Advertisement
The_Artist

GOOGLE HACKİNG DATABASE – GHDB

Jul 10th, 2014
5,260
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. GOOGLE HACKİNG DATABASE – GHDB – FTP PASSWORLD GOOGLE DORK XSS GOOGLE DORK PHP GOOGLE DORK SQL DORK WORLD PRESS DORK PASSWORLD FİLE DORK MICS DORK FREE SWAG DORK WEBCAM DORK:
  2.  
  3.  
  4. Google Hacking Database – GHDB - Ftp Passworld Google Dork Xss Google Dork Php Google Dork SQL Dork World Press Dork Passworld File Dork Mıcs Dork Free Swag Dork Webcam Dork
  5.  
  6.  
  7.  
  8. A.) FTP PASSWORD GOOGLE DORKS
  9. B.) XSS GOOGLE DORKS
  10. C.) PHP GOOGLE DORKS
  11. D.) SQL DORKS
  12. E.) WORDPRESS DORKS
  13. F.) PASSWORD FILE DORKS
  14. G.) MISC. DORKS
  15. H.) FREE SWAG DORKS
  16. I.) WEBCAM DORKS
  17.  
  18. A.) FTP PASSWORD GOOGLE DORKS
  19.  
  20. 1.) ws_ftp.ini configuration file search:
  21.  
  22. intitle:index.of ws_ftp.ini
  23.  
  24. 2.) ws_ftp.ini configuration file with “Parent Directory” search:
  25.  
  26. filetype:ini ws_ftp pwd
  27.  
  28. 3.) Variation:
  29.  
  30. ”index of/” “ws_ftp.ini” “parent directory”
  31.  
  32. 4.) Variation:
  33.  
  34. +htpasswd +WS_FTP.LOG filetype:log
  35.  
  36. 5.) Variation:
  37.  
  38. (Substitute vulnerablesite.com with your site you want to search)
  39. ”allinurl: “Vulnerablesite.com” WS_FTP.LOG filetype:log”
  40.  
  41. B.) XSS GOOGLE DORKS
  42.  
  43. 1.) cart32 executable file.
  44.  
  45. allinurl:/scripts/cart32.exe
  46.  
  47. 2.) Cute news php file.
  48.  
  49. allinurl:/CuteNews/show_archives.php
  50.  
  51. 3.) phpinfo.php file.
  52.  
  53. allinurl:/phpinfo.php
  54.  
  55. C.) PHP GOOGLE DORKS
  56.  
  57. 1.) config.php file search:
  58.  
  59. intitle:index.of config.php
  60.  
  61. 2.) PHP file contents search:
  62.  
  63. intitle:”Index of” phpinfo.php
  64.  
  65. 3.) download.php directory transversal vulneralbilities:
  66.  
  67. inurl:download.php?=filename
  68.  
  69. 4.) upload.php search:
  70.  
  71. intitle:index.of upload.php
  72.  
  73. inurl:upload.php
  74.  
  75. D.) SQL PASSWORD DUMP DORKS
  76.  
  77. 1.) SQL dumps saved to database search. (Some of the more common passwords for you):
  78.  
  79. a.) ”123456″ = hashed password
  80. ext:sql intext:@gmail.com intext:e10adc3949ba59abbe56e057f20f883e
  81.  
  82. b.) ”654321″ = hashed password
  83. ext:sql intext:@gmail.com intext:c33367701511b4f6020ec61ded352059
  84.  
  85. c.) ”password” = hashed password
  86. ext:sql intext:@gmail.com intext:5f4dcc3b5aa765d61d8327deb882cf99
  87.  
  88. d.) ”12345678″ = hashed password
  89. ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad
  90.  
  91. e.) ”iloveyou” = hashed password
  92. ext:sql intext:@gmail.com intext:f25a2fc72690b780b2a14e140ef6a9e0
  93.  
  94. 2.) Variation of above search:
  95.  
  96. a.) ext:sql intext:”INSERT INTO” intext:@gmail.com intext:password
  97.  
  98. b.) ext:sql intext:”INSERT INTO” intext:@yahoo.com intext:password
  99.  
  100. c.) ext:sql intext:”INSERT INTO” intext:@hotmail.com intext:password
  101.  
  102. d.) ext:sql intext:”INSERT INTO” intext:@att.net intext:password
  103.  
  104. e.) ext:sql intext:”INSERT INTO” intext:@comcast.net intext:password
  105.  
  106. f.) ext:sql intext:”INSERT INTO” intext:@verizon.net intext:password
  107.  
