Noobs,don't go crazy messing up people sites,this is to make awareness of how negligent can an administrator be.
1- Why deface when you can own it?
Go to Google and type this:
intitle:PhpMyAdmin "Welcome to phpMyAdmin***" running on * as root@*"
This will give you tons of no passworded phpMyAdmin,means you'll have access to all files,can make changes ect.
======================================
To find websites Admin Password type the following in the Google bar:
inurl:vti_pvt "service.pwd"
(password will be encrypted) "convert encrypted password to md5 hash then use milw0rm
Also You can You use this codes when you have free time..enjoy
Google Search strings
-------------------------
- inurl:/db/main.mdb |ASP-Nuke passwords
- filetype:cfm "cfapplication |ColdFusion source with potential passwords name" password
- filetype:pass |dbman credentials pass intext:userid
- allinurl:auth_user_file.txt |DCForum user passwords
- eggdrop filetype:user user |Eggdrop IRC user credentials
- filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
- filetype:url +inurl:"ftp://" |FTP bookmarks cleartext passwords
+inurl:"@" - inurl:zebra.conf intext: |GNU Zebra passwords
password -sample -test
-tutorial –download - filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
- intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
"htgroup" -intitle:"dist"
-apache -htpasswd.c - intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
htpasswd.bak - "http://*:*@www" bob:bob |HTTP passwords (bob is a sample username)
- "sets mode: +k" |IRC channel keys (passwords)
- "Your password is * |Remember IRC NickServ registration passwords
this for later use" - signin filetype:url |JavaScript authentication credentials
- LeapFTP intitle:"index.of./" |LeapFTP client login credentials
sites.ini modified - inurl:lilo.conf filetype:conf |LILO passwords
password -tatercounter2000
-bootpwd –man - filetype:config config intext: |Mcft .NET application credentials
appSettings "User ID" - filetype:pwd service |Mcft FrontPage Service Web passwords
- intitle:index.of |Mcft FrontPage Web credentials
administrators.pwd - "# -FrontPage-" |Mcft FrontPage Web passwords
inurl:service.pwd
ext:pwd inurl:_vti_pvt inurl: |Mcft FrontPage Web passwords
(Service | authors | administrators) - inurl:perform filetype:ini |mIRC nickserv credentials
- intitle:"index of" intext: |mySQL database credentials
connect.inc - intitle:"index of" intext: |mySQL database credentials
globals.inc - filetype:conf oekakibbs |Oekakibss user passwords
- filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials
- inurl:ospfd.conf intext: |OSPF Daemon Passwords
password -sample -test
-tutorial –download - index.of passlist |Passlist user credentials
- inurl:passlist.txt |passlist.txt file user credentials
- filetype:dat "password.dat" |password.dat files
- inurl:password.log filetype:log |password.log file reveals usernames,
|passwords,and hostnames - filetype:log inurl:"password.log" |password.log files cleartext
|passwords - inurl:people.lst filetype:lst |People.lst generic password file
- intitle:index.of config.php |PHP Configuration File database
|credentials - inurl:config.php dbuname dbpass |PHP Configuration File database
|credentials - inurl:nuke filetype:sql |PHP-Nuke credentials
- filetype:conf inurl:psybnc.conf |psyBNC IRC user credentials
"USER.PASS=" - filetype:ini ServUDaemon |servU FTP Daemon credentials
- filetype:conf slapd.conf |slapd configuration files root password
- inurl:"slapd.conf" intext: |slapd LDAP credentials
"credentials" -manpage
-"Manual Page" -man: -sample - inurl:"slapd.conf" intext: |slapd LDAP root password
"rootpw" -manpage
-"Manual Page" -man: -sample - filetype:sql "IDENTIFIED BY" –cvs |SQL passwords
- filetype:sql password |SQL passwords
- filetype:ini wcx_ftp |Total Commander FTP passwords
- filetype:netrc password |UNIX .netrc user credentials
- index.of.etc |UNIX /etc directories contain
|various credential files - intitle:"Index of..etc" passwd |UNIX /etc/passwd user credentials
- intitle:index.of passwd |UNIX /etc/passwd user credentials
passwd.bak - intitle:"Index of" pwd.db |UNIX /etc/pwd.db credentials
- intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
- intitle:index.of master.passwd |UNIX master.passwd user credentials
- intitle:"Index of" spwd.db |UNIX spwd.db credentials
passwd -pam.conf - filetype:bak inurl:"htaccess| |UNIX various password file backups
passwd|shadow|htusers - filetype:inc dbconn |Various database credentials
- filetype:inc intext:mysql_ |Various database credentials, server names
connect - filetype:properties inurl:db |Various database credentials, server names
intext:password - inurl:vtund.conf intext:pass –cvs |Virtual Tunnel Daemon passwords
- inurl:"wvdial.conf" intext: |wdial dialup user credentials
"password" - filetype:mdb wwforum |Web Wiz Forums Web credentials
- "AutoCreate=TRUE password=*" |Website Access Analyzer user passwords
- filetype:pwl pwl |Windows Password List user credentials
- filetype:reg reg +intext: |Windows Registry Keys containing user
"defaultusername" intext: |credentials
"defaultpassword" - filetype:reg reg +intext: |Windows Registry Keys containing user
"internet account manager" |credentials - "index of/" "ws_ftp.ini" |WS_FTP FTP credentials
"parent directory" - filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
- inurl:admin filetype: |asp Generic userlist files
inurl:userlist | - inurl:php inurl: |Half-life statistics file, lists username and
hlstats intext: |other information
Server Username | - filetype:ctl |
inurl:haccess. |Mcft FrontPage equivalent of htaccess
ctl Basic |shows Web user credentials - filetype:reg |
reg intext: |Mcft Internet Account Manager can - "internet account manager" |reveal usernames and more
filetype:wab wab |Mcft Outlook Express Mail address
|books - filetype:mdb inurl:profiles |Mcft Access databases containing
|profiles. - index.of perform.ini |mIRC IRC ini file can list IRC usernames and
|other information - inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
|used to discover usernames - filetype:conf inurl:proftpd. |PROFTP FTP server configuration file
conf –sample |reveals
|username and server information - filetype:log username putty |PUTTY SSH client logs can reveal
|usernames
|and server information - filetype:rdp rdp |Remote Desktop Connection files reveal user
|credentials - intitle:index.of |UNIX bash shell history reveals commands
.bash_history |typed at a bash command prompt; usernames
|are often typed as argument strings - intitle:index.of |UNIX shell history reveals commands typed at
.sh_history |a shell command prompt; usernames are
|often typed as argument strings - "index of " lck |Various lock files list the user currently using
|a file - +intext:webalizer +intext: |Webalizer Web statistics page lists Web user-
Total Usernames +intext: |names and statistical information
"Usage Statistics for" - filetype:reg reg HKEY_ |Windows Registry exports can reveal
CURRENT_USER |username usernames and other information
Posts
