GHDB « Hackers For Charity

GHDB

GHDB :: Files containing juicy info

Date Title Summary  
2003-06-24 squid cache server reports These are squid server cache reports. Fairly benign, really except when you consider using them for evil purposes. For example, an institution stands ...
2003-06-24 Ganglia Cluster Reports These are server cluster reports, great for info gathering. Lesse, what were those server names again? ...
2003-06-24 ICQ chat logs, please... ICQ (http://www.icq.com) allows you to store the contents of your online chats into a file. These folks have their entire ICQ directories online. On p ...
2003-06-24 Financial spreadsheets: finance.xls "Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!" ...
2003-06-24 Financial spreadsheets: finances.xls "Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!" ...
2003-06-24 sQL data dumps sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a targe ...
2003-06-24 mt-db-pass.cgi files These folks had the technical prowess to unpack the movable type files, but couldn't manage to set up their web servers properly. Check the mt.cf ...
2003-06-24 AIM buddy lists These searches bring up common names for AOL Instant Messenger "buddylists". These lists contain screen names of your "online buddies&q ...
2004-11-18 phpinfo() this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system ve ...
2003-06-27 robots.txt The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. ...
2003-06-27 "This report was generated by WebLog" These are weblog-generated statistics for web sites... A roadmap of files, referrers, errors, statistics... yummy... a schmorgasbord! =P ...
2003-06-30 "produced by getstats" Another web statistics package. This one originated from a google scan of an ivy league college. *sigh*There's sooo much stuff in here! ...
2003-06-30 "generated by wwwstat" More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots os good stuff.You ...
2003-06-30 haccess.ctl (one way) this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes who can access the directory of the web server and where the o ...
2003-06-30 haccess.ctl (VERY reliable) haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribes who can access a web page, and should not be shown to ...
2003-07-10 site:edu admin grades I never really thought about this until I started coming up with juicy examples for DEFCON 11.. A few GLARINGLY bad examples contain not only student ...
2003-08-19 mystuff.xml - Trillian data files This particular file contains web links that trillian users have entered into the tool. Trillian combines many different messaging programs into one t ...
2004-03-04 phpMyAdmin dumps From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, ...
2004-03-04 phpMyAdmin dumps From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, ...
2004-03-04 cgiirc.conf CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for this porgram, including the default sites that can be ...
2004-03-04 cgiirc.conf This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists t ...
2004-03-04 ipsec.secrets from the manpage for ipsec_secrets: "It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions ...
2004-03-04 ipsec.secrets from the manpage for ipsec_secrets: "It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions ...
2004-03-04 ipsec.conf The ipsec.conf file could help hackers figure out what uber-secure users of freeS/WAN are protecting.... ...
2004-03-04 intitle:"statis tics of" "advanced w... the awstats program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes produ ...
2004-03-04 intitle:"Usage Statistics for" "Gen... The webalizer program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes pro ...
2004-03-04 "robots.txt&quo t; "Disallow:" ; filet... The robots.txt file serves as a set of instructions for web crawlers. The "disallow" tag tells a web crawler where NOT to look, for whatever ...
2004-03-04 "phpMyAdmin&quo t; "running on" inur... From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, ...
2004-03-04 inurl:main.php phpMyAdmin From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, ...
2004-03-04 inurl:main.php Welcome to phpMyAdmin From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, ...
2004-03-04 intitle:"wbem&q uot; compaq login "Compaq... These devices are running HP Insight Management Agents for Servers which "provide device information for all managed subsystems. Alerts are gener ...
2004-03-04 intitle:index.of "Apache" "server a... This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find ...
2004-03-04 intitle:index.of dead.letter dead.letter contains the contents of unfinished emails created on the UNIX platform. Emails (finished or not) can contain sensitive information. ...
2004-03-04 intitle:index.of ws_ftp.ini ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can ...
2004-03-14 inurl:admin intitle:login This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a si ...
2004-03-14 intitle:admin intitle:login This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a si ...
2004-03-16 inurl:admin filetype:xls This search can find Excel spreadsheets in an administrative directory or of an administrative nature. Many times these documents contain sensitive in ...
2004-03-22 "Most Submitted Forms and Scripts" "... More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots of good stuff.The ...
2004-03-24 inurl:changepassword .asp This is a common script for changing passwords. Now, this doesn't actually reveal the password, but it provides great information about the secur ...
2004-03-29 "not for distribution" confidential The terms "not for distribution" and confidential indicate a sensitive document. Results vary wildly, but web-based documents are for public ...
2004-03-29 "Thank you for your order" +receipt After placing an order via the web, many sites provide a page containing the phrase "Thank you for your order" and provide a receipt for fut ...
2004-03-30 "Network Vulnerability Assessment Report"... This search yeids vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have b ...
2004-03-30 "Host Vulnerability Summary Report" This search yeids host vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities h ...
2004-04-05 intitle:index.of inbox This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may i ...
2004-04-05 intitle:index.of inbox dbx This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may i ...
2004-04-05 intitle:index.of cleanup.log This search reveals potential location for mailbox files by keying on the Outlook Express cleanup.log file. In some cases, the data in this directory ...
2004-04-05 "#mysql dump" filetype:sql This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitiv ...
2004-04-08 inurl:vbstats.php "page generated" This is your typical stats page listing referrers and top ips and such. This information can certainly be used to gather information about a site and ...
2004-04-13 "Index of" / "chat/logs" ; This search reveals chat logs. Depending on the contents of the logs, these files could contain just about anything! ...
2004-04-16 inurl:"newslett er/admin/" intitle:"... These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users ...
2004-04-16 inurl:"newslett er/admin/" These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users ...
2004-04-20 allinurl:/examples/j sp/snp/snoop.jsp These pages reveal information about the server including path information, port information, etc. ...
2004-04-20 allinurl:servlet/Sno opServlet These pages reveal server information such as port, server software version, server name, full paths, etc. ...
2004-04-21 "Running in Child mode" This is a gnutella client that was picked up by google. There is a lot of data present including transfer statistics, port numbers, operating system, ...
2004-04-21 "This is a Shareaza Node" These pages are from Shareaza client programs. Various data is displayed including client version, ip address, listening ports and uptime. ...
2004-04-26 inurl:server-status "apache" This page shows all sort of information about the Apache web server. It can be used to track process information, directory maps, connection data, etc ...
2004-04-28 inurl:fcgi-bin/echo This is the fastcgi echo script, which provides a great deal of information including port numbers, server software versions, port numbers, ip address ...
2004-04-28 inurl:cgi-bin/printe nv This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version nu ...
2004-04-28 inurl:perl/printenv This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version nu ...
2004-04-28 inurl:server-info "Apache Server Information&... This is the Apache server-info program. There is so much sensitive stuff listed on this page that it's hard to list it all here. Some informatino ...
2004-05-03 intext:"Tobias Oetiker" "traffic an... This is the MRTG traffic analysis pages. This page lists information about machines on the network including CPU load, traffic statistics, etc. This i ...
2004-05-03 inurl:tdbin This is the default directory for TestDirector (http://www.mercuryinteractive.com/products/te stdirector/). This program contains sensitive information ...
2004-05-04 inurl:"smb.conf " intext:"workgro up&... These are samba configuration files. They include information about the network, trust relationships, user accounts and much more. Attackers can use t ...
2004-05-05 filetype:conf inurl:firewall -intitle:cvs These are firewall configuration files. Although these are often examples or sample files, in many cases they can still be used for information gather ...
2004-05-06 "HTTP_FROM=goog lebot" googlebot.com &qu... These pages contain trace information that was collected when the googlebot crawled a page. The information can include many different things such as ...
2004-05-06 "Request Details" "Control Tree&quo... These pages contain a great deal of information including path names, session ID's, stack traces, port numbers, ip addresses, and much much more. ...
2004-05-10 filetype:wab wab These are Microsoft Outlook Mail address books. The information contained will vary, but at the least an attacker can glean email addresses and contac ...
2004-05-11 filetype:mbx mbx intext:Subject These searches reveal Outlook v 1-4 or Eudora mailbox files. Often these are made public on purpose, sometimes they are not. Either way, addresses and ...
2004-05-12 filetype:eml eml +intext:"Subjec t" +inte... These are oulook express email files which contain emails, with full headers. The information in these emails can be useful for information gathering ...
