Get full access thru "Welcome to phpMyAdmin"

Discussion in 'Ethical hacking Tips' started by P455w0rd_Cr4kz, Jul 19, 2008.

  1. P455w0rd_Cr4kz

    P455w0rd_Cr4kz Member

    Joined:
    Jan 12, 2007
    Messages:
    198
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    H3LL
    Home Page:
    http://amishrakefight.org
    Noobs,don't go crazy messing up people sites,this is to make awareness of how negligent can an administrator be.

    1- Why deface when you can own it?
    Go to Google and type this:
    intitle:PhpMyAdmin "Welcome to phpMyAdmin***" running on * as root@*"

    This will give you tons of no passworded phpMyAdmin,means you'll have access to all files,can make changes ect.
    ======================================
    To find websites Admin Password type the following in the Google bar:
    inurl:vti_pvt "service.pwd"
    (password will be encrypted) "convert encrypted password to md5 hash then use milw0rm

    Also You can You use this codes when you have free time..enjoy

    Google Search strings
    -------------------------
    • inurl:/db/main.mdb |ASP-Nuke passwords
    • filetype:cfm "cfapplication |ColdFusion source with potential passwords name" password
    • filetype:pass |dbman credentials pass intext:userid
    • allinurl:auth_user_file.txt |DCForum user passwords
    • eggdrop filetype:user user |Eggdrop IRC user credentials
    • filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
    • filetype:url +inurl:"ftp://" |FTP bookmarks cleartext passwords
      +inurl:"@"
    • inurl:zebra.conf intext: |GNU Zebra passwords
      password -sample -test
      -tutorial –download
    • filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
    • intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
      "htgroup" -intitle:"dist"
      -apache -htpasswd.c
    • intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
      htpasswd.bak
    • "http://*:*@www" bob:bob |HTTP passwords (bob is a sample username)
    • "sets mode: +k" |IRC channel keys (passwords)
    • "Your password is * |Remember IRC NickServ registration passwords
      this for later use"
    • signin filetype:url |JavaScript authentication credentials
    • LeapFTP intitle:"index.of./" |LeapFTP client login credentials
      sites.ini modified
    • inurl:lilo.conf filetype:conf |LILO passwords
      password -tatercounter2000
      -bootpwd –man
    • filetype:config config intext: |Mcft .NET application credentials
      appSettings "User ID"
    • filetype:pwd service |Mcft FrontPage Service Web passwords
    • intitle:index.of |Mcft FrontPage Web credentials
      administrators.pwd
    • "# -FrontPage-" |Mcft FrontPage Web passwords
      inurl:service.pwd
      ext:pwd inurl:_vti_pvt inurl: |Mcft FrontPage Web passwords
      (Service | authors | administrators)
    • inurl:perform filetype:ini |mIRC nickserv credentials
    • intitle:"index of" intext: |mySQL database credentials
      connect.inc
    • intitle:"index of" intext: |mySQL database credentials
      globals.inc
    • filetype:conf oekakibbs |Oekakibss user passwords
    • filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials
    • inurl:eek:spfd.conf intext: |OSPF Daemon Passwords
      password -sample -test
      -tutorial –download
    • index.of passlist |Passlist user credentials
    • inurl:passlist.txt |passlist.txt file user credentials
    • filetype:dat "password.dat" |password.dat files
    • inurl:password.log filetype:log |password.log file reveals usernames,
      |passwords,and hostnames
    • filetype:log inurl:"password.log" |password.log files cleartext
      |passwords
    • inurl:people.lst filetype:lst |People.lst generic password file
    • intitle:index.of config.php |PHP Configuration File database
      |credentials
    • inurl:config.php dbuname dbpass |PHP Configuration File database
      |credentials
    • inurl:nuke filetype:sql |PHP-Nuke credentials
    • filetype:conf inurl:psybnc.conf |psyBNC IRC user credentials
      "USER.PASS="
    • filetype:ini ServUDaemon |servU FTP Daemon credentials
    • filetype:conf slapd.conf |slapd configuration files root password
    • inurl:"slapd.conf" intext: |slapd LDAP credentials
      "credentials" -manpage
      -"Manual Page" -man: -sample
    • inurl:"slapd.conf" intext: |slapd LDAP root password
      "rootpw" -manpage
      -"Manual Page" -man: -sample
    • filetype:sql "IDENTIFIED BY" –cvs |SQL passwords
    • filetype:sql password |SQL passwords
    • filetype:ini wcx_ftp |Total Commander FTP passwords
    • filetype:netrc password |UNIX .netrc user credentials
    • index.of.etc |UNIX /etc directories contain
      |various credential files
    • intitle:"Index of..etc" passwd |UNIX /etc/passwd user credentials
    • intitle:index.of passwd |UNIX /etc/passwd user credentials
      passwd.bak
    • intitle:"Index of" pwd.db |UNIX /etc/pwd.db credentials
    • intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
    • intitle:index.of master.passwd |UNIX master.passwd user credentials
    • intitle:"Index of" spwd.db |UNIX spwd.db credentials
      passwd -pam.conf
    • filetype:bak inurl:"htaccess| |UNIX various password file backups
      passwd|shadow|htusers
    • filetype:inc dbconn |Various database credentials
    • filetype:inc intext:mysql_ |Various database credentials, server names
      connect
    • filetype:properties inurl:db |Various database credentials, server names
      intext:password
    • inurl:vtund.conf intext:pass –cvs |Virtual Tunnel Daemon passwords
    • inurl:"wvdial.conf" intext: |wdial dialup user credentials
      "password"
    • filetype:mdb wwforum |Web Wiz Forums Web credentials
    • "AutoCreate=TRUE password=*" |Website Access Analyzer user passwords
    • filetype:pwl pwl |Windows Password List user credentials
    • filetype:reg reg +intext: |Windows Registry Keys containing user
      "defaultusername" intext: |credentials
      "defaultpassword"
    • filetype:reg reg +intext: |Windows Registry Keys containing user
      "internet account manager" |credentials
    • "index of/" "ws_ftp.ini" |WS_FTP FTP credentials
      "parent directory"
    • filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
    • inurl:admin filetype: |asp Generic userlist files
      inurl:userlist |
    • inurl:php inurl: |Half-life statistics file, lists username and
      hlstats intext: |other information
      Server Username |
    • filetype:ctl |
      inurl:haccess. |Mcft FrontPage equivalent of htaccess
      ctl Basic |shows Web user credentials
    • filetype:reg |
      reg intext: |Mcft Internet Account Manager can
    • "internet account manager" |reveal usernames and more
      filetype:wab wab |Mcft Outlook Express Mail address
      |books
    • filetype:mdb inurl:profiles |Mcft Access databases containing
      |profiles.
    • index.of perform.ini |mIRC IRC ini file can list IRC usernames and
      |other information
    • inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
      |used to discover usernames
    • filetype:conf inurl:proftpd. |PROFTP FTP server configuration file
      conf –sample |reveals
      |username and server information
    • filetype:log username putty |PUTTY SSH client logs can reveal
      |usernames
      |and server information
    • filetype:rdp rdp |Remote Desktop Connection files reveal user
      |credentials
    • intitle:index.of |UNIX bash shell history reveals commands
      .bash_history |typed at a bash command prompt; usernames
      |are often typed as argument strings
    • intitle:index.of |UNIX shell history reveals commands typed at
      .sh_history |a shell command prompt; usernames are
      |often typed as argument strings
    • "index of " lck |Various lock files list the user currently using
      |a file
    • +intext:webalizer +intext: |Webalizer Web statistics page lists Web user-
      Total Usernames +intext: |names and statistical information
      "Usage Statistics for"
    • filetype:reg reg HKEY_ |Windows Registry exports can reveal
      CURRENT_USER |username usernames and other information
    Note: Special Thanks to Shabbir for reviewing and allowing this post.
     
