Scribd
Upload
67 views2 pages

Some Good Dorks

list of dorks enjoy

Uploaded by

chaowandao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
67 views2 pages

Some Good Dorks

list of dorks enjoy

Uploaded by

chaowandao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Table 9.

1 continued Sample Queries That Locate UsernamesQueryDescription

filetype:wab wabMicrosoft Outlook Express Mail addressbooks

filetype:mdb inurl:profilesMicrosoft Access databases containing(user) profiles.

index.of perform.inimIRC IRC ini


file can list IRC usernamesand other information

inurl:root.asp?acs=anonOutlook Mail Web Access directory canbe used to discover


usernames

filetype:conf inurl:proftpd.conf –samplePROFTP FTP server configuration filereveals


username and server information

filetype:log username puttyPUTTY SSH client logs can reveal user-names and server
information

filetype:rdp rdpRemote Desktop Connection files revealuser credentials

intitle:index.of .bash_historyUNIX bash shell history reveals com-mands typed at a


bash commandprompt; usernames are often typed asargument strings

intitle:index.of .sh_historyUNIX shell history reveals commandstyped at a shell


command prompt; user-names are often typed as argumentstrings

“index of ” lck Various lock files list the user currentlyusing a file

+intext:webalizer +intext:Total Webalizer Web statistics page lists Web Usernames


+intext:”Usage Statistics for”usernames and statistical information

filetype:reg reg HKEY_CURRENT_Windows Registry exports can reveal USER


usernameusernames and other informationwww.syngress.com348Chapter 9 • Usernames,
Passwords, and Secret Stuff, Oh My!452_Google_2e_09.qxd 10/5/07 1:08 PM Page 348

Microsoft Outlook Web Accessportal, which can be located with a query like
inurl:root.asp?acs=anon.

Microsoft Outlook Web Access Hosts a Public Directory

Table 9.2 Queries That Locate Password InformationQueryDescription

filetype:config config intext:.Net Web Application configuration may appSettings


“User ID” contain authentication information

filetype:netrc password.netrc file may contain cleartext passwords

intitle:”Index of” passwords modified“Password” directories

inurl:/db/main.mdbASP-Nuke database files often contain pass-words


filetype:bak inurl:”htaccess|passwd|BAK files referring to passwords or shadow|
htusers”usernames

filetype:log “See `ipsec —copyright” BARF log files reveal ipsec data

inurl:”calendarscript/users.txt”CalenderScript passwords

inurl:ccbill filetype:logCCBill log files may contain authenticationdata

inurl:cgi-bin inurl:calendar.cfgCGI Calendar (Perl) configuration filereveals


information including passwords forthe program.

inurl:chap-secrets -cvschap-secrets file may list usernames andpasswords

enable password | secret “current Cisco “secret 5” and “password 7” configuration”


config files[WFClient]

Password= filetype:icaCitrix WinFrame-Client may contain logininformation

inurl:passlist.txtCleartext passwords. No decryption required

You might also like