c0ld
Members-
Posts
35 -
Joined
-
Last visited
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
c0ld's Achievements
Newbie (1/14)
10
Reputation
-
Cineva sa dea close la thread.Site-ul trebuie sa ramana secret intr-adevar.
-
Se scrie "Bate-ti" . Site-ul nu este fake. Si la ce alte forumuri te referi ? Decat pe rst am postat.
-
Nu, nu stiu adresa site-ului.Adresa o stiu doar membrii. Si crezi ca ar face vreo diferenta daca as sti sau nu adresa ? Mi s-a parut destul de interesanta competitia, sa aflii adresa unui site bazandu-te pe cateva screenshot-uri. Tradu-mi, te rog.
-
Iti dai seama ca au de castigat.Nu vezi cat de faimos este ? Cu cat mai ascuns, cu atat mai dorit de useri. The latest screenshot : http://i44.tinypic.com/2e5vbb7.png
-
Este vorba de faimosul ubersecret tracker, PEG. Sunt mai multe informatii aici : http://scenenotice.org/details.php?id=623 Cateva screenshot-uri : http://i41.tinypic.com/sdfinb.png http://i42.tinypic.com/nuh09.png http://i43.tinypic.com/6sdooi.png Provocarea este sa aflati linkul de la acest tracker sau poate il stiti deja.Bafta !
-
si o invitatie pe scenetorrents.org ar fi binevenita . Cine are pe scenetorrents.org sau pe torrentleech sa imi dea PM-e destul de urgent.
-
ofer un cont pe czone sau bittorrents sau torrentbits
-
as avea si eu nevoie de o invitatie pe torrentleech.org sau un cont. As fi recunoscator si poate va pot oferi si eu ceva la schimb: o invitatie pe filelist.ro, cont pe demonoid.com ?
-
omg i'm gonna kill myself . Salvia divinorum nu exista in Romania.Pur si simplu nu exista, nu creste, nu e pe niciun camp sau gradina.Creste tocmai la mama dracu' in Mexic.E ca si cum ati zice ca a fuma canepa e acelasi lucru cu a fuma marijuana. Daca intr'adevar sunteti interesati sa fumati salvia divinorum procurati'o de pe net, site'urile mentionate sunt de incredere si nu trag tepe si mai ales, au marfa de calitate. Terminati cu tampeniile astea cu campul ca e cu totul altceva. Pe camp sau nush unde se gaseste daca nu ma insel salvia officinalis.Chiar daca e tot salvie NU SECRETA Salvinorin A si Salvinorin B, substante halucinogene, asa ca nu e posibil sa aiba efect orice salcie care creste pe la noi.
-
omg )) ba nu pricepeti ca salvia din gradina sau de pe camp nu are nici cel mai mic efect O.o
-
cumpara'ti de pe net. cu salivia aia de pe camp nu faci absolut nimic, nu produce salvinorin A. Avand in vedere pe ce forum postam si ce cunostinte avem, nu cred ca e greu un search pe google ca sa gasesti un vanzator sau un magazin online(este scumpa apropo, dar se merita fiecare ban).Bafta
-
some google dorks here : http://retrogod.altervista.org/GHDB.TXT am incercat sa le copiez aici, dar sunt prea multe si apropo pt kwerln:
-
### GHDB.TXT ### 22/06/2006 [[start][1] [[title]Squid cache server reports[[title]] [[descr]These are squid server cache reports. Fairly benign, really except when you consider using them for evil purposes. For example, an institution stands up a proxy server for their internal users to get to the outside world. Then, the internal user surf all over to their hearts content (including intranet pages cuz well, the admins are stupid) Voila, intranet links show up in the external cache report. Want to make matters worse for yourself as an admin? OK, configure your external proxy server as a trusted internal host. Load up your web browser, set your proxy as their proxy and surf your way into their intranet. Not that I've noticed any examples of this in this google list. *COUGH* *COUGH* *COUGH* unresolved DNS lookups give clues *COUGH* *COUGH* ('scuse me. must be a furball) OK, lets say BEST CASE scenario. Let's say there's not security problems revealed in these logs. Best case scenario is that outsiders can see what your company/agency/workers are surfing. [descr]] [http://www.google.com/search?q=%22cacheserverreport+for%22+%22This+analysis+was+produced+by+calamaris%22] [[dork]"cacheserverreport for" "This analysis was produced by calamaris"[dork]] [end][1]] [[start][2] [[title]Ganglia Cluster Reports[[title]] [[descr]These are server cluster reports, great for info gathering. Lesse, what were those server names again?[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Ganglia%22+%22Cluster+Report+for%22] [[dork]intitle:"Ganglia" "Cluster Report for"[dork]] [end][2]] [[start][3] [[title]ICQ chat logs, please...[[title]] [[descr]ICQ (http://www.icq.com) allows you to store the contents of your online chats into a file. These folks have their entire ICQ directories online. On purpose?[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+dbconvert%2Eexe+chats] [[dork]intitle:"Index of" dbconvert.exe chats[dork]] [end][3]] [[start][4] [[title]Apache online documentation[[title]] [[descr]When you install the Apache web server, you get a nice set of online documentation. When you learn how to use Apache, your supposed to delete these online Apache manuals. These sites didn't. If they're in such a hurry with Apache installs, I wonder what else they rushed through?[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Apache+HTTP+Server%22+intitle%3A%22documentation%22] [[dork]intitle:"Apache HTTP Server" intitle:"documentation"[dork]] [end][4]] [[start][5] [[title]Coldfusion Error Pages[[title]] [[descr]These aren't too horribly bad, but there are SO MANY of them. These sites got googlebotted while the site was having "technical difficulties." The resulting cached error message gives lots of juicy tidbits about the target site.[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Error+Diagnostic+Information%22+intitle%3A%22Error+Occurred+While%22+] [[dork]"Error Diagnostic Information" intitle:"Error Occurred While" [dork]] [end][5]] [[start][6] [[title]Financial spreadsheets: finance.xls[[title]] [[descr]"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!"descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+finance.xls] [[dork]intitle:"Index of" finance.xls[dork]] [end][6]] [[start][7] [[title]Financial spreadsheets: finances.xls[[title]] [[descr]"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!"descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+finances.xls] [[dork]intitle:"Index of" finances.xls[dork]] [end][7]] [[start][8] [[title]SQL data dumps[[title]] [[descr]SQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a target database.. What's that? Usernames and passwords you say? Patience, grasshopper.....[descr]] [http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23+Dumping+data+for+table%22] [[dork]"# Dumping data for table"[dork]] [end][8]] [[start][9] [[title]bash_history files[[title]] [[descr]Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations...[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+%2Ebash%5Fhistory] [[dork]intitle:"Index of" .bash_history[dork]] [end][9]] [[start][10] [[title]sh_history files[[title]] [[descr]Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations...[descr]] [http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+.sh_history] [[dork]intitle:"Index of" .sh_history[dork]] [end][10]] [[start][11] [[title]mysql history files[[title]] [[descr]The .mysql_history file contains commands that were performed against a mysql database. A "history" of said commands. First, you shouldn't show this file to anyone, especially not a MAJOR SEARCH ENGINE! Secondly, I sure hope you wouldn't type anything sensitive while interacting with your databases, like oh say USERNAMES AND PASSWORDS...[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+%2Emysql%5Fhistory] [[dork]intitle:"Index of" .mysql_history[dork]] [end][11]] [[start][12] [[title]mt-db-pass.cgi files[[title]] [[descr]These folks had the technical prowess to unpack the movable type files, but couldn't manage to set up their web servers properly. Check the mt.cfg files for interesting stuffs...[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+mt%2Ddb%2Dpass%2Ecgi] [[dork]intitle:"Index of" mt-db-pass.cgi[dork]] [end][12]] [[start][13] [[title]Windows 2000 Internet Services[[title]] [[descr]At first glance, this search reveals even more examples of operating system users enabling the operating system default web server software. This is generally accepted to be a Bad Idea as mentioned in the previous example. However, the googleDork index on this particular category gets quite a boost from the fact that this particular screen should NEVER be seen by the general public. To quote the default index screen: "Any users attempting to connect to this site are currently receiving an 'Under Construction page'" THIS is not the 'Under Construction page.' I was only able to generate this screen while sitting at the console of the server. The fact that this screen is revealed to the general public may indicate a misconfiguration of a much more insidious nature...[descr]] [http://www.google.com/search?q=intitle:%22Welcome+to+Windows+2000+Internet+Services%22&num=100&hl=en&lr=&ie=UTF-8&filter=0] [[dork]intitle:"Welcome to Windows 2000 Internet Services"[dork]] [end][13]] [[start][14] [[title]IIS 4.0[[title]] [[descr]Moving from personal, lightweight web servers into more production-ready software, we find that even administrators of Microsoft's Internet Information Server (IIS) sometimes don't have a clue what they're doing. By searching on web pages with titles of "Welcome to IIS 4.0" we find that even if they've taken the time to change their main page, some dorks forget to change the titles of their default-installed web pages. This is an indicator that their web server is most likely running, or was upgraded from, the now considered OLD IIS 4.0 and that at least portions of their main pages are still exactly the same as they were out of the box. Conclusion? The rest of the factory-installed stuff is most likely lingering around on these servers as well. Old code: FREE with operating system. Poor content management: an average of $40/hour. Factory-installed default scripts: FREE with operating system. Getting hacked by a script kiddie that found you on Google: PRICELESS. For all the things money can't buy, there's a googleDork award.[descr]] [http://www.google.com/search?q=intitle:%22Welcome+to+IIS+4.0%22&num=100&hl=en&lr=&ie=UTF-8&filter=0] [[dork]intitle:"Welcome to IIS 4.0"[dork]] [end][14]] [[start][15] [[title]Look in my backup directories! Please?[[title]] [[descr]Backup directories are often very interesting places to explore. More than one server has been compromised by a hacker's discovery of sensitive information contained in backup files or directories. Some of the sites in this search meant to reveal the contents of their backup directories, others did not. Think about it. What.s in YOUR backup directories? Would you care to share the contents with the whole of the online world? Probably not. Whether intentional or not, bsp.gsa.gov reveals backup directory through Google. Is this simply yet another misconfigured .gov site? You decide. BSP stands for "best security practices," winning this site the Top GoogleDork award for this category.[descr]] [http://www.google.com/search?q=%22Index+of+/backup%22&num=100&hl=en&lr=&ie=UTF-8&filter=0] [[dork]"Index of /backup"[dork]] [end][15]] [[start][16] [[title]OpenBSD running Apache[[title]] [[descr]I like the OpenBSD operating system. I really do. And I like the Apache web server software. Honestly. I admire the mettle of administrators who take the time to run quality, secure software. The problem is that you never know when security problems will pop up. A BIG security problem popped up within the OpenBSD/Apache combo. Now, every administrator that advertised this particular combo with cute little banners has a problem. Hackers can find them with Google. I go easy on these folks since the odds are they.ve patched their sites already. Then again, they may just show up on zone-h..[descr]] [http://www.google.com/search?sourceid=navclient&q=%22powered+by+openbsd%22+%2B%22powered+by+apache%22] [[dork]"powered by openbsd" +"powered by apache"[dork]] [end][16]] [[start][17] [[title]intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"[title]] [[descr]PGP is a great encryption technology. It keeps secrets safe. Everyone from drug lords to the head of the DEA can download PGP to encrypt their sensitive documents. Everyone, that is except googleDorks. GoogleDorks, it seems, don't understand that anyone in possession of your private keyring (secring) can get to your secret stuff. It should noever be given out, and should certainly not be posted on the Internet. The highest ranking is awarded for this surprising level of ineptitude.[descr]] [http://www.google.com/search?q=intitle:index.of+intext:%22secring.skr%22%7C%22secring.pgp%22%7C%22secring.bak%22] [[dork]intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"[dork]] [end][17]] [[start][20] [[title]master.passwd[[title]] [[descr]There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The hits in this search show "master.passwd" files which contain encrypted passwords which may look like this: "guest MMCHhvZ6ODgFo" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show! For master.passwd, be sure to check other files in the same directory...