TA的每日心情 | 开心 2021-12-13 21:45 |
---|
签到天数: 15 天 [LV.4]偶尔看看III
|
本文涉及作者 swap(慕容小雨),zhaohuan(Xfocus),snipe(4ngel)
信息安全的隐患-GoogleHacking原理和防范
作者:zhaohuan@phack.org 来源:www.phack.org
技术天地:GoogleHacking是利用Google的搜索引擎快速查找存在脆弱性的主机以及包含敏感数据的信息,最近这种以前由黑客手动进行操作的攻击手段可以通过一种新的蠕虫病毒来自动完成。为了引起大家对GoogleHacking的关注与重视,我们编发了这篇文章希望大家通过对Hack的攻击手段的了解,更好的保护自己的信息安全。本文中重在对GoogleHacking攻击手段的理解,对一些攻击的细节不予详述请谅解。
前言:
2004年在拉斯维加斯举行的BlackHat大会上,有两位安全专家分别作了名为You found that on google ? 和google attacks 的主题演讲。经过安全焦点论坛原版主WLJ大哥翻译整理后,个人觉得有必要补充完善一些细节部分。今天向大家讲述的是Google的又一功能:利用搜索引擎快速查找存在脆弱性的主机以及包含敏感数据的信息,甚至可以直接进行傻瓜入侵。
用google来进行“渗透测试”
我们今天渗透测试人员在实施攻击之前,往往会先进行信息搜集工作,而后才是漏洞确认和最终的漏洞利用、扩大战果。在这里我们现在要谈的是:
一、利用google查找被人安装了php webshell后门的主机,并测试能否使用;
二、利用google查找暴露出来的INC敏感信息.
OK,现在我们开始:
1.查找利用php webshell
我们在google的搜索框中填入:
Code:
intitle:"php shell*" "Enable stderr" filetype:php
(注: intitle—网页标题 Enable stderr—UNIX标准输出和标准错误的缩写filetype—文件类型)。搜索结果中,你能找到很多直接在机器上执行命令的web shell来。如果找到的PHPSHELL不会利用,如果你不熟悉UNIX,可以直接看看LIST,这里就不详细说了,有很多利用价值。要说明的是,我们这里搜索出来的一些国外的PHPSHELL上都要使用UNIX命令,都是system调用出来的函数(其实用百度及其他搜索引擎都可以,只是填写搜索的内容不同)。通过我的检测,这个PHPWEBSHELL是可以直接Echo(Unix常用命令)。一句话就把首页搞定了:
Code:
echo "召唤" > index.jsp
在得到的
Code:
echo /
后再写上:"召唤"
现在看看首页,已经被我们改成: "召唤" 了
我们也可以用WGET上传一个文件上去(比如你要替换的叶子吧)。然后execute Command输入 cat file > index.HTML or echo "" > file
echo "test" >> file
这样一条条打出来,站点首页就成功被替换了。同样的也可以
Code:
uname -a;cat /etc/passwd
不过有点要注意,有些WEBSHELL程序有问题,执行不了的,比如:
http://www.al3toof.com/card/smal ... c_html&command=
http://ramsgaard.net/upload/shell.php
这些站的php是global register off
解决方案:
我们可以利用相关工具进行在互联网进行搜索,如果有信息被滥用,到http://www.google.com/remove.html 提交你希望删除的信息,
控制搜索引擎机器人的查询.
2.搜索INC敏感信息
我们在google的搜索框中填入:
Code:
.org filetype:inc
我们现在搜索的是org域名的站点的INC信息(因为google屏蔽掉了搜索"COM"信息,我们还可以搜其他gov,cn,info,tw,jp,edu等等之类的)
PS:我在看许多PHP编程人员在编程时候,都喜欢把一些常写的代码或配置信息,写在一个.inc的文件中,如shared.inc、global.inc、conn.inc等等,当然这是一个很好的习惯,包括PHP官方网站都是如此,但不知你有没有注意到这里面含一个安全隐患问题。
我有一次在写一个PHP代码时,无意中写错了一句话,当我在浏览器里查看此PHP文件时,竟然发现屏幕详细的显示了我所出错的PHP文件路径及代码行。(PHP错误显示配置是开着的.此功能在PHP里是默认的!),这就是说当我们无意写错代码(同样.inc文件也一样) 或者PHP代码解析出问题时,而PHP错误显示又是开着的,客户端的用户就会看到具体url地址的.inc文件,而.url文件如同txt文本一样,当在浏览器中浏览时,就毫无保留地显示了它的内容,而且不少站点在.inc文件写了重要的信息如用户密码之类!包括国内著名海尔公司以及嘉铃摩托公司,我之所以敢公布是因为我本人测试过,http://www.haier.com/su ***/inc/conn.inc 暴出的数据库ID密码用客户端连不上去,网站关闭了1215,而且防火墙也过滤掉了。
好,INC的知识说完后,我们继续又搜索到了好多,找到一个暴露了MYSQL口令的
我们又可以用客户端登陆上去修改数据了.这里涉及到数据库的知识,我们不谈太多,关于"INC暴露敏感信息"就到这里结束吧
当然我们可以通过一些办法解决:
1,你可以专门对.inc文件进行配置,避免用户直接获取源文件。
2,当然比较好的方法是,加上并且改文件扩展名为.php(PHP可以解析的扩展名),这样客户端就不会获取源文件了。
这里,我将FreeMind绘制的图片用文本表示了.
有关Google Hack的详细信息,帮助我们分析踩点
连接符:
Code:
+ - : . * |
操作符:
Code:
"foo1 foo2"
filetype:123
site:foo.com
intext:foo
intitle:footitle
allinurl:foo
密码相关
Code:
:“index of”
htpasswd / passwd
filetype:xls username password email
"ws_ftp.log"
"config.php"
allinurl:admin mdb
service filetype:pwd (frontpage)
敏感信息:
Code:
"robots.tx"
"disallow:"
filetype:txt
inurl:_vti_cnf (frontpage files)
allinurl:/msadc/samples/selector/showcode.asp
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:phpsysinfo
ipsec filetype:conf
intitle:"error occurred" odbc request where (select|insert)
"mydomain.com" nessus report
"report generated by"
结尾:
如果要拿ROOT权限就要具体问题具体分析了,不过有了SHELL权限就好提了,网上有很多根据WEBSHELL提升权限的文章大家可以参照一下.
通过google我们还可以搜索到很多有用的东西,不过是细节,要通过信息收集慢慢分析、扩大、进行入侵.
这些我就不具体分析了.给大家个思路,大家慢慢研究好了
到这里,这篇文章就要结束了,写这篇文章的目的是为了引起大家的关注与重视,了解新的HACK手段,了解新的防护方法,事物都有两面性,在当今Google盛行的时代,在充分利用google的同时.也应该看得更全面.
google hacking的实现以及应用
google hacking的实现以及应用(上)
本文作者:sniper
文章出于:www.4ngel.net
日 期 : 05/01/26
修改/发布: 05/02/21
本文仅做于技术讨论于研究,请勿用做其他用途.
PS:庆祝一下暂时摆脱应试教育的魔爪,向那些打着素质教育暗地里搞应试教育的学校竖起中指!
前言
google hacking其实并算不上什么新东西,在早几年我在一些国外站点上就看见过相关的介绍,但是由于当时并没有重视这种技术,认为最多就只是用来找找未改名的mdb或者别人留下的webshell什么的,并无太大实际用途.但是前段时间仔细啃了些资料才猛然发觉google hacking其实并非如此简单...
google hacking的简单实现
记得以前看见过一篇文章写的就是简单的通过用www.google.com来搜索dvbbs6.mdb或conn.inc来获得一些站点的敏感信息.其实使用google中的一些语法可以提供给我们更多的信息(当然也提供给那些习惯攻击的人更多他们所想要的.),下面就来介绍一些常用的语法.
intext:
这个就是把网页中的正文内容中的某个字符做为搜索条件.例如在google里输入:intext:动网.将返回所有在网页正文部分包含"动网"的网页.allintext:使用方法和intext类似.
intitle:
和上面那个intext差不多,搜索网页标题中是否有我们所要找的字符.例如搜索:intitle:安全天使.将返回所有网页标题中包含"安全天使"的网页.同理allintitle:也同intitle类似.
cache:
搜索google里关于某些内容的缓存,有时候也许能找到一些好东西哦.
define:
搜索某个词语的定义,搜索:define:hacker,将返回关于hacker的定义.
filetype:
这个我要重点推荐一下,无论是撒网式攻击还是我们后面要说的对特定目标进行信息收集都需要用到这个.搜索指定类型的文件.例如输入:filetype:doc.将返回所有以doc结尾的文件URL.当然如果你找.bak、.mdb或.inc也是可以的,获得的信息也许会更丰富:)
info:
查找指定站点的一些基本信息.
inurl:
搜索我们指定的字符是否存在于URL中.例如输入:inurl:admin,将返回N个类似于这样的连接:http://www.xxx.com/xxx/admin,用来找管理员登陆的URL不错.allinurl也同inurl类似,可指定多个字符.
link:
例如搜索:inurl:www.4ngel.net可以返回所有和www.4ngel.net做了链接的URL.
site:
这个也很有用,例如:site:www.4ngel.net.将返回所有和4ngel.net这个站有关的URL.
对了还有一些操作符也是很有用的:
+ 把google可能忽略的字列如查询范围
- 把某个字忽略
~ 同意词
. 单一的通配符
* 通配符,可代表多个字母
"" 精确查询
下面开始说说实际应用(我个人还是比较习惯用google.com,以下内容均在google上搜索),对于一个居心叵测的攻击者来说,可能他最感兴趣的就是密码文件了.而google正因为其强大的搜索能力往往会把一些敏感信息透露给他们.用google搜索以下内容:
intitle:"index of" etc
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
"# -FrontPage-" inurl:service.pwd
有时候因为各种各样的原因一些重要的密码文件被毫无保护的暴露在网络上,如果被别有用心的人获得,那么危害是很大的.下面是我找到的一个FreeBSD系统的passwd文件(我已做过处理):
图一
同样可以用google来搜索一些具有漏洞的程序,例如ZeroBoard前段时间发现个文件代码泄露漏洞,我们可以用google来找网上使用这套程序的站点:
intext:ZeroBoard filetype:php
或者使用:
inurl:outlogin.php?_zb_path= site:.jp
来寻找我们所需要的页面.phpmyadmin是一套功能强大的数据库操作软件,一些站点由于配置失误,导致我们可以不使用密码直接对phpmyadmin进行操作.我们可以用google搜索存在这样漏洞的程序URL:
intitle:phpmyadmin intext:Create new database
图二
还记得http://www.xxx.com/_vti_bin/..%5C..%5C..%5C..%5C..%5C../winnt/system32/cmd.exe?dir吗?用google找找,你也许还可以找到很多古董级的机器。同样我们可以用这个找找有其他cgi漏洞的页面。
allinurl:winnt system32
图三
前面我们已经简单的说过可以用google来搜索数据库文件,用上一些语法来精确查找能够获得更多东西(access的数据库,mssql、mysql的连接文件等等).举个例子示例一下:
allinurl:bbs data
filetype:mdb inurl:database
filetype:inc conn
inurl:data filetype:mdb
intitle:"index of" data //在一些配置不正确的apache+win32的服务器上经常出现这种情况
和上面的原理一样,我们还可以用google来找后台,方法就略了,举一反三即可,毕竟我写这篇文章的目的是让大家了解google hacking,而不是让你用google去破坏.安全是把双刃剑,关键在于你如何去运用.
google hacking的实现以及应用(下)
本文作者:sniper
文章出于:www.4ngel.net
日 期 : 05/01/26
本文仅做于技术讨论于研究,请勿用做其他用途.
