FurryToad.com
A Portal to Music and Art
..............................................................................................................
Use the menu to navigate to pages
on this site and to many other quality sites.
Check this page for secret links
I do that somtimes for fun.
As with any where on the net...
Dont click ads...they are ads..
We are not buying anything here today.
¯ Menu
Use Google to find what you want
Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and are able to execute it then you can go ahead in further escalating your privileges over the server and compromise it.
Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:
http://www.securiteam.com/exploits/2BUQ4S0SAW.html
Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.
Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials. For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following links:
http://www.securiteam.com/securitynews/6M00H2K5PG.html
Other similar search using “inurl:” or “allinurl:” combined with other syntaxs
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntaxs
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php
passwords....yup passwords
http://USERNAME:PASSWORD@members.membersite.com. A quick google search
will come up with many, many, such strings, try googling :
http://*:*@members.www.site.com (you insert the site name)
google : ‘http://*:*@members.*.com’
Many sites using this way for logging in:
http://userass@www.site.com
Now we want to know what the pass is from www.site.com, we dunno how big it is, and we dunno if it are letters or numbers. So we use this * its a wildcard
This will make google guess for all things he finds on the net and replace them with what he found.
http://*:*@www.site.com and it will return links with users and passwords in the discription.
----------------------------------------------------------------------------------------------------------------------------------------------------
crack/serial search
looking for a crack/serial before you go anywhere try this.
http://www.google.com/advanced_search?hl=en
Or
http://altavista.com/web/adv
Others will work but these are best.Notice these are advance search,go to "all of these words",then add 94FBR & the name of the proggy you want to crack.Most of the time you`ll find what you want.
how about that lol...
....................................................................................................................................................
controlable survalence
cameras on the net
google-| inurl:"viewerframe mode="
....................................................................................................................................................
all web pages of a site
site:www.targetsite.com " www.targetsite. com/"
All rapidshare. Downloads:
http://www.google.com/search?hl=en&lr=&as_qdr=all&q=+.*+site%3Arapidshare.com
http://www.google.com/search?q=+.rar+OR+.zip+OR+.pdf+OR+.exe+site:rapidshare.com&hl=en&lr=&as_qdr=all&start=10&sa=N
....................................................................................................................................................
must read links
h**p://www.searchlores.org/rabbits.htm
(Essential Site - You will learn a lot !)
h**p://fravia.com/targets.htm#sounds
(Same site, different url !)
....................................................................................................................................................
Do you want more?...leave a comment asking....if asked....I will teach....I walk where I wish threw the internet....it is mine
HowwwwwL
Oltos