Noobs,don't go crazy messing up people sites,this is to make awareness of how negligent can an administrator be.
1- Why deface when you can own it?
Go to Google and type this:
intitle:PhpMyAdmin "Welcome to phpMyAdmin***" running on * as root@*"
This will give you tons of no passworded phpMyAdmin,means you'll have access to all files,can make changes ect.
======================================
To find websites Admin Password type the following in the Google bar:
inurl:vti_pvt "service.pwd"
(password will be encrypted) "convert encrypted password to md5 hash then use milw0rm
Also You can You use this codes when you have free time..enjoy
Google Search strings
-------------------------
inurl:/db/main.mdb |ASP-Nuke passwords
filetype:cfm "cfapplication |ColdFusion source with potential passwords name" password
filetype
ass |dbman credentials pass intext:userid
allinurl:auth_user_file.txt |DCForum user passwords
eggdrop filetype:user user |Eggdrop IRC user credentials
filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
filetype:url +inurl:"ftp://" |FTP bookmarks cleartext passwords
+inurl:"@"
inurl:zebra.conf intext: |GNU Zebra passwords
password -sample -test
-tutorial –download
filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
"htgroup" -intitle:"dist"
-apache -htpasswd.c
intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
htpasswd.bak
"http://*:*@www" bob:bob |HTTP passwords (bob is a sample username)
"sets mode: +k" |IRC channel keys (passwords)
"Your password is * |Remember IRC NickServ registration passwords
this for later use"
signin filetype:url |JavaScript authentication credentials
LeapFTP intitle:"index.of./" |LeapFTP client login credentials
sites.ini modified
inurl:lilo.conf filetype:conf |LILO passwords
password -tatercounter2000
-bootpwd –man
filetype:config config intext: |Mcft .NET application credentials
appSettings "User ID"
filetypewd service |Mcft FrontPage Service Web passwords
intitle:index.of |Mcft FrontPage Web credentials
administrators.pwd
"# -FrontPage-" |Mcft FrontPage Web passwords
inurl:service.pwd
extwd inurl:_vti_pvt inurl: |Mcft FrontPage Web passwords
(Service | authors | administrators)
inurlerform filetype:ini |mIRC nickserv credentials
intitle:"index of" intext: |mySQL database credentials
connect.inc
intitle:"index of" intext: |mySQL database credentials
globals.inc
filetype:conf oekakibbs |Oekakibss user passwords
filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials
inurl
spfd.conf intext: |OSPF Daemon Passwords
password -sample -test
-tutorial –download
index.of passlist |Passlist user credentials
inurlasslist.txt |passlist.txt file user credentials
filetype:dat "password.dat" |password.dat files
inurlassword.log filetype:log |password.log file reveals usernames,
|passwords,and hostnames
filetype:log inurl:"password.log" |password.log files cleartext
|passwords
inurleople.lst filetype:lst |People.lst generic password file
intitle:index.of config.php |PHP Configuration File database
|credentials
inurl:config.php dbuname dbpass |PHP Configuration File database
|credentials
inurl:nuke filetype:sql |PHP-Nuke credentials
filetype:conf inurlsybnc.conf |psyBNC IRC user credentials
"USER.PASS="
filetype:ini ServUDaemon |servU FTP Daemon credentials
filetype:conf slapd.conf |slapd configuration files root password
inurl:"slapd.conf" intext: |slapd LDAP credentials
"credentials" -manpage
-"Manual Page" -man: -sample
inurl:"slapd.conf" intext: |slapd LDAP root password
"rootpw" -manpage
-"Manual Page" -man: -sample
filetype:sql "IDENTIFIED BY" –cvs |SQL passwords
filetype:sql password |SQL passwords
filetype:ini wcx_ftp |Total Commander FTP passwords
filetype:netrc password |UNIX .netrc user credentials
index.of.etc |UNIX /etc directories contain
|various credential files
intitle:"Index of..etc" passwd |UNIX /etc/passwd user credentials
intitle:index.of passwd |UNIX /etc/passwd user credentials
passwd.bak
intitle:"Index of" pwd.db |UNIX /etc/pwd.db credentials
intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
intitle:index.of master.passwd |UNIX master.passwd user credentials
intitle:"Index of" spwd.db |UNIX spwd.db credentials
passwd -pam.conf
filetype:bak inurl:"htaccess| |UNIX various password file backups
passwd|shadow|htusers
filetype:inc dbconn |Various database credentials
filetype:inc intext:mysql_ |Various database credentials, server names
connect
filetyperoperties inurl:db |Various database credentials, server names
intextassword
inurl:vtund.conf intextass –cvs |Virtual Tunnel Daemon passwords
inurl:"wvdial.conf" intext: |wdial dialup user credentials
"password"
filetype:mdb wwforum |Web Wiz Forums Web credentials
"AutoCreate=TRUE password=*" |Website Access Analyzer user passwords
filetypewl pwl |Windows Password List user credentials
filetype:reg reg +intext: |Windows Registry Keys containing user
"defaultusername" intext: |credentials
"defaultpassword"
filetype:reg reg +intext: |Windows Registry Keys containing user
"internet account manager" |credentials
"index of/" "ws_ftp.ini" |WS_FTP FTP credentials
"parent directory"
filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
inurl:admin filetype: |asp Generic userlist files
inurl:userlist |
inurlhp inurl: |Half-life statistics file, lists username and
hlstats intext: |other information
Server Username |
filetype:ctl |
inurl:haccess. |Mcft FrontPage equivalent of htaccess
ctl Basic |shows Web user credentials
filetype:reg |
reg intext: |Mcft Internet Account Manager can
"internet account manager" |reveal usernames and more
filetype:wab wab |Mcft Outlook Express Mail address
|books
filetype:mdb inurlrofiles |Mcft Access databases containing
|profiles.
