Inurl Write PHP IDX. Search for an exact phrase with double quotes

Google Search Engine (www.google.com) provides many search options. All these features are an invaluable search tool for the user for the first time in the Internet and at the same time even more powerful weapons of invasion and destruction in the hands of people with evil intentions, including not only hackers, but also non-computers and even terrorists.
(9475 views for 1 week)

Denis Bartankov
Denisnospamixi.ru.

Attention:This article is not a guide to action. This article is written for you, administrators of Web servers so that you have false feeling that you are safe, and you finally understood the cunningness of this method of obtaining information and took up the protection of your site.

Introduction

For example, in 0.14 seconds found 1670 pages!

2. We introduce another string, for example:

inurl: "auth_user_file.txt"

a little less, but this is already enough to free download and to select passwords (with the same John the Ripper). Below I will give a number of examples.

So, you need to realize that the Google search engine visited most of the Internet sites and kept the information in the cache contained on them. This cached information allows you to get information about the site and the content of the site without direct connection to the site, only digging in the information that is stored inside Google. Moreover, if the information on the site is no longer available, then the information in the cache may still be preserved. All you need for this method: know some key words Google. This technician is called Google Hacking.

For the first time, information about Google Hacking appeared on the newsletter BugTruck for another 3 years ago. In 2001, this topic was raised by one French student. Here is a link to this letter http://www.cotse.com/mailing-lists/bugtraq/2001/nov/0129.html. It contains the first examples of such requests:

1) index of / admin
2) INDEX OF / PASSWORD
3) index of / mail
4) Index of / + Banques + FileType: XLS (for France ...)
5) INDEX OF / + PASSWD
6) index of / password.txt

This topic was wondered in the English-reading part of the Internet recently: after Johnny Long article released on May 7, 2004. For a more complete study of Google Hacking, I advise you to enter the site of this author http://johnny.ihackstuff.com. In this article, I just want to enter you into the case.

Who can be used:
- Journalists, spies and all those people who love to poke the nose are not in their affairs, can use it to search for a compromising.
- Hackers looking for suitable goals for hacking.

How Google works.

To continue the conversation, I remind some of the keywords used in Google queries.

Search by sign +

Google excludes from the search for unimportants, in his opinion, words. For example question words, prepositions and articles in english language: For example, Are, of, Where. In Russian, Google seems to be important to be important. If the word is excluded from the search, then Google writes about it. So that Google began to search for pages with these words before them need to add a sign + without a space before the word. For example:

ACE + of Base

Search by sign -

If Google finds a large number of centers, from which it is necessary to eliminate pages with a certain subject, then you can force Google to look for only pages on which there are no specific words. To do this, you need to specify these words, putting before each sign - without a space before the word. For example:

Fishing - stock

Search by sign ~

It is possible that you want to find not only the specified word, but also its synonyms. To do this, let's specify the symbol ~.

Search for an exact phrase with double quotes

Google is looking for on every page all the entry of the words you wrote in the query row, and it does not matter the mutual position of the words, the main thing is that all the specified words are on the page at the same time (this is the default action). To find the exact phrase - it needs to be taken in quotes. For example:

"bookend"

To have at least one of these words, you need to specify the logical operation explicitly: OR. For example:

Book Security OR Protection

In addition, a sign can be used in the search bar * to designate any word and. To denote any symbol.

Search for words with additional operators

There are search operators that are specified in the search string in format:

operator: search_term

Naps next to the colon are not needed. If you insert a gap after the colon, you will see an error message, and in front of it, then Google will use them as a regular line to search.
There are groups of additional search operators: Languages \u200b\u200b- indicate what language you want to see the result, the date - limit results for the past three, six or 12 months, entering - indicate where the document you want to search for a line: everywhere, in the header, in the URL, domains - Search on the specified site or on the contrary to exclude it from the search, secure search - block sites containing the specified information type and delete them from the search results pages.
At the same time, some operators do not need an additional parameter, such as a request " cache: www.google.com."may be called as a full-fledged string to search, and some keywords, on the contrary, require the presence of a word to search, for example" site: www.google.com HELP"In the light of our subject we'll look at the following operators:

