INTRO========= a week or so back i had an e-mail from a friend (FLW) asking me if i had any info on google search tips he was surprised on the amount of info available and open via google...this got me thinking , well i have seen many various search strings in several papers....so i thought i would put them all together on the one page...and up-date as new one are discovered... ********************************************************************************************************************************************* WARNING:::i hold no responsibility for what you do via the information supplied here...this is for educational purpose only , use at your own risk you have been warned ********************************************************************************************************************************************* thanks ComSec aka ZSL SUMMERY======= Everyone knows google in the security sector...and what a powerful tool it is , just by entering certain search strings you can gain a vast amount of knowledge and information of your chosen target...often revealing sensitive data...this is all down to badly configured systems...brought on by sloppy administration allowing directory indexing and accessing , password files , log entrys , files , paths ,etc , etc Search Tips so how do we start ? the common search inputs below will give you an idea...for instance if you want to search for the an index of "root" in the search box put in exactly as you see it below ================== example 1: allintitle: "index of/root" result: http://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle:+"index+of/root"&btnG=Google+Search what it reveals is 2,510 pages that you can possible browse at your will... ==================== example 2 inurl:"auth_user_file.txt" http://www.google.com/search?num=10...inurl:"auth_user_file.txt"&btnG=Google+Search this result spawned 414 possible files to access here is an actual file retrieved from a site and edited , we know who the admin is and we have the hashes thats a job for JTR (john the ripper) txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on with the many variations below it should keep you busy for a long time mixing them reveals many different permutations ************************************* SEARCH PATHS....... more to be added ************************************* "Index of /admin" "Index of /password" "Index of /mail" "Index of /" +passwd "Index of /" +password.txt "Index of /" +.htaccess index of ftp +.mdb allinurl:/cgi-bin/ +mailto administrators.pwd.index authors.pwd.index service.pwd.index filetype:config web gobal.asax index allintitle: "index of/admin" allintitle: "index of/root" allintitle: sensitive filetype:doc allintitle: restricted filetype :mail allintitle: restricted filetype:doc site:gov inurl:passwd filetype:txt inurl:admin filetype:db inurl:iisadmin inurl:"auth_user_file.txt" inurl:"wwwroot/*." top secret site:mil confidential site:mil allinurl: winnt/system32/ (get cmd.exe) allinurl:/bash_history intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd intitle:"index of" members OR accounts intitle:"index of" user_carts OR user_cart ALTERNATIVE INPUTS==================== _vti_inf.html service.pwd users.pwd authors.pwd administrators.pwd shtml.dll shtml.exe fpcount.exe default.asp showcode.asp sendmail.cfm getFile.cfm imagemap.exe test.bat msadcs.dll htimage.exe counter.exe browser.inc hello.bat default.asp\ dvwssr.dll cart32.exe add.exe index.jsp SessionServlet shtml.dll index.cfm page.cfm shtml.exe web_store.cgi shop.cgi upload.asp default.asp pbserver.dll phf test-cgi finger Count.cgi jj php.cgi php nph-test-cgi handler webdist.cgi webgais websendmail faxsurvey htmlscript perl.exe wwwboard.pl www-sql view-source campas aglimpse glimpse man.sh AT-admin.cgi AT-generate.cgi filemail.pl maillist.pl info2www files.pl bnbform.cgi survey.cgi classifieds.cgi wrap cgiwrap edit.pl perl names.nsf webgais dumpenv.pl test.cgi submit.cgi guestbook.cgi guestbook.pl cachemgr.cgi responder.cgi perlshop.cgi query w3-msql plusmail htsearch infosrch.cgi publisher ultraboard.cgi db.cgi formmail.cgi allmanage.pl ssi adpassword.txt redirect.cgi cvsweb.cgi login.jsp dbconnect.inc admin htgrep wais.pl amadmin.pl subscribe.pl news.cgi auctionweaver.pl .htpasswd acid_main.php access.log log.htm log.html log.txt logfile logfile.htm logfile.html logfile.txt logger.html stat.htm stats.htm stats.html stats.txt webaccess.htm wwwstats.html source.asp perl mailto.cgi YaBB.pl mailform.pl cached_feed.cgi global.cgi Search.pl build.cgi common.php show global.inc ad.cgi WSFTP.LOG index.html~ index.php~ index.html.bak index.php.bak print.cgi register.cgi webdriver bbs_forum.cgi mysql.class sendmail.inc CrazyWWWBoard.cgi search.pl way-board.cgi webpage.cgi pwd.dat adcycle post-query help.cgi there are to many people to thank for the bits of information cut and pasted and added to form this paper most have been collected from various forums , txt , doc's etc...like to thank you all, its not intended to rip anyone its just a combo of various search inputs...put on the one Paper to use as a reference.