本文的上半部分可在4ngel.net找到.
利用google完全是可以对一个站点进行信息收集和渗透的,下面我们用google对特定站点进行一次测试。www.xxxx.com是全国著名大学之一,一次偶然的机会我决定对其站点进行一次测试(文中所涉及该学校的信息均已经过处理,请勿对号入座:).
首先用google先看这个站点的一些基本情况(一些细节部分就略去了):
site:xxxx.com
从返回的信息中,找到几个该校的几个系院的域名:
http://a1.xxxx.com
http://a2.xxxx.com
http://a3.xxxx.com
http://a4.xxxx.com
顺便ping了一下,应该是在不同的服务器.(想想我们学校就那一台可怜的web服务器,大学就是有钱,汗一个)。学校一般都会有不少好的资料,先看看有什么好东西没:
site:xxxx.com filetype:doc
得到N个不错的doc。先找找网站的管理后台地址:
site:xxxx.com intext:管理
site:xxxx.com inurl:login
site:xxxx.com intitle:管理
超过获得2个管理后台地址:
http://a2.xxxx.com/sys/admin_login.asp
http://a3.xxxx.com:88/_admin/login_in.asp
还算不错,看看服务器上跑的是什么程序:
site:a2.xxxx.com filetype:asp
site:a2.xxxx.com filetype:php
site:a2.xxxx.com filetype:aspx
site:a3.xxxx.com filetype:asp
site:.......
......
a2服务器用的应该是IIS,上面用的是asp的整站程序,还有一个php的论坛
a3服务器也是IIS,aspx+asp。web程序都应该是自己开发的。有论坛那就看看能不能遇见什么公共的FTP帐号什么的:
site:a2.xxxx.com intext:ftp://*:*
没找到什么有价值的东西。再看看有没有上传一类的漏洞:
site:a2.xxxx.com inurl:file
site:a3.xxxx.com inurl:load
在a2上发现一个上传文件的页面:
http://a2.xxxx.com/sys/uploadfile.asp
用IE看了一下,没权限访问。试试注射,
site:a2.xxxx.com filetype:asp
得到N个asp页面的地址,体力活就让软件做吧,这套程序明显没有对注射做什么防范,dbowner权限,虽然不高但已足矣,back a shell我不太喜欢,而且看起来数据库的个头就不小,直接把web管理员的密码暴出来再说,MD5加密过。一般学校的站点的密码都比较有规律,通常都是域名+电话一类的变形,用google搞定吧。
site:xxxx.com //得到N个二级域名
site:xxxx.com intext:*@xxxx.com //得到N个邮件地址,还有邮箱的主人的名字什么的
site:xxxx.com intext:电话 //N个电话
把什么的信息做个字典吧,挂上慢慢跑。过了一段时间就跑出4个帐号,2个是学生会的,1个管理员,还有一个可能是老师的帐号。登陆上去:
name:网站管理员
pass:a2xxxx7619 //说了吧,就是域名+4个数字
要再怎么提权那就不属于本文讨论访问了,呵呵,到此为止。
关于google hacking的防范:
以前我们站的晓风·残月写过一篇躲避google的文章,原理就是通过在站点根目录下建立一个robots.txt以避免网络机器人获得一些敏感的信息,具体大家看原文章:http://www.4ngel.net/article/26.htm。
不过这种方法我个人不推荐,有点此地无银三百两的味道。简单一点的方法就是上google把自己站点的一些信息删除掉,访问这个URL:
http://www.google.com/remove.html
前几天看见又有人讨论用程序来欺骗robot的方法,我觉得可以试试:
代码如下:
<?php
if (strstr($_SERVER["HTTP_USER_AGENT"], "Googlebot"))
{
header("HTTP/1.1 301");
header("Location: http://www.google.com");
}
?>
asp的:
<%
if instr(Request.Servervariables("HTTP_USER_AGENT"),"Googlebot") then
response.redirect("http://www.google.com")
end if
%>
后记
这段时间在国外的一些google hack的研究站点看了看,其实也都差不多是一些基本语法的灵活运用,或者配合某个脚本漏洞,主要还是靠个人的灵活思维。国外对于google hack方面的防范也并不是很多,所以大家还是点到为止,不要去搞破坏拉,呵呵。对于一些在win上跑
apache的网管们应该多注意一下这方面,一个intitle:index of就差不多都出来了:)
以下是来至swap的收集
google hack dat 又增加了一些比较新的数据
"cacheserverreport for";%22cacheserverreport+for%22+%22This+analysis+was+produced+by+calamaris%22&btnG=Google+Search
intitle:"Ganglia" "Cluster Report for";intitle%3A%22Ganglia%22+%22Cluster+Report+for%22&btnG=Search
intitle:"Apache HTTP Server" intitle:"documentation";intitle%3A%22Apache+HTTP+Server%22+intitle%3A%22documentation%22&btnG=Search
"Error Diagnostic Information" intitle:"Error Occurred While";%22Error+Diagnostic+Information%22+intitle%3A%22Error+Occurred+While%22&btnG=Search
intitle:"Index of" finance.xls;intitle%3A%22Index+of%22+finance.xls&btnG=Search
intitle:index.of finances.xls;intitle%3Aindex.of+finances.xls&btnG=Search
"# Dumping data for table";%22%23+Dumping+data+for+table%22&btnG=Search
intitle:index.of .bash_history;intitle%3Aindex.of+.bash_history&btnG=Search
intitle:index.of .sh_history;intitle%3Aindex.of+.sh_history&btnG=Search
intitle:"Index of" .mysql_history;intitle%3A%22Index+of%22+.mysql_history&btnG=Search
intitle:index.of mt-db-pass.cgi;intitle%3Aindex.of+mt-db-pass.cgi&btnG=Search
"Index of /backup";%22Index+of+%2Fbackup%22&btnG=Search
"powered by openbsd" +"powered by apache";%22powered+by+openbsd%22+%2B%22powered+by+apache%22&btnG=Search
intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak";intitle%3Aindex.of+intext%3A%22secring.skr%22%7C%22secring.pgp%22%7C%22secring.bak%22&btnG=Search
intitle:index.of passwd passwd.bak;intitle%3Aindex.of+passwd+passwd.bak&btnG=Search
intitle:index.of master.passwd;intitle%3Aindex.of+master.passwd&btnG=Search
intitle:"Index of" pwd.db;intitle%3A%22Index+of%22+pwd.db&btnG=Search
intitle:"Index of" ".htpasswd" htpasswd.bak;intitle%3A%22Index+of%22+%22.htpasswd%22+htpasswd.bak&btnG=Search
intitle:"Index of" ".htpasswd" "htgroup" -intitle:"dist" -apache -htpasswd.c;intitle%3A%22Index+of%22+%22.htpasswd%22+%22htgroup%22+-intitle%3A%22dist%22+-apache+-htpasswd.cpache&btnG=Search
intitle:"Index of" spwd.db passwd -pam.conf;intitle%3A%22Index+of%22+spwd.db+passwd+-pam.conf&btnG=Search
intitle:"Index of..etc" passwd;intitle%3A%22Index+of..etc%22+passwd&btnG=Search
buddylist.blt;buddylist.blt&btnG=Search
intitle:index.of config.php;intitle%3Aindex.of+config.php&btnG=Search
intitle:phpinfo "PHP Version";intitle%3Aphpinfo+%22PHP+Version%22&btnG=Search
"supplied argument is not a valid MySQL result resource";%22supplied+argument+is+not+a+valid+MySQL+result+resource%22&btnG=Search
intitle:index.of robots.txt;intitle%3Aindex.of+robots.txt&btnG=Search
index.of passlist;index.of+passlist&btnG=Search
index.of.secret;index.of.secret&btnG=Search
index.of.private;index.of.private&btnG=Search
index.of.etc;index.of.etc&btnG=Search
index.of.winnt;index.of.winnt&btnG=Search
index.of.secure;index.of.secure&btnG=Search
index.of.password;index.of.password&btnG=Search
"This report was generated by WebLog";%22This+report+was+generated+by+WebLog%22&btnG=Search
"These statistics were produced by getstats";%22These+statistics+were+produced+by+getstats%22&btnG=Search
"This summary was generated by wwwstat";%22This+summary+was+generated+by+wwwstat%22&btnG=Search
intitle:index.of haccess.ctl;intitle%3Aindex.of+haccess.ctl&btnG=Search
filetype:ctl Basic;filetype%3Actl+Basic&btnG=Search
filetype:xls username password email;filetype%3Axls+username+password+email&btnG=Search
site:edu admin grades;site%3Aedu+admin+grades&btnG=Search
allinurl:auth_user_file.txt;allinurl%3Aauth_user_file.txt&btnG=Search
inurl:config.php dbuname dbpass;inurl%3Aconfig.php+dbuname+dbpass&btnG=Search
inurl:tech-support inurl:show Cisco;inurl%3Atech-support+inurl%3Ashow+Cisco&btnG=Search
intitle:index.of trillian.ini;intitle%3Aindex.of+trillian.ini&btnG=Search
intitle:admin intitle:login;intitle%3Aadmin+intitle%3Alogin&btnG=Search
"ORA-00921: unexpected end of SQL command";%22ORA-00921%3A+unexpected+end+of+SQL+command%22&btnG=Search
inurl:passlist.txt;inurl%3Apasslist.txt&btnG=Search
inurl:sitebuildercontent;inurl%3Asitebuildercontent&btnG=Search
filetype:htpasswd htpasswd;filetype%3Ahtpasswd+htpasswd&btnG=Search
"YaBB SE Dev Team";%22YaBB+SE+Dev+Team%22&btnG=Search
inurl:custva.asp;inurl%3Acustva.asp&btnG=Search
"# phpMyAdmin MySQL-Dump" filetype:txt;%22%23+phpMyAdmin+MySQL-Dump%22+filetype%3Atxt&btnG=Search
"# phpMyAdmin MySQL-Dump" "INSERT INTO" -"the";%22%23+phpMyAdmin+MySQL-Dump%22+%22INSERT+INTO%22+-%22the%22&btnG=Search
intitle:"Gallery in Configuration mode";intitle%3A%22Gallery+in+Configuration+mode%22&btnG=Search
intitle:index.of cgiirc.config;intitle%3Aindex.of+cgiirc.config&btnG=Search
inurl:cgiirc.config;inurl%3Acgiirc.config&btnG=Search
inurl:ipsec.secrets -history -bugs;inurl%3Aipsec.secrets+-history+-bugs&btnG=Search
intitle:"500 Internal Server Error" "server at";intitle%3A%22500+Internal+Server+Error%22+%22server+at%22&btnG=Search
"mySQL error with query";%22mySQL+error+with+query%22&btnG=Search
"You have an error in your SQL syntax near";%22You+have+an+error+in+your+SQL+syntax+near%22&btnG=Search
"ORA-00921: unexpected end of SQL command";%22ORA-00921%3A+unexpected+end+of+SQL+command%22&btnG=Search
"Unclosed quotation mark before the character string";%22Unclosed+quotation+mark+before+the+character+string%22&btnG=Search
"PostgreSQL query failed: ERROR: parser: parse error";%22PostgreSQL+query+failed%3A+ERROR%3A+parser%3A+parse+error%22&btnG=Search
"Supplied argument is not a valid PostgreSQL result";%22Supplied+argument+is+not+a+valid+PostgreSQL+result%22&btnG=Search
"A syntax error has occurred" filetype:ihtml;%22A+syntax+error+has+occurred%22+filetype%3Aihtml&btnG=Search
intitle:"Usage Statistics for" "Generated by Webalizer";intitle%3A%22Usage+Statistics+for%22+%22Generated+by+Webalizer%22&btnG=Search
