社会工程学教程讲座之Google黑客技术
2015-11-05 17:30
796 查看
原文地址:社会工程学教程讲座之Google黑客技术作者:图160
[all]inurl
[all]intext
[all]intitle
site
ext,filetype
symbol: - . * |
boolean Epression: and or not
lang:"c++" define
隐私信息
1.用户名和密码
"create table" insert into" "pass|passwd|password" (ext:sql |ext:dump | ext:txt)
"your password * is"(ext:csv | ext.doc | ext:txt)
2. 密匙
"index of" slave_datatransOR from_master
3.隐私的密码
"Begin (DSA | RSA)"ext:key
"index of""secring.gpg"
4.经过加密的消息
-"public | pubring |pubkeysignature | pgp | and | or |release" ext:gpg
-intext:"and" (ext:enc |ext:axx)
"ciphervalue" ext:xml
机密信息
那些期望成为机密以杜绝未经授权人查看的信息
data that is expected to stay confidential against unauthorizedaccess
1.聊天日志
"session start" "sessionident" thomas ext:txt
2.私人信件/邮件
"index of" inbox.dbx
"To parent directory"inurl:"Identities"
3.机密的目录和文件
"index of" (private |secure | geheim | gizli)
"robots.txt" "User-agent"ext:txt
"this document is private| confidential(机密的) | secret" ext:doc | ext:pdf | ext:xls
intitle:"index of" "jpg |png | bmp" inurl"personal | inurl:private
4.在线网络摄像头
intitle:"live View/ -AXIS" | inurl:view/view.shtml
inurl:"ViewFrame?Mode="
inurl:"MultiCameraFrame?Mode="
inturl:"axis-cgi/mjpg"
intext:"MOBOTIX M1"
intext:"Open Menu"
inurl:"view/index.shtml"
www.undertree.us/allcams.html//这个应该是相关网站吧。我也不是很清楚,翻墙了也没打开。有打开的请PM我!
Google Video
supergirl duration:(short| medium | long) is:free
在线设备
inurl:"hp/device/this.LCDispatcher"
intitle:liveapplet inurl:LvAppl
"Please wait ....." intitle:"SWW link"
敏感信息
(那些通常公众于世但它的透露可能会给当事人带来麻烦的信息)
Data which is normally public but whose reveal may disturb itsowner
1.位于讨论会,邮局等场所
inurl:"search.php?search_author=thomas"
inurl:pipermail "thomasfischer"
2.敏感的目录
intitle:"index of"inurl:"backup"
3.Web 2.0
"thomas fischer"site:blogspot.com
"thomas"site:flickr.com
"thomas"site:youtube.com
鉴定资料
1.描述标识私人的信息
姓名,地址,电话,电话分机
allintext: name emailphone address intext:"thomas fischer(人物)" ext:pdf
Twiki inurl:"View/Main""thomas fischer"
个人简历
intitle:CV ORintitle:Lebenslauf "thomas fischer"
intitle:CV ORintitle:Lebenslauf ext:pdf OR ext:doc
2 用户姓名
intitle:"usageStatistics(统计表) for" intext:"Total Unique Usernames"
Examples Of Google Hacking 1
不可靠程序透露的信息
"php version" intitle:phpinfo inurl:info.php
程序中含有SQL注入漏洞并且路径可以修改弱口
"advanced guestbook * powered" inurl:addentry.php
intitle:"View img" inurl:viewimg.php
安全扫描报告
"Assessment report" "nessus" filetype:pdf
数据库程序和错误文件
"Welcome to phpmyadmin ***" "running on * as root@*"intitle:phpmyadmin
"mysql error with query"
============================================================================
countermeasure(对策) //这块就是说措施吧。原作者没翻译,我翻译下吧。
Use automatic tools to check your system(e.g.gooscan,sitedigger,goolink)
使用工具自动检测你的系统 例如:(e.g.gooscan,sitedigger,goolink)
Install and manage Google Honeypot
安装管理google蜜罐?