2004-05-13 intitle:"index of" mysql.conf OR mysql_c... This file contains port number, version number and path info to MySQL server. ...
2004-05-13 filetype:lic lic intext:key License files for various software titles that may contain contact info and the product version, license, and registration in a .LIC file. ...
2004-05-14 filetype:log cron.log Displays logs from cron, the *nix automation daemon. Can be used to determine backups, full and realtive paths, usernames, IP addresses and port numb ...
2004-05-14 filetype:log access.log -CVS These are http server access logs which contain all sorts of information ranging from usernames and passwords to trusted machines on the network to fu ...
2004-05-14 filetype:blt blt +intext:screenname Reveals AIM buddy lists, including screenname and who's on their 'buddy' list and their 'blocked' list. ...
2004-05-17 intitle:intranet inurl:intranet +intext:"phon.. . These pages are often private intranet pages which contain phone listings and email addresses. These pages can be used as a sort of online "dumps ...
2004-05-17 inurl:php.ini filetype:ini The php.ini file contains all the configuration for how PHP is parsed on a server. It can contain default database usernames, passwords, hostnames, I ...
2004-05-18 "Mecury Version" "Infastructure Gro... Mecury is a centralized ground control program for research satellites. This query simply locates servers running this software. As it seems to run ...
2004-05-24 intitle:"Big Sister" +"OK Attention... This search reveals Internal network status information about services and hosts. ...
2004-05-24 inurl:"/cricket /grapher.cgi" This search reveals information about internal networks, such as configuration, services, bandwidth. ...
2004-05-24 inurl:"cacti&qu ot; +inurl:"graph_v iew.ph... This search reveals internal network info including architecture, hosts and services available. ...
2004-05-24 intitle:"System Statistics" +"Syste... This search reveals internal network information including network configuratino, ping times, services, and host info. ...
2004-05-26 inurl:forward filetype:forward -cvs Users on *nix boxes can forward their mail by placing a .forward file in their home directory. These files reveal email addresses. ...
2004-06-10 94FBR "ADOBE PHOTOSHOP" 94FBR is part of many serials. An malicious user would only have to change the programm name (photoshop in this example) in this search to find a perf ...
2004-06-22 filetype:ctt ctt messenger MSN Messenger uses the file extension *.ctt when you export the contact list. An attacker could use this for social enginering tricks. ...
2004-06-25 OWA Public Folders (direct view) This search looks for Outlook Web Access Public Folders directly. These links open public folders or appointments. Of course there are more ways to fi ...
2004-07-02 Microsoft Money Data Files Microsoft Money 2004 provides a way to organize and manage your personal finances (http://www.microsoft.com/money/). The default file extension for th ...
2004-07-06 MySQL tabledata dumps sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a targe ...
2004-07-06 Welcome to ntop! Ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Inte ...
2004-07-06 Unreal IRCd Development of UnrealIRCd began in 1999. Unreal was created from the Dreamforge IRCd that was formerly used by the DALnet IRC Network and is designed ...
2004-07-12 exported email addresses Loads of user information including email addresses exported in comma separated file format (.cvs). This information may not lead directly to an attac ...
2004-07-12 private key files (.key) This search will find private key files... Private key files are supposed to be, well... private. ...
2004-07-12 private key files (.csr) This search will find private key files... Private key files are supposed to be, well... private. ...
2004-07-15 inurl:ssl.conf filetype:conf The information contained in these files depends on the actual file itself. SSL.conf files contain port numbers, ssl data, full path names, logging in ...
2004-07-19 "sets mode: +p" This search reveals private channels on IRC as revealed by IRC chat logs. ...
2004-07-19 "sets mode: +s" This search reveals secret channels on IRC as revealed by IRC chat logs. ...
2004-07-21 intitle:"index of" +myd size The MySQL data directory uses subdirectories for each database and common files for table storage. These files have extensions like: .myd, .myi or .fr ...
2004-07-26 data filetype:mdb -site:gov -site:mil Microsoft Access databases containing all kinds of 'data'. ...
2004-07-26 inurl:email filetype:mdb Microsoft Access databases containing email information.. ...