Operator	Description	Requires additional parameter?
	search only on the site specified in Search_Term
	search only in documents with SEARCH_TERM type
	find pages containing search_term in title
	find pages containing all words search_term in title
	find pages containing search_term word in your address
	find pages containing all SEARCH_TERM words in your address

Operator site: Limits only the search for the specified site, and you can specify not only the domain name, but also the IP address. For example, enter:

Operator fileType: Limits the search in the files of a certain type. For example:

At the date of release of the article Google can search within 13 different file formats:

• Adobe Portable Document Format (PDF)
• Adobe PostScript (PS)
• Lotus 1-2-3 (WK1, WK2, WK3, WK4, WK5, WKI, WKS, WKU)
• Lotus WordPro (LWP)
• MACWRITE (MW)
• Microsoft Excel. (XLS)
• Microsoft PowerPoint (PPT)
• Microsoft Word (DOC)
• Microsoft Works (WKS, WPS, WDB)
• Microsoft Write (WRI)
• Rich Text Format (RTF)
• SHOCKWAVE FLASH (SWF)
• Text (ANS, TXT)

Operator link: Shows all pages that indicate the specified page.
Probably always interesting to see how many places on the Internet know about you. We try:

Operator cache: Shows the version of the site in the Google Kesche, as she looked when Google last Once attended this page. We take any, often changing site and look:

Operator intitle: Looking for the specified word in the title page. Operator allintitle: It is an extension - it is looking for all the specified few words in the title page. Compare:

Intitle: Mars Flight
Intitle: Intitle Flight: At Intitle: Mars
Allintitle: Flight to Mars

Operator inurl:forces Google Show all pages containing the specified string in the URL. Operator Allinurl: Looking for all words in the URL. For example:

Allinurl: acid_stat_alerts.php

This team is especially useful for those who have no SNORT - at least be able to see how it works on the real system.

Hacking methods with Google

So, we found out that using a combination of the above operators and keywords, anyone can take a collection of the necessary information and search for vulnerabilities. These technical techniques are often called Google Hacking.

site `s map

You can use the Site statement: To view all the links that Google found on the site. Usually pages that are dynamically created by scripts using parameters are not indexed, so some sites use ISAPI filters so that the links are not in the form /Article.asp?num\u003d10&dst\u003d5, and with slashes / ARTICLE / ABC / NUM / 10 / DST / 5. This is done so that the site is generally indexed by search engines.

Let's try:

Site: www.whitehouse.gov WhiteHouse

Google thinks that every page of the site contains the word Whitehouse. This we use to get all the pages.
There is a simplified version:

Site: Whitehouse.gov.

And what is the most pleasant one - comrades with whiteHouse.gov did not even know that we looked at the structure of their site and even looked into the cached pages that Google downloaded themselves. It can be used to study the structure of sites and view the contents, remaining unnoticed to the time before time.

View file list in directories

Web servers can show the lists of the server directory instead of the usual HTML pages. This is usually done so that users choose and download certain files. However, in many cases, administrators have no purpose to show the contents of the directory. This arises as a result incorrect configuration Server or absence main page In the directory. As a result, the hacker appears a chance to find something interesting in the directory and take advantage of this for its purposes. To find all such pages, it is enough to notice that they all contain in their title words: index of. But since the words index of contain not only such pages, then you need to clarify the request and take into account keywords on the page itself, so we will suit the requests of the form:

intitle: index.of Parent Directory
Intitle: index.of Name Size

Since mainly the directory listings are deliberately, you may find it difficult to find mistakenly removed listings from the first time. But at least you can already use listings to determine web version Servers as described below.

Getting a version of the Web server.

Knowledge of the version of the Web server is always useful before any ataction of hacker. Again, thanks to Google, you can get this information without connecting to the server. If you carefully look at the listing of the directory, you can see that the server name is displayed there and its version.

Apache1.3.29 - Proxad Server AT TRF296.FREE.FR Port 80

An experienced administrator can replace this information, but, as a rule, it corresponds to the truth. So, to get this information just to send a request:

Intitle: index.of Server.at

To obtain information for a specific server, we specify the query:

Intitle: index.of Server.at Site: ibm.com

Or, on the contrary, we are looking for a server working on a specific server version:

Intitle: index.of Apache / 2.0.40 Server AT

This technique can be used by a hacker to find the victim. If he has, for example, there is an exploit for a specific version of the Web server, then it can find it and try the existing exploit.

