Aus Kalypso
Wechseln zu: Navigation, Suche

  Lokalhost Rails   Lokalhost Zope   Lokalhost           Mittwoch der 23.Juli 2014 um 13:45 Uhr           Hilfen   Regeln   Wikisyntax   Webmailer   Hauptseite


Live Cam Hacks

  • inurl:”ViewerFrame?Mode=”
  • inurl:"ViewerFrame?Mode=Motion"
  • inurl: “ViewerFrame?Mode=Refresh”
  • inurl:LvAppl
  • inurl:indexFrame.shtml "Axis Video Server" "MOBOTIX M1" and "open menu"
  • inurl:LvAppl
  •, Liveapplet --> Lifeapplet als zusätzlicher Begriff
  • inurl:axis-cgi/jpg
  • inurl:axis-cgi/mjpg (motion-JPEG)
  • inurl:view/indexFrame.shtml
  • inurl:view/index.shtml
  • inurl:/view.shtml
  • inurl:view/view.shtml liveapplet
  • inurl:”webcam.html”
  • inurl:”MultiCameraFrame?Mode=Motion”
  • intitle:liveapplet
  • intitle:"snc-rz30 home" <--- bei diesen cams braucht man ActiveX
  • intitle:"Live View / - AXIS" "Powered by webcamXP"
  • intitle:flexwatch
  • intext:"Copyright by Seyeon TECH Co"
  • intitle:"WJ-NT104 Main"
  • intitle:"my webcamXP server!" inurl:":8080"
  • intitle:”live view”
  • intitle:axis
  • intitle:”Live View / – AXIS” | inurl:view/view.shtml^
  • intitle:liveapplet
  • allintitle:”Network Camera NetworkCamera”
  • intitle:axis intitle:”video server”
  • intitle:liveapplet
  • intitle:”EvoCam”
  • intext:”MOBOTIX M1″ intext:”Open Menu”
  • intext:”MOBOTIX M10″ intext:”Open Menu”
  • intext:”MOBOTIX D10″ intext:”Open Menu”
  • intitle:”Live NetSnap Cam-Server feed”
  • intitle:”Live View / - AXIS”
  • intitle:”Live View / - AXIS 206M”
  • intitle:”Live View / - AXIS 206W”
  • intitle:”Live View / - AXIS 210″
  • inurl:indexFrame.shtml Axis
  • intitle:start inurl:cgistart intitle:”WJ-NT104 Main Page”
  • intitle:snc-z20 inurl:home/
  • intitle:snc-cs3 inurl:home/
  • intitle:snc-rz30 inurl:home/
  • intitle:”sony network camera snc-p1″
  • intitle:”sony network camera snc-m1″
  • intitle:”Toshiba Network Camera” user login
  • intitle:”netcam live image”
  • intitle:”i-Catcher Console - Web Monitor”

sonstige Hacks

  • inurl:index.of.password - Directory listing contains password file(s)?
  • intitle:"Index of" service.pwd Directory listing contains service.pwd file(s)
  • intitle:"Index of" view-source Directory listing contains view-source file(s)
  • intitle:"Index of" admin Direcory listing contains administrative files or directories
  • intitle:"Index of" .htpasswd Directory listing contains .htpasswd file!
  • intitle:"Index of" log.txt Directory listing contians log text files
  • intitle:"Index of" stats.html Directory listing contains stats.html which may contain useful web server statistics "access denied for user" "using password" Web page contains error message which might provide useful application information "A syntax error has occurred" filetype:ihtml Web page contains error message which might provide useful application information "ORA-00921: unexpected end of SQL command" Web page contains error message which might provide useful application information
  • inurl:passlist.txt The passlist.txt file may contain user passwords "Index of /backup" Directory may contain sensitive backup files
  • intitle:"Index of" .bash_history Directory listing contains bash history information
  • intitle: "Index of" index.html.bak Directory listing contains backup index file (index.html.bak)
  • intitle:"Index of" index.php.bak Directory listing contains backup index file (index.html.bak)
  • intitle:"Index of" guestbook.cgi Directory listing contains backup index file (index.html.bak)
  • intitle"Test Page for Apache" Default test page for Apache
  • intitle:index.of.etc Directory listing of /etc ? filetype:xls username password XLS spreadseet containing usernames and passwords? "This file was generated by Nessus" Nessus report!
  • intitle:"Index of" secring.bak Secret key file intitle:"Terminal Services Web Connection" Access terminal services! intitle:"Remote Desktop Web Connection" Access Remote Desktop!
  • intitle:"Index of" access_log Directory listing contains access_log file which may store sensitive information
  • intitle:"Index of" finance.xls Directory listing contains finance.xls which may contain sensitive information intitle:"Usage Statistics for" Statistical information may contain sensitive data
  • intitle:"Index of" WSFTP.LOG WSFTP.LOG file contains information about FTP transactions
  • intitle:"Index of" ws_ftp.ini The ws_ftp.ini file may contain usernames and passwords of FTP users "not for distribution" confidential URL may contain confidential or sensitive information "phpMyAdmin" "running on"
  • inurl:"main.php" phpMyAdmin allows remote mysql database administration "#mysql dump" filetype:sql mysql database dumps
  • inurl:php.ini filetype:ini The php.ini file may contain sensitive PHP environment details. BEGIN (CERTIFICATE|DSA|RSA) filetype:key Private key(s)! BEGIN (CERTIFICATE|DSA|RSA) filetype:csr Private key(s)! BEGIN (CERTIFICATE|DSA|RSA) filetype:crt Private key(s)!
  • intitle:"Index of" passwd passwd.bak passwd file!
  • intitle:"Index of" master.passwd master.passwd file!
  • intitle:"Index of" pwd.db pwd.db file may contain password information
  • intitle:"Index of..etc" passwd passwd file! filetype:cfg ks
  • intext:rootpw -sample -test -howto This file may contain the root password (encrypted)
  • intitle:"index.of.personal" Directory may contain sensitive information
  • intitle:"Index of" login.jsp The login.jsp file may contain database username or password information
  • intitle:"Index of" logfile Directory may contain sensitive log files filetype:php
  • inurl:"viewfile" -"index.php" -"idfil File may contain PHP source code
  • allinurl:intranet admin "index of/root" "auth_user_file.txt" "index of/root" "Index of /admin" "Index of /password" "Index of /mail" "Index of /" +passwd "Index of /" +password.txt "Index of /" +.htaccess index of ftp +.mdb
  • allinurl:/cgi-bin/ +mailto administrators.pwd.index authors.pwd.index service.pwd.index filetype:config web gobal.asax index
  • allintitle: "index of/admin" allintitle: "index of/root" allintitle: sensitive filetype oc
  • allintitle: restricted filetype :mail allintitle: restricted filetype oc site:gov
  • allinurl: winnt/system32/
  • intitle:"Index of" .sh_history
  • intitle:"Index of" .bash_history
  • intitle:"index of" passwd
  • intitle:"index of" people.lst
  • intitle:"index of" pwd.db
  • intitle:"index of" etc/shadow
  • intitle:"index of" spwd
  • intitle:"index of" master.passwd
  • intitle:"index of" htpasswd
  • intitle:"index of" members OR accounts
  • intitle:"index of" user_carts OR user_cart INTITLE - search for string in title
  • intitle:"michael moore" ALLINTITLE - search strings in title
  • allintitle:"michael moore" films INURL - search for string in the url
  • inurl:"michael moore" INTEXT - search for the string in the site body
  • inurl:"/root/home/*/public_html/"
  • intext:"angry white men" SITE - search specific domains "virus"
  • LINK - locate sites linking to the site entered
  • CACHE - search google site cache
  • DATERANGE - search within a date range (julian) "michael moore" daterange:2452389-2452389 FILETYPE - locate files (don't list any html pages, just the files) "economic disaster"
  • filetype:pdf -filetype:htm -filetype:html RELATED - locate pages that are related (similar)
  • INFO - locates links about site
  • PHONEBOOK - locates phone numbers
  • phonebook:"fred stanley" STOCKS - stock info
  • stocks:msft BOOLEAN LOGIC - "AND", "I", "a", "The", and "Of" are ignored - a pipe "|" is treated as "OR" - a minus symbol "-" eliminates the string from results - wildcard "*" can be used on words, not characters ("three * mice" = "three blind mice") - 10 word limit. Use wildcards like "do as * say not as * do" Triggers and Switches - ! = Initializes the "I'm Feeling Lucky" search option

intitle:"Directory of" sexually transmitted diseases -inurl:book -inurl:products - ?? = searches the google directory ?? "michael moore" - , = searches usenet database (google groups) ,* hiv /images = searches

google images

intitle:cheerleaders -filetype:htm -filetype:html /images /news = searches

  • intitle:"index of /" "parent directory" +"*.nfo" +"*.rar" +"*.r05" +"*.r10" -filetype:htm -filetype:html
  • intitle:"paris hilton"+"index of " +"parent directory" +"mpg" -filetype:htm -filetype:html