"robots.txt" "Disallow:" filetype:txt;%22robots.txt%22+%22Disallow%3A%22+filetype%3Atxt&btnG=Search
"phpMyAdmin" "running on" inurl:"main.php";%22phpMyAdmin%22+%22running+on%22+inurl%3A%22main.php%22&btnG=Search
inurl:main.php Welcome to phpMyAdmin;inurl%3Amain.php+Welcome+to+phpMyAdmin&btnG=Search
intitle:index.of "Apache" "server at";intitle%3Aindex.of+%22Apache%22+%22server+at%22&btnG=Search
"access denied for user" "using password";%22access+denied+for+user%22+%22using+password%22&btnG=Search
intitle:"Under construction" "does not currently have";intitle%3A%22Under+construction%22+%22does+not+currently+have%22&btnG=Search
"seeing this instead" intitle:"test page for apache";%22seeing+this+instead%22+intitle%3A%22test+page+for+apache%22&btnG=Search
intitle:"Test Page for Apache" "It Worked!";intitle%3A%22Test+Page+for+Apache%22+%22It+Worked%21%22&btnG=Search
"Can"t connect to local" intitle:warning;%22Can%27t+connect+to+local%22+intitle%3Awarning&btnG=Search
intitle:index.of ws_ftp.ini;intitle%3Aindex.of+ws_ftp.ini&btnG=Search
intitle:index.of administrators.pwd;intitle%3Aindex.of+administrators.pwd&btnG=Search
intitle:Index.of etc shadow;intitle%3AIndex.of+etc+shadow&btnG=Search
"Select a database to view" intitle:"filemaker pro";%22Select+a+database+to+view%22+intitle%3A%22filemaker+pro%22&btnG=Search
"not for distribution" confidential;%22not+for+distribution%22+confidential&btnG=Search
"Thank you for your purchase" +download;%22Thank+you+for+your+purchase%22+%2Bdownload&btnG=Search
allinurl:intranet admin;allinurl%3Aintranet+admin&btnG=Search
"This report lists" "identified by Internet Scanner";%22This+report+lists%22+%22identified+by+Internet+Scanner%22&btnG=Search
"Network Host AsseSSMent Report" "Internet Scanner";%22Network+Host+Assessment+Report%22+%22Internet+Scanner%22&btnG=Search
"Network Vulnerability Assessment Report";%22Network+Vulnerability+Assessment+Report%22&btnG=Search
"Host Vulnerability Summary Report";%22Host+Vulnerability+Summary+Report%22&btnG=Search
intitle:index.of inbox;intitle%3Aindex.of+inbox&btnG=Search
intitle:index.of inbox dbx;intitle%3Aindex.of+inbox+dbx&btnG=Search
"#mysql dump" filetype:sql;%22%23mysql+dump%22+filetype%3Asql&btnG=Search
allinurl:install/install.php;allinurl%3Ainstall%2Finstall.php&btnG=Search
inurl:vbstats.php "page generated";inurl%3Avbstats.php+%22page+generated%22&btnG=Search
inurl:zebra.conf intext:password -sample;inurl%3Azebra.conf+intext%3Apassword+-sample&btnG=Search
inurl:ospfd.conf intext:password -sample;inurl%3Aospfd.conf+intext%3Apassword+-sample&btnG=Search
intitle:"Index of /" modified php.exe;intitle%3A%22Index+of+%2F%22+modified+php.exe&btnG=Search
intitle:"Error using Hypernews" "Server Software";intitle%3A%22Error+using+Hypernews%22+%22Server+Software%22&btnG=Search
inurl:ccbill filetype:log;inurl%3Accbill+filetype%3Alog&btnG=Search
filetype:mdb inurl:users.mdb;filetype%3Amdb+inurl%3Ausers.mdb&btnG=Search
filetype:cfg ks intext:rootpw -sample;filetype%3Acfg+ks+intext%3Arootpw+-sample&btnG=Search
filetype:php inurl:"viewfile" -"index.php" -"idfil";filetype%3Aphp+inurl%3A%22viewfile%22+-%22index.php%22+-%22idfil%22&btnG=Search
intitle:"Microsoft Outlook Web Access - Logon";intitle%3A%22Microsoft+Outlook+Web+Access+-+Logon%22&btnG=Search
inurl:root.asp?acs=anon;inurl%3Aroot.asp%3Facs%3Danon&btnG=Search
"Looking Glass" (inurl:"lg/" | inurl:lookingglass);%22Looking+Glass%22+%28inurl%3A%22lg%2F%22+%7C+inurl%3Alookingglass%29&btnG=Search
filetype:cgi inurl:"irc.cgi";filetype%3Acgi+inurl%3A%22irc.cgi%22&btnG=Search
filetype:ctt ctt messenger;filetype%3Actt+ctt+messenger&btnG=Search
intitle:"Error Occurred While Processing Request";intitle%3A%22Error+Occurred+While+Processing+Request%22&btnG=Search
intitle:"htsearch error" ht://Dig error;intitle%3A%22htsearch+error%22+ht%3A%2F%2FDig+error&btnG=Search
filetype:asp inurl:"shopdisplayproducts.asp";filetype%3Aasp+inurl%3A%22shopdisplayproducts.asp%22&btnG=Search
inurl:/public/?Cmd=contents;inurl%3A%2Fpublic%2F%3FCmd%3Dcontents&btnG=Search
"Powered by: vBulletin * 3.0.1" inurl:newreply.php;%22Powered+by%3A+vBulletin+*+3.0.1%22+inurl%3Anewreply.php&btnG=Search
filetype:mny mny;filetype%3Amny+mny&btnG=Search
HTTP_USER_AGENT=Googlebot;HTTP_USER_AGENT%3DGooglebot&btnG=Search
"# Dumping data for table (username|user|users|password)";%22%23+Dumping+data+for+table+%28username%7Cuser%7Cusers%7Cpassword%29%22&btnG=Search
intitle:"Welcome to ntop!";intitle%3A%22Welcome+to+ntop%21%22&btnG=Search
filetype:conf inurl:unrealircd.conf -cvs -gentoo;filetype%3Aconf+inurl%3Aunrealircd.conf+-cvs+-gentoo&btnG=Search
intitle:"Index of" service.pwd;intitle%3A%22Index+of%22+service.pwd
intitle:"Index of" users.pwd;intitle%3A%22Index+of%22+users.pwd
intitle:"Index of" authors.pwd;intitle%3A%22Index+of%22+authors.pwd
intitle:"Index of" administrators.pwd;intitle%3A%22Index+of%22+administrators.pwd
intitle:"Index of" showcode.asp;intitle%3A%22Index+of%22+showcode.asp
intitle:"Index of" sendmail.cfm;intitle%3A%22Index+of%22+sendmail.cfm
intitle:"Index of" SessionServlet;intitle%3A%22Index+of%22+SessionServlet
intitle:"Index of" web_store.cgi;intitle%3A%22Index+of%22+web_store.cgi
intitle:"Index of" wwwboard.pl;intitle%3A%22Index+of%22+wwwboard.pl
intitle:"Index of" www-sql;intitle%3A%22Index+of%22+www-sql
intitle:"Index of" AT-admin.cgi;intitle%3A%22Index+of%22+AT-admin.cgi
intitle:"Index of" maillist.pl;intitle%3A%22Index+of%22+maillist.pl
intitle:"Index of" publisher;intitle%3A%22Index+of%22+publisher
intitle:"Index of" db.cgi;intitle%3A%22Index+of%22+db.cgi
intitle:"Index of" login.jsp;intitle%3A%22Index+of%22+login.jsp
intitle:"Index of" amadmin.pl;intitle%3A%22Index+of%22+amadmin.pl
inintitle:"Index of" (access_log|access-log);intitle%3A%22Index+of%22+%28access_log%7Caccess-log%29&btnG=Search
intitle:"Index of" log.htm;intitle%3A%22Index+of%22+log.htm&btnG=Search
intitle:"Index of" mailto.cgi.pwd;intitle%3A%22Index+of%22+mailto.cgi
intitle:"Index of" YaBB.pl.pwd;intitle%3A%22Index+of%22+YaBB.pl
intitle:"Index of" WSFTP.LOG;intitle%3A%22Index+of%22+WSFTP.LOG
intitle:"Index of" print.cgi;intitle%3A%22Index+of%22+print.cgi
intitle:"Index of" CrazyWWWBoard.cgi;intitle%3A%22Index+of%22+CrazyWWWBoard.cgi
intitle:"Index of" pwd.dat;intitle%3A%22Index+of%22+pwd.dat
intitle:"Index of" post-query;intitle%3A%22Index+of%22+post-query
intext:"404 Object Not Found" Microsoft-IIS/5.0;intext%3A%22404+Object+Not+Found%22+Microsoft-IIS%2F5.0
"Microsoft-IIS/5.0 server at";%22Microsoft-IIS%2F5.0+server+at%22&btnG=Search
"Microsoft-IIS/4.0" intitle:index.of;%22Microsoft-IIS%2F4.0%22+intitle%3Aindex.of&btnG=Search
"Microsoft-IIS/6.0" intitle:index.of;%22Microsoft-IIS%2F6.0%22+intitle%3Aindex.of&btnG=Search
"Novell, Inc" WEBACCESS Username Password "Version *.*" Copyright -inurl:help -guides|guide;%22Novell%2C+Inc%22+WEBACCESS+Username+Password+%22Version+*.*%22+Copyright++-inurl%3Ahelp+-guides%7Cguide&btnG=Search
"Red Hat Secure/2.0";%22Red+Hat+Secure%2F2.0%22&btnG=Search
allintext:"Powered by LionMax Software" "WWW File Share";allintext%3A%22Powered+by+LionMax+Software%22+%22WWW+File+Share%22&btnG=Zoeken&lr=
allinurl:".nsconfig" -sa;allinurl%3A%22.nsconfig%22+-sa
intitle:"Lotus Domino Go Webserver:" "Tuning your webserver" -site:ibm.com;intitle:%22Lotus+Domino+Go+Webserver:%22+%22Tuning+your+webserver%22+-site:ibm.com&hl=en&lr=&ie=UTF-8&filter=0
intitle:"Open WebMail" "Open WebMail version (2.20|2.21|2.30)";intitle%3A%22Open+WebMail%22+%22Open+WebMail+version+%282.20%7C2.21%7C2.30%29+%22&btnG=B%C3%BAsqueda&meta=
intitle:"Welcome To Xitami" -site:xitami.com;intitle%3A%22Welcome+To+Xitami%22+-site%3Axitami.com&btnG=Google+Search
intitle:"Welcome to
windows 2000 Internet Services";intitle:%22Welcome+to+Windows+2000+Internet+Services%22
XAMPP "inurl:xampp/index";XAMPP+%22inurl:xampp/index%22
