Skip to main content

Google Search Directive - sites and links

Google searches are case insenstive.

 

site:

search only within the given domain. If you include site: in your query, Google will restrict your search results to the site or domain you specify. For example, [ admissions site:www.lse.ac.uk ] will show admissions information from London School of Economics’ site and [ peace site:gov ] will find pages about peace within the .gov domain. You can specify a domain with or without a period, e.g., either as .gov or gov. OR[ site:www.lse.ac.uk admissions] OR [ site:www.lse.ac.uk filetype:ppt] will look for all ppt files in that particular site OR [site:abcd.net ppt] will not only get ppt but also web pages that include the text ppt.

 

link:

Shows all sites linked to a fiven site. The query link:URL shows pages that point to that URL. For example, to find pages that point to Google Guide’s home page, enter:
link:www.googleguide.com ]

related:

Shows similar pages. The query related:URL will list web pages that are similar to the web page you specify. For instance, [related:www.consumerreports.org] will list web pages that are similar to the Consumer Reports home page.

 

intitle:

Shows pages whose title matches the search. The query intitle:term restricts results to documents containing term in the title. For instance, [ flu shot intitle:help ] will return documents that mention the word “help” in their titles, and mention the words “flu” and “shot” anywhere in the document (title or not) OR
 [intitle:index. of passwd] finds indexed web directories with the workd "passwd" in the dirrectory lisiting, possibly /etc/passwd file OR. [intitle:"Nessus Scan Report" "This file was generated by Nessus" to find sites that have output from the nessus vulnerability scanner. somehow this file was put on the root of the webserver & now google could search it. OR [intitle: index.of intext: "secring.skr" | "secring.pgp" | "secring.bak"] will look for sites with directory idnexing in which we have files named liseted above. An attacker could grab these files and lunch a passwd guessing against them.

inurl:

shows pages whose URL matches the search criteria. If you include inurl: in your query, Google will restrict the results to documents containing that word in the URL. For instance, [inurl:print site:www.googleguide.com] searches for pages on Google Guide in which the URL contains the word “print.” It finds pdf files that are in the directory or folder named “print” on the Google Guide website. The query [inurl:healthy eating] will return documents that mention the words “healthy” in their URL, and mention the word “eating” anywhere in the document. OR [ inurl: viewtopic.php] finds a script included in the phpBB, a set of scripts for running a web-based forum, with a history of significant flaws
  

phonebook:

If you start your query with phonebook:, Google shows all public U.S. resudence telephone listings (name, address, phone number) for the person you specify. For example, [ phonebook: John Doe New York NY ] will show phonebook listings of everyone named John Doe in New York, NY.
more info @ http://www.googleguide.com/advanced_operators.html

Comments

Post a Comment

Popular posts from this blog

VM 13 : Basic Pentest 1 csec

Notes: Walkthru: 1. https://medium.com/@evire/basic-pentesting-1-7251fb3e3f9e [ w/metasploi t using Wordpress t] 2. https://prasannakumar.in/infosec/vulnhub-basic-pentesting-1-writeup/ [ w/metasploit using ftp ] 3.  https://www.ceos3c.com/hacking/basic-pentesting-1-walkthrough/ [ by uploading php-reverse-shell in wordpress ] 4. http://k3ramas.blogspot.com/2018/02/basic-pentesting-1-walkthrough.html [  access wordpress config file to get pwd and access the DB ] 5.  https://cowsayroot.com/walkthrough-basic-pentesting-1/ [ Wpscan, ftp metasploit vulnerability, phpbash ] 6.   http://www.hackingarticles.in/hack-the-basic-penetration-vm-boot2root-challenge/    [use msfvenom to create  to create php shell to be uploaded in Wordpress ] 7.   https://d7x.promiselabs.net/2018/01/30/ctf-basic-pentesting-a-guide-for-beginners/ [adding command using using PHP] Notes:  Ports - 21...ProFTPD 1.3.3c - 22 openSSH 7.2p2 ubuntu ...
2 comments
Read more

VM 5: Vulnix :

Walkthru: A. https://mrh4sh.github.io/vulnix-solution [SMTP and Finger enumeration, creating linux user with specific UID, root squashing, ssh pwd cracking using medusa & hydra, logging using ssh keys, updating /usr/sbin/exportfs] B. http://overflowsecurity.com/hacklab-vulnix/ [ same as above. create ssh keys for root and copied to victim to login as root w/o recovering pwd] C. https://www.rebootuser.com/?p=988[ local bash shell from nfs] B. https://www.vulnhub.com/?q=vulnix&sort=date-des&type=vm [list of solutions] D. https://www.rebootuser.com/?p=988 [User Enumeration #1 – SMTP, Finger; Entry Point including hydra, Putty(using rlogin service), nfs (showmount,mount) ] Notes: - As you can see the root user is the only account which is logged on the remote  host.Now that we have a specific username we can use it in order to obtain more information about this user with the command  finger root@host . -  Another effective use of the finger...
Post a Comment
Read more

VM: pWnOS 2.0

Walkthru A. http://defsecurityjam.blogspot.co.uk/2015/07/pwnos-version-2-walkthrough.html [reading source page, Simple PHP Blog Perl exploit, Python revershell using oneliner, looking around ] b. https://blog.g0tmi1k.com/2012/09/pwnos-2-php-web-application/ [metasploit using PHP Blog exploit] c. http://netsec.ws/?p=430 [burpsuite, sql porxy] d. https://blog.g0tmi1k.com/2012/09/pwnos-2-sql-injection/ [sql injection, union. Very good explanation of the process of what is being done. Didnt try cmds] e. https://www.youtube.com/watch?v=ytzZfI27ueU [sql injection, sqlmap read file and upload reverse shell using sqlmap] f. https://ub3rsec.github.io/pages/2016/pwnosv2-sqli.html [sql injection, union using burp Very good . It list all email field that we are passing and modifying thru burp suite/proxy/intercept. One could enter those union statements in the email field but in this case, the field truncates and remove the later part of union statment which is why we...
Post a Comment
Read more