2004-07-26 inurl:backup filetype:mdb Microsoft Access database backups.. ...
2004-07-26 inurl:forum filetype:mdb Microsoft Access databases containing 'forum' information .. ...
2004-07-26 intitle:"Index Of" cookies.txt size searches for cookies.txt file. On MANY servers this file holds all cookie information, which may include usernames, passwords, but also gives an attac ...
2004-07-26 intext:(password | passcode) intext:(username | us... CSV formatted files containing all sorts of user/password combinations. Results may vary, but are still interesting to the casual attacker.. ...
2004-07-26 inurl:profiles filetype:mdb Microsoft Access databases containing (user) profiles .. ...
2004-07-28 intitle:"Index Of" -inurl:maillog maill... This google search reveals all maillog files within various directories on a webserver. This search brings back 872 results to-date, all of which cont ...
2004-08-01 filetype:ora ora Greetings, The *.ora files are configuration files for oracle clients. An attacker can identify a oracle database this way and get more juicy informat ...
2004-08-02 "allow_call_tim e_pass_reference&quo t; "P... Returns publically visible pages generated by the php function phpinfo(). This search differs from other phpinfo() searches in that it doesn't de ...
2004-08-02 inurl:*db filetype:mdb More Microsoft Access databases for your viewing pleasure. Results may vary, but there have been passwords discovered with this search. ...
2004-08-02 filetype:fp5 fp5 -site:gov -site:mil -"cvs lo... These are various kinds of FileMaker Pro Databases (*.fp5 applies to both version 5 and 6). ...
2004-08-05 filetype:fp3 fp3 These are FileMaker Pro version 3 Databases. ...
2004-08-05 filetype:fp7 fp7 These are Filemaker Pro version 7 databases files. ...
2004-08-05 filetype:cfg auto_inst.cfg Mandrake auto-install configuration files. These contain information about the installed packages, networking setttings and even user accounts. ...
2004-08-09 (inurl:"robot.t xt" | inurl:"robots.. .. Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server ...
2004-08-09 intext:"Session Start * * * *:*:* *" fil... These are IRC and a few AIM log files. They may contain juicy info or just hours of good clean newbie bashing fun. ...
2004-08-09 mail filetype:csv -site:gov intext:name CSV Exported mail (user) names and such. ...
2004-08-09 filetype:xls -site:gov inurl:contact Microsoft Excel sheets containing contact information. ...
2004-08-13 ext:asp inurl:pathto.asp The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave patht ...
2004-08-19 "phone * * *" "address *" &qu... This search gives hounderd of existing curriculum vitae with names and adress. An attacker could steal identity if there is an SSN in the document. ...
2004-08-25 Quicken data files The QDATA.QDF file (found sometimes in zipped "QDATA" archives online, sometimes not) contains financial data, including banking accounts, c ...
2004-08-26 ( filetype:mail | filetype:eml | filetype:mbox | f... storing emails in your webtree isnt a good idea.with this search google will show files containing emails like mail,eml,mbox or mbx with the keywords ...
2004-09-06 filetype:qbb qbb This search will show QuickBooks Bakup Files. Quickbook is financial accounting software so storing these files in a webtree is not a smart idea. ...
2004-09-06 filetype:bkf bkf This search will show backupfiles for xp/2000 machines.Of course these files could contain nearly everything, depending on the user selection and they ...
2004-09-07 inurl:snitz_forums_2 000.mdb The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme says: "it is strongly recommended that you change the default database name ...
2004-09-07 filetype:rdp rdp These are Remote Desktop Connection (rdp) files. They contain the settings and sometimes the credentials to connect to another windows computer using ...
2004-09-07 filetype:reg "Terminal Server Client" These are Microsoft Terminal Services connection settings registry files. They may sometimes contain encrypted passwords and IP addresses. ...
2004-09-10 filetype:pot inurl:john.pot John the Ripper is a popular cracking program every hacker knows. It's results are stored in a file called john.pot.This search finds such result ...
2004-09-10 filetype:xls inurl:"email.xl s" Our forum members never get tired of finding juicy MS office files. Here's one by urban that finds email addresses. ...
2004-09-10 filetype:pdb pdb backup (Pilot | Pluckerdb) Hotsync database files can be found using <filetype:pdb pdb>"All databases on a Palm device, including the ones you create using NS Basic/P ...
2004-09-18 filetype:asp DBQ=" * Server.MapPath(" ;*.m... This search finds sites using Microsoft Access databases, by looking for the the database connection string. There are forums and tutorials in the res ...
2004-09-18 Lotus Domino address books This search will return any Lotus Domino address books which may be open to the public. This can contain a lot of detailed personal info you don' ...
2004-09-21 ext:log "Software: Microsoft Internet Informa... Microsoft Internet Information Services (IIS) has log files that are normally not in the docroot, but then again, some people manage to share them. An ...
2004-09-22 filetype:vcs vcs Filext.com says: "Various programs use the *.VCS extension; too many to list individually. Take clues from the location of the file as a possible ...
2004-09-11 filetype:pst inurl:"outlook. pst" All versions of the popular business groupware client called Outlook have the possibility to store email, calenders and more in a file for backup or m ...
2004-09-23 ext:ldif ldif www.filext.com says LDIF = LDAP Data Interchange Format.LDAP is used for nearly everything in our days, so this file may include some juice info for a ...
2004-09-23 inurl:/_layouts/sett ings With the combined collaboration features of Windows SharePoint Services and SharePoint Portal Server 2003, users in an organization can create, manage ...
2004-09-29 +":8080" +":3128" +":80&q... With the string [+":8080" +":3128" +":80" filetype:txt] it is possible to find huge lists of proxies... So, I've wr ...
2004-10-05 intext:SQLiteManager inurl:main.php sQLiteManager is a tool Web multi-language of management of data bases SQLite. # Management of several data base (Creation, access or upload basic) ...
2004-10-09 inurl:odbc.ini ext:ini -cvs This search will show the googler ODBC client configuration files which may contain usernames/databases/ipaddresses and whatever. ...
2004-10-16 intitle:"ASP Stats Generator *.*" "... ASP Stats Generator is a powerful ASP script to track web site activity. It combines a server side sniffer with a javascript system to get information ...
2004-10-16 "Installed Objects Scanner" inurl:defaul... Installed Objects Scanner makes it easy to test your IIS Webserver for installed components. Installed Objects Scanner also has descriptions and link ...
2004-10-16 ext:ini intext:env.ini This one shows configuration files for various applications. based on the application an attacker may find information like passwords, ipaddresses and ...
2004-10-18 ext:mdb inurl:*.mdb inurl:fpdb shop.mdb The directory "http:/xxx/fpdb/" is the database folder used by some versions of FrontPage. It contains many types of Microsoft Access databa ...
2004-10-18 inurl:cgi-bin/testcg i.exe "Please distribute ... Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussion engine for the World Wide Web. An attacker can use this to gather info ...
2004-10-19 intitle:"index. of *" admin news.asp conf... With Compulive News you can enter the details of your news items onto a webform and upload images through your browser. It integrates seamlessly withi ...
2004-10-20 ext:nsf nsf -gov -mil Domino is server technology which transforms Lotus Notes® into an Internet applications server. Domino brings together the o ...
2004-10-20 inurl:log.nsf -gov Domino is server technology which transforms Lotus Notes® into an Internet applications server. Domino brings together the o ...
2004-10-24 intitle:"Index of" upload size parent di... Files uploaded through ftp by other people, sometimes you can find all sorts of things from movies to important stuff. ...
2004-10-31 intitle:"AppSer v Open Project" -site:www... AppServ is the Apache/PHP/MySQL open source software installer packages. This normally includes convenient links to phpMyAdmin and phpInfo() pages. ...
2004-10-31 intitle:"Web Server Statistics for ****" These are www analog webstat reports. The failure report shows information leakage about database drivers, admin login pages, SQL statements, etc. ...
2004-10-31 filetype:php inurl:index inurl:phpicalendar -site:... PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, we ...
2004-11-05 filetype:inf inurl:capolicy.inf The CAPolicy.inf file provides Certificate Servicces configuration information, which is read during initial CA installation an whenever you renew a C ...
2004-11-05 "Certificate Practice Statement" inurl:(... Certificate Practice Statement (CPS)A CPS defines the measures taken to secure CA operation and the management of CA-issued certificates. You can con ...