Zusammenfassung vom CCC Quelle

Was kann man jetzt damit machen?

Unfertig installierte Webserver finden

Server Version Query
Apache 1.3.0-1.3.9 Intitle:Test.Page.for.Apache It.worked!!
Apache 1.3.11-1.3.26 Intitle:Test.Page.for.Apache seeing.this.instead
Apache 2.0 Apache.Hook.Functions
Apache SSL/TLS "Hey, it worked !" "SSL/TLS-aware"
Many IIS servers intitle:internet IIS
Unknown IIS server intitle:"Under construction" "does not currently have"
IIS 4.0
IIS 4.0 allintitle:Welcome to Windows NT 4.0 Option Pack
IIS 4.0 allintitle:Welcome to Internet Information Server
IIS 5.0 allintitle:Welcome to Windows 2000 Internet Services
IIS 6.0 allintitle:Welcome to Windows XP Server Internet Services
Many Netscape servers allintitle:Netscape Enterprise Server Home Page
Unknown Netscape server allintitle:Netscape FastTrack Server Home Page

Directory Listings finden

Ich interessiere mich für ein paar Dateien die da so auf einem Server rumliegen, und würde gerne wissen ob es da noch mehr von gibt. Dann probiere ich es einfach mit *intitle:index.of*, wenn das zuviele falsche Treffer ergibt kann man es auch noch mit *intitle:index.of "parent directory"* oder *intitle:index.of name size* probieren.

Defekte CGI-Scripte finden

Es gibt einige CGI-Scripte die bekannte Fehler haben, z.B:

  • /cgi-bin/cgiemail/uargg.txt
  • /random_banner/index.cgi
  • /random_banner/index.cgi
  • /cgi-bin/mailview.cgi
  • /cgi-bin/maillist.cgi
  • /cgi-bin/userreg.cgi
  • /iissamples/ISSamples/SQLQHit.asp
  • /iissamples/ISSamples/SQLQHit.asp
  • /SiteServer/admin/findvserver.asp
  • /scripts/cphost.dll
  • /cgi-bin/finger.cgi

Man kann jetzt zum Beispiel nach *allinurl:random_banner/index.cgi* suchen und findet Webserver die dieses Script verwenden.

Automatisierte Google-Scans

Google verbietet die Benutzung seiner Suchmaschine mit Scripten, nichtsdesttrotz gibt es aber natürlich Programme die genau dies tun.


Gooscan ist ein Tool was automatisiert verschiedene Sicherheitslöcher sucht und richtet sich Webserverbetreiber und Admins.


Googledorks ist eine Webseite auf der viele der oben aufgeführten Suchterme aufgeführt und diskutiert werden. Dort gibt es z.B Abfrage die eine Liste von Webservern mit bestimmten Schwachstellen oder verschiedene Abfragen die nichtöffenliche Informationen zutage bringen.


GooPot ist das equivalent eines HoneyPots für den GoogleHacker. Es besteht aus einer Sammlung von Scripten die wenn man die oben erwähnten Methoden anwendet zu Treffern führen. Greift nun ein User auf diese Seiten zu werden die Zugriffe inkl. dem Referer gelogt, so das man die versuchten Angriffe später nachvolziehen kann. GooPot ist leider noch nicht öffentlich zu beziehen.

Schutz vor GoogleHackern

  • Keine geheimen Daten ins Web stellen!
  • Verwenden der oben aufgeführten Techniken um seine eigene Webseite auf Schwachstellen zu untersuchen.
  • Verwenden eines robots.txt Files welches Google verbietet in bestimmte Verzeichnisse zu gehen.


Meine Werkzeuge