Newbie mohon ijin ngepost om.. :)
Sekilas info: Mengingat begitu banyaknya web sekarang mengalami serangan hacker yg mengklaim sebagai pentester. sedikit ada info dork bagi developer web agar lebih menjaga keamanannya. Berikut adalah daftar dork yang digunakan untuk medapatkan user password dimesin pencarian. Semoga bermanfaat.. :)
Method 1: WordPress!
This will look for WordPress backup files Which do contain the passwords, and all data for the site!
The Dork: filetype:sql inurl:wp-conten t/backup-*
Method 2: WWWBoard!
This will look for the user and passwords of WWWBoard users
The Dork: inurl:/ wwwboard/ passwd.txt
Method 3: FrontPage!
This will find all users and passwords, similar to above.
The Dork: ext:pwd inurl:(service | authors | administrators | users)"# -FrontPage-"
Method 4: Symfony
This finds database information and logins
The Dork: inurl:config/ databases.yml -trac -trunk -"Google Code"-source -repository
Method 5: TeamSpeak
This will search for the server.dbs file
(A Sqlite database file With the SuperAdmin username and password)
The Dork: server-dbs"intitle:index of"
Method 6: TeamSpeak 2
This will find the log file which has the Super Admin user and pass in the Top 100 lines. Look for"superadmin account info:"
The Dork: "inurl:Teamspea k2_RC2/ server.log"
Method 7: Get Admin pass
Simple dork which looks for all types of admin info
The Dork: "admin account info"filetype:log
Method 8: Private keys
This will find any .pem files which contain private keys.
The Dork: filetype:pem pem intext:private
And the Ultimate one, the regular directory full of passwords.
Method 9: The Dir of Passwords!
Simple one!
The Dork: intitle:"Index of..etc"passwd
No comments:
Post a Comment