2004-11-07 ext:conf NoCatAuth -cvs NoCatAuth configuration file. This reveals the configuration details of wirless gateway including ip addresses, device names and pathes. ...
2004-11-07 inurl:"putty.re g" This registry dump contains putty saved session data. SSH servers the according usernames and proxy configurations are stored here. ...
2004-11-12 filetype:pst pst -from -to -date Finds Outlook PST files which can contain emails, calendaring and address information. ...
2004-11-16 ext:cgi inurl:editcgi.cgi inurl:file= This was inspired by the K-Otic report. Only two results at time of writing. The cgi script lets you view any file on the system, including /etc/.. (g ...
2004-11-16 filetype:ns1 ns1 Netstunbler files contain information about the wireless network. For a cleanup add stuff like: +"Creator" +"Format" +"DateGM ...
2004-11-16 filetype:config web.config -CVS Through Web.config an IIS adminstrator can specify settings like custom 404 error pages, authentication and authorization settings for the Web site. T ...
2004-11-18 filetype:myd myd -CVS MySQL stores its data for each database in individual files with the extension MYD.An attacker can copy these files to his machine and using a tool li ...
2004-11-18 intitle:"PhpMyE xplorer" inurl:"inde... PhpMyExplorer is a PHP application that allows you to easily update your site online without any FTP access. A security vulnerability in the product a ...
2004-11-21 intitle:"Apache ::Status" (inurl:server-s... The Apache::Status returns information about the server software, operating system, number of child processes and current visitors. The official docum ...
2004-11-23 "Microsoft (R) Windows * (TM) Version * DrWts... This file spills a lot of juicy info... in some cases, passwords in the raw dump, but not in any I've found this time around. However, with a com ...
2004-11-20 inurl:report "EVEREST Home Edition " Well what can be said about this one, I've added it to the DB under Juicy info, however it could have easilly gone under virtually any of the lis ...
2004-11-28 ext:txt "Final encryption key" IPSec debug/log data which contains user data and password hashes.Can be used to crack passwords. ...
2004-11-28 intitle:"DocuS hare" inurl:"docusha. .. some companies use a Xerox Product called DocuShare. The problem with this is by default guest access is enabled and it appears a lot of companies eit ...
2004-11-28 intitle:"PHP Advanced Transfer" (inurl:i... PHP Advacaned Transfer is GPL'd software that claims to be the "The ultimate PHP download & upload manager". This is a search for t ...
2004-12-03 ext:gho gho Norton Ghost allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard driv ...
2004-12-03 ext:pqi pqi -database PQ DriveImage allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard dri ...
2004-12-03 ext:vmdk vmdk VMWare allows PC emulation across a variety of platforms. These files are VMWare disk images which essentially contain a copy of an entire PC, which c ...
2004-12-03 ext:vmx vmx VMWare allows PC emulation across a variety of platforms. Theseconfiguration files describe a virtual PC, and reveal information about that PC's ...
2004-12-04 inurl:"/axs/ax- admin.pl" -script This system records visits to your site. This admin script allows you to display these records in meaningful graph and database formats. ...
2004-12-05 "Generated by phpSystem" PhpSystem shows info about unix systems, including: General Info (kernel, cpu, uptime), Connections, Who Is Logged In, Memory, Swap and active mounts. ...
2004-12-05 php-addressbook "This is the addressbook for... php-addressbook shows user address information without a password. ...
2004-12-04 intitle:"Multim on UPS status page" Multimon provide UPS monitoring services ...
2004-12-13 ext:dat bpk.dat Perfect Keylogger is as the name says a keylogger :)This dork finds the corresponding datafiles which can be read with the free downloadable lite vers ...
2004-12-13 inurl:ds.py Affordable Web-based document and content management application lets businesses of every size rapidly deploy a world-class Enterprise Content Managem ...
2004-12-19 ext:conf inurl:rsyncd.conf -cvs -man rsync is an open source utility that provides fast incremental file transfer.rsync can also talk to "rsync servers" which can provide anonym ...
2004-12-19 inurl:preferences.in i "[emule]" This finds the emule configuration file which contains some general and proxy information.Sometimes proxy user and password are stored. ...
2004-12-19 intitle:"welcom e.to.squeezebox" ; squeezebox is the easiest way for music lovers to enjoy high-quality playback of their whole digital music collection. Stream music from your computer ...
2004-12-30 filetype:cnf inurl:_vti_pvt access.cnf The access.cnf file is a "weconfigfile" (webconfig file) used by Frontpage Extentions for Unix. The install script called change_server.sh p ...
2004-12-30 filetype:blt "buddylist" ; AIM buddylists. ...
2004-12-30 intitle:"index. of" .diz .nfo last modifi... File_id.diz is a description file uploaders use to describe packages uploaded to FTP sites. Although rooted in legitimacy, it is used largely by softw ...
2005-01-02 filetype:ctt Contact This is for MSN Contact lists... ...
2005-01-02 Peoples MSN contact lists This will give msn contact lists .. modify the "msn" to what ever you feel is messenger related ...
2005-01-02 intext:gmail invite intext:http://gmail. google.com... This is a dork I did today. At first, I wanted to find out the formula for making one, but ... It got boring, so I just made a dork that finds invites ...
2005-01-13 intitle:"FTP root at" This dork will return some FTP root directories. The string can be made more specific by adding additional keywords like password. ...
2005-01-22 ext:txt inurl:dxdiag This will find text dumps of the DirectX Diag utility. It gives an outline of the hardware of the computer, and goes into quite a bit of detail listin ...
2005-01-27 ext:reg "username=*&quo t; putty Putty registry entries. Contain username and hostname pairs, as well as type of session (sftp, xterm, etc). ...
2005-01-27 intitle:"edna:s treaming mp3 server" -for... Edna allows you to access your MP3 collection from any networked computer. This software streams your MP3s via HTTP to any MP3 player that supports pl ...
2005-01-27 inurl:netscape.ini There's a bunch of interesting info in netscape.ini1. Viewers: which multimedia viewers the firm or people are using2.Cookies3.Address Book4.Mail ...
2005-01-27 inurl:netscape.hst Netscape Bookmark List/History: So an attacker would be able to locate the bookmark and history list ...
2005-01-27 inurl:"bookmark .htm" Bookmarks for Netscape and various other browsers. ...
2005-01-27 inurl:netscape.hst History for Netscape - So an attacker can read a user's browsing history. ...
2005-02-15 -site:php.net -"The PHP Group" inurl:sou... scripts to view the source code of PHP scripts running on the server. Can be very interesting if it is also allowed to open configuration files ;-) ...
2005-02-15 intitle:"web server status" SSH Telnet simple port scanners for most common ports ...
2005-02-28 +"HSTSNR" -"netop.com&quo t; This search reveals NetOp license files. From the netop website: "NetOp Remote Control is the most comprehensive, effective and security-consciou ...
2005-03-02 inurl:getmsg.html intitle:hotmail These pages contain hotmail messages that were saved as HTML. These messages can contain anything from personal data to cleartext passwords. ...
2005-02-15 filetype:ora tnsnames This searches for tns names files. This is an Oracle configuration file that sets up connection strings for someone's Oracle client to contact t ...
2005-02-28 "#mysql dump" filetype:sql 21232f297a57a... this is a mod of one of the previous queries posted in here. the basic thing is, to add this:21232f297a57a5a743894a0e4a801fc3to your query, that orygi ...
2005-03-30 WebLog Referrers ExpressionEngine is a modular, flexible, feature-packed web publishing system that adapts to a broad range of needs. ...
2005-04-26 "MacHTTP" filetype:log inurl:machttp.log MacHTTP is an webserver for Macs running OS 6-9.x. It's pretty good for older Macs but the default install leaves the MacHTTP.log file open to ac ...
2005-04-26 ext:plist filetype:plist inurl:bookmarks.plis t These Safari bookmarks that might show very interesting info about a user's surfing habits ...
2005-04-26 ext:ics ics ICalender Fileder that can contain a lot of useful information about a possible target. ...
2005-04-27 ext:jbf jbf There is a full path disclosure in .jbf files (paint shop pro), which by itself is not a vulnerability, but it becomes interesting when uploaded or us ...
2005-04-27 ext:DBF DBF Dbase DAtabase file. Can contain sensitive data like any other database. ...
2005-04-27 ext:CDX CDX Visual FoxPro database index ...
2005-04-27 ext:ccm ccm -catacomb Lotus cc:Mail Mailbox file ...
2005-04-27 ext:DCA DCA IBM DisplayWrite Document Content Architecture Text File ...
2005-06-07 inurl:XcCDONTS.asp This query reveals an .asp script which can often be used to send anonymous emails from fake senders. When combined with a proxy, the usefulness of th ...
2005-06-21 filetype:QBW qbw Quickbooks is software to manage your business's financials. Invoicing, banking, payroll, etc, etc. Its a nice software package but their files ( ...
2005-07-08 filetype:PS ps PS is for "postscript"...which basically means you get the high quality press data for documents. Just run 'adobe distiller' or al ...
2005-07-21 allinurl:cdkey.txt cdkeys ...
2005-07-24 site:www.mailinator. com inurl:ShowMail.do Mailinator.com allows people to use temporary email boxes. Read the site, I won't explain here. Anyway, there are emails in this site that have n ...
2005-07-30 ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw ... Although this search is a bit broken (the file extensions don't always work), it reveals interesting-looking documents which may contain potentia ...
2005-08-16 intitle:"admin panel" +"Powered by ... This finds all versions of RedKernel Referer Tracker(stats page) it just gives out some nice info ...
2005-08-12 intitle:"curric ulum vitae" filetype:doc Hello. 1. It reveals personal datas, often private addresses, phone numbers, e-mails, how many children one has:). Full curriculum vitae. I tried many ...
2005-08-23 contacts ext:wml Forget Bluetooth Hacking! You'll be amazed, at how many people sync their Cell Phones to the same Computers they run some type of Server on. This ...
2005-09-08 rdbqds -site:.edu -site:.mil -site:.gov Ceasar encryption is a rather simple encryption. You simply shift letters up or down across the entire length of the message... In the url I did this ...
2005-10-04 intitle:"urchin (5|3|admin)" ext:cgi Gain access to Urchin analysis reports. ...
2005-10-22 intitle:Bookmarks inurl:bookmarks.html "Bookm... AFAIK are the bookmarks of Firefox, Netscape and Mozilla stored in bookmarks.html. It is often uploaded to serve as a backup, so it could reveal some ...
2005-11-16 intitle:"Welcom e to F-Secure Policy Manager S... An attacker may want to know about the antivirus software running. The description says he can check the status of the F-Secure Policy Manager Server ...
2005-11-24 inurl:wp-mail.php + "There doesn't seem... This is the WordPress script handling Post-By-Email functionality, the search is focussed on the message telling that there's nothing to process. ...
2005-12-19 (intitle:WebStatisti ca inurl:main.php) | (intitle:... WebStatistica provides detailed statistics about a web page. Normally you would have to login to view these statistics but the sites have put autolog ...
2005-12-22 inurl:/cgi-bin/pass. txt Passwords ...
2006-01-16 inurl:build.err General build error file. Can tell what modules are installed, the OS the compiler the language, in theory usernames and passwords could probably be f ...
2006-01-16 intext:ViewCVS inurl:Settings.php CVs is a software used to keep track of changes to websites. You can review all updates and previous files wihtout actualy loging into CVS. It is poss ...
2006-02-22 "not for public release" -.edu -.gov -.m... if you search through lots of these then you find some really juicy things, there files from police, airports, government companies all kind of stuff ...
2006-03-18 intitle:"Joomla - Web Installer" Joomla! is a Content Management System (CMS) created by the same team that brought the Mambo CMS. This dork finds the Web Installer page. On newer ver ...
2006-03-18 (intitle:"PRTG Traffic Grapher" inurl:&q... PRTG Traffic Grapher is Windows software for monitoring and classifying bandwidth usage. It provides system administrators with live readings and long ...
2006-03-21 intitle:"LOGREP - Log file reporting system&q... Logrep is an open source log file Extraction and Reporting System by ITeF!x. This dork finds the logs that it creates. ...
2006-10-02 intitle:"AppSer v Open Project *" "A... Often includes phpinfo and unsecured links to phpmyadmin. ...