About Google Tips

Source: Internet
Author: User
Tags file upload parent directory sql injection wsdl docushare
about the Google skills of finishing

By swap

Site Search Address is:
Http://www.google.com/custom?domains= (Here's the site we're searching for, like feelids.com)
Go in to choose www and feelids.com, of course, we want to search the station inside OH.
Hacker specific information and data search address is:
Here is the use of Google keyword, to set it to Chinese, it is
English is the http://www.google.com/custom?hl=en

Popular Google Keywords:
Foo1 foo2 (ie, search xx company xx Beauty)
filetype:123 type
Site:foo.com is more interesting than watching the site directly, and can get a lot of unexpected information
Intitle:fooltitle Title OH
Allinurl:foo Search all related connections for XX Web site. (necessary for the casing)
Links:foo don't say just know it's RELATED links

We can assist with "-" + "to adjust the accuracy of the search."

Direct Search Password: (quotation marks for exact search)
Of course, we can extend it to the results above for two searches.
"Index of" htpasswd/passwd
Filetype:xls Username Password Email
Allinurl:admin mdb
Service filetype:pwd .... or a password suffix such as pcanywhere, CIF, etc.

More interesting, more sensitive information.
"Robots.txt" "Disallow:" Filetype:txt
INURL:_VTI_CNF (Key FrontPage Index, the scanner's CGI library is generally available)
/.. /.. /.. /passwd
Intitle:index Of/admin
intitle: "Documetation"
inurl:5800 (VNC port) or multiple keyword searches desktop port
Webmin Port 10000
Intext:powered by GBook365
intitle: "php shell*" "Enable stderr" filetype:php Direct search to Phpwebshell

Foo.org Filetype:inc

IPSec filetype:conf
Intilte: "Error occurred" ODBC request WHERE (Select|insert) that is to say, can directly try to check the database search, for the current popular SQL injection, will be developed OH
intitle: "php shell*" "Enable stderr" filetype:php
"Dumping data for table" username password
intitle: "Error using Hypernews"
"Server Software"
intitle: "Http_user_agent=googlebot"
"Http_user_anget=googlebot" THS ADMIN
Filetype:.doc site:.mil Classified Direct search military related word

Check multiple keywords:
Intitle:config Confixx Login Password

"MyDomain.com" Nessus
"Generated by"

Google cache use (HoHo, most influential things) recommend you search time more "Choose Search All Sites"
Special Recommendation: Administrator users and other related things, such as name, birthday and so on ... You can use it as a dictionary.

Similar results can be consulted

First look for the site's management background address:
Site:xxxx.com Intext: Management
Site:xxxx.com Inurl:login
Site:xxxx.com intitle: Management
Site:a2.xxxx.com Inurl:file
Site:a3.xxxx.com Inurl:load
Site:a2.xxxx.com intext:ftp://*:*
Site:a2.xxxx.com filetype:asp
site:xxxx.com//Get n two-level domain name
site:xxxx.com intext:* @xxxx. com//Get n email address and the owner's name of the mailbox or something.
site:xxxx.com intext: Phone//n a phone
Intitle: "Index of" etc
intitle: "Index of". Sh_history
intitle: "Index of". Bash_history
Intitle: "Index of" passwd
Intitle: "Index of" People.lst
Intitle: "Index of" pwd.db
Intitle: "Index of" Etc/shadow
Intitle: "Index of" spwd
Intitle: "Index of" master.passwd
Intitle: "Index of" htpasswd
"#-frontpage-" Inurl:service.pwd

Allinurl:bbs data
Filetype:mdb Inurl:database
Filetype:inc Conn
Inurl:data Filetype:mdb
Intitle: "Index of" data

A collection of tips:

3 "http://*:* @www" DomainName find some ISP sites, you can check each other's IP virtual host
4 Auth_user_file.txt is not practical, too old

5 The Master list looks for mailing list

6) intitle: "Welcome.to.squeezebox" a special management system, the default open port 90
7) Passlist.txt (a Better way) dictionary

8) "A syntax error has occurred" filetype:ihtml

9) ext:php program_listing intitle:MythWeb.Program.Listing
) Intitle:index.of abyss.conf
One) Ext:nbe Nbe

intitle: "SWW link" "Please wait ..."

intitle: "Freifunk.net-status"-site:commando.de

intitle: "Worldclient" Intext: "? (2003|2004) Alt-n Technologies. "