index.of perform.ini |mIRC IRC ini file can list IRC usernames and
|other information
inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
|used to discover usernames
filetype:conf inurlroftpd. |PROFTP FTP server configuration file
conf –sample |reveals
|username and server information
filetype:log username putty |PUTTY SSH client logs can reveal
|usernames
|and server information
filetype:rdp rdp |Remote Desktop Connection files reveal user
|credentials
intitle:index.of |UNIX bash shell history reveals commands
.bash_history |typed at a bash command prompt; usernames
|are often typed as argument strings
intitle:index.of |UNIX shell history reveals commands typed at
.sh_history |a shell command prompt; usernames are
|often typed as argument strings
"index of " lck |Various lock files list the user currently using
|a file
+intext:webalizer +intext: |Webalizer Web statistics page lists Web user-
Total Usernames +intext: |names and statistical information
"Usage Statistics for"
filetype:reg reg HKEY_ |Windows Registry exports can reveal
CURRENT_USER |username usernames and other information
1- Why deface when you can own it?
Go to Google and type this:
intitle:PhpMyAdmin "Welcome to phpMyAdmin***" running on * as root@*"
This will give you tons of no passworded phpMyAdmin,means you'll have access to all files,can make changes ect.
======================================
To find websites Admin Password type the following in the Google bar:
inurl:vti_pvt "service.pwd"
(password will be encrypted) "convert encrypted password to md5 hash then use milw0rm
Also You can You use this codes when you have free time..enjoy
Google Search strings
-------------------------
inurl:/db/main.mdb |ASP-Nuke passwords
filetype:cfm "cfapplication |ColdFusion source with potential passwords name" password
filetype
ass |dbman credentials pass intext:useridallinurl:auth_user_file.txt |DCForum user passwords
eggdrop filetype:user user |Eggdrop IRC user credentials
filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
filetype:url +inurl:"ftp://" |FTP bookmarks cleartext passwords
+inurl:"@"
inurl:zebra.conf intext: |GNU Zebra passwords
password -sample -test
-tutorial –download
filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
"htgroup" -intitle:"dist"
-apache -htpasswd.c
intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
htpasswd.bak
"http://*:*@www" bob:bob |HTTP passwords (bob is a sample username)
"sets mode: +k" |IRC channel keys (passwords)
"Your password is * |Remember IRC NickServ registration passwords
this for later use"
signin filetype:url |JavaScript authentication credentials
LeapFTP intitle:"index.of./" |LeapFTP client login credentials
sites.ini modified
inurl:lilo.conf filetype:conf |LILO passwords
password -tatercounter2000
-bootpwd –man
filetype:config config intext: |Mcft .NET application credentials
appSettings "User ID"
filetype
wd service |Mcft FrontPage Service Web passwordsintitle:index.of |Mcft FrontPage Web credentials
administrators.pwd
"# -FrontPage-" |Mcft FrontPage Web passwords
inurl:service.pwd
ext
wd inurl:_vti_pvt inurl: |Mcft FrontPage Web passwords(Service | authors | administrators)
inurl
erform filetype:ini |mIRC nickserv credentialsintitle:"index of" intext: |mySQL database credentials
connect.inc
intitle:"index of" intext: |mySQL database credentials
globals.inc
filetype:conf oekakibbs |Oekakibss user passwords
filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials
inurl
spfd.conf intext: |OSPF Daemon Passwordspassword -sample -test
-tutorial –download
index.of passlist |Passlist user credentials
inurl
asslist.txt |passlist.txt file user credentialsfiletype:dat "password.dat" |password.dat files
inurl
assword.log filetype:log |password.log file reveals usernames,|passwords,and hostnames
filetype:log inurl:"password.log" |password.log files cleartext
|passwords
inurl
eople.lst filetype:lst |People.lst generic password fileintitle:index.of config.php |PHP Configuration File database