"Select a database to view" intitle:"filemaker pro";%22Select+a+database+to+view%22+intitle%3A%22filemaker+pro%22
"Welcome to PHP-Nuke" congratulations;%22Welcome+to+PHP-Nuke%22+congratulations
intitle:"Mail Server CMailServer Webmail" "5.2";intitle%3A%22Mail+Server+CMailServer+Webmail%22+%225.2%22
allintitle:Brains, Corp. camera;allintitle:Brains,+Corp.+camera
inurl:indexFrame.shtml Axis;inurl%3AindexFrame.shtml+Axis&btnG=Google+Search
intitle:"remote ui:top page";intitle%3A%22remote+ui%3Atop+page%22
intext:"Ready with 10/100T Ethernet";intext:%22Ready+with+10/100T+Ethernet%22
intitle:"EvoCam" inurl:"webcam.html";intitle:%22EvoCam%22+inurl:%22webcam.html%22
intitle:"my webcamXP server!" inurl:":8080";intitle%3A%22my+webcamXP+server!%22+inurl%3A%22%3A8080%22&btnG=Search
intitle:"toshiba network camera - User Login";intitle%3A%22toshiba+network+camera+-+User+Login%22
inurl:"ViewerFrame?Mode=";inurl%3A%22ViewerFrame%3FMode%3D%22
intext:centreware inurl:status;intext%3Acentreware+inurl%3Astatus
intext:"MOBOTIX M1" intext:"Open Menu";intext%3A%22MOBOTIX+M1%22+intext%3A%22Open+Menu%22
inurl:"printer/main.html" intext:"settings";inurl%3A%22printer%2Fmain.html%22+intext%3A%22settings%22
intitle:"Browser Launch Page";intitle%3A%22Browser+Launch+Page%22
intitle:liveapplet inurl:LvAppl;intitle%3Aliveapplet+inurl%3ALvAppl
还有篇差不多呢 收集的比较全
Google Hacker by dav2600@gmail.com;%22Alle+gro%C3%9Fen+Anarchisten+starben+am+23.%22&btnG=Search
"cacheserverreport for";%22cacheserverreport+for%22+%22This+analysis+was+produced+by+calamaris%22&btnG=Google+Search
intitle:"Ganglia" "Cluster Report for";intitle%3A%22Ganglia%22+%22Cluster+Report+for%22&btnG=Search
intitle:"Apache HTTP Server" intitle:"documentation";intitle%3A%22Apache+HTTP+Server%22+intitle%3A%22documentation%22&btnG=Search
"Error Diagnostic Information" intitle:"Error Occurred While";%22Error+Diagnostic+Information%22+intitle%3A%22Error+Occurred+While%22&btnG=Search
intitle:"Index of" finance.xls;intitle%3A%22Index+of%22+finance.xls&btnG=Search
intitle:index.of finances.xls;intitle%3Aindex.of+finances.xls&btnG=Search
"# Dumping data for table";%22%23+Dumping+data+for+table%22&btnG=Search
intitle:index.of .bash_history;intitle%3Aindex.of+.bash_history&btnG=Search
intitle:index.of .sh_history;intitle%3Aindex.of+.sh_history&btnG=Search
intitle:"Index of" .mysql_history;intitle%3A%22Index+of%22+.mysql_history&btnG=Search
intitle:index.of mt-db-pass.cgi;intitle%3Aindex.of+mt-db-pass.cgi&btnG=Search
intitle:"Welcome to
windows 2000 Internet Services";intitle%3A%22Welcome+to+Windows+2000+Internet+Services%22&btnG=Search
intitle:"Welcome to IIS 4.0";intitle%3A%22Welcome+to+IIS+4.0%22&btnG=Search
"Index of /backup";%22Index+of+%2Fbackup%22&btnG=Search
"powered by openbsd" +"powered by apache";%22powered+by+openbsd%22+%2B%22powered+by+apache%22&btnG=Search
intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak";intitle%3Aindex.of+intext%3A%22secring.skr%22%7C%22secring.pgp%22%7C%22secring.bak%22&btnG=Search
intitle:index.of passwd passwd.bak;intitle%3Aindex.of+passwd+passwd.bak&btnG=Search
intitle:index.of master.passwd;intitle%3Aindex.of+master.passwd&btnG=Search
intitle:"Index of" pwd.db;intitle%3A%22Index+of%22+pwd.db&btnG=Search
intitle:"Index of" ".htpasswd" htpasswd.bak;intitle%3A%22Index+of%22+%22.htpasswd%22+htpasswd.bak&btnG=Search
intitle:"Index of" ".htpasswd" "htgroup" -intitle:"dist" -apache -htpasswd.c;intitle%3A%22Index+of%22+%22.htpasswd%22+%22htgroup%22+-intitle%3A%22dist%22+-apache+-htpasswd.cpache&btnG=Search
intitle:"Index of" spwd.db passwd -pam.conf;intitle%3A%22Index+of%22+spwd.db+passwd+-pam.conf&btnG=Search
intitle:"Index of..etc" passwd;intitle%3A%22Index+of..etc%22+passwd&btnG=Search
buddylist.blt;buddylist.blt&btnG=Search
intitle:index.of config.php;intitle%3Aindex.of+config.php&btnG=Search
intitle:phpinfo "PHP Version";intitle%3Aphpinfo+%22PHP+Version%22&btnG=Search
"supplied argument is not a valid MySQL result resource";%22supplied+argument+is+not+a+valid+MySQL+result+resource%22&btnG=Search
intitle:index.of robots.txt;intitle%3Aindex.of+robots.txt&btnG=Search
index.of passlist;index.of+passlist&btnG=Search
index.of.secret;index.of.secret&btnG=Search
index.of.private;index.of.private&btnG=Search
index.of.etc;index.of.etc&btnG=Search
index.of.winnt;index.of.winnt&btnG=Search
index.of.secure;index.of.secure&btnG=Search
index.of.password;index.of.password&btnG=Search
"This report was generated by WebLog";%22This+report+was+generated+by+WebLog%22&btnG=Search
"These statistics were produced by getstats";%22These+statistics+were+produced+by+getstats%22&btnG=Search
"This summary was generated by wwwstat";%22This+summary+was+generated+by+wwwstat%22&btnG=Search
intitle:index.of haccess.ctl;intitle%3Aindex.of+haccess.ctl&btnG=Search
filetype:ctl Basic;filetype%3Actl+Basic&btnG=Search
filetype:xls username password email;filetype%3Axls+username+password+email&btnG=Search
site:edu admin grades;site%3Aedu+admin+grades&btnG=Search
allinurl:auth_user_file.txt;allinurl%3Aauth_user_file.txt&btnG=Search
inurl:config.php dbuname dbpass;inurl%3Aconfig.php+dbuname+dbpass&btnG=Search
inurl:tech-support inurl:show Cisco;inurl%3Atech-support+inurl%3Ashow+Cisco&btnG=Search
intitle:index.of trillian.ini;intitle%3Aindex.of+trillian.ini&btnG=Search
intitle:admin intitle:login;intitle%3Aadmin+intitle%3Alogin&btnG=Search
"ORA-00921: unexpected end of SQL command";%22ORA-00921%3A+unexpected+end+of+SQL+command%22&btnG=Search
inurl:passlist.txt;inurl%3Apasslist.txt&btnG=Search
inurl:sitebuildercontent;inurl%3Asitebuildercontent&btnG=Search
filetype:htpasswd htpasswd;filetype%3Ahtpasswd+htpasswd&btnG=Search
"YaBB SE Dev Team";%22YaBB+SE+Dev+Team%22&btnG=Search
inurl:custva.asp;inurl%3Acustva.asp&btnG=Search
"# phpMyAdmin MySQL-Dump" filetype:txt;%22%23+phpMyAdmin+MySQL-Dump%22+filetype%3Atxt&btnG=Search
"# phpMyAdmin MySQL-Dump" "INSERT INTO" -"the";%22%23+phpMyAdmin+MySQL-Dump%22+%22INSERT+INTO%22+-%22the%22&btnG=Search
intitle:"Gallery in Configuration mode";intitle%3A%22Gallery+in+Configuration+mode%22&btnG=Search
intitle:index.of cgiirc.config;intitle%3Aindex.of+cgiirc.config&btnG=Search
inurl:cgiirc.config;inurl%3Acgiirc.config&btnG=Search
inurl:ipsec.secrets -history -bugs;inurl%3Aipsec.secrets+-history+-bugs&btnG=Search
intitle:"500 Internal Server Error" "server at";intitle%3A%22500+Internal+Server+Error%22+%22server+at%22&btnG=Search
"mySQL error with query";%22mySQL+error+with+query%22&btnG=Search
"You have an error in your SQL syntax near";%22You+have+an+error+in+your+SQL+syntax+near%22&btnG=Search
"ORA-00921: unexpected end of SQL command";%22ORA-00921%3A+unexpected+end+of+SQL+command%22&btnG=Search
"Unclosed quotation mark before the character string";%22Unclosed+quotation+mark+before+the+character+string%22&btnG=Search
"PostgreSQL query failed: ERROR: parser: parse error";%22PostgreSQL+query+failed%3A+ERROR%3A+parser%3A+parse+error%22&btnG=Search
"Supplied argument is not a valid PostgreSQL result";%22Supplied+argument+is+not+a+valid+PostgreSQL+result%22&btnG=Search
"A syntax error has occurred" filetype:ihtml;%22A+syntax+error+has+occurred%22+filetype%3Aihtml&btnG=Search
intitle:"Usage Statistics for" "Generated by Webalizer";intitle%3A%22Usage+Statistics+for%22+%22Generated+by+Webalizer%22&btnG=Search
"robots.txt" "Disallow:" filetype:txt;%22robots.txt%22+%22Disallow%3A%22+filetype%3Atxt&btnG=Search
"phpMyAdmin" "running on" inurl:"main.php";%22phpMyAdmin%22+%22running+on%22+inurl%3A%22main.php%22&btnG=Search
inurl:main.php Welcome to phpMyAdmin;inurl%3Amain.php+Welcome+to+phpMyAdmin&btnG=Search
intitle:index.of "Apache" "server at";intitle%3Aindex.of+%22Apache%22+%22server+at%22&btnG=Search
"access denied for user" "using password";%22access+denied+for+user%22+%22using+password%22&btnG=Search
intitle:"Under construction" "does not currently have";intitle%3A%22Under+construction%22+%22does+not+currently+have%22&btnG=Search
"seeing this instead" intitle:"test page for apache";%22seeing+this+instead%22+intitle%3A%22test+page+for+apache%22&btnG=Search
intitle:"Test Page for Apache" "It Worked!";intitle%3A%22Test+Page+for+Apache%22+%22It+Worked%21%22&btnG=Search
"Can"t connect to local" intitle:warning;%22Can%27t+connect+to+local%22+intitle%3Awarning&btnG=Search
intitle:index.of ws_ftp.ini;intitle%3Aindex.of+ws_ftp.ini&btnG=Search
intitle:index.of administrators.pwd;intitle%3Aindex.of+administrators.pwd&btnG=Search
intitle:Index.of etc shadow;intitle%3AIndex.of+etc+shadow&btnG=Search
inurl:ManyServers.htm;inurl%3AManyServers.htm&btnG=Search
intitle:"Terminal Services Web Connection";intitle%3A%22Terminal+Services+Web+Connection%22&btnG=Search
intitle:"Remote Desktop Web Connection";intitle%3A%22Remote+Desktop+Web+Connection%22&btnG=Search
"Welcome to Intranet";%22Welcome+to+Intranet%22&btnG=Search
inurl:search.php vbulletin;inurl%3Asearch.php+vbulletin&btnG=Search
inurl:admin intitle:login;inurl%3Aadmin+intitle%3Alogin&btnG=Search
filetype:asp "Custom Error Message" Category Source;filetype%3Aasp+%22Custom+Error+Message%22+Category+Source&btnG=Suche&lr=
"Fatal error: Call to undefined function" -reply -the -next;%22Fatal+error%3A+Call+to+undefined+function%22+-reply+-the+-next&btnG=Suche&lr=
inurl:admin filetype:xls;inurl%3Aadmin+filetype%3Axls&btnG=Google+Search
inurl:admin inurl:userlist;inurl%3Aadmin+inurl%3Auserlist&btnG=Search
inurl:admin filetype:asp inurl:userlist;inurl%3Aadmin+filetype%3Aasp+inurl%3Auserlist&btnG=Search
inurl:backup intitle:index.of inurl:admin;inurl%3Abackup+intitle%3Aindex.of+inurl%3Aadmin&btnG=Search
"Welcome to PHP-Nuke" congratulations;%22Welcome+to+PHP-Nuke%22+congratulations&btnG=Search
allintitle:Netscape FastTrack Server Home Page;allintitle%3ANetscape+FastTrack+Server+Home+Page&btnG=Search
"Welcome to phpMyAdmin" " Create new database";%22Welcome+to+phpMyAdmin%22+%22+Create+new+database%22&btnG=Search
intitle:"Index of c:/Windows";intitle%3A%22Index+of+c%3A%5CWindows%22&btnG=Search
warning "error on line" php sablotron;warning+%22error+on+line%22+php+sablotron&btnG=Search
"Most Submitted Forms and Scripts" "this section";%22Most+Submitted+Forms+and+Scripts%22+%22this+section%22&btnG=Search
inurl:changepassword.asp;inurl%3Achangepassword.asp&btnG=Search
"Select a database to view" intitle:"filemaker pro";%22Select+a+database+to+view%22+intitle%3A%22filemaker+pro%22&btnG=Search
"not for distribution" confidential;%22not+for+distribution%22+confidential&btnG=Search
"Thank you for your purchase" +download;%22Thank+you+for+your+purchase%22+%2Bdownload&btnG=Search
allinurl:intranet admin;allinurl%3Aintranet+admin&btnG=Search
"This report lists" "identified by Internet Scanner";%22This+report+lists%22+%22identified+by+Internet+Scanner%22&btnG=Search
"Network Host Assessment Report" "Internet Scanner";%22Network+Host+Assessment+Report%22+%22Internet+Scanner%22&btnG=Search
"Network Vulnerability Assessment Report";%22Network+Vulnerability+Assessment+Report%22&btnG=Search
"Host Vulnerability Summary Report";%22Host+Vulnerability+Summary+Report%22&btnG=Search
intitle:index.of inbox;intitle%3Aindex.of+inbox&btnG=Search
intitle:index.of inbox dbx;intitle%3Aindex.of+inbox+dbx&btnG=Search
"#mysql dump" filetype:sql;%22%23mysql+dump%22+filetype%3Asql&btnG=Search
allinurl:install/install.php;allinurl%3Ainstall%2Finstall.php&btnG=Search
inurl:vbstats.php "page generated";inurl%3Avbstats.php+%22page+generated%22&btnG=Search
"index of" / lck;%22index+of%22+%2F+lck&btnG=Search
index.of perform.ini;index.of+perform.ini&btnG=Search
"SnortSnarf alert page";%22SnortSnarf+alert+page%22&btnG=Search
inurl:"newsletter/admin/" intitle:"newsletter admin";inurl%3A%22newsletter%2Fadmin%2F%22+intitle%3A%22newsletter+admin%22&btnG=Search
inurl:"newsletter/admin/";inurl%3A%22newsletter%2Fadmin%2F%22&btnG=Search
inurl:phpSysInfo/ "created by phpsysinfo";inurl%3AphpSysInfo%2F+%22created+by+phpsysinfo%22&btnG=Search
allinurl: admin mdb;allinurl%3A+admin+mdb&btnG=Search
allinurl:"exchange/logon.asp";allinurl%3A%22exchange%2Flogon.asp%22&btnG=Search
intitle:big.brother attention trouble unavailable offline;intitle%3Abig.brother+attention+trouble+unavailable+offline&btnG=Search
intitle:"Index of" cfide;intitle%3A%22Index+of%22+cfide&btnG=Search
inurl:login.cfm;inurl%3Alogin.cfm&btnG=Search
filetype:cfm "cfapplication name" password;filetype%3Acfm+%22cfapplication+name%22+password&btnG=Search
inurl:":10000" intext:webmin;inurl%3A%22%3A10000%22+intext%3Awebmin&btnG=Search
allinurl:/examples/jsp/snp/snoop.jsp;allinurl%3A%2Fexamples%2Fjsp%2Fsnp%2Fsnoop.jsp&btnG=Search
allinurl:servlet/SnoopServlet;allinurl%3Aservlet%2FSnoopServlet&btnG=Search
intitle:"Test Page for Apache";intitle%3A%22Test+Page+for+Apache%22&btnG=Search
"Running in Child mode";%22Running+in+Child+mode%22&btnG=Search
"This is a Shareaza Node";%22This+is+a+Shareaza+Node%22&btnG=Search
"VNC Desktop" inurl:5800;%22VNC+Desktop%22+inurl%3A5800&btnG=Search
"index of cgi-bin";%22index+of+cgi-bin%22&btnG=Search
"Mr.Bush";fuck+you+mr+bush%21&btnG=Search
intitle:Snap.Server inurl:Func=;intitle%3ASnap.Server+inurl%3AFunc%3D&btnG=Search
inurl:server-status "apache";inurl%3Aserver-status+%22apache%22&btnG=Search
eggdrop filetype:user user;eggdrop+filetype%3Auser+user&btnG=Search
intitle:"index of" intext:connect.inc;intitle%3A%22index+of%22+intext%3Aconnect.inc&btnG=Search
inurl:login.asp;inurl%3Alogin.asp&btnG=Search
intitle:"MikroTik RouterOS Managing Webpage";intitle%3A%22MikroTik+RouterOS+Managing+Webpage%22&btnG=Search
inurl:fcgi-bin/echo;inurl%3Afcgi-bin%2Fecho&btnG=Search
inurl:cgi-bin/printenv;inurl%3Acgi-bin%2Fprintenv&btnG=Search
intitle:"Execution of this script not permitted";intitle%3A%22Execution+of+this+script+not+permitted%22&btnG=Search
inurl:perl/printenv;inurl%3Aperl%2Fprintenv&btnG=Search
inurl:j2ee/examples/jsp;inurl%3Aj2ee%2Fexamples%2Fjsp&btnG=Search
inurl:server-info "Apache Server Information";inurl%3Aserver-info+%22Apache+Server+Information%22&btnG=Search
inurl:admin_/globalsettings.htm;inurl%3Aadmin_%2Fglobalsettings.htm&btnG=Search
inurl:pls/admin_/gateway.htm;inurl%3Apls%2Fadmin_%2Fgateway.htm&btnG=Search
intitle:"Gateway Configuration Menu";intitle%3A%22Gateway+Configuration+Menu%22&btnG=Search
intitle:Remote.Desktop.Web.Connection inurl:tsweb;intitle%3ARemote.Desktop.Web.Connection+inurl%3Atsweb&btnG=Search
inurl:php inurl:hlstats intext:"Server Username";inurl%3Aphp+inurl%3Ahlstats+intext%3A%22Server+Username%22&btnG=Search
intext:"Tobias Oetiker" "traffic analysis";intext%3A%22Tobias+Oetiker%22+%22traffic+analysis%22&btnG=Search
inurl:tdbin;inurl%3Atdbin&btnG=Search
inurl:perform filetype:ini;inurl%3Aperform+filetype%3Aini&btnG=Search
intitle:"index of" intext:globals.inc;intitle%3A%22index+of%22+intext%3Aglobals.inc&btnG=Search
filetype:pdf "Assessment Report" nessus;filetype%3Apdf+%22Assessment+Report%22+nessus&btnG=Search
inurl:"smb.conf" intext:"workgroup" filetype:conf;inurl%3A%22smb.conf%22+intext%3A%22workgroup%22+filetype%3Aconf&btnG=Search
filetype:properties inurl:db intext:password;filetype%3Aproperties+inurl%3Adb+intext%3Apassword&btnG=Search
inurl:names.nsf?opendatabase;inurl%3Anames.nsf%3Fopendatabase&btnG=Search
"index of" inurl:recycler;%22index+of%22+inurl%3Arecycler&btnG=Search
filetype:conf inurl:firewall -intitle:cvs;filetype%3Aconf+inurl%3Afirewall+-intitle%3Acvs&btnG=Search
filetype:inc intext:mysql_connect;filetype%3Ainc+intext%3Amysql_connect&btnG=Search
"HTTP_FROM=googlebot" googlebot.com "Server_Software=";%22HTTP_FROM%3Dgooglebot%22+googlebot.com+%22Server_Software%3D%22&btnG=Search
"Request Details" "Control Tree" "Server Variables";%22Request+Details%22+%22Control+Tree%22+%22Server+Variables%22&btnG=Search
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword";filetype%3Areg+reg+%2Bintext%3A%22defaultusername%22+%2Bintext%3A%22defaultpassword%22&btnG=Search
inurl:metaframexp/default/login.asp;inurl%3Ametaframexp%2Fdefault%2Flogin.asp&btnG=Search
filetype:wab wab;filetype%3Awab+wab&btnG=Search
filetype:reg reg HKEY_CURRENT_USER username;filetype%3Areg+reg+HKEY_CURRENT_USER+username&btnG=Search
inurl:/tmp;inurl%3A%2Ftmp+&btnG=Search
filetype:mbx mbx intext:Subject;filetype%3Ambx+mbx+intext%3ASubject&btnG=Search
inurl:"webadmin" filetype:nsf;inurl%3A%22webadmin%22+filetype%3Ansf&btnG=Search
filetype:reg reg +intext:"internet account manager";filetype%3Areg+reg+%2Bintext%3A%22internet+account+manager%22&btnG=Search
filetype:eml eml +intext:"Subject" +intext:"From";filetype%3Aeml+eml+%2Bintext%3A%22Subject%22+%2Bintext%3A%22From%22&btnG=Search
inurl:vtund.conf intext:pass -cvs;inurl%3Avtund.conf+intext%3Apass+-cvs&btnG=Search
inurl:login filetype:swf swf;inurl%3Alogin+filetype%3Aswf+swf&btnG=Search
filetype:url +inurl:"ftp://" +inurl:"@";filetype%3Aurl+%2Binurl%3A%22ftp%3A%2F%2F%22+%2Binurl%3A%22%40%22&btnG=Search
intitle:guestbook "advanced guestbook 2.2 powered";intitle%3Aguestbook+%22advanced+guestbook+2.2+powered%22&btnG=Search
intitle:"300 multiple choices";intitle%3A%22300+multiple+choices%22&btnG=Search
intitle:"index of" mysql.conf OR mysql_config;intitle%3A%22index+of%22+mysql.conf+OR+mysql_config&btnG=Search
"please log in";%22please+log+in%22&btnG=Search
filetype:log username putty;filetype%3Alog+username+putty&btnG=Search
filetype:log inurl:"password.log";filetype%3Alog+inurl%3A%22password.log%22&btnG=Search
intitle:"Dell Remote Access Controller";intitle%3A%22Dell+Remote+Access+Controller%22&btnG=Search
intitle:intranet inurl:intranet +intext:"human resources";intitle%3Aintranet+inurl%3Aintranet+%2Bintext%3A%22human+resources%22&btnG=Search
filetype:log cron.log;filetype%3Alog+cron.log&btnG=Search
filetype:log access.log -CVS;filetype%3Alog+access.log+-CVS&btnG=Search
filetype:blt blt +intext:screenname;filetype%3Ablt+blt+%2Bintext%3Ascreenname&btnG=Search
filetype:dat "password.dat";filetype%3Adat+%22password.dat%22&btnG=Search
intitle:intranet inurl:intranet +intext:"phone";intitle%3Aintranet+inurl%3Aintranet+%2Bintext%3A%22phone%22&btnG=Search
filetype:conf slapd.conf;filetype%3Aconf+slapd.conf&btnG=Search
inurl:php.ini filetype:ini;inurl%3Aphp.ini+filetype%3Aini&btnG=Search
filetype:pem intext:private;filetype%3Apem+intext%3Aprivate&btnG=Search
filetype:conf inurl:proftpd.conf -sample;filetype%3Aconf+inurl%3Aproftpd.conf+-sample&btnG=Search
+htpasswd +WS_FTP.LOG filetype:log;%2Bhtpasswd+%2BWS_FTP.LOG+filetype%3Alog&btnG=Search
intitle:"System Statistics" +"System and Network Information Center";intitle%3A%22System+Statistics%22+%2B%22System+and+Network+Information+Center%22&btnG=Search
inurl:"wvdial.conf" intext:"password";inurl%3A%22wvdial.conf%22+intext%3A%22password%22&btnG=Search
filetype:inc dbconn;filetype%3Ainc+dbconn&btnG=Search
filetype:ini ws_ftp pwd;filetype%3Aini+ws_ftp+pwd&btnG=Search
inurl:forward filetype:forward -cvs;inurl%3Aforward+filetype%3Aforward+-cvs&btnG=Search
"Invision Power Board Database Error";%22Invision+Power+Board+Database+Error%22&btnG=Search
filetype:netrc password;filetype%3Anetrc+password&btnG=Search
"Index Of /network" "last modified";%22Index+Of+%2Fnetwork%22+%22last+modified%22&btnG=Search
filetype:r2w r2w;filetype%3Ar2w+r2w&btnG=Google+Search
filetype:php inurl:vAuthenticate;filetype%3Aphp+inurl%3AvAuthenticate&btnG=Search
intitle:"ZyXEL Prestige Router" "Enter password";intitle%3A%22ZyXEL+Prestige+Router%22+%22Enter+password%22&btnG=Search
intitle:"ADSL Configuration page";intitle%3A%22ADSL+Configuration+page%22&btnG=Search
"Version Info" "Boot Version" "Internet Settings";%22Version+Info%22+%22Boot+Version%22+%22Internet+Settings%22&btnG=Search
filetype:sql +"IDENTIFIED BY" -cvs;filetype%3Asql+%2B%22IDENTIFIED+BY%22+-cvs&btnG=Search
filetype:sql password;filetype%3Asql+password&btnG=Search
"ttawlogin.cgi/?action=";%22ttawlogin.cgi%2F%3Faction%3D%22&btnG=Search
inurl:indexFrame.shtml(Webcam);inurl%3AindexFrame.shtml&btnG=Search
POWERED BY HIT JAMMER 1.0!;POWERED+BY+HIT+JAMMER+1.0%21&btnG=Search
filetype:pwd service;filetype%3Apwd+service&btnG=Search
inurl:zebra.conf intext:password -sample;inurl%3Azebra.conf+intext%3Apassword+-sample&btnG=Search
inurl:ospfd.conf intext:password -sample;inurl%3Aospfd.conf+intext%3Apassword+-sample&btnG=Search
intitle:"Index of /" modified php.exe;intitle%3A%22Index+of+%2F%22+modified+php.exe&btnG=Search
intitle:"Error using Hypernews" "Server Software";intitle%3A%22Error+using+Hypernews%22+%22Server+Software%22&btnG=Search
inurl:ccbill filetype:log;inurl%3Accbill+filetype%3Alog&btnG=Search
filetype:mdb inurl:users.mdb;filetype%3Amdb+inurl%3Ausers.mdb&btnG=Search
filetype:cfg ks intext:rootpw -sample;filetype%3Acfg+ks+intext%3Arootpw+-sample&btnG=Search
filetype:php inurl:"viewfile" -"index.php" -"idfil";filetype%3Aphp+inurl%3A%22viewfile%22+-%22index.php%22+-%22idfil%22&btnG=Search
intitle:"Microsoft Outlook Web Access - Logon";intitle%3A%22Microsoft+Outlook+Web+Access+-+Logon%22&btnG=Search
inurl:root.asp?acs=anon;inurl%3Aroot.asp%3Facs%3Danon&btnG=Search
"Looking Glass" (inurl:"lg/" | inurl:lookingglass);%22Looking+Glass%22+%28inurl%3A%22lg%2F%22+%7C+inurl%3Alookingglass%29&btnG=Search
filetype:cgi inurl:"irc.cgi";filetype%3Acgi+inurl%3A%22irc.cgi%22&btnG=Search
filetype:ctt ctt messenger;filetype%3Actt+ctt+messenger&btnG=Search
intitle:"Error Occurred While Processing Request";intitle%3A%22Error+Occurred+While+Processing+Request%22&btnG=Search
intitle:"htsearch error" ht://Dig error;intitle%3A%22htsearch+error%22+ht%3A%2F%2FDig+error&btnG=Search
filetype:asp inurl:"shopdisplayproducts.asp";filetype%3Aasp+inurl%3A%22shopdisplayproducts.asp%22&btnG=Search
inurl:/public/?Cmd=contents;inurl%3A%2Fpublic%2F%3FCmd%3Dcontents&btnG=Search
"Powered by: vBulletin * 3.0.1" inurl:newreply.php;%22Powered+by%3A+vBulletin+*+3.0.1%22+inurl%3Anewreply.php&btnG=Search
filetype:mny mny;filetype%3Amny+mny&btnG=Search
HTTP_USER_AGENT=Googlebot;HTTP_USER_AGENT%3DGooglebot&btnG=Search
"# Dumping data for table (username|user|users|password)";%22%23+Dumping+data+for+table+%28username%7Cuser%7Cusers%7Cpassword%29%22&btnG=Search
intitle:"Welcome to ntop!";intitle%3A%22Welcome+to+ntop%21%22&btnG=Search
filetype:conf inurl:unrealircd.conf -cvs -gentoo;filetype%3Aconf+inurl%3Aunrealircd.conf+-cvs+-gentoo&btnG=Search
intitle:"Index of" service.pwd;intitle%3A%22Index+of%22+service.pwd
intitle:"Index of" users.pwd;intitle%3A%22Index+of%22+users.pwd
intitle:"Index of" authors.pwd;intitle%3A%22Index+of%22+authors.pwd
intitle:"Index of" administrators.pwd;intitle%3A%22Index+of%22+administrators.pwd
intitle:"Index of" showcode.asp;intitle%3A%22Index+of%22+showcode.asp
intitle:"Index of" sendmail.cfm;intitle%3A%22Index+of%22+sendmail.cfm
intitle:"Index of" SessionServlet;intitle%3A%22Index+of%22+SessionServlet
intitle:"Index of" web_store.cgi;intitle%3A%22Index+of%22+web_store.cgi
intitle:"Index of" wwwboard.pl;intitle%3A%22Index+of%22+wwwboard.pl
intitle:"Index of" www-sql;intitle%3A%22Index+of%22+www-sql
intitle:"Index of" AT-admin.cgi;intitle%3A%22Index+of%22+AT-admin.cgi
intitle:"Index of" maillist.pl;intitle%3A%22Index+of%22+maillist.pl
intitle:"Index of" publisher;intitle%3A%22Index+of%22+publisher
intitle:"Index of" db.cgi;intitle%3A%22Index+of%22+db.cgi
intitle:"Index of" login.jsp;intitle%3A%22Index+of%22+login.jsp
intitle:"Index of" amadmin.pl;intitle%3A%22Index+of%22+amadmin.pl
inintitle:"Index of" (access_log|access-log);intitle%3A%22Index+of%22+%28access_log%7Caccess-log%29&btnG=Search
intitle:"Index of" log.htm;intitle%3A%22Index+of%22+log.htm&btnG=Search
intitle:"Index of" mailto.cgi.pwd;intitle%3A%22Index+of%22+mailto.cgi
intitle:"Index of" YaBB.pl.pwd;intitle%3A%22Index+of%22+YaBB.pl
intitle:"Index of" WSFTP.LOG;intitle%3A%22Index+of%22+WSFTP.LOG
intitle:"Index of" print.cgi;intitle%3A%22Index+of%22+print.cgi
intitle:"Index of" CrazyWWWBoard.cgi;intitle%3A%22Index+of%22+CrazyWWWBoard.cgi
intitle:"Index of" pwd.dat;intitle%3A%22Index+of%22+pwd.dat
intitle:"Index of" post-query;intitle%3A%22Index+of%22+post-query
intext:"404 Object Not Found" Microsoft-IIS/5.0;intext%3A%22404+Object+Not+Found%22+Microsoft-IIS%2F5.0
"Microsoft-IIS/5.0 server at";%22Microsoft-IIS%2F5.0+server+at%22&btnG=Search
"Microsoft-IIS/4.0" intitle:index.of;%22Microsoft-IIS%2F4.0%22+intitle%3Aindex.of&btnG=Search
"Microsoft-IIS/6.0" intitle:index.of;%22Microsoft-IIS%2F6.0%22+intitle%3Aindex.of&btnG=Search
"Novell, Inc" WEBACCESS Username Password "Version *.*" Copyright -inurl:help -guides|guide;%22Novell%2C+Inc%22+WEBACCESS+Username+Password+%22Version+*.*%22+Copyright++-inurl%3Ahelp+-guides%7Cguide&btnG=Search
"Red Hat Secure/2.0";%22Red+Hat+Secure%2F2.0%22&btnG=Search
allintext:"Powered by LionMax Software" "WWW File Share";allintext%3A%22Powered+by+LionMax+Software%22+%22WWW+File+Share%22&btnG=Zoeken&lr=
allinurl:".nsconfig" -sa;allinurl%3A%22.nsconfig%22+-sa
intitle:"Lotus Domino Go Webserver:" "Tuning your webserver" -site:ibm.com;intitle:%22Lotus+Domino+Go+Webserver:%22+%22Tuning+your+webserver%22+-site:ibm.com&hl=en&lr=&ie=UTF-8&filter=0
intitle:"Open WebMail" "Open WebMail version (2.20|2.21|2.30)";intitle%3A%22Open+WebMail%22+%22Open+WebMail+version+%282.20%7C2.21%7C2.30%29+%22&btnG=B%C3%BAsqueda&meta=
intitle:"Welcome To Xitami" -site:xitami.com;intitle%3A%22Welcome+To+Xitami%22+-site%3Axitami.com&btnG=Google+Search
intitle:"Welcome to
windows 2000 Internet Services";intitle:%22Welcome+to+Windows+2000+Internet+Services%22
XAMPP "inurl:xampp/index";XAMPP+%22inurl:xampp/index%22
"Select a database to view" intitle:"filemaker pro";%22Select+a+database+to+view%22+intitle%3A%22filemaker+pro%22
"Welcome to PHP-Nuke" congratulations;%22Welcome+to+PHP-Nuke%22+congratulations
intitle:"Mail Server CMailServer Webmail" "5.2";intitle%3A%22Mail+Server+CMailServer+Webmail%22+%225.2%22
allintitle:Brains, Corp. camera;allintitle:Brains,+Corp.+camera
inurl:indexFrame.shtml Axis;inurl%3AindexFrame.shtml+Axis&btnG=Google+Search
intitle:"remote ui:top page";intitle%3A%22remote+ui%3Atop+page%22
intext:"Ready with 10/100T Ethernet";intext:%22Ready+with+10/100T+Ethernet%22
intitle:"EvoCam" inurl:"webcam.html";intitle:%22EvoCam%22+inurl:%22webcam.html%22
intitle:"my webcamXP server!" inurl:":8080";intitle%3A%22my+webcamXP+server!%22+inurl%3A%22%3A8080%22&btnG=Search
intitle:"toshiba network camera - User Login";intitle%3A%22toshiba+network+camera+-+User+Login%22
inurl:"ViewerFrame?Mode=";inurl%3A%22ViewerFrame%3FMode%3D%22
intext:centreware inurl:status;intext%3Acentreware+inurl%3Astatus
intext:"MOBOTIX M1" intext:"Open Menu";intext%3A%22MOBOTIX+M1%22+intext%3A%22Open+Menu%22
inurl:"printer/main.html" intext:"settings";inurl%3A%22printer%2Fmain.html%22+intext%3A%22settings%22
intitle:"Browser Launch Page";intitle%3A%22Browser+Launch+Page%22
intitle:liveapplet inurl:LvAppl;intitle%3Aliveapplet+inurl%3ALvAppl
google hack技巧的一些收集
最早以前写了google技巧后送几一些好友,私下传传也就无所谓了,不知道怎么就传出去了,好多站点都有转载,而且连偶的ID都没有,更别说昵称,弄的心里满大不是滋味,所以写了一些东西再没发出来过。今天无聊,再发几章技巧,偶然路过的朋友收藏了记得别share哦!
19
"1999-2004 FuseTalk Inc" -site:fusetalk.com
"2003 DUware All Rights Reserved"
"Active Webcam Page" inurl:8080
"BlackBoard 1.5.1-f | © 2003-4 by Yves Goergen"
"BosDates Calendar System " "powered by BosDates v3.2 by BosDev"
"Copyright © 2002 Agustin Dondo Scripts"
"delete entries" inurl:admin/delete.asp
"driven by: ASP Message Board"
"Enter ip" inurl:"php-ping.php"
"IceWarp Web Mail 5.3.0" "Powered by IceWarp"
"Ideal BB Version: 0.1" -idealbb.com
"inurl:/site/articles.asp?idcategory="
"Obtenez votre forum Aztek" -site:forum-aztek.com
"Online Store - Powered by ProductCart"
"Powered *: newtelligence" ("dasBlog 1.6"| "dasBlog 1.5"| "dasBlog 1.4"|"dasBlog 1.3")
"Powered by A-CART"
"Powered by AJ-Fork v.167"
"powered by antiboard"
"Powered by Coppermine Photo Gallery"
"Powered by Coppermine Photo Gallery" ( "v1.2.2 b" | "v1.2.1" | "v1.2" | "v1.1" | "v1.0")
"powered by CubeCart 2.0"
"Powered by CubeCart"
"Powered by DCP-Portal v5.5"
"Powered by DMXReady Site Chassis Manager" -site:dmxready.com
"Powered by FUDforum"
"Powered by Gallery v1.4.4"
"Powered by IceWarp Software" inurl:mail
"Powered by Ikonboard 3.1.1"
"Powered by Megabook *" inurl:guestbook.cgi
"Powered by MercuryBoard [v1"
"powered by minibb" -site:www.minibb.net -intext:1.7f
"Powered by My Blog" intext:"FuzzyMonkey.org"
"Powered by ocPortal" -demo -ocportal.com
"Powered by PowerPortal v1.3"
"Powered by WordPress" -html filetype:php -demo -wordpress.org -bugtraq
"Powered by WowBB" -site:wowbb.com
"Powered by YaPig V0.92b"
"Powered by yappa-ng"
"running: Nucleus v3.1" -.nucleuscms.org -demo
"SquirrelMail version 1.4.4" inurl:src ext:php
"This page has been automatically generated by Plesk Server Administrator"
+"Powered by Invision Power Board v2.0.0..2"
+"Powered by phpBB 2.0.6..10" -phpbb.com -phpbb.pl
Achievo webbased project management
allintitle:aspjar.com guestbook
E-market remote code execution
EarlyImpact Productcart
ext:php intext:"Powered by phpNewMan Version"
ext:pl inurl:cgi intitle:"FormMail *" -"*Referrer" -"* Denied" -sourceforge -error -cvs -input
filetype:cgi inurl:nbmember.cgi
filetype:cgi inurl:pdesk.cgi
filetype:cgi inurl:tseekdir.cgi
filetype:php intitle:"paNews v2.0b4"
filetype:php inurl:index.php inurl:"module=subjects" inurl:"func=*" (listpages| viewpage | listcat)
intext:"Powered by phpBB 2.0.13" inurl:"cal_view_month.php"|inurl:"downloads.php"
intext:("UBB.threads™ 6.2"|"UBB.threads™ 6.3") intext:"You * not logged *" -site:ubbcentral.com
intitle:"EMUMAIL - Login" "Powered by EMU Webmail"
intitle:"MRTG/RRD" 1.1* (inurl:mrtg.cgi | inurl:14all.cgi |traffic.cgi)
intitle:"View Img" inurl:viewimg.php
intitle:"WebJeff - FileManager" intext:"login" intext:Pass|PAsse
intitle:"WordPress > * > Login form" inurl:"wp-login.php"
intitle:guestbook "advanced guestbook 2.2 powered"
intitle:welcome.to.horde
inurl:"/cgi-bin/loadpage.cgi?user_id="
inurl:"/site/articles.asp?idcategory="
inurl:"comment.php?serendipity"
inurl:"forumdisplay.php" +"Powered by: vBulletin Version 3.0.0..4"
inurl:"messageboard/Forum.asp?"
inurl:"slxweb.dll"
inurl:/SiteChassisManager/
inurl:cal_make.pl
inurl:citrix/metaframexp/default/login.asp? ClientDetection=On
inurl:comersus_message.asp
inurl:directorypro.cgi
inurl:gotoURL.asp?url=
inurl:technote inurl:main.cgi*filename=*
inurl:ttt-webmaster.php
inurl:wiki/MediaWiki
Invision Power Board SSI.PHP SQL Injection
mnGoSearch vulnerability
powered.by.instaBoard.version.1.3
Powered.by:.vBulletin.Version ...3.0.6
Quicksite demopages for Typo3
ReMOSitory module for Mambo
uploadpics.php?did= -forumintext:Generated.by.phpix.1.0? inurl:$mode=album
vBulletin version 3.0.1 newreply.php XSS
VP-ASP Shopping Cart XSS
WebAPP directory traversal
18
"Copyright (c) Tektronix, Inc." "printer status"
"display printer status" intitle:"Home"
"intitle:Cisco Systems, Inc. VPN 3000 Concentrator"
"Please use Netscape 2.0 or enhance !!" -site:dlink.com -site:ovislink.com.tw
"please visit" intitle:"i-Catcher Console" Copyright "iCode Systems"
"powered by webcamXP" "Pro|Broadcast"
"Starting SiteZAP 6.0"
"Webthru User Login"
("Fiery WebTools" inurl:index2.html) | "WebTools enable * * observe, *, * * * flow * print jobs"
(inurl:webArch/mainFrame.cgi ) | (intitle:"web image monitor" -htm -solutions)
Aficio 1022
allintitle:Brains, Corp. camera
allinurl:index.htm?cus?audio
Axis Network Cameras
axis storpoint "file view" inurl:/volumes/
camera linksys inurl:main.cgi
Canon ImageReady machines
Canon Webview netcams
ext:dhtml intitle:"document centre|(home)" OR intitle:"xerox"
filetype:cgi transcoder.cgi
intext:"MaiLinX Alert (Notify)" -site:networkprinters.com
intext:"Please enter correct password for Administrator Access. Thank you" "Copyright © 2003 SMC Networks, Inc. All rights reserved."
