Google Dorks New
Google = Hackers best friend.
Google Dork's are ways to search on google with a set string which shows you vulnerable servers / site's. Something google isn't proud off but it has that much site's on it's search engine it would take them like 200 years to clear and stop all the dorks lol.
Okay here are the Latest Google Dorks.
Google search: filetype:php inurl:tiki-index.php +sirius +1.9.*
2011-11-25 : Finds servers vulnerable to the CVE-2007-5423 exploit.
Google search: filetype:old (define)(DB_USER|DB_PASS|DB_NAME)
2011-11-24
this dork locates backed up config files
filetype:php~ (define)(DB_USER|DB_PASS|DB_NAME)
filetype:inc~ (define)(DB_USER|DB_PASS|DB_NAME)
filetype:inc (define)(DB_USER|DB_PASS|DB_NAME)
filetype:bak (define)(DB_USER|DB_PASS|DB_NAME)
Google search: filetype:old (mysql_connect) ()
2011-11-24
There are three of mysql_connects but that all search in .inc or
warnings, non search for .old . Dot old is something that all devs to
to hide old files they do not want to delete immediatly but almost
always forget to delete. The server lang can be changed.
Google search: filetype:php inanchor:c99 inurl:c99 intitle:c99shell -seeds -marijuana
2011-11-24
This search attempts to find the c99 backdoor that may be knowingly or
unknowingly installed on servers. I have refined the search in hopes that
more general talk about the backdoor, and also talk about the marijuana
strain does not pollute the results quite as much.
Google search: inurl:"trace.axd" ext:axd "Application Trace"
2011-11-19
example google dork to find trace.axd, a file used for debugging asp that
reveals full http request details like cookie and other data that in many
cases can be used to hijack user-sessions, display plain-text
usernames/passwords and also serverinfo like pathnames
second with plain-text usernames and passwords along with sessiondata. this
file should be developer-only and not publicly available but seems to be
used quite often, usually hidden from google with robots.txt.
Google search: inurl:"/includes/config.php"
2011-11-19
The Dork Allows you to get data base information from config files.
Google search: intitle:index.of? configuration.php.zip
2011-11-19
this dork finds mostly backed up configuration.php files.
Its possible to change the *.zip to *.txt or other file types.
Google search: inurl:"/Application Data/Filezilla/*" OR inurl:"/AppData/Filezilla/*" filetype:xml
2011-11-19
this dork locates files containing ftp passwords
Google search: filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
2011-11-19
this dork locates registry dumps
Google search: inurl:php intitle:"Cpanel , FTP CraCkeR"
2011-11-19
locates cpanel and ftp cracker.
CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
Google Dork's are ways to search on google with a set string which shows you vulnerable servers / site's. Something google isn't proud off but it has that much site's on it's search engine it would take them like 200 years to clear and stop all the dorks lol.
Okay here are the Latest Google Dorks.
Google search: filetype:php inurl:tiki-index.php +sirius +1.9.*
2011-11-25 : Finds servers vulnerable to the CVE-2007-5423 exploit.
Google search: filetype:old (define)(DB_USER|DB_PASS|DB_NAME)
2011-11-24
this dork locates backed up config files
filetype:php~ (define)(DB_USER|DB_PASS|DB_NAME)
filetype:inc~ (define)(DB_USER|DB_PASS|DB_NAME)
filetype:inc (define)(DB_USER|DB_PASS|DB_NAME)
filetype:bak (define)(DB_USER|DB_PASS|DB_NAME)
Google search: filetype:old (mysql_connect) ()
2011-11-24
There are three of mysql_connects but that all search in .inc or
warnings, non search for .old . Dot old is something that all devs to
to hide old files they do not want to delete immediatly but almost
always forget to delete. The server lang can be changed.
Google search: filetype:php inanchor:c99 inurl:c99 intitle:c99shell -seeds -marijuana
2011-11-24
This search attempts to find the c99 backdoor that may be knowingly or
unknowingly installed on servers. I have refined the search in hopes that
more general talk about the backdoor, and also talk about the marijuana
strain does not pollute the results quite as much.
Google search: inurl:"trace.axd" ext:axd "Application Trace"
2011-11-19
example google dork to find trace.axd, a file used for debugging asp that
reveals full http request details like cookie and other data that in many
cases can be used to hijack user-sessions, display plain-text
usernames/passwords and also serverinfo like pathnames
second with plain-text usernames and passwords along with sessiondata. this
file should be developer-only and not publicly available but seems to be
used quite often, usually hidden from google with robots.txt.
Google search: inurl:"/includes/config.php"
2011-11-19
The Dork Allows you to get data base information from config files.
Google search: intitle:index.of? configuration.php.zip
2011-11-19
this dork finds mostly backed up configuration.php files.
Its possible to change the *.zip to *.txt or other file types.
Google search: inurl:"/Application Data/Filezilla/*" OR inurl:"/AppData/Filezilla/*" filetype:xml
2011-11-19
this dork locates files containing ftp passwords
Google search: filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
2011-11-19
this dork locates registry dumps
Google search: inurl:php intitle:"Cpanel , FTP CraCkeR"
2011-11-19
locates cpanel and ftp cracker.
CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
2 of those are my creations from exploit-db.com, MY creations, this is a Pathetic use without respectful mention.
ReplyDelete