| No | Dork | Kategori | Deskripsi | ||
|---|---|---|---|---|---|
| 101 | intext:"M3R1C4 SHELL BACKDOOR" | Footholds | intext:"M3R1C4 SHELL BACKDOOR" foothold web shell ManhNho | ||
| 102 | intitle:"phpVirtualBox - VirtualBox Web Console" | Pages Containing Login Portals | # Exploit Title: Find phpVirtualBox login portail # Google Dork: intitle:"phpVirtualBox - VirtualBox Web Console" # Date: 10/09/2018 # Exploit Author: Hamoji # Vendor Homepage: https://github.com/phpvirtualbox/phpvirtualbox # Version: 4.3-3, 5.0-5 | ||
| 103 | intext:"PHP Version " ext:php intext:"disabled" intext:"Build Date" intext:"System" intext:"allow_url_fopen" | Files Containing Juicy Info | Exploit Title: Finds phpinfo() pages that are not tied to extensions or file types. Google Dork: intext:"PHP Version " ext:php intext:"disabled" intext:"Build Date" intext:"System" intext:"allow_url_fopen" Date: 9-1-2018 Exploit Author: hehnope | ||
| 104 | intext:"Build dashboard" intext:"Project" intext:"Plan" intext:"Build" | Various Online Devices | Detail: Can be used to find public facing build servers such as Bamboo Google Dork: intext:"Build dashboard" intext:"Project" intext:"Plan" intext:"Build" Date: 9-1-2018 Exploit Author: hehnope | ||
| 105 | "index of" "database.sql.zip" | Sensitive Directories | "index of" "database.sql.zip" This Google Dork discovers servers with open directories exposing database backup files. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609) | ||
| 106 | inurl:/wp-content/ai1wm-backups + wpress | Files Containing Juicy Info | inurl:/wp-content/ai1wm-backups + wpress | ||
| 107 | ext:ppk ssh key -github.com -gitlab | Files Containing Juicy Info | ext:ppk ssh key -github.com -gitlab file contain SSH key ManhNho | ||
| 108 | Ganglia Cluster Reports | Files Containing Juicy Info | These are server cluster reports, great for info gathering. Lesse, what were those server names again? | ||
| 109 | ICQ chat logs, please... | Files Containing Juicy Info | ICQ (http://www.icq.com) allows you to store the contents of your online chats into a file. These folks have their entire ICQ directories online. On purpose? | ||
| 110 | Apache online documentation | Web Server Detection | When you install the Apache web server, you get a nice set of online documentation. When you learn how to use Apache, your supposed to delete these online Apache manuals. These sites didn't. If they're in such a hurry with Apache installs, I wonder what else they rushed through? | ||
| 111 | Coldfusion Error Pages | Error Messages | These aren\'t too horribly bad, but there are SO MANY of them. These sites got googlebotted while the site was having "technical difficulties." The resulting cached error message gives lots of juicy tidbits about the target site. | ||
| 112 | Financial spreadsheets: finance.xls | Files Containing Juicy Info | Hey! I have a great idea! Let\'s put our finances on our website in a secret directory so we can get to it whenever we need to! | ||
| 113 | Financial spreadsheets: finances.xls | Files Containing Juicy Info | Hey! I have a great idea! Let\'s put our finances on our website in a secret directory so we can get to it whenever we need to! | ||
| 114 | sQL data dumps | Files Containing Juicy Info | SQL database dumps. LOTS of data in these. So much data, infact, I\'m pressed to think of what else an ev1l hax0r would like to know about a target database.. What\'s that? Usernames and passwords you say? Patience, grasshopper..... | ||
| 115 | bash_history files | Files Containing Usernames | |||
| 116 | sh_history files | Files Containing Usernames | |||
| 117 | mysql history files | Files Containing Passwords | |||
| 118 | mt-db-pass.cgi files | Files Containing Juicy Info | |||
| 119 | Windows 2000 Internet Services | Web Server Detection | |||
| 120 | IIS 4.0 | Web Server Detection | |||
| 121 | Look in my backup directories! Please? | Sensitive Directories | |||
| 122 | OpenBSD running Apache | Web Server Detection | |||
| 123 | intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak" | Files Containing Passwords | |||
| 124 | people.lst | Files Containing Passwords | |||
| 125 | passwd | Files Containing Passwords | |||
| 126 | master.passwd | Files Containing Passwords | |||
| 127 | pwd.db | Files Containing Passwords | |||
| 128 | htpasswd / htpasswd.bak | Files Containing Passwords | |||
| 129 | htpasswd / htgroup | Files Containing Passwords | |||
| 130 | spwd.db / passwd | Files Containing Passwords | |||
| 131 | passwd / etc (reliable) | Files Containing Passwords | |||
| 132 | AIM buddy lists | Files Containing Juicy Info | |||
| 133 | config.php | Files Containing Passwords | |||
| 134 | phpinfo() | Files Containing Juicy Info | |||
| 135 | MYSQL error message: supplied argument.... | Error Messages | |||
| 136 | The Master List | Vulnerable Files | |||
| 137 | robots.txt | Files Containing Juicy Info | |||
| 138 | passlist | Files Containing Passwords | |||
| 139 | secret | Sensitive Directories | |||
| 140 | private | Sensitive Directories | |||
| 141 | etc (index.of) | Files Containing Passwords | |||
| 142 | winnt | Sensitive Directories | |||
| 143 | secure | Sensitive Directories | |||
| 144 | protected | Sensitive Directories | |||
| 145 | index.of.password | Sensitive Directories | |||
| 146 | "This report was generated by WebLog" | Files Containing Juicy Info | |||
| 147 | "produced by getstats" | Files Containing Juicy Info | |||
| 148 | "generated by wwwstat" | Files Containing Juicy Info | |||
| 149 | haccess.ctl (one way) | Files Containing Juicy Info | |||
| 150 | haccess.ctl (VERY reliable) | Files Containing Juicy Info | |||