1. Trang chủ
  2. » Công Nghệ Thông Tin

Google hacking for penetration tester - part 32 ppsx

10 31,6K 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 10
Dung lượng 261,39 KB

Nội dung

Table 8.9 shows some queries that can be used to locate various login portals. Refer to Chapter 4 for more information about login portals and the information they reveal. Table 8.9 Queries That Locate Login Portals Login Portal Query .NET login pages ASP.login_aspx “ASP.NET_SessionId” 4images Gallery “4images Administration Control Panel” Aanval Intrusion Detection intitle:”remote assessment” OpenAanval Console Console ActiveX Login inurl:”Activex/default.htm” “Demo” Affiliate Tracking Software intitle:”iDevAffiliate - admin” -demo Aimoo intitle:”Login to the forums - @www.aimoo.com” inurl:login.cfm?id= AlternC Desktop intitle:”AlternC Desktop” Ampache intitle:Ampache intitle:”love of music” pass- word | login | “Remember Me.” -welcome Anyboard Login Portals intitle:”Login Forum Powered By AnyBoard” intitle:”If you are a new user:” intext:”Forum Powered By AnyBoard” inurl:gochat -edu aspWebCalendar inurl:”calendar.asp?action=login” Asterisk Recording Interface intitle:ARI “Phone System Administrator” Athens Access Management intitle:”Athens Authentication Point” system b2evolution intitle:”b2evo > Login form” “Login form. You must log in! You will have to accept cookies in order to log in” -demo -site:b2evolution.net Bariatric Advantage inurl:”/?pagename=AdministratorLogin” BEA WebLogic Server 8.1 intitle:”WebLogic Server” intitle:”Console Login” inurl:console betaparticle “bp blog admin” intitle:login | intitle:admin - site:johnny.ihackstuff.com bitboard2 intext:””BiTBOARD v2.0” BiTSHiFTERS Bulletin Board” Blogware Login Portal intitle:”Admin Login” “admin login” “blog- ware” Cacti intitle:”Login to Cacti” Cash Crusader “site info for” “Enter Admin Password” Tracking Down Web Servers, Login Portals, and Network Hardware • Chapter 8 311 Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 311 Table 8.9 continued Queries That Locate Login Portals Login Portal Query CGIIRC filetype:cgi inurl:”irc.cgi” | intitle:”CGI:IRC Login” CGIIRC inurl:irc filetype:cgi cgi:irc Cisco CallManager CallManager intitle:”Cisco CallManager User Options Log On” “Please enter your User ID and Password in the spaces provided below and click the Log On button to co Cisco VPN 3000 concentrators intitle:”inc. vpn 3000 concentrator” Cisco WebVPN Services Module inurl:webvpn.html “login” “Please enter your” Citrix Metaframe inurl:metaframexp/default/login.asp | intitle:”Metaframe XP Login” Citrix Metaframe inurl:/Citrix/Nfuse17/ CMS/Blogger inurl:textpattern/index.php ColdFusion intitle:”ColdFusion Administrator Login” ColdFusion inurl:login.cfm Communigate Pro intitle:communigate pro entrance Confixx inurl:confixx inurl:login|anmeldung Coranto inurl:coranto.cgi intitle:Login (Authorized Users Only) CPanel inurl::2082/frontend -demo Create Pro. inurl:csCreatePro.cgi CUPS inurl:”631/admin” (inurl:”op=*”) | (intitle:CUPS) CuteNews “powered by CuteNews” “2003 2005 CutePHP” Cyclades TS1000 and TS2000 allintitle:”Welcome to the Cyclades” Web Management Service Dell OpenManage inurl:”usysinfo?login=true” Dell Remote Access Controller intitle:”Dell Remote Access Controller” Docutek Eres intitle:”Docutek ERes - Admin Login” -edu DWMail “Powered by DWMail” password intitle:dwmail Easy File Sharing Web Server intitle:”Login - powered by Easy File Sharing Web EasyAccess Web inurl:ids5web 312 Chapter 8 • Tracking Down Web Servers, Login Portals, and Network Hardware Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 312 Table 8.9 continued Queries That Locate Login Portals Login Portal Query EasySite “You have requested access to a restricted area of our website. Please authenticate yourself to continue.” Ecommerce inurl:”vsadmin/login” | inurl:”vsadmin/admin” inurl:.php|.asp -”Response.Buffer = True” - javascript eHealth inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0 Emergisoft “Emergisoft web applications are a part of our” eMule intitle:”eMule *” intitle:”- Web Control Panel” intext:”Web Control Panel” “Enter your pass- word here.” Ensim WEBppliance Pro. intitle:”Welcome Site/User Administrator” “Please select the language” -demos Enterprise Manager 10g Grid inurl:1810 “Oracle Enterprise Manager” Control ePowerSwitch D4 Guard intitle:”ePowerSwitch Login” eRecruiter intitle:”OnLine Recruitment Program - Login” - johnny.ihackstuff eXist intitle:”eXist Database Administration” -demo Extranet login pages intitle:”EXTRANET login” edu mil gov - johnny.ihackstuff eZ publish Admin intitle:”eZ publish administration” EZPartner intitle:”EZPartner” -netpond Fiber Logic Management “Web-Based Management” “Please input pass- word to login” -inurl:johnny.ihackstuff.com Flash Operator Panel intitle:”Flash Operator Panel” -ext:php -wiki - cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists FlashChat FlashChat v4.5.7 Free Perl Guestbook (FPG) ext:cgi intitle:”control panel” “enter your owner password to continue!” Generic inurl:login.asp Generic inurl:/admin/login.asp Generic “please log in” Tracking Down Web Servers, Login Portals, and Network Hardware • Chapter 8 313 Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 313 Table 8.9 continued Queries That Locate Login Portals Login Portal Query Generic “This section is for Administrators only. If you are an administrator then please” Generic intitle:”Member Login” “NOTE: Your browser must have cookies enabled in order to log into the site.” ext:php OR ext:cgi Generic (with password) intitle:”please login” “your password is *” GNU GNATS inurl:gnatsweb.pl GradeSpeed inurl:”gs/adminlogin.aspx” GreyMatter “login prompt” inurl:GM.cgi Group-Office intitle:Group-Office “Enter your username and password to login” HostingAccelerator ControlPanel “HostingAccelerator” intitle:”login” +”Username” -”news” -demo HP WBEM Clients intitle:”*- HP WBEM Login” | “You are being prompted to provide login account informa- tion for *” | “Please provide the information requested and press H-SPHERE intext:”Welcome to” inurl:”cp” intitle:”H- SPHERE” inurl:”begin.html” -Fee IBM TotalStorage Open Software intext:”Storage Management Server for” intitle:”Server Administration” IBM WebSphere allinurl:wps/portal/ login Icecast intext:”Icecast Administration Admin Page” intitle:”Icecast Administration Admin Page” iCMS intitle:”Content Management System” “user name”|”password”|”admin” “Microsoft IE 5.5” -mambo -johnny.ihackstuff iCMS intitle:”Content Management System” “user name”|”password”|”admin” “Microsoft IE 5.5” -mambo -johnny.ihackstuff iCONECTnxt “iCONECT 4.1 :: Login” IlohaMail intitle:ilohamail intext:”Version 0.8.10” “Powered by IlohaMail” IlohaMail intitle:ilohamail “Powered by IlohaMail” IMail Server “IMail Server Web Messaging” intitle:login 314 Chapter 8 • Tracking Down Web Servers, Login Portals, and Network Hardware Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 314 Table 8.9 continued Queries That Locate Login Portals Login Portal Query INDEXU +”Powered by INDEXU” inurl:(browse|top_rated|power Inspanel “inspanel” intitle:”login” -”cannot” “Login ID” -site:inspediumsoft.com Intranet login pages intitle:”Employee Intranet Login” iPlanet Messenger Express “This is a restricted Access Server” “Javascript Not Enabled!”|”Messenger Express” -edu -ac I-Secure intitle:”i-secure v1.1” -edu ISPMan intitle:”ISPMan : Unauthorized Access prohib- ited” Jetbox Login (“Powered by Jetbox One CMS” | “Powered by Jetstream *”) Kerio Mail server inurl:”default/login.php” intitle:”kerio” Kurant StoreSense admin logon intitle:”Kurant Corporation StoreSense” file- type:bok Lights Out “Establishing a secure Integrated Lights Out session with” OR intitle:”Data Frame - Browser not HTTP 1.1 compatible” OR intitle:”HP Integrated Lights- Linux Openexchange Server filetype:pl “Download: SuSE Linux Openexchange Server CA” Listmail intitle:”ListMail Login” admin -demo Lotus Domino inurl:names.nsf?opendatabase Lotus Domino Web inurl:”webadmin” filetype:nsf Administration. MailEnable Standard Edition inurl:mewebmail MailMan intitle:”MailMan Login” Mailtraq WebMail intitle:”Welcome to Mailtraq WebMail” Mambo inurl:administrator “welcome to mambo” MDaemon intitle:”WorldClient” intext:”(2003|2004) Alt-N Technologies.” Merak Email Server “Powered by Merak Mail Server Software” - .gov mil edu -site:merakmailserver.com - johnny.ihackstuff Merak Email Server intitle:”Merak Mail Server Web Administration” -ihackstuff.com Tracking Down Web Servers, Login Portals, and Network Hardware • Chapter 8 315 Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 315 Table 8.9 continued Queries That Locate Login Portals Login Portal Query MetaFrame Presentation Server inurl:Citrix/MetaFrame/default/default.aspx Microsoft Certificate Services intitle:”microsoft certificate services” Authority (CA) inurl:certsrv Microsoft CRM Login portal. “Microsoft CRM : Unsupported Browser Version” Microsoft Outlook or allinurl:”exchange/logon.asp” Microsoft Exchange Microsoft Outlook or inurl:”exchange/logon.asp” OR Microsoft Exchange intitle:”Microsoft Outlook Web Access - Logon” Microsoft Software Update inurl:/SUSAdmin intitle:”Microsoft Software Services Update Services” Microsoft’s Remote Desktop intitle:Remote.Desktop.Web.Connection Web Connection inurl:tsweb Midmart Messageboard “Powered by Midmart Messageboard” “Administrator Login” Mikro Tik Router intitle:”MikroTik RouterOS Managing Webpage” Mitel 3300 Integrated “intitle:3300 Integrated Communications Communications Platform (ICP) Platform” inurl:main.htm Miva Merchant inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:”Miva Merchant Administration Login” -inurl:cheap- malboro.net Monster Top List “Powered by Monster Top List” MTL num- range:200- MX Logic intitle:”MX Control Console” “If you can’t remember” Neoteris Instant Virtual inurl:/dana-na/auth/welcome.html Extranet (IVE) Netware servers ( v5 and up ) Novell NetWare intext:”netware management portal version” Novell Groupwise intitle:Novell intitle:WebAccess “Copyright *-* Novell, Inc” Novell GroupWise intitle:”Novell Web Services” intext:”Select a service and a language.” 316 Chapter 8 • Tracking Down Web Servers, Login Portals, and Network Hardware Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 316 Table 8.9 continued Queries That Locate Login Portals Login Portal Query Novell GroupWise intitle:”Novell Web Services” “GroupWise” - inurl:”doc/11924” mil edu gov -filetype:pdf Novell login portals intitle:”welcome to netware *” - site:novell.com oMail-webmail intitle:”oMail-admin Administration - Login” - inurl:omnis.ch Open groupware intitle:opengroupware.org “resistance is obso- lete” “Report Bugs” “Username” “password” Openexchange Server intitle:”SuSE Linux Openexchange Server” “Please activate JavaScript!” Openexchange Server inurl:”suse/login.pl” OpenSRS Domain “OPENSRS Domain Management” Management System inurl:manage.cgi Open-Xchange 5 intitle:open-xchange inurl:login.pl Oracle Single Sign-On solution inurl:orasso.wwsso_app_admin.ls_login Oscommerce Admin inurl:”/admin/configuration. php?” Mystore Outlook Web Access Login Portal inurl:exchweb/bin/auth/owalogon.asp Ovislink intitle:Ovislink inurl:private/login pcANYWHERE EXPRESS Java Client “pcANYWHERE EXPRESS Java Client” Philex intitle:”Philex 0.2*” -script -site:freelists.org Photo Gallery Managment “Please authenticate yourself to get access to Systems the management interface” PhotoPost -Login inurl:photopost/uploadphoto.php PHP Advacaned TRansfer intitle:”PHP Advanced Transfer” inurl:”login.php” PHP iCalendar intitle:”php icalendar administration” - site:sourceforge.net PHP iCalendar intitle:”php icalendar administration” - site:sourceforge.net PHP Poll Wizard 2 Please enter a valid password! inurl:polladmin PHP121 inurl:”php121login.php” PHPhotoalbum intitle:”PHPhotoalbum - Upload” | inurl:”PHPhotoalbum/upload” PHPhotoalbum inurl:PHPhotoalbum/statistics intitle:”PHPhotoalbum - Statistics” Tracking Down Web Servers, Login Portals, and Network Hardware • Chapter 8 317 Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 317 Table 8.9 continued Queries That Locate Login Portals Login Portal Query phpMySearch inurl:search/admin.php PhpNews intitle:phpnews.login phpPgAdmin intitle:”phpPgAdmin - Login” Language PHProjekt intitle:”PHProjekt - login” login password PHPsFTPd “Please login with admin pass” -”leak” - sourceforge PhpWebMail filetype:php login (intitle:phpWebMail|WebMail) Plesk intitle:plesk inurl:login.php3 Plesk inurl:+:8443/login.php3 Polycom WebCommander inurl:default.asp intitle:”WebCommander” Postfix intext:”Mail admins login here to administrate your domain.” Postfix Admin login pages inurl:postfixadmin intitle:”postfix admin” ext:php Qmail intext:”Master Account” “Domain Name” “Password” inurl:/cgi-bin/qmailadmin Qmail intext:”Master Account” “Domain Name” “Password” inurl:/cgi-bin/qmailadmin Quicktime streaming server inurl:”1220/parse_xml.cgi?” Real Estate intitle:”site administration: please log in” “site designed by emarketsouth” RemotelyAnywhere inurl:2000 intitle:RemotelyAnywhere - site:realvnc.comg Request System (inurl:”ars/cgi-bin/arweb?O=0” | inurl:arweb.jsp) RT intitle:Login intext:”RT is * Copyright” rymo (intitle:”rymo Login”)|(intext:”Welcome to rymo”) -family Sak Mail intitle:endymion.sak.mail.login.page | inurl:sake.servlet SalesLogix inurl:”/slxweb.dll/external?name= (custportal|webticketcust)” SAP Internet Transaction Server intitle:”ITS System Information” “Please log on to the SAP System” 318 Chapter 8 • Tracking Down Web Servers, Login Portals, and Network Hardware Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 318 Table 8.9 continued Queries That Locate Login Portals Login Portal Query ServiceDesk intitle:”AdventNet ManageEngine ServiceDesk Plus” intext:”Remember Me” SFXAdmin intitle:”SFXAdmin - sfx_global” | intitle:”SFXAdmin - sfx_local” | intitle:”SFXAdmin - sfx_test” Shockwave (Flash) login inurl:login filetype:swf swf SHOUTcast intitle:”SHOUTcast Administrator” inurl:admin.cgi Sift Group intitle:”Admin login” “Web Site Administration” “Copyright” SilkRoad Eprise inurl:/eprise/ SilkyMail (intitle:”SilkyMail by Cyrusoft International, Inc SquirrelMail inurl:login.php “SquirrelMail version” SquirrelMail “SquirrelMail version” “By the SquirrelMail Development Team” SQWebmail. inurl:/cgi-bin/sqwebmail?noframes=1 Sun Cobalt RaQ “Login - Sun Cobalt RaQ” Supero Doctor III Remote intitle:”Supero Doctor III” -inurl:supermicro Management Surgemail “SurgeMAIL” inurl:/cgi/user.cgi ext:cgi Synchronet Bulletin Board System intitle:Node.List Win32.Version.3.11 SysCP “SysCP - login” Tarantella “ttawlogin.cgi/?action=” TeamSpeak intitle:”teamspeak server-administration Terracotta web manager “You have requested to access the manage- ment functions” edu This finds login portals for intitle:”Tomcat Server Administration” Apache Tomcat, an open source Java servlet container which can run as a standalone server or with an Apache web server. Topdesk intitle:”TOPdesk ApplicationServer” TrackerCamà intitle:(“TrackerCam Live Video”)|(“TrackerCam Application Login”)|(“Trackercam Remote”) - trackercam.com TUTOS intitle:”TUTOS Login” Tracking Down Web Servers, Login Portals, and Network Hardware • Chapter 8 319 Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 319 Table 8.9 continued Queries That Locate Login Portals Login Portal Query TWIG intitle:”TWIG Login” TYPO3 inurl:”typo3/index.php?u=” -demo UBB.classic inurl:cgi-bin/ultimatebb.cgi?ubb=login UBB.threads (intitle:”Please login - Forums powered by UBB.threads”)|(inurl:login.php “ubb”) UebiMiau “Powered by UebiMiau” -site:sourceforge.net Ultima Online game. filetype:cfg login “LoginServer=” UltiPro Workforce Management inurl:”utilities/TreeView.asp” Usermin “Login to Usermin” inurl:20000 vBulletin inurl:/modcp/ intext:Moderator+vBulletin vBulletin Admin Control Panel intext:”vbulletin” inurl:admincp VHCS “VHCS Pro ver” -demo vHost intitle:”vhost” intext:”vHost . 2000-2004” VISAS intitle:”Virtual Server Administration System” VisNetic WebMail intitle:”VisNetic WebMail” inurl:”/mail/” VitalQIP Web Client intitle:”VitalQIP IP Management System” VMware GSX Server intitle:”VMware Management Interface:” inurl:”vmware/en/” VNC “VNC Desktop” inurl:5800 VNC intitle:”VNC viewer for Java” VOXBOX intitle:asterisk.management.portal web-access webadmin. filetype:php inurl:”webeditor.php” WebConnect inurl:WCP_USER Web-cyradm intitle:”web-cyradm”|”by Luc de Louw” “This is only for authorized users” -tar.gz -site:web- cyradm.org -johnny.ihackstuff WebEdit inurl:/webedit.* intext:WebEdit Professional - html WebExplorer Server “WebExplorer Server - Login” “Welcome to WebExplorer Server” Webmail intitle:Login * Webmailer Webmail inurl:webmail./index.pl “Interface” Webmail intitle:”Login to @Mail” (ext:pl | inurl:”index”) -dwaffleman 320 Chapter 8 • Tracking Down Web Servers, Login Portals, and Network Hardware Continued 452_Google_2e_08.qxd 10/5/07 1:03 PM Page 320 . -inurl:johnny.ihackstuff.com Flash Operator Panel intitle:”Flash Operator Panel” -ext:php -wiki - cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists FlashChat FlashChat v4.5.7 Free Perl Guestbook (FPG). “This is only for authorized users” -tar.gz -site:web- cyradm.org -johnny.ihackstuff WebEdit inurl:/webedit.* intext:WebEdit Professional - html WebExplorer Server “WebExplorer Server - Login” “Welcome. WBEM Clients intitle:” *- HP WBEM Login” | “You are being prompted to provide login account informa- tion for *” | “Please provide the information requested and press H-SPHERE intext:”Welcome

Ngày đăng: 04/07/2014, 17:20

TỪ KHÓA LIÊN QUAN