    G421D likes this.
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    My pleasure and the only reason to allow this is for people like me can be careful and know what can be found using Google.
     
  3. GreenGrass

    GreenGrass New Member

    Joined:
    Jul 5, 2008
    Messages:
    123
    Likes Received:
    8
    Trophy Points:
    0
    Location:
    Norway
    Well this is crazy :p Nice Post..
     
  4. XXxxImmortalxxXX

    XXxxImmortalxxXX New Member

    Joined:
    Jun 27, 2007
    Messages:
    561
    Likes Received:
    19
    Trophy Points:
    0
    hahahah lol gotta love it i did that once except i set mine up to be like that and they attacker would go through ONLY frontpage to access my files BUT what they didnt know is is that i had 2 sets of the files one is the bad file for the victam and 1 for me the one for me is set up on another server as the bad one is hosted on my pc so when he connects to my pc and goes to my www folder and opens up some files a trojan remotly gets installed on his pc as well as other stuff and a alert msg poping up ever 10 minutes saying

    DONT GO THROUGH MY SHIT ASSWHOLE

    so yea i love it when ppl use those commands its funny becuase U NEVER KNOW WHO UR MESSING WITH ON THE INTERNET
     
  5. XXxxImmortalxxXX

    XXxxImmortalxxXX New Member

    Joined:
    Jun 27, 2007
    Messages:
    561
    Likes Received:
    19
    Trophy Points:
    0
    also u dont need to convert it those passwords are encrypted by DES encryption
     
  6. faizulhaque

    faizulhaque New Member

    Joined:
    May 23, 2008
    Messages:
    210
    Likes Received:
    3
    Trophy Points:
    0
    Occupation:
    Student
    Location:
    Karachi
    Home Page:
    http://www.google.com
  7. XXxxImmortalxxXX

    XXxxImmortalxxXX New Member

    Joined:
    Jun 27, 2007
    Messages:
    561
    Likes Received:
    19
    Trophy Points:
    0
    i dont know why google when put that site up its a security risk that there making but hey its not hurting me nay lol
     
  8. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
  9. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
  10. hanleyhansen

    hanleyhansen New Member

    Joined:
    Jan 24, 2008
    Messages:
    336
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Drupal Developer/LAMP Developer
    Location:
    Clifton
    Home Page:
    http://www.hanseninfotech.com
  11. maestrojones

    maestrojones New Member

    Joined:
    Oct 22, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    It's crazy, how did you find it out?
     
  12. SEO_services

    SEO_services New Member

    Joined:
    Jan 11, 2011
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    SEO services
    Location:
    Portland/USA
    Home Page:
    http://sentersoftech.com/

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice