Great Google Queries (1)

Search those … and it will give you access to places where sysadmin doesn’t even suspect it. Or because the sysadmin is a dumb.

1. Systems Portals

2. Printers

In General

Ricoh Savins (Since these printer frequently store documents where to can be downloaded this can be a real killer for security)

HP Jetdirects (Varies greatly from model to model)

CUPS Connected Printers

3. Storage

QNAP

4. Web servers

  • “Apache/1.3.28 Server at” intitle:index.of
  • “Apache/2.0 Server at” intitle:index.of
  • “Apache/* Server at” intitle:index.of
  • “Microsoft-IIS/4.0 Server at” intitle:index.of
  • “Microsoft-IIS/5.0 Server at” intitle:index.of
  • “Microsoft-IIS/6.0 Server at” intitle:index.of
  • “Microsoft-IIS/* Server at” intitle:index.of
  • “Oracle HTTP Server/* Server at” intitle:index.of
  • “IBM _ HTTP _ Server/* * Server at” intitle:index.of
  • “Netscape/* Server at” intitle:index.of
  • “Red Hat Secure/*” intitle:index.of
  • “HP Apache-based Web Server/*” intitle:index.of

Queries for discovering standard post-installation

  • intitle:”Test Page for Apache Installation” “You are free”
  • intitle:”Test Page for Apache Installation” “It worked!” “this Web site!”
  • intitle:”Test Page for Apache Installation” “Seeing this instead”
  • intitle:”Test Page for the SSL/TLS-aware Apache Installation” “Hey, it worked!”
  • intitle:”Test Page for the Apache Web Server on Red Hat Linux”
  • intitle:”Test Page for the Apache Http Server on Fedora Core”
  • intitle:”Welcome to Your New Home Page!”
  • intitle:”Welcome to IIS 4.0!”
  • intitle:”Welcome to Windows 2000 Internet Services”
  • intitle:”Welcome to Windows XP Server Internet Services”

Some applications

  • “Generated by phpSystem”
  • “This summary was generated by wwwstat”
  • “These statistics were produced by getstats”
  • “This report was generated by WebLog”
  • intext:”Tobias Oetiker” “traffic analysis”
  • intitle:”Apache::Status” (inurl:server-status | inurl:status.html | inurl:apache.html)
  • intitle:”ASP Stats Generator *.*” “ASP Stats Generator” “2003-2004 weppos”
  • intitle:”Multimon UPS status page”
  • intitle:”statistics of” “advanced web statistics”
  • intitle:”System Statistics” +”System and Network Information Center”
  • intitle:”Usage Statistics for” “Generated by Webalizer”
  • intitle:”Web Server Statistics for ****”
  • nurl:”/axs/ax-admin.pl” -script
  • inurl:”/cricket/grapher.cgi”
  • inurl:server-info “Apache Server Information”
  • “Output produced by SysWatch *”

5. sql injection dorks

  • allinurl: \”index php go buy\”
  • allinurl: \”index.php?go=sell\”
  • allinurl: \”index php go linkdir\”
  • allinurl: \”index.php?go=resource_center\”
  • allinurl: \”resource_center.html\”
  • allinurl: \”index.php?go=properties\”
  • allinurl: \”index.php?go=register\”

6. admin page

  • admin1.php
  • admin1.html
  • admin2.php
  • admin2.html
  • yonetim.php
  • yonetim.html
  • yonetici.php
  • yonetici.html
  • adm/
  • admin/
  • admin/account.php
  • admin/account.html
  • admin/index.php
  • admin/index.html
  • admin/login.php
  • admin/login.html
  • admin/home.php
  • admin/controlpanel.html
  • admin/controlpanel.php
  • admin.php
  • admin.html
  • admin/cp.php
  • admin/cp.html
  • cp.php
  • cp.html
  • administrator/
  • administrator/index.html
  • administrator/index.php
  • administrator/login.html
  • administrator/login.php
  • administrator/account.html
  • administrator/account.php
  • administrator.php
  • administrator.html
  • login.html
  • modelsearch/login.php
  • moderator.php
  • moderator.html
  • moderator/login.php
  • moderator/login.html
  • moderator/admin.php
  • moderator/admin.html
  • moderator/
  • account.php
  • account.html
  • controlpanel/
  • controlpanel.php
  • controlpanel.html
  • admincontrol.php
  • admincontrol.html
  • adminpanel.php
  • adminpanel.html
  • admin1.asp
  • admin2.asp
  • yonetim.asp
  • yonetici.asp
  • admin/account.asp
  • admin/index.asp
  • admin/login.asp
  • admin/home.asp
  • admin/controlpanel.asp
  • admin.asp
  • admin/cp.asp
  • cp.asp
  • administrator/index.asp
  • administrator/login.asp
  • administrator/account.asp
  • administrator.asp
  • login.asp
  • modelsearch/login.asp
  • moderator.asp
  • moderator/login.asp
  • moderator/admin.asp
  • account.asp
  • controlpanel.asp
  • admincontrol.asp
  • adminpanel.asp
  • fileadmin/
  • fileadmin.php
  • fileadmin.asp
  • fileadmin.html
  • administration/
  • administration.php
  • administration.html
  • sysadmin.php
  • sysadmin.html
  • phpmyadmin/
  • myadmin/
  • sysadmin.asp
  • sysadmin/
  • ur-admin.asp
  • ur-admin.php
  • ur-admin.html
  • ur-admin/
  • Server.php
  • Server.html
  • Server.asp
  • Server/
  • wp-admin/
  • administr8.php
  • administr8.html
  • administr8/
  • administr8.asp
  • webadmin/
  • webadmin.php
  • webadmin.asp
  • webadmin.html
  • administratie/
  • admins/
  • admins.php
  • admins.asp
  • admins.html
  • administrivia/
  • Database_Administration/
  • WebAdmin/
  • useradmin/
  • sysadmins/
  • admin1/
  • system-administration/
  • administrators/
  • pgadmin/
  • directadmin/
  • staradmin/
  • ServerAdministrator/
  • SysAdmin/
  • administer/
  • LiveUser_Admin/
  • sys-admin/
  • typo3/
  • panel/
  • cpanel/
  • cPanel/
  • cpanel_file/
  • platz_login/
  • rcLogin/
  • blogindex/
  • formslogin/
  • autologin/
  • support_login/
  • meta_login/
  • manuallogin/
  • simpleLogin/
  • loginflat/
  • utility_login/
  • showlogin/
  • memlogin/
  • members/
  • login-redirect/
  • sub-login/
  • wp-login/
  • login1/
  • dir-login/
  • login_db/
  • xlogin/
  • smblogin/
  • customer_login/
  • UserLogin/
  • login-us/
  • acct_login/
  • admin_area/
  • bigadmin/
  • project-admins/
  • phppgadmin/
  • pureadmin/
  • sql-admin/
  • radmind/
  • openvpnadmin/
  • wizmysqladmin/
  • vadmind/
  • ezsqliteadmin/
  • hpwebjetadmin/
  • newsadmin/
  • adminpro/
  • Lotus_Domino_Admin/
  • bbadmin/
  • vmailadmin/
  • Indy_admin/
  • ccp14admin/
  • irc-macadmin/
  • banneradmin/
  • sshadmin/
  • phpldapadmin/
  • macadmin/
  • administratoraccounts/
  • admin4_account/
  • admin4_colon/
  • radmind-1/
  • Super-Admin/
  • AdminTools/
  • cmsadmin/
  • SysAdmin2/
  • globes_admin/
  • cadmins/
  • phpSQLiteAdmin/
  • navSiteAdmin/
  • server_admin_small/
  • logo_sysadmin/
  • server/
  • database_administration/
  • power_user/
  • system_administration/
  • ss_vms_admin_sm/

Be the first to comment

Leave a Reply

Your email address will not be published.


*


*