Google Search: Intitle:Admin Intitle:Login >> Admin Login pages. Now, the existance of this page does not necessarily mean a server is vulnerable, but it sure is handy to let Google do the discovering for you, no? Let's face it, if you're trying to hack into a web server, this is one of the more obvious places to poke.
Google Search: +htpasswd +WS_FTP.LOG Filetype:Log >> WS_FTP.LOG can be used in many ways to find more information about a server. This query is very flexible, just substitute "+htpasswd" for "+FILENAME" and you may get several hits that you hadn't seen with the 'normal' search. Filenames suggested by the forum to explore are: phpinfo, admin, MySQL, password, htdocs, root, Cisco, Oracle, IIS, resume, inc, sql, users, mdb, frontpage, CMS, backend, https, editor, intranet . The list goes on and on.. A different approach might be "allinurl: "some.host.com" WS_FTP.LOG filetype:log" which tells you more about who's uploading files to a specific site.
Google Search: "Powered by PHPFM" filetype:php -Username >> PHPFM is an open source file manager written in PHP. It is easy to set up for a beginner, but still easy to customize for the more experienced user. The built-in login system makes sure that only people with the right username and password gains access to PHPFM, however, you can also choose to disable the login system and use PHPFM for public access. It can currently: create, rename and delete folders; create, upload, rename, download and delete files; edit text files; view image files; sort files by name, size, permissions and last modification date both ascending and descending; communicate in more languages. This search finds those "public" versions of PHPFM. An attacker can use them to manage his own files (phpshell anyone ?).
Google Search: intitle:"PHP Shell *" "Enable stderr" filetype:php >> PHP Shell is a shell wrapped in a PHP script. It's a tool you can use to execute arbiritary shell-commands or browse the filesystem on your remote Web server. This replaces, to a degree, a normal telnet-connection. You can use it for administration and maintenance of your Web site using commands like ps, free, du, df, and more. If these shells aren't protected by some form of authentication, an attacker will basicly *own* the server. This search finds such unprotected phpshells by looking for the keyword "enable stderr".
Google Search: PHPKonsole PHPShell filetype:php -Echo >> PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver. When you run commands they will run as the webservers UserID. This should work perfectly for managing files, like moving, copying etc. If you're using a linux server, system commands such as ls, mv and cp will be available for you.Google Search: "Please re-enter your password It must match exactly"
Invision Powerboard registration pages. wink.gif >> Google Search: "index of /" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl )
Searches for scripts that let you upload files which you can then execute on the server.
Previous
Home
0 comments:
Post a Comment