) Intitle:open-xchange inurl:login.pl

intitle: "Site Administration:please Log In" "Site designed by Emarketsouth"
ora-00921:unexpected End of SQL command

intitle: "Yala:yet Another LDAP Administrator"
Welcome.to phpqladmin "Please login"-cvsweb
intitle: "SWW link" "Please wait ..."
Inurl: "port_255"-htm

intitle: "Worldclient" Intext: "? (2003|2004) Alt-n Technologies. "

These are some of the new loophole tips, published in the 0days Bulletin

ext:php program_listing intitle:MythWeb.Program.Listing

Inurl:preferences.ini "[emule]"

intitle: "Index of/cfide/" Administrator

"Access denied for user" "Using password"

ext:php intext: "Powered by Phpnewman Version" can be seen: path/to/news/browse.php?clang=. /.. /.. /.. /.. /.. /file/i/want

Inurl: "/becommunity/community/index.php?pageurl="

intitle: "ASP Fileman" resend-site:iisworks.com

"Enter IP" inurl: "php-ping.php"

Ext:conf Inurl:rsyncd.conf-cvs-man

Intitle:private, protected, secret, secure, Winnt

intitle: "DocuShare" inurl: "docushare/dsweb/"-faq-gov-edu
"#mysql dump" filetype:sql

"Allow_call_time_pass_reference" "Path_info"

"Certificate Practice Statement" inurl: (PDF | DOC)

Leapftp intitle: "index.of./" Sites.ini modified

MySQL History files
NickServ Registration Passwords
Passlist.txt (a better way)
PASSWD/ETC (reliable)
PSYBNC Config files
Signin Filetype:url
Wwwboard WebAdmin Inurl:passwd.txt Wwwboard|webadmin

"#-frontpage-" ext:pwd inurl: (Service | Authors | Administrators | Users) "#-frontpage-"

"Autocreate=true password=*"
"http://*:* @www" DomainName
"Index of/" "Ws_ftp.ini" "Parent Directory"
"Liveice configuration File" Ext:cfg-site:sourceforge.net
"Powered by Ducalendar"-site:duware.com
"Powered by Duclassified"-site:duware.com
"Powered by Duclassified"-site:duware.com "Duware all Rights reserved"
"Powered by Duclassmate"-site:duware.com
"Powered by Dudirectory"-site:duware.com
"Powered by Dudownload"-site:duware.com
"Powered by Elite Forum Version *.*"
"Powered by Link Department"
"Sets mode: +k"
"Powered by Dupaypal"-site:duware.com
Allinurl:admin mdb
Eggdrop Filetype:user User
etc (Index.of)
Ext:ini Eudora.ini
Ext:ini version= ... password
Ext:txt Inurl:unattend.txt

Filetype:bak inurl: "Htaccess|passwd|shadow|htusers"

Filetype:cfg MRTG "target[*]"-sample-cvs-example

filetype:cfm "cfapplication name" password

Filetype:conf Oekakibbs
Filetype:conf sc_serv.conf

Filetype:conf slapd.conf

Filetype:config config intext:appsettings "User ID"

Filetype:dat "Password.dat"

Filetype:dat Wand.dat

Filetype:inc Dbconn

Filetype:inc Intext:mysql_connect
Filetype:inc mysql_connect OR Mysql_pconnect

Filetype:inf Sysprep

Filetype:ini inurl: "Serv-u.ini"
Filetype:ini Inurl:flashFXP.ini
Filetype:ini Servudaemon
Filetype:ini wcx_ftp
Filetype:ini ws_ftp pwd


Filetype:log "" ""

Filetype:log inurl: "Password.log"

Filetype:mdb Inurl:users.mdb

Filetype:mdb Wwforum


Filetype:pass Pass Intext:userid

Filetype:pem intext:private

Filetype:properties inurl:db Intext:password


Filetype:reg reg +intext: "DefaultUserName" +intext: "DefaultPassword"
Filetype:sql ("Values * MD" | "Values * password" | "Values * Encrypt")
Filetype:sql ("passwd values" | "Password Values" | "Pass Values")
Filetype:sql + "identified by"-cvs
Filetype:sql Password

Filetype:url +inurl: "ftp://" +inurl: "; @"

Filetype:xls Username Password Email


Intext: "Enable secret $"
Intext: "Powered by Web Wiz Journal"

Intitle: "Index of" intext:connect.inc
Intitle: "Index of" intext:globals.inc
intitle: "Index of" passwords modified