  108. 3.) SQLi
  109.  
  110. allinurl:/privmsg.php
  111.  
  112. E.) WORDPRESS GOOGLE DORKS
  113.  
  114. 1.) Asset Manager Plugin Exploit – Unprotected Remote File Upload Vuleralbility.
  115.  
  116. inurl:Editor/assetmanager/assetmanager.asp
  117.  
  118. 2.) Timthumb Plugin Exploit – Attacker can attach a shell to a image file and upload the shell. (It has been patched, but there are still a lot of webmasters who have NOT updated!)
  119.  
  120. inurl:index.of thumb.php
  121.  
  122. inurl:thumb.php
  123.  
  124. 3.) Search for plugins directory:
  125.  
  126. inurl:wp-content/plugins/
  127.  
  128. 4.) Search for themes directory:
  129.  
  130. inurl:wp-content/themes/
  131.  
  132. F.) PASSWORD FILE GOOGLE DORKS
  133.  
  134. 1.) Search for Microsoft Excel data file:
  135.  
  136. ”Login: *” “password =*” filetype: xls
  137.  
  138. 2.) Search for auth_user_file:
  139.  
  140. allinurl: auth_user_file.txt
  141.  
  142. 3.) Search for username/password saved in Microsoft Excel files:
  143.  
  144. filetype: xls inurl: “password.xls”
  145.  
  146. 4.) Search for login pages:
  147.  
  148. intitle: login password
  149.  
  150. 5.) Search for “master password” page:
  151.  
  152. intitle: “Index of” master.passwd
  153.  
  154. 6.) Search for backup directory:
  155.  
  156. index of /backup
  157.  
  158. 7.) Search for password backup file index:
  159.  
  160. intitle:index.of passwd.bak
  161.  
  162. 8.) Search for password databases:
  163.  
  164. intitle:index.of pwd.db
  165.  
  166. intitle:”index of” pwd.db
  167.  
  168. 9.) Search for /etc/passwd/ index:
  169.  
  170. intitle:”index of .. etc” passwd
  171.  
  172. 10.) Search for plaintext password file:
  173.  
  174. index.of passlist.txt
  175.  
  176. inurl:passlist.txt
  177.  
  178. 11.) Search for hidden documents/password files:
  179.  
  180. index.of.secret
  181.  
  182. index.of.private
  183.  
  184. 12.) Search for PhpMyAdmin files:
  185.  
  186. ”# PhpMyAdmin MySQL-Dump” filetype: txt
  187.  
  188. 13.) Hidden Superuser (root) data files:
  189.  
  190. inurl:ipsec.secrets-history-bugs
  191.  
  192. inurl:ipsec.secrets “holds shared secrets”
  193.  
  194. 14.) Find the information files:
  195.  
  196. inurl:ipsec.conf-intitle:manpage
  197.  
  198. 15.) Search for a stored password in a database:
  199.  
  200. filetype:ldb admin
  201.  
  202. 16.) Search for admin.php file:
  203.  
  204. inurl:search/admin.php
  205.  
  206. 17.) Search for password log files:
  207.  
  208. inurl:password.log filetype:log
  209.  
  210. 18.) Search for Hkey_Current_User in registry files:
  211.  
  212. filetype: reg HKEY_CURRENT_USER username
  213.  
  214. 19.) Search for username/password file backups:
  215.  
  216. ”Http://username: password @ www …” filetype: bak inurl: “htaccess | passwd | shadow | ht users”
  217.  
  218. 20.) Search for username/password files:
  219.  
  220. filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdb files
  221.  
  222. 21.) Search for Microsoft Frontpage passwords:
  223.  
  224. ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-”
  225.  
  226. 22.) Search for SQL database Code and passwords:
  227.  
  228. filetype: sql ( “passwd values ****” |” password values ****” | “pass values ****”)
  229.  
  230. 23.) Search for e-mail account files:
  231.  
  232. intitle: “Index Of”-inurl: maillog
  233.  
  234. G.) MISC. DORKS
  235.  
  236. 1.) WebWiz Rich Text Editor (RTE) – Remote file upload vulneralbility:
  237.  
  238. inurl:rte/my_documents/my_files
  239.  
  240. 2.) EZFilemanager – Remote file upload vulneralbility:
  241.  
  242. inurl:ezfilemanager/ezfilemanager.php
  243.  
  244. 3.) robots.txt – See directories hidden from crawlers. Also sometimes you can pull off a directory transversal with this:
  245.  
