How to find a goldmine of stuff on the web with Google
This will find unprotected WAMP servers on the Internet.
intitle:"VertrigoServ" + "Welcome to VertrigoServ" |
Some sites like this have not secured the database management interface. This means they are insecure. And if the web SQL management interface is not secure, then a use visiting could run this SQL query and alert the administrator, if there is one at all. VertrigoServ WAMP Server will alert the visitor if the default MySQL password is still there, that would be very useful to a determined person…. There are so many abandoned websites and frameworks all over the web, I am surprised no one has put them to work for themselves yet. It is only a matter of time though.
CREATE TABLE 'joe' ( '[Secure your site please.]' TEXT ( 96 ) ) ; |
Many VertrigoServ WAMP Server installations that are unsecured allow the visitor to view the phpinfo() page. That provides a wealth of information about the PHP install, and the server operating system.
Find WATT Router instances.
intext:"default values: admin/1234" |
A user can find all sorts of things with this search. I happened across a heating/cooling control system for a HVAC installation.
This Google Dork will find all JBOSS web consoles.
intext:build:SVNTag= JBoss intitle:Administration Console inurl:web-console |
Look for all Munin Apache monitoring instances on the Internet. No authentication required.
intitle:Munin :: overview |
Find online UPS devices. This gives information on the status of the device.
inurl:upsstats.cgi?host |
This Google Dork will find all IOMEGA storage devices connected to the Internet. They should be read-write too…
allinurl:foldercontent.html?folder= |
A way to find all DD-WRT enabled routers is with this Google Dork.
intitle:"dd-wrt info" intext:"Firmware: DD-WRT" |
Most might have changed the default username and password, but you might get lucky!
This dork will locate Unsecured PHP APC Installations.
'apc info' 'apc.php?SCOPE=' |
Locate all instances of the SyncThru Web Service embedded web server, this is used in printers connected to a LAN or WAN.
allintitle:"SyncThru Web Service" |
This is a great way to find all online printers that can be accessed from the Internet. But a username and password would be required to upload a document to print. But not always.
Another useful thing to try is to look for MySQL database backups. Many stupid users put their database on the Internet in a backup file that anyone can download.
intitle:index of /.sql.gz intext:/backup/ |
If it is a WordPress page, then the password would look like this.
$P$BkwnfeqkBuRuP0t9WsoPkV9bN94Uf3/ |
But that can be cracked with Linux tools.
There are heaps of WordPress database dumps out there, the passwords can be cracked and then the site could be accessed, if it uses the same passwords still. Many users are dumb and do not change passwords that often.
A lucky find might be a backup of an entire website, this would have a lot of files in it.
I found one that is from a defunct website, that had this in it amongst others.
4.4 Thu Nov 15 jason@Yog-Sothoth 0: $ cat proftpdpasswd leandro:$1$UDNpJn6I$6q.cQA/PDe1KTPHN.bawB/:502:513:abpfcom:/home/abpfcom/public_html:/bin/ftpsh abpfcom:$1$hsN4QuxS$tgva/ayF.dO8ZCiRD8sI91:502:513::/home/abpfcom:/bin/ftpsh abpfcom_logs:$1$hsN4QuxS$tgva/ayF.dO8ZCiRD8sI91:502:513:abpfcom:/usr/local/apache/domlogs/abpfcom:/bin/ftpsh |
So many sites out there have the same setup, they have a website running, but they also have a backup stored on the same website. Why even bother? Why store the site backup on a publicly accessible folder on your website? The passwords are in the sql files and they are easily cracked with the right wordlists and software.