Intitle:dupics inurl: (add.asp | Default.asp | view.asp | voting.asp)-site:duware.com
--------------------------------------------------------------------------------------------------------------- -------

Intitle:index.of intext: "Secring.skr" | " SECRING.PGP "|" Secring.bak "

Inurl: "GRC." DAT "Intext:" Password "

Inurl: "slapd.conf" Intext: "Credentials"-manpage-"Manual Page"-man:-sample

Inurl: "slapd.conf" Intext: "ROOTPW"-manpage-"Manual Page"-man:-sample

Inurl: "wvdial.conf" Intext: "Password"



inurl:config.php Dbuname Dbpass

inurl:lilo.conf filetype:conf Password-tatercounter-bootpwd-man

Inurl:nuke Filetype:sql

inurl:ospfd.conf intext:password-sample-test-tutorial-download Routing Configuration

Inurl:perform Filetype:ini
Inurl:secring Ext:skr | EXT:PGP | Ext:bak

Inurl:vtund.conf Intext:pass-cvs

Inurl:zebra.conf Intext:password-sample-test-tutorial-download

"Generated by Phpsystem"
"Generated by Wwwstat"

"Host Vulnerability Summary"]

"Http_from=googlebot" googlebot.com "server_software="

"Index of"/"chat/logs" chat room
"Installed Objects Scanner" inurl:default.asp

"Mecury Version" "Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DRWTSN Copyright (C)" Ext:log

"Most submitted Forms and Scripts" "This section"

"Network vulnerability Assessment"

"Not for distribution" confidential
"Phone * * *" "Address *" "E-mail" intitle: "Curriculum vitae"

"phpMyAdmin" "Running on" inurl: "main.php"

"Produced by GetStats"
"Request Details" "Control Tree" "Server Variables"
"Robots.txt" "Disallow:" Filetype:txt

"Running in child mode"

"Sets mode: +p"
"Sets mode: +s"
"Thank for your order" +receipt
"This is a Shareaza Node"
"This is the generated by WebLog"
(Filetype:mail | filetype:eml | filetype:mbox | filetype:mbx) intext:password|subject

(inurl: "Robot.txt" | inurl: "robots.txt") Intext:disallow Filetype:txt

-site:php.net-"The PHP Group" Inurl:source inurl:url ext:php

AIM Buddy lists

Data filetype:mdb-site:gov-site:mil

Exported email addresses

Ext:asp inurl:pathto.asp

ext:cgi inurl:editcgi.cgi inurl:file=

Ext:conf Inurl:rsyncd.conf-cvs-man
Ext:conf Nocatauth-cvs

Ext:dat Bpk.dat
Ext:gho Gho

Ext:ini Intext:env.ini
Ext:ldif LDIF

Ext:log "Software:microsoft Internet information Services *.*"
Ext:mdb Inurl:*.mdb inurl:fpdb Shop.mdb

Filetype:bkf BKF
Filetype:blt "Buddylist"
Filetype:blt BLT +intext:screenname

Filetype:cfg auto_inst.cfg

Filetype:conf Inurl:firewall-intitle:cvs
Filetype:config Web.config-cvs


FILETYPE:FP fp-site:gov-site:mil-"CVS log"

Filetype:inf Inurl:capolicy.inf
Filetype:lic Lic Intext:key

Filetype:myd Myd-cvs
Filetype:ns NS
Filetype:ora Ora
Filetype:ora TNSNames
filetype:pdb pdb Backup (Pilot | PLUCKERDB)

Filetype:pot Inurl:john.pot
--------------------------------------------------------------------------------------------------------------- ---
Filetype:pst inurl: "Outlook.pst"
Filetype:pst pst-from-to-date

Filetype:reg "Terminal Server Client"
Filetype:vcs VCs
Filetype:wab WAB

Filetype:xls-site:gov Inurl:contact
Filetype:xls inurl: "Email.xls"
Financial Spreadsheets:finance.xls
Financial Spreadsheets:finances.xls

Ganglia Cluster Reports

Haccess.ctl (One way)
Haccess.ctl (VERY reliable)
ICQ chat logs, please ...

