Robots.txt
is a text (not html) file you put on your site to tell search engine
which pages you would like them not to visit. Robots.txt is by no means
mandatory for search engines but generally search engines obey what they
are asked not to do.
Now
if this is not configured properly, then there are chances hacker tries
to find exploitable targets and sensitive data by using search engines
which is known as Google Hacking. The Google Hacking Database (GHDB) is a
database of queries that identify sensitive data. Although Google
blocks some of the better known Google hacking queries, nothing stops a
hacker from crawling your site and launching the Google Hacking Database
queries directly onto the crawled content.
Information that the Google Hacking Database identifies:
* Files containing passwords
* Files containing usernames
* Advisories and server vulnerabilities
* Error messages that contain sensitive information
* Sensitive directories
* Vulnerable servers
* Web server detection
* Control of CCTV Cameras
* Files containing usernames
* Advisories and server vulnerabilities
* Error messages that contain sensitive information
* Sensitive directories
* Vulnerable servers
* Web server detection
* Control of CCTV Cameras
Trying to completely update this GHDB soon, So you can refer this post to find latest attack pattern.
GHDB: Files containing passwords
1. inurl:"/root/etc/passwd" intext:"home/*:"
2. intitle:index.of passwd passwd.bak
3. intitle:index.of master.passwd
4. intitle:”Index of” pwd.db
5. intitle:”Index of” “.htpasswd” htpasswd.bak
6. intitle:”Index of” “.htpasswd” “htgroup” -intitle:”dist” -apache -htpasswd.c
7. intitle:”Index of” spwd.db passwd -pam.conf
8. intitle:”Index of..etc” passwd
9. intitle:index.of config.php
10. index.of passlist
11. intitle:index.of administrators.pwd
12. filetype:sql insite:pass && user
GHDB: Files containing usernames
This search reveals userlists, username of different types of user like end user account, administrative user account.
1. inurl:admin inurl:userlist
2. inurl:admin filetype:asp inurl:userlist
3. filetype:reg reg HKEY_CURRENT_USER username
4. filetype:conf inurl:proftpd.conf -sample
5. inurl:php inurl:hlstats intext:”Server Username”
6. intext:”SteamUserPassphrase=” intext:”SteamAppUser=” -”username” -”user”
7. filetype:log username putty
GHDB: Control of CCTV Cameras
This search reveals web cameras, If authentication is not enable then you can take controll of web cameras.
1. inurl:/control/userimage.html
2. intitle:"active webcam page"
3. inurl:camctrl.cgi
4. allintitle:Brains, Corp. camera
5. intitle:"supervisioncam protocol"
6. allinurl:index.htm?cus?audio
7. intitle:"Browser Launch Page"
8. inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi
9. intitle:"Live NetSnap Cam-Server feed"
10. intitle:"iVISTA.Main.Page"
11. intitle:"V-Gear BEE"
12. intitle:"EvoCam" inurl:"webcam.html"
13. intitle:"i-Catcher Console" Copyright "iCode Systems"
14. intitle:"toshiba network camera - User Login"
15. intitle:"DVR Web client"
16. inurl:netw_tcp.shtml
17. camera linksys inurl:main.cgi
GHDB: Files containing passwords
This
search show “password” files which contain encrypted/hashed/cleartext
passwords. A password cracker can decrypt the encrypted/hashed password
faster than Elvis eating jelly doughnuts. Sometimes you will get FULL
ADMIN access...
1. inurl:"/root/etc/passwd" intext:"home/*:"
2. intitle:index.of passwd passwd.bak
3. intitle:index.of master.passwd
4. intitle:”Index of” pwd.db
5. intitle:”Index of” “.htpasswd” htpasswd.bak
6. intitle:”Index of” “.htpasswd” “htgroup” -intitle:”dist” -apache -htpasswd.c
7. intitle:”Index of” spwd.db passwd -pam.conf
8. intitle:”Index of..etc” passwd
9. intitle:index.of config.php
10. index.of passlist
11. intitle:index.of administrators.pwd
12. filetype:sql insite:pass && user
GHDB: Files containing usernames
This search reveals userlists, username of different types of user like end user account, administrative user account.
1. inurl:admin inurl:userlist
2. inurl:admin filetype:asp inurl:userlist
3. filetype:reg reg HKEY_CURRENT_USER username
4. filetype:conf inurl:proftpd.conf -sample
5. inurl:php inurl:hlstats intext:”Server Username”
6. intext:”SteamUserPassphrase=” intext:”SteamAppUser=” -”username” -”user”
7. filetype:log username putty
GHDB: Control of CCTV Cameras
This search reveals web cameras, If authentication is not enable then you can take controll of web cameras.
1. inurl:/control/userimage.html
2. intitle:"active webcam page"
3. inurl:camctrl.cgi
4. allintitle:Brains, Corp. camera
5. intitle:"supervisioncam protocol"
6. allinurl:index.htm?cus?audio
7. intitle:"Browser Launch Page"
8. inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi
9. intitle:"Live NetSnap Cam-Server feed"
10. intitle:"iVISTA.Main.Page"
11. intitle:"V-Gear BEE"
12. intitle:"EvoCam" inurl:"webcam.html"
13. intitle:"i-Catcher Console" Copyright "iCode Systems"
14. intitle:"toshiba network camera - User Login"
15. intitle:"DVR Web client"
16. inurl:netw_tcp.shtml
17. camera linksys inurl:main.cgi
Posts