intext:"Powered by: Adobe PrintGear" inurl:admin
intext:"Ready with 10/100T Ethernet"
intext:"UAA (MSB)" Lexmark -ext:pdf
intext:"Videoconference Management System" ext:htm
intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any where" username password
intitle:"actiontec" main setup status "Copyright 2001 Actiontec Electronics Inc"
intitle:"active webcam page"
intitle:"AudioReQuest.web.server"
intitle:"axis storpoint CD" intitle:"ip address"
intitle:"BorderManager Information alert"
intitle:"BorderWare MXtreme Mail Firewall Login"
intitle:"Browser Launch Page"
intitle:"Cayman-DSL.home"
intitle:"DEFAULT_CONFIG - HP"
intitle:"DEFAULT_CONFIG - HP"
intitle:"Dell Laser Printer" ews
intitle:"dreambox web"
intitle:"DVR Web client"
intitle:"EpsonNet WebAssist Rev"
intitle:"EverFocus.EDSR.applet"
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists
intitle:"Freifunk.Net - Status" -site:commando.de
intitle:"Home" "Xerox Corporation" "Refresh Status"
intitle:"ipcop - main"
intitle:"iVISTA.Main.Page"
intitle:"lantronix web-manager"
intitle:"Lexmark *" inurl:port_0
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS"
intitle:"my webcamXP server!" inurl:":8080"
intitle:"NeroNET - burning online"
intitle:"Network Print Server" filetype:shtm ( inurl:u_printjobs | inurl:u_server | inurl:a_server | inurl:u_generalhelp | u_printjobs )
intitle:"Network Print Server" intext:"http://www.axis.com" filetype:shtm
intitle:"OfficeConnect Cable/DSL Gateway" intext:"Checking your browser"
intitle:"OfficeConnect Wireless 11g Access Point" "Checking your browser"
intitle:"Service Managed Gateway Login"
intitle:"Setup Home" "You will need * log in before * * change * settings"
intitle:"Sipura.SPA.Configuration" -.pdf
intitle:"Smoothwall Express" inurl:cgi-bin "up * days"
intitle:"Spam Firewall" inurl:"8000/cgi-bin/index.cgi"
intitle:"SpeedStream * Management Interface"
intitle:"supervisioncam protocol"
intitle:"switch home page" "cisco systems" "Telnet - to"
intitle:"switch login" "IBM Fast Ethernet Desktop"
intitle:"SWW link" "Please wait....."
intitle:"The AXIS 200 Home Page"
intitle:"toshiba network camera - User Login"
intitle:"V-Gear BEE"
intitle:"View and Configure PhaserLink"
intitle:"Brother" intext:"View Configuration" intext:"Brother Industries, Ltd."
intitle:"Connection Status" intext:"Current login"
intitle:asterisk.management.portal web-access
intitle:HomeSeer.Web.Control | Home.Status.Events.Log
intitle:jdewshlp "Welcome to the Embedded Web Server!"
intitle:Linksys site:ourlinksys.com
intitle:RICOH intitle:"Network Administration"
intitle:webeye inurl:login.ml
inurl:"8003/Display?what="
inurl:":631/printers" -php -demo
inurl:"ipp/pdisplay.htm"
inurl:"level/15/exec/-/show"
inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi
inurl:"port_255" -htm
inurl:"printer/main.html" intext:"settings"
inurl:/en/help.cgi "ID=*"
inurl:axis-cgi
inurl:camctrl.cgi
inurl:hp/device/this.LCDispatcher
inurl:JPGLogin.htm
inurl:na_admin
inurl:netw_tcp.shtml
inurl:TiVoConnect?Command=QueryServer
Konica Network Printer Administration
Mobotix netcams
More Axis netcams !
Panasonic Network Cameras
Panasonic WJ-NT104 netcams
Phasers 4500/6250/8200/8400
Seyeon FlexWATCH cameras
site:.viewnetcam.com -www.viewnetcam.com
Sony SNC-RZ20 network cameras
Sony SNC-RZ30 Network Cameras
WebControl intitle:"AMX NetLinx"
Winamp Web Interface
Xerox Phaser 6250
Xerox Phaser 8200
Xerox Phaser® 740 Color Printer
Xerox Phaser® 840 Color Printer
Google搜索技巧2005版
注意:文中[]符号是为了突出关键词,在实际搜索中是不包含的;本文采用的是意译;本译文已经征得作者许可;本译文可任意转载,请保留本文的头信息
1. 双引号可以用减号代替,比如搜索["like this"]与搜索[like-this]是一个效果
2. Google不会处理一些特殊的字符,比如[#](几年前还不行,现在可以了,比如搜索[c#]已经可以搜到相应的结果),但是还有一些字符它不认识,比如搜索[t.]、[t-]与[t^]的结果是一样的
3. Google充许一次搜索最多32个关键词
4. 在单词前加~符号可以搜索同义词,比如你想搜索[house],同时也想找[home],你就可以搜索[~house]
5. 如果想得到Google索引页面的总数,可以搜索[* *]
6. Google可以指定数字范围搜索。搜索[2001..2005]相当于搜索含有2001、2002直到2005的任意一个数的网页
7. 搜索[define:css]相当于搜索css的定义,这招对想学习知识的人很有效;也可以用[what is css]搜索;对中文来说,也可以用[什么是css]之类的
8. Google有一定的人工智能,可以识别一些简单的短语如[whenwas Einstein born?]或[einstein birthday]
9. 通过[link:]语法,可以寻找含有某个链接的网页,比如[link:blog.outer-court.com]将找到包括指向 blog.outer-court.com超级链接的网页(最新的Google Blog Search也支持这个语法),但是Google并不会给出所有的包含此链接的网页,因为它要保证pagerank算法不被反向工程(呵呵,可以参见那两个Google创始人关于pagerank的论文,可下载)
10. 如果在搜索的关键词的最后输入[why?],就会在结果中出现链接到Google Answers的链接http://answers.google.com ,在里面可以进行有偿提问
11. 现在出现了一种兴趣活动,叫做Google Hacking,其内容是使用Google搜索一些特定的关键词,以便找到有漏洞的、易被黑客攻击的站点。这个网站列出了这些关键词:Google Hacking Database( http://johnny.ihackstuff.com/index....ule=prodreviews )
12. 在Google 中输入一组关键词时,默认是“与”搜索,就是搜索包含有所有关键词的网页。如果要“或”搜索,可以使用大写的[OR]或 [|],使用时要与关键词之间留有空格。比如搜索关键词[Hamlet (pizza | coke)],是让Google搜索页面中或页面链接描述中含有Hamlet,并含有pizza与coke两个关键词中任意一个的网页。
13. 并非所有的Google服务都支持相同的语法,比如在Google Group中支持 [insubject:test]之类的主题搜索。可以通过高级搜索来摸索这些关键词的用法:进入高级搜索之后设置搜索选项,然后观察关键字输入窗口中的关键字的变化
14. 有时候Google懂得一些自然语言,比如搜索关键词[goog], [weather new york, ny], [new york ny]或[war of the worlds],此时Google会在搜索结果前显示出一个被业内称为“onebox”的结果,试试看吧!
15. 并非所有的Google都是相同的,它因国家版本(或是说语言版本)而异。在US版下,搜索[site:stormfront.org]会有成千上万的结果,而在德语版下,搜索[site:stormfront.org]的结果,嗯,自己看吧。Google的确与各国政府有内容审查协议,比如德国版,法国版(网页搜索),中国版Google新闻
16. 有时候Google会提示你搜索结果很烂,比如你搜索关键词[jew]试试,Google会告诉你它给出的搜索结果很烂,然后给你一个解释:http://www.google.com/explanation.html
17. 以前,搜索某些关键词如[work at Google] 时会看到Google给自己打的广告。可以去http://www.google.com/jobs/了解Google的工作
18. 对于一些“Googlebombed”(大概意思是指Google搜索的结果出问题了)的关键词,会有一个广告链接到:http: //googleblog.blogspot.com/2005/09/googlebombing-failure.html (中国大陆需要代理才能访问)。比如搜索[failure],第一条是美国布什总统介绍
19. 虽然现在Google还没有支持自然语言,但这里有一段录像显示了支持自然语言的搜索引擎的使用效果:http://blog.outer-court.com/videos/googlebrain.wmv
20. 有人说在Google中搜索[president of the internet],其结第一条表明了president of the internet是谁,我也是这么认为的,而且你还可以使用这个logo支持本文作者:http://blog.outer- court.com/files/president.gif
21. Google现在不再有“stop words”(被强制忽略的关键词),比如搜索 [to be or not to be], Google返回的结果中间还列有相关的完整短语搜索结果
22. 在Google 计算器(http://www.google.com/help/features.html#calculator )中有个彩蛋:输入[what is the answer to life, the universe and everything?]时,会返回42。(关键词翻译过来的意思是指“生命、宇宙和一切的答案”,这是一个著名科幻小说中的情节,详情参见http: //en.wikipedia.org/wiki/The_Answer_to_Life,_the_Universe, _and_Everything)。试试吧,哈哈
23. 你可以在搜索时使用通配符,这在搜索诗词时特别有效。比如你可以搜一下["love you twice as much * oh love * *"] 试试
24. 同样,你的关键词可以全部都是通配符,比如搜索["* * * * * * *"]
25. www.googl.com是在输错网址后的结果,也是个搜索网站,但搜索结果与Google完全不同。而且此网站也赚Google的钱,因为它使用Google AdSense
26. 如果你想把搜索结果限制在大学的网站之中,可以使用[site:.edu]关键词,比如[c-tutorial site:.edu],这样可以只搜索以edu结尾的网站。你也可以使用Google Scholar来达到这个目的。也可以使用[site:.de]或[site:.it]来搜索某个特定国家的网站12. 在Google 中输入一组关键词时,默认是“与”搜索,就是搜索包含有所有关键词的网页。如果要“或”搜索,可以使用大写的[OR]或 [|],使用时要与关键词之间留有空格。比如搜索关键词[Hamlet (pizza | coke)],是让Google搜索页面中或页面链接描述中含有Hamlet,并含有pizza与coke两个关键词中任意一个的网页。
责编:高梦
|
|