Iletype:log Cron.log
Intext: "Session Start * * *:*:* *" Filetype:log
Intext: "Tobias oetiker" "Traffic analysis"

Intext: (Password | Passcode) Intext: (username | UserID | User) Filetype:csv
Intext:gmail Invite intext:http://gmail.google.com/gmail/a

Intext:sqlitemanager inurl:main.php

intitle: "Apache::status" (Inurl:server-status | inurl:status.html | inurl:apache.html)

intitle: "Appserv Open Project"-site:www.appservnetwork.com
intitle: "ASP Stats Generator *.*" "ASP Stats Generator" "-Weppos"

Intitle: "FTP Root at"
Intitle: "Index of" +myd size

intitle: "Index of"-inurl:maillog maillog size

intitle: "Index of" cookies.txt size

Intitle: "Index of" mysql.conf OR Mysql_config
intitle: "Index of" Upload size parent Directory

intitle: "Index.of". Diz nfo Last Modified
intitle: "Multimon UPS Status Page"
intitle: "PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php)
intitle: "Phpmyexplorer" inurl: "index.php"-cvs
Intitle: "Statistics of" "advanced Web Statistics"
intitle: "System Statistics" + "system and Network information Center"
intitle: "Usage Statistics for" "generated by Webalizer"
intitle: "WBEM" Compaq Login "Compaq Information Technologies Group"

intitle: "Web Server Statistics for * * *"
intitle: "Web Server Status" SSH Telnet
intitle: "Welcome.to.squeezebox"

Intitle:admin Intitle:login
Intitle:index.of "Apache" "Server at"
Intitle:index.of Cleanup.log
Intitle:index.of Dead.letter
Intitle:index.of Inbox
Intitle:index.of Inbox dbx

Intitle:intranet inurl:intranet +intext: "Phone"
Inurl: "/axs/ax-admin.pl"-script
Inurl: "/cricket/grapher.cgi"
Inurl: "Bookmark.htm"

Inurl: "Cacti" +inurl: "graph_view.php" + "Settings tree view"-cvs-rpm
Inurl: "newsletter/admin/"
Inurl: "newsletter/admin/" intitle: "Newsletter admin"
Inurl: "Putty.reg"
Inurl: "smb.conf" Intext: "Workgroup" filetype:conf conf

Welcome to ntop!

"Adding new User" inurl:addnewuser-"There are no domains"
(inurl:/cgi-bin/.cobalt/) | (intext: "Welcome to the Cobalt Raq")

filetype:php haxplorer "Server Files Browser"
intitle: "Web Data Administrator-login"

inurl:connectcomputer/precheck.htm | Inurl:remote/logon.aspx
PHP Shell (unprotected)
Phpkonsole Phpshell Filetype:php-echo
Public PHP Filemanagers

"Index of"/Picasa.ini
"Index of" Inurl:recycler
"Index of" rar R nfo Modified
"Intitle:index. of/"Stats merchant cgi-* etc
"Powered by Invision Power File Manager" (inurl:login.php) | (intitle: "Browsing directory/")
"Web File Browser" "Use regular expression"

Filetype:ini Desktop.ini Intext:mydocs.dll

Intext: "D.aspx?id" | | Inurl: "D.aspx?id"
Intext: "Powered By:totalindex" intitle: "Totalindex"
Intitle: "Album permissions" "Users who can modify photos" "Everybody"
intitle: "Directory Listing for" Intext:tomcat-intitle:tomcat
intitle: "HFS/" + "Httpfileserver"
intitle: "Index of *" inurl: "My shared folder" size modified
--------------------------------------------------------------------------------------------------------------- ----

"File Upload Manager v." "Rename to"

Ext:asp "Powered by Duforum" inurl: (messages|details|login|default|register)-site:duware.com
ext:asp inurl:dugallery intitle: "."-site:dugallery.com-site:duware.com
ext:cgi Inurl:ubb_test

Ezboo "Administrator Panel"-cvs

filetype:cgi inurl:cachemgr.cgi
FILETYPE:CNF My.cnf-cvs-example
Filetype:inc Inc Intext:setcookie

filetype:php inurl: "Viewfile"-"index.php"-"Idfil

intitle: "ASP Fileman" resend-site:iisworks.com

intitle: "Index of/" Modified Php.exe

intitle: "Phpremoteview" filetype:php "Name, Size, Type, Modify"

Inurl: "wwwadmin.pl" intitle: "Wwwadmin"
Inurl: "nph-proxy.cgi" "Start browsing through this cgi-based proxy"
Inurl: "plog/register.php"
Inurl:cgi.asx? StoreID

inurl:robpoll.cgi filetype:cgi

The Master List

"More Info about Metacart free"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.