Finding Remote Desktop connections online is very easy, this Google Dork will allow a user to search for RDP files on the Internet, this can yield a lot of useful information about a remote machine. Below is an example file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | screen mode id:i:2 desktopwidth:i:1440 desktopheight:i:900 session bpp:i:24 winposstr:s:0,1,0,0,800,572 compression:i:1 keyboardhook:i:2 displayconnectionbar:i:1 disable wallpaper:i:1 disable full window drag:i:0 allow desktop composition:i:1 allow font smoothing:i:0 disable menu anims:i:0 disable themes:i:0 disable cursor setting:i:0 bitmapcachepersistenable:i:1 full address:s: audiomode:i:0 redirectprinters:i:1 redirectcomports:i:0 redirectsmartcards:i:0 redirectclipboard:i:1 redirectposdevices:i:0 autoreconnection enabled:i:1 authentication level:i:0 prompt for credentials:i:0 negotiate security layer:i:1 remoteapplicationmode:i:0 alternate shell:s: shell working directory:s: gatewayhostname:s: gatewayusagemethod:i:4 gatewaycredentialssource:i:4 gatewayprofileusagemethod:i:0 promptcredentialonce:i:1 drivestoredirect:s:* username:s:demo use multimon:i:0 audiocapturemode:i:0 videoplaybackmode:i:1 connection type:i:7 networkautodetect:i:1 bandwidthautodetect:i:1 enableworkspacereconnect:i:0 gatewaybrokeringtype:i:0 use redirection server name:i:0 rdgiskdcproxy:i:0 kdcproxyname:s: |
This Google Dork will allow searching Google for any RDP files that could allow a remote connection.
filetype:rdp |
Another way to find usernames and passwords is via this Dork.
allintext:username filetype:log |
Find interesting files with this example.
1 | intitle index of /etc/passwd |
This will find /etc/passwd files online. This is very prevalent with the declining intelligence of humanity, security is forgotten. Below is an example /etc/passwd file from a web server.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | copias:x:32197:32198::/home/myspecia/mail/myspecialbook.com/copias:/usr/local/cpanel/bin/noshell ctc:x:32197:32198::/home/myspecia/mail/myspecialbook.com/ctc:/usr/local/cpanel/bin/noshell ig:x:32197:32198::/home/myspecia/mail/myspecialbook.com/ig:/usr/local/cpanel/bin/noshell images:x:32197:32198::/home/myspecia/mail/myspecialbook.com/images:/usr/local/cpanel/bin/noshell mm:x:32197:32198::/home/myspecia/mail/myspecialbook.com/mm:/usr/local/cpanel/bin/noshell tl:x:32197:32198::/home/myspecia/mail/myspecialbook.com/tl:/usr/local/cpanel/bin/noshell ez:x:32197:32198::/home/myspecia/mail/myspecialbook.com/ez:/usr/local/cpanel/bin/noshell jz:x:32197:32198::/home/myspecia/mail/myspecialbook.com/jz:/usr/local/cpanel/bin/noshell cr:x:32197:32198::/home/myspecia/mail/myspecialbook.com/cr:/usr/local/cpanel/bin/noshell vr:x:32197:32198::/home/myspecia/mail/myspecialbook.com/vr:/usr/local/cpanel/bin/noshell admin:x:32029:32031::/home/myspecia/mail/myspecialbook.com/admin:/usr/local/cpanel/bin/noshell edr:x:32029:32031::/home/myspecia/mail/myspecialbook.com/edr:/usr/local/cpanel/bin/noshell contact:x:32029:32031::/home/myspecia/mail/myspecialbook.com/contact:/usr/local/cpanel/bin/noshell design:x:32029:32031::/home/myspecia/mail/myspecialbook.com/design:/usr/local/cpanel/bin/noshell relay:x:32029:32031::/home/myspecia/mail/myspecialbook.com/relay:/usr/local/cpanel/bin/noshell marketing:x:32029:32031::/home/myspecia/mail/myspecialbook.com/marketing:/usr/local/cpanel/bin/noshell cchipont:x:32048:32050::/home/myspecia/mail/myspecialbook.com/cchipont:/usr/local/cpanel/bin/noshell ma:x:32048:32050::/home/myspecia/mail/myspecialbook.com/ma:/usr/local/cpanel/bin/noshell nu:x:32048:32050::/home/myspecia/mail/myspecialbook.com/nu:/usr/local/cpanel/bin/noshell unsuscribe:x:32048:32050::/home/myspecia/mail/myspecialbook.com/unsuscribe:/usr/local/cpanel/bin/noshell msbrelay:x:32048:32050::/home/myspecia/mail/myspecialbook.com/msbrelay:/usr/local/cpanel/bin/noshell cg:x:32048:32050::/home/myspecia/mail/myspecialbook.com/cg:/usr/local/cpanel/bin/noshell c.reitenbach:x:32048:32050::/home/myspecia/mail/myspecialbook.com/c.reitenbach:/usr/local/cpanel/bin/noshell adriennewhiteley:x:32048:32050::/home/myspecia/mail/myspecialbook.com/adriennewhiteley:/usr/local/cpanel/bin/noshell cumplelitolombardi:x:32048:32050::/home/myspecia/mail/myspecialbook.com/cumplelitolombardi:/usr/local/cpanel/bin/noshell sorpresaaw:x:32048:32050::/home/myspecia/mail/myspecialbook.com/sorpresaaw:/usr/local/cpanel/bin/noshell sorpresajmdagninopastore:x:32048:32050::/home/myspecia/mail/myspecialbook.com/sorpresajmdagninopastore:/usr/local/cpanel/bin/noshell victoriavannucci:x:32048:32050::/home/myspecia/mail/myspecialbook.com/victoriavannucci:/usr/local/cpanel/bin/noshell librorobertoengelmann:x:32048:32050::/home/myspecia/mail/myspecialbook.com/librorobertoengelmann:/usr/local/cpanel/bin/noshell librodemartin:x:32048:32050::/home/myspecia/mail/myspecialbook.com/librodemartin:/usr/local/cpanel/bin/noshell librodenora:x:32048:32050::/home/myspecia/mail/myspecialbook.com/librodenora:/usr/local/cpanel/bin/noshell s.douglass:x:32048:32050::/home/myspecia/mail/myspecialbook.com/s.douglass:/usr/local/cpanel/bin/noshell j.christian:x:32048:32050::/home/myspecia/mail/myspecialbook.com/j.christian:/usr/local/cpanel/bin/noshell ferd:x:32048:32050::/home/myspecia/mail/myspecialbook.com/ferd:/usr/local/cpanel/bin/noshell librodecarlos:x:32048:32050::/home/myspecia/mail/myspecialbook.com/librodecarlos:/usr/local/cpanel/bin/noshell loschicosdimare:x:32048:32050::/home/myspecia/mail/myspecialbook.com/loschicosdimare:/usr/local/cpanel/bin/noshell m.nunez.j:x:32048:32050::/home/myspecia/mail/myspecialbook.com/m.nunez.j:/usr/local/cpanel/bin/noshell mf.riveros.n:x:32048:32050::/home/myspecia/mail/myspecialbook.com/mf.riveros.n:/usr/local/cpanel/bin/noshell |
This is very interesting.
To find database backups online, use this Google Dork.
indexof /backup database |
Here is an example. This is a WordPress database dump.
-- phpMyAdmin SQL Dump -- version 4.8.3 -- https://www.phpmyadmin.net/ -- -- Host: localhost:3306 -- Generation Time: Oct 22, 2019 at 02:21 AM -- Server version: 10.2.25-MariaDB-log -- PHP Version: 7.2.7 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; SET AUTOCOMMIT = 0; START TRANSACTION; SET time_zone = "+00:00"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8mb4 */; -- -- Database: `myprod6_helly` -- -- -------------------------------------------------------- -- -- Table structure for table `w4z1tqi4_commentmeta` -- CREATE TABLE `w4z1tqi4_commentmeta` ( `meta_id` BIGINT(20) UNSIGNED NOT NULL, `comment_id` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0, `meta_key` VARCHAR(255) DEFAULT NULL, `meta_value` longtext DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8; -- -------------------------------------------------------- -- -- Table structure for table `w4z1tqi4_comments` -- CREATE TABLE `w4z1tqi4_comments` ( `comment_ID` BIGINT(20) UNSIGNED NOT NULL, `comment_post_ID` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0, `comment_author` tinytext NOT NULL, `comment_author_email` VARCHAR(100) NOT NULL DEFAULT '', `comment_author_url` VARCHAR(200) NOT NULL DEFAULT '', `comment_author_IP` VARCHAR(100) NOT NULL DEFAULT '', `comment_date` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `comment_date_gmt` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `comment_content` text NOT NULL, `comment_karma` INT(11) NOT NULL DEFAULT 0, `comment_approved` VARCHAR(20) NOT NULL DEFAULT '1', `comment_agent` VARCHAR(255) NOT NULL DEFAULT '', `comment_type` VARCHAR(20) NOT NULL DEFAULT '', `comment_parent` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0, `user_id` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0 ) ENGINE=MyISAM DEFAULT CHARSET=utf8; |