You can also get a version of the server by viewing the pages that are installed by default when installing the latest version of the Web server. For example, to see the test page Apache 1.2.6 is enough to dial

Intitle: test.page.for.APACHE It.Worked!

Moreover, some operating systems when installing immediately put and run a Web server. At the same time, some users do not even suspect about it. Naturally, if you see that someone did not delete the default page, it is logical to assume that the computer did not undergo any configuration at all and probably vulnerable to attacks.

Try Find IIS 5.0 Pages

allintitle: Welcome to Windows 2000 Internet Services

In the case of IIS, you can define not only the version of the server, but also the version of Windows and Service Pack.

Another way to determine the version of the Web server is to search for manuals (tip pages) and examples that can be installed on the default website. Hackers found quite a lot of ways to use these components to get privileged access to the site. That is why you need to remove these components on the battle site. Not to mention the fact that by the presence of these components you can get information about the type of server and its version. For example, we will find a guide to Apache:

INURL: MANUAL APACHE DIRECTIVES MODULES

Use Google as CGI scanner.

CGI Scanner or Web Scanner - utility to search for vulnerable scripts and programs on the sacrifice server. These utilities should know what to seek, for this they have a whole list of vulnerable files, for example:

/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi.
/random_banner/index.cgi.
/cgi-bin/mailview.cgi.
/cgi-bin/maillist.cgi.
/cgi-bin/userreg.cgi.

/iissamples/issamples/sqlqhit.asp.
/SiteServer/Admin/findvServer.asp.
/sscripts/cphost.dll
/cgi-bin/finger.cgi.

We can find each of these files using Google using an additional file name in the search string of the word index of or inurl: We can find sites with vulnerable scripts, for example:

Allinurl: /random_banner/index.cgi.

Taking advantage of additional knowledge, the hacker can use the script vulnerability and with this vulnerability to force the script to output any file stored on the server. For example, the password file.

How to protect yourself from hacking through Google.

1. Do not post important data on the Web server.

Even if you posted the data temporarily, then you can forget about it or someone will have time to find and pick up this data while you do not erase them. Do not do so. There are many other ways to transfer data that protect them from theft.

2. Check your site.

Use the methods described to study your site. Check your site periodically with new methods that appear on the site http://johnny.ihackstuff.com. Remember that if you want to automate your actions, you need to get a special resolution from Google. If you carefully read http://www.google.com/terms_of_service.html. You will see the phrase: You may not send auto-coming queries of any sort to google "S System without Express Permission in Advance From Google.

3. You may not need Google to index your website or part of it.

Google allows you to delete a link to your site or part of its base, as well as delete the cache pages. In addition, you can prohibit image search on your site, it is described to shown short fragments of pages in the search results http://www.google.com/remove.html. . To do this, you must confirm that you really owner this site or insert the tags or

4. Use robots.txt

It is known that search engines look into the Robots.txt file lying in the root of the site and do not index those parts that are marked with a word Disallow.. You can take advantage of this in order for part of the site not indexed. For example, so that the entire site is not indexed, create a Robots.txt file containing two lines:

User-Agent: *
Disallow: /

What else happens

For life to you with honey, I will not seem to say, I will say that there are sites that follow the people who, using the above methods, are looking for holes in scripts and Web servers. An example of such a page is

Application.

A little sweet. Try something from the following list:

