner.sql - 69K - Cached - Similar pages
bro will see the results ...
BUT REMEMBER!!
G all because admin can usually use honey pot
Look for which there is no honey pot it ....
Other examples:
Google Search: ext: inc "pwd =" "UID ="
Dork: Link (3Ainc http://www.google.co.id/search?hl=id&q=ext% +% 22pwd% 3D% 22 +% 22UID% 3D% 22 & btnG = Search & meta =)
results:
cs ct dim dim dim dim CS2 set rsSessione ct = Server.CreateObject ...
... "provider = MSDASQL; data source = artplus.it; database = artplus.it; user id = artplus_uid; artplus_pwd pwd =;" CS2 = "DSN = artplus.it; UID = artplus_uid; PWD = artplus_pw d ...
www.artplus.it / include / db.inc - 2k - Cached - Similar pages
after opening:
<%
Dim ct
Dim cs
dim CS2
dim rsSessione
set ct = Server.CreateObject ( "ADODB.Connection")
cs = "provider = MSDASQL; data source = artplus.it; database = artplus.it; user id = artplus_uid; artplus_pwd pwd =;"
CS2 = "DSN = artplus.it; UID = artplus_uid; artplus_pw PWD = d;"
'cs = "provider = MSDASQL; data source = artplus; database = artplus; user id = artplus2; radinpwd2 pwd =;"
'CS2 = "DSN = artplus; UID = artplus2; radinpwd2 PWD =;"
'cs = "provider = MSDASQL; data source = artplus; database = artplus; user id = artplus2; 333artplus3 pwd =;"
'CS2 = "DSN = artplus3; UID = artplus3; 333artplus3 PWD =;"
set rsSessione = Server.CreateObject ( "ADODB.Recordset")
sub OpenDB
ct.ConnectionTimeout = 120
ct.Open cs
rsSessione.open "select * from g_session where session = '& session.sessionid, cs, 3.3
if not then rssessione.eof
rssessione ( "data") = now ()
rsSessione.update
else
rsSessione.addnew
rsSessione ( "Session") = session.sessionid
rssessione ( "data") = now ()
rsSessione.update
end if
rsSessione.close
end sub
sub CloseDB
ct.Close
set ct = nothing
end sub
%>
Good luck
Other Google Dork:
- Intitle: "Index of" ". Htpasswd" htpasswd.bak
- Inurl: config.php dbuname dbPass
- Filetype: reg reg HKEY_CURRENT_USER SSHHOSTKEYS
- Filetype: inc dbconn
Report
Post # 2
Fauzyy ALhamèéÐ wroteon November 23, 2009 at 4:13 pm
How to Obtain USER NAME and PASSWORD.
TABLE KEY WORDS WORDS GET Usernames
-------------------
[size = 18] KEYWORDS | DESCRIPTION
-------------------
inurl: admin inurl: | Generic Userlist Userlist files
-------------------
inurl: admin filetype: | asp Generic Userlist files
inurl: Userlist |
-------------------
inurl: php inurl: | Half-life statistics file, lists username and
hlstats intext: | other information
Server Username |
-------------------
filetype: CTL |
inurl: haccess. | Microsoft FrontPage equivalent of htaccess
CTL Basic | shows Web user credentials
-------------------
filetype: reg |
reg intext: | Microsoft Internet Account Manager can
-------------------
"Internet account manager" | Reveal Usernames and more
filetype: wab wab | Microsoft Outlook Express Mail address
| books
-------------------
filetype: mdb inurl: profiles | Microsoft Access databases containing
| profiles.
-------------------
index.of perform.ini | mIRC IRC This file can list IRC Usernames and
| other information
-------------------
inurl: root.asp? ACS = anon | Outlook Mail Web Access directory can be
| used to discover Usernames
-------------------
filetype: conf inurl: proftpd. | PROFTP FTP server configuration file
conf-sample | reveals
| username and server information
-------------------
filetype: log username putty | PuTTY SSH client logs can Reveal
| Usernames
| and server information
-------------------
filetype: RDP RDP | Remote Desktop Connection files user Reveal
| credentials
-------------------
intitle: index.of | UNIX bash shell history reveals commands
. bash_history | typed at a bash command prompt; Usernames
| are often typed as argument strings
-------------------
intitle: index.of | UNIX shell history reveals commands typed at
. sh_history | a shell command prompt; Usernames are
| often typed as argument strings
-------------------
"Index of" lck | Various lock files list the user currently using
| a file
-------------------
+ intext: webalizer + intext: | Webalizer Web statistics page lists Web user -
Total Usernames + intext: | names and statistical information
"Usage Statistics for"
-------------------
filetype: reg reg HKEY_ | Windows Registry exports can Reveal
CURRENT_USER | username Usernames and other information
-------------------
TABLE KEY WORDS GET PASSWORD
-------------------
KEYWORDS | DESCRIPTION
-------------------
inurl: / db / main.mdb | ASP-Nuke passwords
-------------------
filetype: cfm "cfapplication | ColdFusion source with potential passwords
name "password
-------------------
filetype: pass | dbman credentials
pass intext: userid
-------------------
allinurl: auth_user_file.txt | DCForum user passwords
-------------------
eggdrop filetype: user user | Eggdrop IRC user credentials
-------------------
filetype: This inurl: flashFXP.ini | FlashFXP FTP credentials
-------------------
filetype: url + inurl: "ftp://" | FTP bookmarks clearText passwords
+ inurl: "@"
-------------------
inurl: zebra.conf intext: | GNU Zebra passwords
password-sample-test
-tutorial-download
-------------------
filetype: htpasswd htpasswd | HTTP htpasswd Web user credentials
-------------------
intitle: "Index of" ". htpasswd" | HTTP htpasswd Web user credentials
"Htgroup"-intitle: "dist"
-apache-htpasswd.c
-------------------
intitle: "Index of" ". htpasswd" | HTTP htpasswd Web user credentials
htpasswd.bak
-------------------
"Http:// *: * @ www" bob: bob | HTTP passwords (bob is a sample username)
-------------------
"Sets mode: + k" | IRC channel keys (passwords)
-------------------
"Your password is * | Remember IRC NickServ registration passwords
this for later use "
-------------------
signin filetype: url | JavaScript authentication credentials
-------------------
LeapFTP intitle: "index.of. /" | Client login credentials LeapFTP
sites.ini modified
-------------------
inurl: lilo.conf filetype: conf | LILO passwords
password-tatercounter2000
bootpwd-man -
-------------------
filetype: config config intext: | Microsoft. NET application credentials
appSettings "User ID"
-------------------
filetype: pwd service | Microsoft FrontPage Service Web passwords
-------------------
intitle: index.of | Microsoft FrontPage Web credentials
administrators.pwd
-------------------
"#-FrontPage-" | Microsoft FrontPage Web passwords
inurl: service.pwd
ext: pwd inurl: _vti_pvt inurl: | Microsoft FrontPage Web passwords
(Service | authors | administrators)
-------------------
inurl: perform filetype: this | mIRC NickServ credentials
-------------------
intitle: "index of" intext: | mySQL database credentials
connect.inc
-------------------
intitle: "index of" intext: | mySQL database credentials
globals.inc
-------------------
filetype: conf oekakibbs | Oekakibss user passwords
-------------------
filetype: dat wand.dat | Opera, ؤ Magic Wand, ù ؤ Web credentials
-------------------
inurl: ospfd.conf intext: | OSPF Daemon Passwords
password-sample-test
-tutorial-download
-------------------
index.of passlist | Passlist user credentials
-------------------
inurl: passlist.txt | passlist.txt file user credentials
-------------------
filetype: dat "password.dat" | password.dat files
-------------------
inurl: password.log filetype: log | password.log files reveals Usernames,
| passwords, and hostnames
-------------------
filetype: log inurl: "password.log" | password.log files clearText
| passwords
-------------------
inurl: people.lst filetype: lst | People.lst generic password file
-------------------
intitle: index.of config.php | PHP Configuration File database
| credentials
-------------------
inurl: dbuname dbPass config.php | PHP Configuration File database
| credentials
-------------------
inurl: nuke filetype: sql | PHP-Nuke credentials
-------------------
filetype: conf inurl: psybnc.conf | psyBNC IRC user credentials
"USER.PASS ="
-------------------
filetype: This ServUDaemon | servU FTP Daemon credentials
-------------------
filetype: conf slapd.conf | slapd configuration files root password
-------------------
inurl: "slapd.conf" intext: | slapd LDAP credentials
"Credentials"-manpage
- "Manual Page"-man:-sample
-------------------
inurl: "slapd.conf" intext: | slapd LDAP root password
"Rootpw"-manpage
- "Manual Page"-man:-sample
-------------------
filetype: sql "IDENTIFIED BY"-cvs | SQL passwords
-------------------
filetype: sql password | SQL passwords
-------------------
filetype: This wcx_ftp | Total Commander FTP passwords
-------------------
filetype: netrc password | UNIX. netrc user credentials
-------------------
index.of.etc | UNIX / etc directories contain
| various credential files
-------------------
intitle: "Index of .. etc" passwd | UNIX / etc / passwd user credentials
-------------------
intitle: index.of passwd | UNIX / etc / passwd user credentials
passwd.bak
-------------------
intitle: "Index of" pwd.db | UNIX / etc / pwd.db credentials
-------------------
intitle: index.of etc shadow | UNIX / etc / shadow user credentials
-------------------
intitle: index.of master.passwd | UNIX user credentials master.passwd
-------------------
intitle: "Index of" spwd.db | spwd.db UNIX credentials
passwd-pam.conf
-------------------
filetype: bak inurl: "htaccess | | UNIX various password file backups
passwd | shadow | htusers
-------------------
filetype: inc dbconn | Various database credentials
-------------------
filetype: inc intext: mysql_ | Various database credentials, server names
connect
-------------------
filetype: properties inurl: db | Various database credentials, server names
intext: password
-------------------
inurl: vtund.conf intext: pass-cvs | Virtual Tunnel Daemon passwords
-------------------
inurl: "wvdial.conf" intext: | wdial dialup user credentials
"Password"
-------------------
filetype: mdb wwforum | Web Wiz Forums Web credentials
-------------------
"AutoCreate = TRUE password =*" | Website Access Analyzer user passwords
-------------------
filetype: PWL PWL | Windows Password List user credentials
-------------------
filetype: reg reg + intext: | Windows Registry Keys containing user
"Defaultusername" intext: | credentials
"DefaultPassword"
-------------------
filetype: reg reg + intext: | Windows Registry Keys containing user
"Internet account manager" | credentials
-------------------
"Index of /" "ws_ftp.ini" | WS_FTP FTP credentials
"Parent directory"
-------------------
filetype: pwd This WS_FTP | WS_FTP FTP user credentials
-------------------
inurl: / wwwboard | wwwboard user credentials
-------------------[/ B]
[/ size]
anyone wants to try passwords from German website?
should replace the word "password" using German language course ....
below is a table with 5 countries in the language translation passwords each country.
------------------
LANGUAGE | WORDS | TRANSLATE
------------------
German | password | Kennwort
Spanish | password | contrasea
French | password | mot de passe
Italian | password | parola d'accesso
Portuguese | password | senha
Dutch | password | Paswoord
------------------
after a lot of friends have a password, what would you do?
Do not do evil that must be,
Just look it or you are too nice to tell the admin.
Do not forget to provide home john the ripper,,
sapa tau passwords are stored in encrypted state.
SOURCE: http://radenbeletz.blogdetik.com/trik-cara-mendapatkan-user-name-dan-password-mbah-google/
Google dork
Label:chat emotion facebook Hacking
Subscribe to:
Post Comments (Atom)
0 komentar:
Post a Comment