  246. inurl:robots.txt
  247.  
  248. 4.) Serial Numbers – Look for software serial numbers
  249.  
  250. ”software name” 94FBR
  251.  
  252. H.) FIND FREE SWAG
  253.  
  254. 1.) site:*.com intitle:”Thank You For Your Order” intext:Click Here to Download
  255.  
  256. 2.) site:*.net intitle:”Thank You For Your Order” intext:Click Here to Download
  257.  
  258. 3.) site:*.co intitle:”Thank You For Your Order” intext:Click Here to Download
  259.  
  260. 4.) site:*.org intitle:”Thank You For Your Order” intext:Click Here to Download
  261.  
  262. 5.) site:*.biz intitle:”Thank You For Your Order” intext:Click Here to Download
  263.  
  264. 6.) site:*.tv intitle:”Thank You For Your Order” intext:Click Here to Download
  265.  
  266. 7.) site:*.co.uk intitle:”Thank You For Your Order” intext:Click Here to Download
  267.  
  268. 8.) site:*.org.uk intitle:”Thank You For Your Order” intext:Click Here to Download
  269.  
  270. 9.) site:*.eu intitle:”Thank You For Your Order” intext:Click Here to Download
  271.  
  272. 10.) intitle:Thank you for your purchase! intext:PLR OR MRR OR Package OR Bonus
  273.  
  274. 11.) intitle:Thank you for your order! intext:PLR OR MRR OR Package OR Bonus
  275.  
  276. 12.) intitle:Thank you for your order! intext:PLR OR MRR
  277.  
  278. 13.) intitle:Thank you for your Purchase! intext:PLR OR MRR
  279.  
  280. 14.) inurl:/thankyou*.html intitle:Thank you for your order!
  281.  
  282. 15.) intext:Click Here To Download
  283.  
  284. 16.) inurl:thanks intext:”Thank You For Your Order!” “Click Here” filetype:html
  285.  
  286. 17.) intitle:Thank You For Your Order! intext:Private Label
  287.  
  288. 18.) intitle:Thank You For Your Purchased! intext:Private Label
  289.  
  290. 19.) intext:”Thank You For Your Order” intext:PLR
  291.  
  292. 20.) intitle:”Thank You For Your Order!” intext:download
  293.  
  294. 21.) intitle:”Thank You For Your Order” intext:Click Here To Download Now
  295.  
  296. 22.) intitle:Thank you for your purchase! intext:Click Here to Download
  297.  
  298. 23.) * thank you for your order download
  299.  
  300. 24.) * intitle:Thank you for your Purchase! intext:PLR OR MRR OR Package OR Bonus
  301.  
  302. 25.) * intitle:Thank you for your order! intext:PLR OR MRR
  303.  
  304. 26.) * intitle:Thank You For Your Purchase! intext:Click Here to Download
  305.  
  306. 27.) * intitle:Thank You For Your Order! intext:download
  307.  
  308. 28.) inurl:index.of .mp3
  309.  
  310. 29.) inurl:index.of .mov
  311.  
  312. 30.) inurl:index.of .iso
  313.  
  314. 31.) ?intitle:index.of? mp3
  315.  
  316. 32.) ?intitle:index.of? mov
  317.  
  318. 33.) ?intitle:index.of? iso
  319.  
  320. 34.) inurl:”insert filetype”:iso+OR+exe+OR+zip+OR+rar+OR+gzip+OR+tar
  321.  
  322. 35.) intext:”parent directory” intext:”[EXE]“
  323.  
  324. 36.) intext:”parent directory” index of:”[EXE]“
  325.  
  326. 37.) intext:”parent directory” index of:”[RAR]“
  327.  
  328. 38.) intext:”parent directory” intext:”[VID]“
  329.  
  330. 39.) intext:”parent directory” index of:”[VID]“
  331.  
  332. 40.) intext:”parent directory” intext:”[MP3]“
  333.  
  334. 41.) intext:”parent directory” index of:”[MP3]“
  335.  
  336. 42.) intext:”parent directory” index of:”[Gamez]“
  337.  
  338. I.) WEBCAM GOOGLE DORKS
  339.  
  340. 1.) inurl:/view.index.shtml
  341.  
  342. 2.) inurl:/view.shtml
  343.  
  344. 3.) intitle:”Live View / – AXIS” | inurl:view/view.shtml^
  345.  
  346. 4.) inurl:ViewerFrame?Mode=
  347.  
  348. 5.) inurl:ViewerFrame?Mode=Refresh
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement