Google may be used to find some very interesting stuff online.
This Google Dork will find webcams online, just like the one above, although there are not as many as there used to be.
inurl /view.shtml |
This is an interesting one. I tried this out and found a SIEMENS ET 200SP.
inurl /portal/portal.mwsl |
Sometimes there can be files to download.
This is a sample of a CSV file that was on the device.
SeqNo,Date,ActEnergy,ReactEnergy,FPavg,wSpeedAvg,wDirAvg,TambAvg,tOn,tOFF,tAlarm 1,2021-01-03, 0, 0, -1, 0, 0, 0, 1249, 0, 79 2,2021-01-03, 9, 0, 10, 4, 0, 0, 0, 194, 13 3,2021-01-04, 133, 0, 10, 36, 0, 0, 1276, 722, 106 4,2021-01-05, 209, 0, -1, 79, 0, 0, 1259, 1341, 115 5,2021-01-06, 22, 0, 10, 86, 0, 0, 1249, 81, 37 6,2021-01-07, 318, 0, -1, 81, 0, 0, 0, 1419, 21 7,2021-01-08, 87, 0, 10, 82, 0, 0, 1249, 550, 34 8,2021-01-09, 80, 0, 10, 75, 0, 0, 1249, 284, 274 9,2021-01-10, 85, 0, 10, 54, 0, 0, 0, 1358, 82 10,2021-01-11, 10, 0, 10, 29, 0, 0, 1249, 95, 163 11,2021-01-12, 151, 0, 10, 53, 0, 0, 0, 1436, 4 12,2021-01-13, 236, 0, -1, 53, 0, 0, 0, 953, 487 13,2021-01-14, 449, 0, 64, 61, 0, 0, 0, 1436, 4 14,2021-01-15, 133, 0, 10, 48, 0, 0, 0, 1437, 3 15,2021-01-16, 19, 0, 10, 38, 0, 0, 0, 1418, 22 16,2021-01-17, 379, 0, 34, 56, 0, 0, 1249, 726, 33 17,2021-01-18, 56, 0, 10, 45, 0, 0, 0, 1440, 0 18,2021-01-19, 4, 0, 10, 44, 0, 0, 0, 1434, 6 |
Use this Google Dork to find /etc/passwd files online. This is fun.
Here is a sample file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | root:x:0:1:Super-User:/:/usr/local/bin/tcsh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: smtp:x:0:0:Mail Daemon User:/: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:Nobody:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x Nobody:/: ftp:x:65536:1:FTP User:/ftp:/ftp |
Another one.
1 2 3 4 5 6 | zkovacs:x:875:876::/home/medusoft/mail/medusoft.com.au/zkovacs:/home/medusoft marianna.fazekas:x:875:876::/home/medusoft/mail/medusoft.com.au/marianna.fazekas:/home/medusoft gd:x:875:876::/home/medusoft/mail/medusoft.com.au/gd:/home/medusoft spam:x:875:876::/home/medusoft/mail/medusoft.com.au/spam:/home/medusoft david.kovacs:x:875:876::/home/medusoft/mail/medusoft.com.au/david.kovacs:/home/medusoft viktoria.kovacs:x:875:876::/home/medusoft/mail/medusoft.com.au/viktoria.kovacs:/home/medusoft |
This simple Google Dork will find @pwcache directories on the Internet, this contains password file(s) of the users on the server.
index of @pwcache |
Below is an example file contained in a @pwcache folder.
passwd:$6$00AWCMcNvBBG3plB$DwyP/Viqoh9QKF8qg4nwh9Ysney44SRTvwWBjU7WLx62qcIS0DDiSe0WVuyZJC8jRWaKhIVGGhFxXbShRxnPx. quota:0 homedir:/home/ibomargk/mail/ibommedia.com/editor lastchanged:17864 |
Here is another one I found, this contains an admin password…
passwd:$6$68QDVpwD1nqr6Mo9$NoK7qwoOhIvIEwbfISRIrY0JCSDo1Xwlt2EU9Vne6RT1eqhxdE0ITuKZC1gvx6Af8Lto5d3ArqrdI9sPpiBZZ1 quota:0 homedir:/home/sites/9a/c/c0fcb6d0d1/mail/david-key.com/admin lastchanged:18165 |
I found some information about the @pwecache files here: https://forums.cpanel.net/threads/usign-shadow-passwd-files-versus-pwcache.407081/. Why have these files exposed on the Internet? Security has been forgotten about in this modern age, now everything is for the taking.
WordPress backups may also be found this way if the user zips up a folder to download it and does not delete the zipped file.
index of /wp-admin.zip |
You could get lucky and find passwords and database information. That would be very useful.