[descr]] [http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+master%2Epasswd] [[dork]intitle:"Index of" master.passwd[dork]] [end][20]] [[start][21] [[title]pwd.db[[title]] [[descr]There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The his in this search show "pwd.db" files which contain encrypted passwords which may look like this: "guest MMCHhvZ6ODgFo" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show![descr]] [http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+pwd%2Edb] [[dork]intitle:"Index of" pwd.db[dork]] [end][21]] [[start][22] [[title]htpasswd / htpasswd.bak[[title]] [[descr]There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show![descr]] [http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of%22+%22.htpasswd%22+htpasswd.bak] [[dork]intitle:"Index of" ".htpasswd" htpasswd.bak[dork]] [end][22]] [[start][23] [[title]htpasswd / htgroup[[title]] [[descr]There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show! You'll need to sift through these results a bit...[descr]] [http://www.google.com/search?q=intitle:%22Index+of%22+%22.htpasswd%22+%22htgroup%22++-intitle:%22dist%22+-apache+-htpasswd.c&hl=en&lr=&ie=UTF-8&safe=off&start=10&sa=N] [[dork]intitle:"Index of" ".htpasswd" "htgroup" -intitle:"dist" -apache -htpasswd.c[dork]] [end][23]] [[start][24] [[title]spwd.db / passwd[[title]] [[descr]There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show![descr]] [http://www.google.com/search?q=intitle:%22Index+of%22+spwd.db+passwd+-pam.conf&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=10&sa=N] [[dork]intitle:"Index of" spwd.db passwd -pam.conf[dork]] [end][24]] [[start][25] [[title]passwd / etc (reliable)[[title]] [[descr]There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show![descr]] [http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of..etc%22+passwd] [[dork]intitle:"Index of..etc" passwd[dork]] [end][25]] [[start][26] [[title]AIM buddy lists[[title]] [[descr]These searches bring up common names for AOL Instant Messenger "buddylists". These lists contain screen names of your "online buddies" in Instant Messenger. Not that's not too terribly exciting or stupid unless you want to mess with someone's mind, and besides, some people make these public on purpose. The thing that's interesting are the files that get stored ALONG WITH buddylists. Often this stuff includes downloaded pictures, resumes, all sorts of things. This is really for the peepers out there, and it' possible to spend countless hours rifling through people's personal crap. A few methods: 1. buddylist.blt 2. buddy.blt 3. buddies.blt[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=buddylist%2Eblt] [[dork]buddylist.blt[dork]] [end][26]] [[start][27] [[title]config.php[[title]] [[descr]This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. Way to go, googleDorks!![descr]] [http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+config%2Ephp] [[dork]intitle:"Index of" config.php[dork]] [end][27]] [[start][28] [[title]phpinfo()[[title]] [[descr]this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apache env vars, *sigh* the list goes on and on! Thanks "joe!" =)[descr]] [http://www.google.com/search?hl=en&lr=&c2coff=1&q=intitle%3Aphpinfo+%22PHP+Version%22&btnG=Search] [[dork]intitle:phpinfo "PHP Version"[dork]] [end][28]] [[start][29] [[title]MYSQL error message: supplied argument....[[title]] [[descr]One of many potential error messages that spew interesting information. The results of this message give you real path names inside the webserver as well as more php scripts for potential "crawling" activities.[descr]] [http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=%22supplied+argument+is+not+a+valid+MySQL+result+resource%22] [[dork]"supplied argument is not a valid MySQL result resource"[dork]] [end][29]] [[start][30] [[title]The Master List[[title]] [[descr]CLick on any of the following links to show google's list! _vti_inf.html (694 hits) service.pwd (11,800 hits) users.pwd (23 hits) authors.pwd (22 hits) administrators.pwd (22 hits) shtml.dll (780 hits) shtml.exe (761 hits) fpcount.exe (1,370 hits) default.asp (2,170 hits) showcode.asp (4 hits) sendmail.cfm (5 hits) getFile.cfm (7 hits) imagemap.exe (510 hits) test.bat (353 hits) msadcs.dll (8 hits) htimage.exe (513 hits) counter.exe (164 hits) browser.inc (11 hits) hello.bat (18 hits) default.asp\\ (2,170 hits) dvwssr.dll (571 hits) dvwssr.dll (571 hits) dvwssr.dll (571 hits) cart32.exe (9 hits) add.exe (38 hits) index.JSP (998 hits) index.jsp (998 hits) SessionServlet (46 hits) shtml.dll (780 hits) index.cfm (473 hits) page.cfm (5 hits) shtml.exe (761 hits) web_store.cgi (16 hits) shop.cgi (63 hits) upload.asp (27 hits) default.asp (2,170 hits) pbserver.dll (6 hits) phf (370 hits) test-cgi (1,560 hits) finger (23,900 hits) Count.cgi (8,710 hits) jj (5,600 hits) php.cgi (170 hits) php (48,000 hits) nph-test-cgi (132 hits) handler (9,220 hits) webdist.cgi (35 hits) webgais (37 hits) websendmail (12 hits) faxsurvey (27 hits) htmlscript (50 hits) perl.exe (340 hits) wwwboard.pl (455 hits) www-sql (26,500 hits) view-source (641 hits) campas (94 hits) aglimpse (12 hits) glimpse (4,530 hits) man.sh (127 hits) AT-admin.cgi (789 hits) AT-generate.cgi (14 hits) filemail.pl (5 hits) maillist.pl (16 hits) info2www (737 hits) files.pl (267 hits) bnbform.cgi (91 hits) survey.cgi (93 hits) classifieds.cgi (25 hits) wrap (14,000 hits) cgiwrap (1,270 hits) edit.pl (114 hits) perl (80,700 hits) names.nsf (12 hits) webgais (37 hits) dumpenv.pl (7 hits) test.cgi (1,560 hits) submit.cgi (79 hits) submit.cgi (79 hits) guestbook.cgi (528 hits) guestbook.pl (451 hits) cachemgr.cgi (25 hits) responder.cgi (4 hits) perlshop.cgi (30 hits) query (15,500 hits) w3-msql (877 hits) plusmail (12 hits) htsearch (177 hits) infosrch.cgi (19 hits) publisher (2,610 hits) ultraboard.cgi (24 hits) db.cgi (96 hits) formmail.cgi (420 hits) allmanage.pl (5 hits) ssi (9,550 hits) adpassword.txt (39 hits) redirect.cgi (60 hits) f (124,000 hits) cvsweb.cgi (78 hits) login.jsp (241 hits) login.jsp (241 hits) dbconnect.inc (18 hits) admin (57,000 hits) htgrep (30 hits) wais.pl (133 hits) amadmin.pl (14 hits) subscribe.pl (65 hits) news.cgi (387 hits) auctionweaver.pl (2 hits) .htpasswd (2,390 hits) acid_main.php (3 hits) access_log (1,250 hits) access-log (618 hits) access.log (618 hits) log.htm (386 hits) log.html (1,310 hits) log.txt (987 hits) logfile (23,200 hits) logfile.htm (76 hits) logfile.html (671 hits) logfile.txt (701 hits) logger.html (37 hits) stat.htm (398 hits) stats.htm (687 hits) stats.html (1,840 hits) stats.txt (342 hits) webaccess.htm (11 hits) wwwstats.html (80 hits) source.asp (11 hits) perl (80,700 hits) mailto.cgi (46 hits) YaBB.pl (35 hits) mailform.pl (670 hits) cached_feed.cgi (6 hits) cr (27,500 hits) global.cgi (14 hits) Search.pl (548 hits) build.cgi (74 hits) common.php (184 hits) common.php (184 hits) show (33,500 hits) global.inc (114 hits) ad.cgi (21 hits) WSFTP.LOG (11 hits) index.html~ (81,100 hits) index.php~ (6,740 hits) index.html.bak (690 hits) index.php.bak (69 hits) print.cgi (61 hits) register.cgi (172 hits) webdriver (35 hits) bbs_forum.cgi (45 hits) mysql.class (21 hits) sendmail.inc (97 hits) CrazyWWWBoard.cgi (68 hits) search.pl (548 hits) way-board.cgi (44 hits) webpage.cgi (89 hits) pwd.dat (22 hits) adcycle (12 hits) post-query (240 hits) help.cgi (69 hits) [descr]] [http://www.google.com/search?q=intitle%3A%22Index+of%22+_vti_inf.html" target="_blank">_vti_inf.html (694 hits)</A> <A HREF="] [[dork]intitle:"Index of" _vti_inf.html" target="_blank">_vti_inf.html (694 hits)</A> <A HREF="[dork]] [end][30]] [[start][31] [[title]robots.txt[[title]] [[descr]The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff. However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server![descr]] [http://www.google.com/search?q=intitle:Index.of+robots.txt&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=10&sa=N] [[dork]intitle:Index.of robots.txt[dork]] [end][31]] [[start][32] [[title]passlist[[title]] [[descr]I'm not sure what uses this, but the passlist and passlist.txt files contain passwords in CLEARTEXT! That's right, no decoding/decrypting/encrypting required. How easy is this? *sigh* Supreme googledorkage[descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3Aindex.of+passlist] [[dork]intitle:index.of passlist[dork]] [end][32]] [[start][33] [[title]secret[[title]] [[descr]What kinds of goodies lurk in directories marked as "secret?" Find out...[descr]] [http://www.google.com/search?q=intitle:index.of.secret&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&sa=N] [[dork]intitle:index.of.secret[dork]] [end][33]] [[start][34] [[title]private[[title]] [[descr]What kinds of things might you find in directories marked "private?" let's find out....[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof%2Eprivate] [[dork]intitle:index.of.private[dork]] [end][34]] [[start][35] [[title]etc (index.of)[[title]] [[descr]This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun![descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3Aindex.of.etc] [[dork]intitle:index.of.etc[dork]] [end][35]] [[start][36] [[title]winnt[[title]] [[descr]The \WINNT directory is the directory that Windows NT is installed into by default. Now just because google can find them, this doesn't necessarily mean that these are Windows NT directories that made their way onto the web. However, sometimes this happens. Other times, they aren't Windows NT directories, but backup directories for Windows NT data. Wither way, worthy of a nomination.[descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3Aindex.of.winnt] [[dork]intitle:index.of.winnt[dork]] [end][36]] [[start][37] [[title]secure[[title]] [[descr]What could be hiding in directories marked as "secure?" let's find out...[descr]] [http://www.google.com/search?q=intitle:%22index.of.secure%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&sa=N] [[dork]intitle:"index.of.secure"[dork]] [end][37]] [[start][38] [[title]protected[[title]] [[descr]What could be in a directory marked as "protected?" Let's find out...[descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Aindex.of.protected&btnG=Google+Search] [[dork]inurl:index.of.protected[dork]] [end][38]] [[start][39] [[title]index.of.password[[title]] [[descr]These directories are named "password." I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named "password" and single html files inside named things liks "horny.htm" or "brittany.htm." These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn...[descr]] [http://www.google.com/search?q=inurl:index.of.password&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&sa=N] [[dork]inurl:index.of.password[dork]] [end][39]] [[start][40] [[title]"This report was generated by WebLog"[title]] [[descr]These are weblog-generated statistics for web sites... A roadmap of files, referrers, errors, statistics... yummy... a schmorgasbord! =P[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22This+report+was+generated+by+WebLog%22] [[dork]"This report was generated by WebLog"[dork]] [end][40]] [[start][41] [[title]"produced by getstats"[title]] [[descr]Another web statistics package. This one originated from a google scan of an ivy league college. *sigh* There's sooo much stuff in here![descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22These+statistics+were+produced+by+getstats%22] [[dork]"These statistics were produced by getstats"[dork]] [end][41]] [[start][42] [[title]"generated by wwwstat"[title]] [[descr]More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots os good stuff. You know, these are SOOO dangerous, especially if INTRANET users get logged... talk about mapping out an intranet quickly... thanks, sac =)[descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22This+summary+was+generated+by+wwwstat%22] [[dork]"This summary was generated by wwwstat"[dork]] [end][42]] [[start][43] [[title]haccess.ctl (one way)[[title]] [[descr]this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes who can access the directory of the web server and where the other authorization files are. nice find.[descr]] [http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof+haccess%2Ectl] [[dork]intitle:index.of haccess.ctl[dork]] [end][43]] [[start][44] [[title]haccess.ctl (VERY reliable)[[title]] [[descr]haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribes who can access a web page, and should not be shown to web surfers. Way to go, googledork. =P This method is very reliable due to the use of this google query: filetype:ctl Basic This pulls out the file by name then searches for a string inside of it (Basic) which appears in the standard template for this file.[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=filetype%3Ahtaccess+Basic] [[dork]filetype:htaccess Basic[dork]] [end][44]] [[start][45] [[title]filetype:xls username password email[[title]] [[descr]This search shows Microsoft Excel spreadsheets containing the words username, password and email. Beware that there are a ton of blank "template" forms to weed through, but you can tell from the Google summary that some of these are winners... err losers.. depending on your perspective.[descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Axls+username+password+email] [[dork]filetype:xls username password email[dork]] [end][45]] [[start][46] [[title]Hassan Consulting's Shopping Cart Version 1.18[[title]] [[descr]These servers can be messed with in many ways. One specific way is by way of the "../" bug. This lets you cruise around the web server in a somewhat limited fashion.[descr]] [http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Ashop+%22Hassan+Consulting%27s+Shopping+Cart+Version+1%2E18%22] [[dork]inurl:shop "Hassan Consulting's Shopping Cart Version 1.18"[dork]] [end][46]] [[start][47] [[title]site:edu admin grades[[title]] [[descr]I never really thought about this until I started coming up with juicy examples for DEFCON 11.. A few GLARINGLY bad examples contain not only student grades and names, but also social security numbers, securing the highest of all googledork ratings![descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=site%3Aedu+grades+admin] [[dork]site:edu grades admin[dork]] [end][47]] [[start][48] [[title]auth_user_file.txt[[title]] [[descr]DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)[descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=allinurl%3Aauth_user_file.txt] [[dork]allinurl:auth_user_file.txt[dork]] [end][48]] [[start][49] [[title]inurl:config.php dbuname dbpass[[title]] [[descr]The old config.php script. This puppy should be held very closely. It should never be viewable to your web visitors because it contains CLEARTEXT usernames and passwords! The hishest of all googledorks ratings![descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=inurl%3Aconfig%2Ephp+dbuname+dbpass] [[dork]inurl:config.php dbuname dbpass[dork]] [end][49]] [[start][50] [[title]inurl:tech-support inurl:show Cisco[[title]] [[descr]This is a way to find Cisco products with an open web interface. These are generally supposed to be user and password protected. Google finds ones that aren't. Be sure to use Google's cache if you have trouble connecting. Also, there are very few results (2 at the time of posting.)[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=inurl%3Atech%2Dsupport+inurl%3Ashow+Cisco] [[dork]inurl:tech-support inurl:show Cisco[dork]] [end][50]] [[start][51] [[title]index_i.shtml Ready (Xerox printers on the web!)[[title]] [[descr]These printers are not-only web-enabled, but their management interface somehow got crawled by google! These puppies should not be public! You can really muck with these printers. In some cases, going to the "password.shtml" page, you can even lock out the admins if a username and password has not already been set! Thanks to mephisteau@yahoo.co.uk for the idea =)[descr]] [http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=i%5Findex%2Eshtml+%22Ready%22] [[dork]i_index.shtml "Ready"[dork]] [end][51]] [[start][52] [[title]aboutprinter.shtml (More Xerox printers on the web!)[[title]] [[descr]More Xerox printers on the web! Google found these printers. Should their management interface be open to the WHOLE INTERNET? I think not.[descr]] [http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=aboutprinter.shtml&btnG=Google+Search] [[dork]aboutprinter.shtml[dork]] [end][52]] [[start][53] [[title]"Chatologica MetaSearch" "stack tracking"[title]] [[descr]There is soo much crap in this error message... Apache version, CGI environment vars, path names, stack-freaking-dumps, process ID's, perl version, yadda yadda yadda...[descr]] [http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Chatologica+MetaSearch%22+%22stack+tracking%3A%22] [[dork]"Chatologica MetaSearch" "stack tracking:"[dork]] [end][53]] [[start][54] [[title]mystuff.xml - Trillian data files[[title]] [[descr]This particular file contains web links that trillian users have entered into the tool. Trillian combines many different messaging programs into one tool. AIM, MSN, Yahoo, ICQ, IRC, etc. Although this particular file is fairly benign, check out the other files in the same directory. There is usually great stuff here![descr]] [http://www.google.com/search?q=mystuff.xml+intitle:%22index+of%22] [[dork]mystuff.xml intitle:"index of"[dork]] [end][54]] [[start][55] [[title]trillian.ini[[title]] [[descr]Trillian pulls together all sort of messaging clients like AIM MSN, Yahoo, IRC, ICQ, etc. The various ini files that trillian uses include files like aim.ini and msn.ini. These ini files contain encoded passwords, usernames, buddy lists, and all sorts of other fun things. Thanks for putting these on the web for us, googledorks![descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22index+of%22+trillian.ini] [[dork]intitle:"index of" trillian.ini[dork]] [end][55]] [[start][56] [[title]intitle:admin intitle:login[[title]] [[descr]Admin Login pages. Now, the existance of this page does not necessarily mean a server is vulnerable, but it sure is handy to let Google do the discovering for you, no? Let's face it, if you're trying to hack into a web server, this is one of the more obvious places to poke.[descr]] [http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3Aadmin+intitle%3Alogin] [[dork]intitle:admin intitle:login[dork]] [end][56]] [[start][57] [[title]ORA-00921: unexpected end of SQL command[[title]] [[descr]Another SQL error message from Cesar. This one coughs up full web pathnames and/or php filenames.[descr]] [http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22ORA-00921%3A+unexpected+end+of+SQL+command%22] [[dork]"ORA-00921: unexpected end of SQL command"[dork]] [end][57]] [[start][58] [[title]passlist.txt (a better way)[[title]] [[descr]Cleartext passwords. No decryption required![descr]] [http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Apasslist.txt] [[dork]inurl:passlist.txt[dork]] [end][58]] [[start][59] [[title]sitebuildercontent[[title]] [[descr]This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?[descr]] [http://www.google.com/search?q=inurl:sitebuildercontent&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N] [[dork]inurl:sitebuildercontent[dork]] [end][59]] [[start][60] [[title]sitebuilderfiles[[title]] [[descr]This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?[descr]] [http://www.google.com/search?q=inurl:sitebuilderfiles&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N] [[dork]inurl:sitebuilderfiles[dork]] [end][60]] [[start][61] [[title]sitebuilderpictures[[title]] [[descr]This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?[descr]] [http://www.google.com/search?q=inurl:sitebuilderpictures&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N] [[dork]inurl:sitebuilderpictures[dork]] [end][61]] [[start][62] [[title]htpasswd[[title]] [[descr]This is a nifty way to find htpasswd files. Htpasswd files contain usernames and crackable passwords for web pages and directories. They're supposed to be server-side, not available to web clients! *duh*[descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Ahtpasswd+htpasswd] [[dork]filetype:htpasswd htpasswd[dork]] [end][62]] [[start][63] [[title]"YaBB SE Dev Team"[title]] [[descr]Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and perhaps others) contain an SQL injection vulnerability which may allow several attacks including unauthorized database modification or viewing. See http://www.securityfocus.com/bid/9674 for more information. Also see http://www.securityfocus.com/bid/9677 for information about an information leakage vulnerability in versions YaBB Gold - Sp 1.3.1 and others.[descr]] [http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22YaBB+SE+Dev+Team%22] [[dork]"YaBB SE Dev Team"[dork]] [end][63]] [[start][64] [[title]EarlyImpact Productcart[[title]] [[descr]The EarlyImpact Productcart contains multiple vulnerabilites, which could exploited to allow an attacker to steal user credentials or mount other attacks. See http://www.securityfocus.com/bid/9669 for more informationfor more information. Also see http://www.securityfocus.com/bid/9677 for information about an information leakage vulnerability in versions YaBB Gold - Sp 1.3.1 and others.[descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3ACustva.asp+] [[dork]inurl:Custva.asp [dork]] [end][64]] [[start][65] [[title]mnGoSearch vulnerability[[title]] [[descr]According to http://www.securityfocus.com/bid/9667, certain versions of mnGoSearch contain a buffer overflow vulnerability which allow an attacker to execute commands on the server. [descr]] [http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Powered+by+mnoGoSearch+-+free+web+search+engine+software%22] [[dork]"Powered by mnoGoSearch - free web search engine software"[dork]] [end][65]] [[start][66] [[title]IIS 4.0 error messages[[title]] [[descr]IIS 4.0 servers. Extrememly old, incredibly easy to hack... [descr]] [http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=intitle%3A%22the+page+cannot+be+found%22+inetmgr] [[dork]intitle:"the page cannot be found" inetmgr[dork]] [end][66]] [[start][67] [[title]Windows 2000 web server error messages[[title]] [[descr]Windows 2000 web servers. Aging, fairly easy to hack, especially out of the box... [descr]] [http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=intitle%3A%22the+page+cannot+be+found%22+%222004+microsoft+corporation%22] [[dork]intitle:"the page cannot be found" "2004
-
Forums Hacking - powered by Invision PowerBoard >>Foru
c0ld replied to c0der's topic in Tutoriale video
ms de ajutor am reusit -
Connection failed at dbbxpl.pl line 49 line 49- $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED"; Any ideas ?