sitedigger //网页挖掘
free from FoundStone Company//剩下这段,小弟不材,我看了好几遍也没懂~谁懂了,帮忙翻译下~
support Both GHD and foundstone's own hackingdatabase
for a given host,all etries in thedatabase are queried
===================================================
参考文献
google hacking database
http://johnny.ihackstuff.com
google hack honeypot project
http://ghh.sourceforge.net
goolink -security scanner
www.ghacks.net/2005/11/23/goolink-scanner-beta-preview/
[b][b]siteDigger c2.0-information Gathering Tool
http://www.foundstone.com[/b][/b]
[b]FileSearching
www.filesearching.com[/b]
gooscan-google security scanner
http://johnny.ihackstuff.com
=====================================================
Please use this information for no otherreason
Online Cameras
inurl:"viewrframe?mode=motion"(Requires ActiveX)[/b]
intitle:"snc-rz30 home" (requires activeX)
intitle:"WJ-NT104 Main"
inurl:LvApp1 intilte:liveapplet(great pan and zoom)
intitle:"Live Vew / -AXIS"
inurl:indexFrame.shtml "Axis Video Server"
查看从Google中注销的网站
思路:找到记载这些网站的robots.txt进行筛选
"robots.txt" "disallow:" filetype:txt
Front Page user logins
使用此字符串进行搜索,你可以获取很多登陆密码和账户,搜索到的的这些文件中密码和账户都未进行过加密
inurl:_vti_pvt "service.pwd"
Php Photo Albums
此搜索算法允许你察看PHP用户上传倻面相册,并且你可以上传你自己的照片到里面
inurl:"phphotoabum/upload"
VNC User info
通过虚拟机绕过密码验证使用VNc Brute强行破解密码需求这一验证强行的登陆别人的电脑
"vnc desktop" inurl:5800
Network Printers
察看公网的共享打印机,你可以查看他们的状态,设置 ,你还可以用他们中的一些来打印自己的东西
inurl:"port_255" -htm
php Administrator Access
PHPMyAdmin是用户操控网站数据库的一个账户,你可以用它来访问那些安全系数比较低的网站,通过这个账户你可以操控他们的网站
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" running on * asroot@*"
[all]inurl
[all]intext
[all]intitle
site
ext,filetype
symbol: - . * |
boolean Epression: and or not
lang:"c++" define
隐私信息
1.用户名和密码
"create table" insert into" "pass|passwd|password" (ext:sql |ext:dump | ext:txt)
"your password * is"(ext:csv | ext.doc | ext:txt)
2. 密匙
"index of" slave_datatransOR from_master
3.隐私的密码
"Begin (DSA | RSA)"ext:key
"index of""secring.gpg"
4.经过加密的消息
-"public | pubring |pubkeysignature | pgp | and | or |release" ext:gpg
-intext:"and" (ext:enc |ext:axx)
"ciphervalue" ext:xml
机密信息
那些期望成为机密以杜绝未经授权人查看的信息
data that is expected to stay confidential against unauthorizedaccess
1.聊天日志
"session start" "sessionident" thomas ext:txt
2.私人信件/邮件
"index of" inbox.dbx
"To parent directory"inurl:"Identities"
3.机密的目录和文件
"index of" (private |secure | geheim | gizli)
"robots.txt" "User-agent"ext:txt
"this document is private| confidential(机密的) | secret" ext:doc | ext:pdf | ext:xls
intitle:"index of" "jpg |png | bmp" inurl"personal | inurl:private
4.在线网络摄像头
intitle:"live View/ -AXIS" | inurl:view/view.shtml
inurl:"ViewFrame?Mode="
inurl:"MultiCameraFrame?Mode="
inturl:"axis-cgi/mjpg"
intext:"MOBOTIX M1"
intext:"Open Menu"
inurl:"view/index.shtml"
www.undertree.us/allcams.html//这个应该是相关网站吧。我也不是很清楚,翻墙了也没打开。有打开的请PM我!