1. #mysql dump filetype: sql - search dump dumps mySQL data
2. Host Vulnerability Summary Report - will show you what vulnerabilities found other people
3. PHPMYADMIN RUNNING ON INURL: Main.php - It will make control through the PHPMYAdmin panel
4. NOT FOR DISTRIBUTION Confidential
5. Request Details Control Tree Server Variables
6. Running in Child Mode
7. This Report Was Generated by Weblog
8. INTITLE: index.of cgiirc.config
9. FileType: CONF INURL: Firewall -intitle: CVS - who can need a firewall configuration files? :)
10. Intitle: index.of Finances.xls - mda ....
11. INTITLE: INDEX OF DBCONVERT.EXE CHATS - Chat ICQ logs
12. INTEXT: Tobias Oetiker Traffic Analysis
13. Intitle: usage statistics for generated by Webalizer
14. Intitle: Statistics of Advanced Web Statistics
15. Intitle: index.of WS_FTP.INI - WS FTP config
16. INURL: IPSEC.SECRETS HOLDS SHARED SECRETS - Secret key - good find
17. Inurl: main.php Welcome to phpMyadmin
18. INURL: SERVER-INFO Apache Server Information
19. Site: Edu Admin Grades
20. ORA-00921: UNEXPECTED END OF SQL COMMAND - Get the way
21. Intitle: index.of trillian.ini
22. INTITLE: INDEX OF PWD.DB
23. INTITLE: index.of people.lst
24. Intitle: index.of master.passwd
25. INURL: PassList.txt
26. Intitle: index of .mysql_history
27. INTITLE: INDEX OF INTEXT: GLOBALS.INC
28. Intitle: index.of administrators.pwd
29. Intitle: index.of etc shadow
30. Intitle: index.of secring.pgp
31. INURL: config.php dbuname dbpass
32. Inurl: Perform FileType: Ini

"Hacking Mit Google"

Training Center "Informschita" http://www.itsecurity.ru - leading specialized center in the field of training information security (License of the Moscow Committee of Education No. 015470, State Accreditation No. 004251). The only authorized Training Center for Internet Security Systems and Clearswift in Russia and the CIS countries. Authorized Training Center Microsoft (Specialization Security). Training programs are agreed with the State Staff of Russia, FSB (FAPSI). Training certificates and state documents On advanced training.

SoftKey is a unique service for buyers, developers, dealers and affiliate partners. In addition, it is one of the best online stores in Russia, Ukraine, Kazakhstan, who offers buyers a wide range, many payment methods, operational (frequent instantaneous) order processing, tracking the process of execution of the order in a personal section, various discounts from the store and manufacturers BY.

What is Dorka and what is it from?
​

Dorka - Special request in the search engine for finding the desired information.

We will deal with what this Dorka is inurl: index .php? Catid \u003d Intitle: SHOP SITE: COM
Dorka sharing into several components:

Inurl:, Intitle: Shop, Site: COM - Parameters for search engine.
There are a lot of them enough, but I used these:

Spoiler

iNURL: INDEX.PHP? Catid \u003d - find sites where everything is contained after ":" in the link
(

).
Intitle: Shop - We will find sites where contains "Shop" inside TEGA TITLE ( ).
Intext: Shop - find sites where "Shop" is contained inside the page of the page.
Site: COM - find sites in the domain.com (list of domains -

You must be registered to see links.

A good feature - advanced search from Google, for those who are bad with understanding.

You must be registered to see links.

index - file name.
The name can be any. Usually, when developing sites, common names are used, which carry a logical value. Therefore, most sites can see the same file names.

PHP - file extension. A more complete list can be found here -

You must be registered to see links.

Spoiler: I used expansion data

HTML?
.php?
.asp?
.aspx?
.cfm
.htm?
.ihtml?
.mvc?
.shtml?
.xhtml?
.cgi
.jsp?
.php3?
.php4?
.php5?
.jspx?
.jsf?
.xml
.jhtml?
.phtm?
.phtml?
.mhtml?
.asmx?

catid \u003d - the name of the input parameter.

Create expensive.
​

Based on this, for yourself I see several options for the use of Dorok:

1. Search by parts Dorok
2. Search for Dorkov collected from different parts
3. Search for finished Vacation options (not the most the best way).

As I started.
Dorok I did not have completely, but were in the stock of the shops that I sparded with Google
I took the program

You must be registered to see links.

In general, it is designed to search for immunity on the site, including skull.
But I used it to compile a site map, thereby recognized parts of Dorok.

Suppose you have expensive / their components.
Parts of the Dougor I was collected manually, as was the full decky.
Also hand I found vulnerable sites through Google. Later I will explain why it's better to work with your hands than all sorts of SQLI Dumper-Ami and other parsers.

How I was looking for sites with the help of Dorok:

• Name + Extension (Inurl: Buying-Gift-Cards.aspx? Or Inurl: Buying-Gift-Cards).
• Extension + Parameter (Inurl: ASPX? MS_ID \u003d or INURL :? MS_ID \u003d)
• Name + search in