Google Hacking!

通過google找網站后臺的方法
site:url.com ‘查看這個站點上的信息最好不加www,可以查看到不少的二級域名信息,可以有不小的收獲哈

最好與inurl,intext等聯用,效果更佳..

=============================================================================

intext:測試???? ‘查看文本種包含”測試”的網頁
intitle: fooltitle???? ‘標題
intitle:config confixx login password??? ‘檢查多個關鍵字
allinurl:url??? ‘搜索xx網站的所有相關連接。(踩點必備)
links:url??? ‘相關鏈接
allintilte:url
先找找網站的管理后臺地址:
site:xxxx.com intext:管理
site:xxxx.com inurl:login
site:xxxx.com intitle:管理
site:a2.xxxx.com inurl:file
site:a3.xxxx.com inurl:load
site:a2.xxxx.com intext:ftp://*:*
site:a2.xxxx.com filetype:asp
site:xxxx.com //得到N個二級域名
site:xxxx.com intext:*@xxxx.com //得到N個郵件地址,還有郵箱的主人的名字什么的
site:xxxx.com intext:電話 //N個電話
intitle:”index of” etc
intitle:”Index of” .sh_history
intitle:”Index of” .bash_history
intitle:”index of” passwd
intitle:”index of” people.lst
intitle:”index of” pwd.db
intitle:”index of” etc/shadow
intitle:”index of” spwd
intitle:”index of” master.passwd
intitle:”index of” htpasswd
“# -FrontPage-” inurl:service.pwd
直接搜索密碼:(引號表示為精確搜索)
當然我們可以再延伸到上面的結果里進行二次搜索
“index of” htpasswd / passwd
filetype:xls username password email
“ws_ftp.log”
“config.php”?????????? ‘可以看看別的config 或者直接看conn可以不可以暴
allinurl:admin mdb??? ‘可以換成別的哈,dvbbs7.mdb等等
service filetype:pwd ….或者某個比如pcanywhere的密碼后綴cif等 ‘很少用
越來越有意思了,再來點更敏感信息
“robots.txt” “Disallow:” filetype:txt
inurl:_vti_cnf (FrontPage的關鍵索引啦,掃描器的CGI庫一般都有地)
allinurl: /msadc/Samples/selector/showcode.asp
/../../../passwd
/examples/jsp/snp/snoop.jsp
phpsysinfo
intitle:index of /admin
intitle:”documetation”
inurl: 5800(vnc的端口)或者desktop port等多個關鍵字檢索
webmin port 10000
inurl:/admin/login.asp
intextowered by GBook365
intitle:”php shell*” “Enable stderr” filetype:php 直接搜索到phpwebshell
foo.org filetype:inc
ipsec filetype:conf
intilte:”error occurred” ODBC request WHERE (select|insert) 說白了就是說,可以直接試著查查數據庫檢索,針對目前流行的sql注射,會發達哦??? ‘最好別搞了,一掃出來的都是雨哥的文章
intitle:”php shell*” “Enable stderr” filetype:php
“Dumping data for table” username password
intitle:”Error using Hypernews”
“Server Software”
intitle:”HTTP_USER_AGENT=Googlebot”
“HTTP_USER_ANGET=Googlebot” THS ADMIN
filetype:.doc site:.mil classified 直接搜索軍方相關word

inurl: 用于搜索網頁上包含的URL. 這個語法對尋找網頁上的搜索,幫助之類的很有用.
intext: 只搜索網頁<body>部分中包含的文字(也就是忽略了標題,URL等的文字).
site: 可以限制你搜索范圍的域名.
filetype: 搜索文件的后綴或者擴展名
intitle: 限制你搜索的網頁標題.
allintitle: 搜索所有關鍵字構成標題的網頁. 但是推薦不要使用
link: 可以得到一個所有包含了某個指定URL的頁面列表. 例如link:www.google.com 就可
intext:管理
filetype:mdb
inurl:file
site:xx.com filetype:txt 查找TXT文件 其他的依次內推
site:xx.com intext:管理
site:xx.com inurl:login
site:xx.com intitle:后臺

查看服務器使用的程序
site:xx.com filetype:asp
site:xx.com filetype:php
site:xx.com filetype:jsp

查看上傳漏洞:
site:xx.com inurl:file
site:xx.com inurl:load

查找注射點:
site:xx.com filetype:asp
site:tw inurl:asp?id=??? 這個是找臺灣的

site:jp inurl:asp?id=??? 這個是找日本的

site:ko inurl:asp?id=???? 這個是找韓國的

依次類推
intitle:旁注- 網站xxxfiletype:asp
inurl:editor/db/
inurl:eWebEditor/db/
inurl:bbs/data/
inurl:databackup/
inurl:blog/data/
inurl:bokedata
inurl:bbs/database/
inurl:conn.asp
inc/conn.asp

管理入口:
admin
admin_index
admin_admin
index_admin
admin/index
admin/default
admin/manage
admin/login
manage_index
index_manage
superadmin
admin1
admin_login
login_admin
ad_login
ad_manage
count
manager
guanli
denglu
houtai
houtaiguanli
htgl
adminlogin
adminuserlogin
adm_login
chklogin
chkadmin
users
adduser
admin_user
edituser
adminadduser
member
members
editmember
adminmember
addmember
logout
exit
login_out
adminedit
admin_edit
delete
admindelete
admin_delete
up
upload
upfile
backup
config
test
webmaster
root
aadmin
admintab
admin_main
art
article
databases
db
dbase
devel
files
forum
girl
girls
htdocs
idea
ideas
include
includeinc
includes
incoming
install
manual
misc
mrtg
private
program
programming
programs
public
secret
secrets
server_stats
server-info
server-status
set
setting
setup
***
snmp
source
sources
sql
statistics
Stats
telephone
temp
temporary
tool
tools
usage
weblog
weblogs
webstats
work
wstats
wwwlog
wwwstats
wenzhang
admin/login.asp
admin_index.asp
bbs/admin_index.asp
article/admin/admin.asp
admin/aspcheck.asp
inc/config.asp
eWebEditor/admin_login.asp
editor/admin_login.asp
login/login
login/index
login/super
login1
update
count_admin
add_admin
admin_pass
newbbs/login
down/login
bbs/admin/login
main/login
admin/manage.asp
manage/login.asp
user.asp
conn.asp
logout.asp

manager/login
manager/login.asp
manager/admin.asp
login/admin/admin.asp
houtai/admin.asp
guanli/admin.asp
denglu/admin.asp
admin_login/admin.asp
admin_login/login.asp
admin/manage/admin.asp
admin/manage/login.asp
admin/default/admin.asp
admin/default/login.asp
member/admin.asp
member/login.asp
administrator/admin.asp
administrator/login.asp

本文轉自某信息安全文檔由網絡安全攻防研究室(www.zzxjjy.com)信息安全小組收集整理,轉載請注明出處!