Google Video
supergirl duration:(short| medium | long) is:free
在线设备
inurl:"hp/device/this.LCDispatcher"
intitle:liveapplet inurl:LvAppl
"Please wait ....." intitle:"SWW link"
敏感信息
(那些通常公众于世但它的透露可能会给当事人带来麻烦的信息)
Data which is normally public but whose reveal may disturb itsowner
1.位于讨论会,邮局等场所
inurl:"search.php?search_author=thomas"
inurl:pipermail "thomasfischer"
2.敏感的目录
intitle:"index of"inurl:"backup"
3.Web 2.0
"thomas fischer"site:blogspot.com
"thomas"site:flickr.com
"thomas"site:youtube.com
鉴定资料
1.描述标识私人的信息
姓名,地址,电话,电话分机
allintext: name emailphone address intext:"thomas fischer(人物)" ext:pdf
Twiki inurl:"View/Main""thomas fischer"
个人简历
intitle:CV ORintitle:Lebenslauf "thomas fischer"
intitle:CV ORintitle:Lebenslauf ext:pdf OR ext:doc
2 用户姓名
intitle:"usageStatistics(统计表) for" intext:"Total Unique Usernames"
Examples Of Google Hacking 1
不可靠程序透露的信息
"php version" intitle:phpinfo inurl:info.php
程序中含有SQL注入漏洞并且路径可以修改弱口
"advanced guestbook * powered" inurl:addentry.php
intitle:"View img" inurl:viewimg.php
安全扫描报告
"Assessment report" "nessus" filetype:pdf
数据库程序和错误文件
"Welcome to phpmyadmin ***" "running on * as root@*"intitle:phpmyadmin
"mysql error with query"
============================================================================
countermeasure(对策) //这块就是说措施吧。原作者没翻译,我翻译下吧。
Use automatic tools to check your system(e.g.gooscan,sitedigger,goolink)
使用工具自动检测你的系统 例如:(e.g.gooscan,sitedigger,goolink)
Install and manage Google Honeypot
安装管理google蜜罐?
sitedigger //网页挖掘
free from FoundStone Company//剩下这段,小弟不材,我看了好几遍也没懂~谁懂了,帮忙翻译下~
support Both GHD and foundstone's own hackingdatabase
for a given host,all etries in thedatabase are queried
===================================================
参考文献
google hacking database
http://johnny.ihackstuff.com
google hack honeypot project
http://ghh.sourceforge.net
goolink -security scanner
www.ghacks.net/2005/11/23/goolink-scanner-beta-preview/
[b][b]siteDigger c2.0-information Gathering Tool
http://www.foundstone.com[/b][/b]
[b]FileSearching
www.filesearching.com[/b]
gooscan-google security scanner
http://johnny.ihackstuff.com
=====================================================
Please use this information for no otherreason
Online Cameras
inurl:"viewrframe?mode=motion"(Requires ActiveX)[/b]
intitle:"snc-rz30 home" (requires activeX)
intitle:"WJ-NT104 Main"
inurl:LvApp1 intilte:liveapplet(great pan and zoom)
intitle:"Live Vew / -AXIS"
inurl:indexFrame.shtml "Axis Video Server"
查看从Google中注销的网站
思路:找到记载这些网站的robots.txt进行筛选
"robots.txt" "disallow:" filetype:txt
Front Page user logins
使用此字符串进行搜索,你可以获取很多登陆密码和账户,搜索到的的这些文件中密码和账户都未进行过加密
inurl:_vti_pvt "service.pwd"
Php Photo Albums
此搜索算法允许你察看PHP用户上传倻面相册,并且你可以上传你自己的照片到里面
inurl:"phphotoabum/upload"
VNC User info
通过虚拟机绕过密码验证使用VNc Brute强行破解密码需求这一验证强行的登陆别人的电脑
"vnc desktop" inurl:5800
Network Printers
察看公网的共享打印机,你可以查看他们的状态,设置 ,你还可以用他们中的一些来打印自己的东西
inurl:"port_255" -htm
php Administrator Access
PHPMyAdmin是用户操控网站数据库的一个账户,你可以用它来访问那些安全系数比较低的网站,通过这个账户你可以操控他们的网站
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" running on * asroot@*"
相关文章推荐
- Django ORM 入坑记录
- Mongo db.getMongo().setSlaveOk()
- GoldenGate: Extract Abend with Detect Inconsistency in Pdata (文档 ID 1355067.1)
- Intent中的四个重要属性——Action、Data、Category、Extras
- poj 2940 Wine Trading in Gergovia 贪心+扫描
- mrjob 使用 mongoldb 数据源【转】
- 关键字爬google的pdf
- ubuntu sougou输入法
- HDU 5512 Pagodas
- google书签找回
- 数据签名标准算法-DSA (Digital signature Algorithm DSA)
- MTK6572 开机logo 和开机动画配置
- Django自带过滤器总结
- Algorithm Gossip: 得分排行
- Algorithm Gossip: 约瑟夫问题(Josephus Problem)
- Algorithm Gossip: 背包问题(Knapsack Problem)
- URAL 1534 Football in Gondor
- Go编译问题集锦
- View 的setVisibility有三个值:VISIBLE、INVISIBLE和GONE的区别