Jump to content


Photo
- - - - -

way to see what files are on a site...


  • Please log in to reply
19 replies to this topic

#1 ragweed

ragweed

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 484 posts

Posted 16 July 2003 - 09:55 PM

okay so anybody know a way to view ALL the files on a particular website through a search engine like google? if so what engines?

#2 nick84

nick84

    Member

  • Agents of the Revolution
  • 1,680 posts
  • Gender:Male

Posted 18 July 2003 - 07:18 AM

try feeding this into the google search box, replacing stuff with what you want to search for, and example.com with the website you want to look on:
stuff site:example.com

(you could probably get it to list most/all files with a couple of carefully selected keywords)

#3 phreakblaze

phreakblaze

    ...and would you belive they let me play with 30TB!!!

  • Members
  • 1,670 posts

Posted 25 July 2003 - 01:55 PM

I've heard of it but never got it to work.

#4 ragweed

ragweed

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 484 posts

Posted 25 July 2003 - 02:36 PM

I've heard of it but never got it to work.

thats because they show you the incorrect format on google... you have to have a space before the : for example
download :www.stankdawg.com

#5 phreakblaze

phreakblaze

    ...and would you belive they let me play with 30TB!!!

  • Members
  • 1,670 posts

Posted 25 July 2003 - 02:38 PM

now it makes sence

#6 Y0ungBra1n

Y0ungBra1n

    The floor is made of lava!

  • Agents of the Revolution
  • 1,239 posts
  • Gender:Male
  • Location:Sal Tlay Ka Siti

Posted 25 July 2003 - 05:03 PM

so, if i wanted to find a prog at site: "blahblah.com" all i have to do is

prog :blahblah.com



#7 phreakblaze

phreakblaze

    ...and would you belive they let me play with 30TB!!!

  • Members
  • 1,670 posts

Posted 25 July 2003 - 05:18 PM

pretty much.

#8 Dial Tone

Dial Tone

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 429 posts

Posted 06 August 2003 - 11:28 AM

Their "robots.txt" sometimes lists employees only areas.

#9 l0cache

l0cache

    I'm on default!

  • Members
  • 123 posts

Posted 06 August 2003 - 11:45 PM

Try google searches like:
intitle:"index of" mdb
This lets you in on all the poorly configured websites. You can throw mdb, db, cgi, sales.mdb, customer.mdb, waste, etc... it's a good way to surf the net if you're bored. I read it somewhere(governmentsecurity.org) and cannot take credit for it... it's pretty well documented.
Here:
"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto

administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index

allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

inurl:passwd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."


top secret site:mil
confidential site:mil

allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history

intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

ALTERNATIVE INPUTS

_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp\
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
wwwstats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi

Hope that helps

#10 ragweed

ragweed

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 484 posts

Posted 07 August 2003 - 06:55 AM

thanks

#11 phreakblaze

phreakblaze

    ...and would you belive they let me play with 30TB!!!

  • Members
  • 1,670 posts

Posted 07 August 2003 - 11:53 AM

thats a good list.

#12 Y0ungBra1n

Y0ungBra1n

    The floor is made of lava!

  • Agents of the Revolution
  • 1,239 posts
  • Gender:Male
  • Location:Sal Tlay Ka Siti

Posted 08 August 2003 - 09:45 AM

good stuff IO cache... Thanks

#13 l0cache

l0cache

    I'm on default!

  • Members
  • 123 posts

Posted 08 August 2003 - 10:22 AM

No prob. Again, I can't take any cred for it... It's a good way to target unpatched servers for xploits... I hear.

#14 phreakblaze

phreakblaze

    ...and would you belive they let me play with 30TB!!!

  • Members
  • 1,670 posts

Posted 08 August 2003 - 11:34 AM

but we can thank you for bringing the list to us.

#15 Crimson_Binome

Crimson_Binome

    Gibson Hacker

  • Members
  • 86 posts

Posted 17 September 2003 - 12:43 AM

http://www.ibertrans...l?site=&lang=de

whats this? Looks interesting but I cant understand the language.

Edit:

HEHE!! us this http://www.freetranslation.com/web.htm

#16 l0cache

l0cache

    I'm on default!

  • Members
  • 123 posts

Posted 17 September 2003 - 04:52 PM

html gui for log files at:
http://awstats.sourceforge.net/
Good way to see the structure of a site for directory traversal... some actually list authenticated user's activities. From this you can get user names etc.... This particular site looks like all it is is the perl scripts to track access.

#17 Crimson_Binome

Crimson_Binome

    Gibson Hacker

  • Members
  • 86 posts

Posted 17 September 2003 - 06:02 PM

ahhh, thx I see now...very nice tool.

#18 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 17 September 2003 - 09:33 PM

html gui for log files at:
http://awstats.sourceforge.net/
Good way to see the structure of a site for directory traversal... some actually list authenticated user's activities. From this you can get user names etc.... This particular site looks like all it is is the perl scripts to track access.

this looks like a nice package! I have been looking for a new one and thought we might have to develope our own. This one looks like it almost everything i want, and it could be customized with my additions.

Even with my limited perl, I think i could mod it well enough. ^_^

#19 GUEST_ROX_***

GUEST_ROX_***
  • Guests

Posted 19 September 2003 - 07:48 PM

I love Google. It's great for digging up dirt on anyone or searching through any website.

Thanks l0cache for the ideas.

#20 obfuscated

obfuscated

    Hakker addict

  • Members
  • 621 posts

Posted 22 September 2003 - 01:07 AM

I know i'm late to this post........
I was in barnes and noble the other day and saw this book call "Google Hacks" written by Tara Calishain and Rael Dornfest. I filped through it and it looks pretty interesting.

Just thought I would throw that in there.......




BinRev is hosted by the great people at Lunarpages!