|credentials
inurl:config.php dbuname dbpass |PHP Configuration File database
|credentials
inurl:nuke filetype:sql |PHP-Nuke credentials
filetype:conf inurl
sybnc.conf |psyBNC IRC user credentials"USER.PASS="
filetype:ini ServUDaemon |servU FTP Daemon credentials
filetype:conf slapd.conf |slapd configuration files root password
inurl:"slapd.conf" intext: |slapd LDAP credentials
"credentials" -manpage
-"Manual Page" -man: -sample
inurl:"slapd.conf" intext: |slapd LDAP root password
"rootpw" -manpage
-"Manual Page" -man: -sample
filetype:sql "IDENTIFIED BY" –cvs |SQL passwords
filetype:sql password |SQL passwords
filetype:ini wcx_ftp |Total Commander FTP passwords
filetype:netrc password |UNIX .netrc user credentials
index.of.etc |UNIX /etc directories contain
|various credential files
intitle:"Index of..etc" passwd |UNIX /etc/passwd user credentials
intitle:index.of passwd |UNIX /etc/passwd user credentials
passwd.bak
intitle:"Index of" pwd.db |UNIX /etc/pwd.db credentials
intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
intitle:index.of master.passwd |UNIX master.passwd user credentials
intitle:"Index of" spwd.db |UNIX spwd.db credentials
passwd -pam.conf
filetype:bak inurl:"htaccess| |UNIX various password file backups
passwd|shadow|htusers
filetype:inc dbconn |Various database credentials
filetype:inc intext:mysql_ |Various database credentials, server names
connect
filetype
roperties inurl:db |Various database credentials, server namesintext
asswordinurl:vtund.conf intext
ass –cvs |Virtual Tunnel Daemon passwordsinurl:"wvdial.conf" intext: |wdial dialup user credentials
"password"
filetype:mdb wwforum |Web Wiz Forums Web credentials
"AutoCreate=TRUE password=*" |Website Access Analyzer user passwords
filetype
wl pwl |Windows Password List user credentialsfiletype:reg reg +intext: |Windows Registry Keys containing user
"defaultusername" intext: |credentials
"defaultpassword"
filetype:reg reg +intext: |Windows Registry Keys containing user
"internet account manager" |credentials
"index of/" "ws_ftp.ini" |WS_FTP FTP credentials
"parent directory"
filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
inurl:admin filetype: |asp Generic userlist files
inurl:userlist |
inurl
hp inurl: |Half-life statistics file, lists username andhlstats intext: |other information
Server Username |
filetype:ctl |
inurl:haccess. |Mcft FrontPage equivalent of htaccess
ctl Basic |shows Web user credentials
filetype:reg |
reg intext: |Mcft Internet Account Manager can
"internet account manager" |reveal usernames and more
filetype:wab wab |Mcft Outlook Express Mail address
|books
filetype:mdb inurl
rofiles |Mcft Access databases containing|profiles.
index.of perform.ini |mIRC IRC ini file can list IRC usernames and
|other information
inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
|used to discover usernames
filetype:conf inurl
roftpd. |PROFTP FTP server configuration fileconf –sample |reveals
|username and server information
filetype:log username putty |PUTTY SSH client logs can reveal
|usernames
|and server information
filetype:rdp rdp |Remote Desktop Connection files reveal user
|credentials
intitle:index.of |UNIX bash shell history reveals commands
.bash_history |typed at a bash command prompt; usernames
|are often typed as argument strings
intitle:index.of |UNIX shell history reveals commands typed at
.sh_history |a shell command prompt; usernames are
|often typed as argument strings
"index of " lck |Various lock files list the user currently using
|a file
+intext:webalizer +intext: |Webalizer Web statistics page lists Web user-
Total Usernames +intext: |names and statistical information
"Usage Statistics for"
filetype:reg reg HKEY_ |Windows Registry exports can reveal
CURRENT_USER |username usernames and other information
wow
ReplyDeleteThanks dear.
ReplyDeleteThe most interesting text on this interesting topic that can be found on the net ... Airport taxi
ReplyDelete