Google Hacking . GHDB

GHDB (Google Hacking Database)

구글 해킹 데이터베이스의 약자.

구글 검색엔진을 활용하여 필요한 정보를 비교적 쉽게 얻어 낼 수 있는 방법이다.

– FTP PASSWORLD GOOGLE DORK XSS GOOGLE DORK PHP GOOGLE DORK SQL DORK WORLD PRESS DORK PASSWORLD FILE DORK MİCS DORK FREE SWAG DORK WEBCAM DORK

※ GHDB 목록

목 록	설 명
Advisories and Vulnerabilities (215 entries)	이 검색은 취약한 서버를 찾는다. 여러 가지 보안권고 게시물을 검색한다.
Error Messages (68 entries)	다양한 에러 메시지를 검출 한다.
Files containing juicy info (230 entries)	사용자이름 또는 패스워드를 몰라도 해킹이 가능하다.
Files containing passwords (135 entries)	Google에서 암호화된 파일을 찾을 수 있다.
Files containing username (15 entries)	Google은 웹사이트에서 패스워드설정이 안되어 있는 파일들을 찾아낸다.
Footholds (21 entries)	Google은 해커들이 웹서버에 접근 가능하도록 연계해주는 발판이 된다.
Pages containing login portals (232 entries)	로그인 페이지를 포함하고 있는 포탈 사이트를 통해서 해킹이 가능하다.
Pages containing network or vulnerability data (59 entries)	이 페이지는 방화벽 로고, 허니팟 로그 등 네트워크 정보와 취약한 데이터들을 포함하고 있다.
sensitive Directories (61 entries)	Google은 공유된 민감한 디렉토리들을 웹 페이지에서 수집한다.
sensitive Online Shopping Info (9 entries)	Google은 온라인 쇼핑 시 사용되는 고객정보, 주문내역, 카드번호 등 민감한 정보들을 수집한다.
Various Online Devices (201 entries)	Google은 웹 페이지에서 프린터, 비디오카메라 등 온라인 장치에 대한 정보를 수집한다.
Vulnerable Files (57 entries)	Google은 수백만개의 웹 사이트 취약점을 찾을 수 있다.
Vulnerable Servers (48 entries)	특정 취약점이 있는 서버를 찾는다. 또 다른 검색 방법은 “취약한 파일” 섹션에서 찾을 수가 있다.
Web Server Detection (72 entries)

A.) FTP PASSWORD GOOGLE DORKS

B.) XSS GOOGLE DORKS

C.) PHP GOOGLE DORKS

D.) SQL DORKS

E.) WORDPRESS DORKS

F.) PASSWORD FILE DORKS

G.) MISC. DORKS

H.) FREE SWAG DORKS

I.) WEBCAM DORKS

A.) FTP PASSWORD GOOGLE DORKS

1.) ws_ftp.ini configuration file search:

intitle:index.of ws_ftp.ini

2.) ws_ftp.ini configuration file with “Parent Directory” search:

filetype:ini ws_ftp pwd

3.) Variation:

”index of/” “ws_ftp.ini” “parent directory”

4.) Variation:

+htpasswd +WS_FTP.LOG filetype:log

5.) Variation:

(Substitute vulnerablesite.com with your site you want to search)

”allinurl: “Vulnerablesite.com” WS_FTP.LOG filetype:log”

B.) XSS GOOGLE DORKS

1.) cart32 executable file.

allinurl:/scripts/cart32.exe

2.) Cute news php file.

allinurl:/CuteNews/show_archives.php

3.) phpinfo.php file.

allinurl:/phpinfo.php

C.) PHP GOOGLE DORKS

1.) config.php file search:

intitle:index.of config.php

2.) PHP file contents search:

intitle:”Index of” phpinfo.php

3.) download.php directory transversal vulneralbilities:

inurl:download.php?=filename

4.) upload.php search:

intitle:index.of upload.php

inurl:upload.php

D.) SQL PASSWORD DUMP DORKS

1.) SQL dumps saved to database search. (Some of the more common passwords for you):

a.) ”123456″ = hashed password

ext:sql intext:@gmail.com intext:e10adc3949ba59abbe56e057f20f883e

b.) ”654321″ = hashed password

ext:sql intext:@gmail.com intext:c33367701511b4f6020ec61ded352059

c.) ”password” = hashed password

ext:sql intext:@gmail.com intext:5f4dcc3b5aa765d61d8327deb882cf99

d.) ”12345678″ = hashed password

ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad

e.) ”iloveyou” = hashed password

ext:sql intext:@gmail.com intext:f25a2fc72690b780b2a14e140ef6a9e0

2.) Variation of above search:

a.) ext:sql intext:”INSERT INTO” intext:@gmail.com intext:password

b.) ext:sql intext:”INSERT INTO” intext:@yahoo.com intext:password

c.) ext:sql intext:”INSERT INTO” intext:@hotmail.com intext:password

d.) ext:sql intext:”INSERT INTO” intext:@att.net intext:password

e.) ext:sql intext:”INSERT INTO” intext:@comcast.net intext:password

f.) ext:sql intext:”INSERT INTO” intext:@verizon.net intext:password

3.) SQLi

allinurl:/privmsg.php

E.) WORDPRESS GOOGLE DORKS

1.) Asset Manager Plugin Exploit – Unprotected Remote File Upload Vuleralbility.

inurl:Editor/assetmanager/assetmanager.asp

2.) Timthumb Plugin Exploit – Attacker can attach a shell to a image file and upload the shell. (It has been patched, but there are still a lot of webmasters who have NOT updated!)

inurl:index.of thumb.php

inurl:thumb.php

3.) Search for plugins directory:

inurl:wp-content/plugins/

4.) Search for themes directory:

inurl:wp-content/themes/

F.) PASSWORD FILE GOOGLE DORKS

1.) Search for Microsoft Excel data file:

”Login: *” “password =*” filetype: xls

2.) Search for auth_user_file:

allinurl: auth_user_file.txt

3.) Search for username/password saved in Microsoft Excel files:

filetype: xls inurl: “password.xls”

4.) Search for login pages:

intitle: login password

5.) Search for “master password” page:

intitle: “Index of” master.passwd

6.) Search for backup directory:

index of /backup

7.) Search for password backup file index:

intitle:index.of passwd.bak

8.) Search for password databases:

intitle:index.of pwd.db

intitle:”index of” pwd.db

9.) Search for /etc/passwd/ index:

intitle:”index of .. etc” passwd

10.) Search for plaintext password file:

index.of passlist.txt

inurl:passlist.txt

11.) Search for hidden documents/password files:

index.of.secret

index.of.private

12.) Search for PhpMyAdmin files:

”# PhpMyAdmin MySQL-Dump” filetype: txt

13.) Hidden Superuser (root) data files:

inurl:ipsec.secrets-history-bugs

inurl:ipsec.secrets “holds shared secrets”

14.) Find the information files:

inurl:ipsec.conf-intitle:manpage

15.) Search for a stored password in a database:

filetype:ldb admin

16.) Search for admin.php file:

inurl:search/admin.php

17.) Search for password log files:

inurl:password.log filetype:log

18.) Search for Hkey_Current_User in registry files:

filetype: reg HKEY_CURRENT_USER username

19.) Search for username/password file backups:

”Http://username: password @ www …” filetype: bak inurl: “htaccess | passwd | shadow | ht users”

20.) Search for username/password files:

filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdb files

21.) Search for Microsoft Frontpage passwords:

ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-”

22.) Search for SQL database Code and passwords:

filetype: sql ( “passwd values ****” |” password values ****” | “pass values ****”)

23.) Search for e-mail account files:

intitle: “Index Of”-inurl: maillog

G.) MISC. DORKS

1.) WebWiz Rich Text Editor (RTE) – Remote file upload vulneralbility:

inurl:rte/my_documents/my_files

2.) EZFilemanager – Remote file upload vulneralbility:

inurl:ezfilemanager/ezfilemanager.php

3.) robots.txt – See directories hidden from crawlers. Also sometimes you can pull off a directory transversal with this:

inurl:robots.txt

4.) Serial Numbers – Look for software serial numbers

”software name” 94FBR

H.) FIND FREE SWAG

1.) site:*.com intitle:”Thank You For Your Order” intext:Click Here to Download

2.) site:*.net intitle:”Thank You For Your Order” intext:Click Here to Download

3.) site:*.co intitle:”Thank You For Your Order” intext:Click Here to Download

4.) site:*.org intitle:”Thank You For Your Order” intext:Click Here to Download

5.) site:*.biz intitle:”Thank You For Your Order” intext:Click Here to Download

6.) site:*.tv intitle:”Thank You For Your Order” intext:Click Here to Download

7.) site:*.co.uk intitle:”Thank You For Your Order” intext:Click Here to Download

8.) site:*.org.uk intitle:”Thank You For Your Order” intext:Click Here to Download

9.) site:*.eu intitle:”Thank You For Your Order” intext:Click Here to Download

10.) intitle:Thank you for your purchase! intext:PLR OR MRR OR Package OR Bonus

11.) intitle:Thank you for your order! intext:PLR OR MRR OR Package OR Bonus

12.) intitle:Thank you for your order! intext:PLR OR MRR

13.) intitle:Thank you for your Purchase! intext:PLR OR MRR

14.) inurl:/thankyou*.html intitle:Thank you for your order!

15.) intext:Click Here To Download

16.) inurl:thanks intext:”Thank You For Your Order!” “Click Here” filetype:html

17.) intitle:Thank You For Your Order! intext:Private Label

18.) intitle:Thank You For Your Purchased! intext:Private Label

19.) intext:”Thank You For Your Order” intext:PLR

20.) intitle:”Thank You For Your Order!” intext:download

21.) intitle:”Thank You For Your Order” intext:Click Here To Download Now

22.) intitle:Thank you for your purchase! intext:Click Here to Download

23.) * thank you for your order download

24.) * intitle:Thank you for your Purchase! intext:PLR OR MRR OR Package OR Bonus

25.) * intitle:Thank you for your order! intext:PLR OR MRR

26.) * intitle:Thank You For Your Purchase! intext:Click Here to Download

27.) * intitle:Thank You For Your Order! intext:download

28.) inurl:index.of .mp3

29.) inurl:index.of .mov

30.) inurl:index.of .iso

31.) ?intitle:index.of? mp3

32.) ?intitle:index.of? mov

33.) ?intitle:index.of? iso

34.) inurl:”insert filetype”:iso+OR+exe+OR+zip+OR+rar+OR+gzip+OR+tar

35.) intext:”parent directory” intext:”[EXE]“

36.) intext:”parent directory” index of:”[EXE]“

37.) intext:”parent directory” index of:”[RAR]“

38.) intext:”parent directory” intext:”[VID]“

39.) intext:”parent directory” index of:”[VID]“

40.) intext:”parent directory” intext:”[MP3]“

41.) intext:”parent directory” index of:”[MP3]“

42.) intext:”parent directory” index of:”[Gamez]“

I.) WEBCAM GOOGLE DORKS

1.) inurl:/view.index.shtml

2.) inurl:/view.shtml

3.) intitle:”Live View / – AXIS” | inurl:view/view.shtml^

4.) inurl:ViewerFrame?Mode=

5.) inurl:ViewerFrame?Mode=Refresh