Tips N Trik mendapatkan username dan Password dengan Google

semoga bermanfaat
google sebagai web pencarian no 1 saat ini memang belum ada duanya. teknik pencarian
dengan penggunaan macam tipe dan operator membuat user dapat membuat berbagai macam
variasi pencarian. kita tidak akan membahas berbagai macam operator tersebut, karena judul
artikel ini mendapatkan password dan username.

semua tabel dalam artikel ini diambil dari buku

"google hacking for penetration testers", mungkin ada temen2 yang belum sempet baca jadi
saya tulis aja biar semua bisa menikmati. biar temen2 yang masih newbie tidak terheran
heran jika seseorang bisa mendapatkan banyak passworddari website. jadi gak usah heran....
TABEL KATA KATA KUNCI MENDAPATKAN USERNAMES
--------------------------------------------------------KATA KUNCI | KETERANGAN
--------------------------------------------------------inurl:admin inurl: |userlist Generic userlist files
--------------------------------------------------------inurl:admin filetype: |asp Generic userlist files
inurl:userlist |
--------------------------------------------------------inurl:php inurl: |Half-life statistics file, lists username and
hlstats intext: |other information
Server Username |
--------------------------------------------------------filetype:ctl |
inurl:haccess. |Microsoft FrontPage equivalent of htaccess
ctl Basic |shows Web user credentials
--------------------------------------------------------filetype:reg |
reg intext: |Microsoft Internet Account Manager can
--------------------------------------------------------internet account manager |reveal usernames and more
filetype:wab wab |Microsoft Outlook Express Mail address
|books
--------------------------------------------------------filetype:mdb inurl:profiles |Microsoft Access databases containing
|profiles.
--------------------------------------------------------index.of perform.ini |mIRC IRC ini file can list IRC usernames and
|other information
--------------------------------------------------------inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
|used to discover usernames
---------------------------------------------------------

filetype:conf inurl:proftpd. |PROFTP FTP server configuration file

conf sample |reveals
|username and server information
--------------------------------------------------------filetype:log username putty |PUTTY SSH client logs can reveal
|usernames
|and server information
--------------------------------------------------------filetype:rdp rdp |Remote Desktop Connection files reveal user
|credentials
--------------------------------------------------------intitle:index.of |UNIX bash shell history reveals commands
.bash_history |typed at a bash command prompt; usernames
|are often typed as argument strings
--------------------------------------------------------intitle:index.of |UNIX shell history reveals commands typed at
.sh_history |a shell command prompt; usernames are
|often typed as argument strings
--------------------------------------------------------index of lck |Various lock files list the user currently using
|a file
--------------------------------------------------------+intext:webalizer +intext: |Webalizer Web statistics page lists Web userTotal Usernames +intext: |names and statistical information
Usage Statistics for
--------------------------------------------------------filetype:reg reg HKEY_ |Windows Registry exports can reveal
CURRENT_USER |username usernames and other information
---------------------------------------------------------

TABEL KATA-KATA KUNCI MENDAPATKAN PASSWORD

--------------------------------------------------------KATA KUNCI | KETERANGAN
--------------------------------------------------------inurl:/db/main.mdb |ASP-Nuke passwords
--------------------------------------------------------filetype:cfm cfapplication |ColdFusion source with potential passwords
name password
--------------------------------------------------------filetype:pass |dbman credentials
pass intext:userid
--------------------------------------------------------allinurl:auth_user_file.txt |DCForum user passwords
--------------------------------------------------------eggdrop filetype:user user |Eggdrop IRC user credentials
--------------------------------------------------------filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials

--------------------------------------------------------filetype:url +inurl:ftp:// |FTP bookmarks cleartext passwords

+inurl:@
--------------------------------------------------------inurl:zebra.conf intext: |GNU Zebra passwords
password -sample -test
-tutorial download
--------------------------------------------------------filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
--------------------------------------------------------intitle:Index of .htpasswd |HTTP htpasswd Web user credentials
htgroup -intitle:dist
-apache -htpasswd.c
--------------------------------------------------------intitle:Index of .htpasswd |HTTP htpasswd Web user credentials
htpasswd.bak
--------------------------------------------------------http://*:*@www bob:bob |HTTP passwords (bob is a sample username)
--------------------------------------------------------sets mode: +k |IRC channel keys (passwords)
--------------------------------------------------------Your password is * |Remember IRC NickServ registration passwords
this for later use
--------------------------------------------------------signin filetype:url |JavaScript authentication credentials
--------------------------------------------------------LeapFTP intitle:index.of./ |LeapFTP client login credentials
sites.ini modified
--------------------------------------------------------inurl:lilo.conf filetype:conf |LILO passwords
password -tatercounter2000
-bootpwd man
--------------------------------------------------------filetype:config config intext: |Microsoft .NET application credentials
appSettings User ID
--------------------------------------------------------filetype:pwd service |Microsoft FrontPage Service Web passwords
--------------------------------------------------------intitle:index.of |Microsoft FrontPage Web credentials
administrators.pwd
--------------------------------------------------------# -FrontPage- |Microsoft FrontPage Web passwords
inurl:service.pwd
ext:pwd inurl:_vti_pvt inurl: |Microsoft FrontPage Web passwords
(Service | authors | administrators)
--------------------------------------------------------inurl:perform filetype:ini |mIRC nickserv credentials
--------------------------------------------------------intitle:index of intext: |mySQL database credentials
connect.inc

--------------------------------------------------------intitle:index of intext: |mySQL database credentials

globals.inc
--------------------------------------------------------filetype:conf oekakibbs |Oekakibss user passwords
--------------------------------------------------------filetype:dat wand.dat |Opera Magic Wand Web credentials
--------------------------------------------------------inurl:ospfd.conf intext: |OSPF Daemon Passwords
password -sample -test
-tutorial download
--------------------------------------------------------index.of passlist |Passlist user credentials
--------------------------------------------------------inurl:passlist.txt |passlist.txt file user credentials
--------------------------------------------------------filetype:dat password.dat |password.dat files
--------------------------------------------------------inurl:password.log filetype:log |password.log file reveals usernames,
|passwords,and hostnames
--------------------------------------------------------filetype:log inurl:password.log |password.log files cleartext
|passwords
--------------------------------------------------------inurl:people.lst filetype:lst |People.lst generic password file
--------------------------------------------------------intitle:index.of config.php |PHP Configuration File database
|credentials
--------------------------------------------------------inurl:config.php dbuname dbpass |PHP Configuration File database
|credentials
--------------------------------------------------------inurl:nuke filetype:sql |PHP-Nuke credentials
--------------------------------------------------------filetype:conf inurl:psybnc.conf |psyBNC IRC user credentials
USER.PASS=
--------------------------------------------------------filetype:ini ServUDaemon |servU FTP Daemon credentials
--------------------------------------------------------filetype:conf slapd.conf |slapd configuration files root password
--------------------------------------------------------inurl:slapd.conf intext: |slapd LDAP credentials
credentials -manpage
-Manual Page -man: -sample
--------------------------------------------------------inurl:slapd.conf intext: |slapd LDAP root password
rootpw -manpage
-Manual Page -man: -sample
--------------------------------------------------------filetype:sql IDENTIFIED BY cvs |SQL passwords

--------------------------------------------------------filetype:sql password |SQL passwords

--------------------------------------------------------filetype:ini wcx_ftp |Total Commander FTP passwords
--------------------------------------------------------filetype:netrc password |UNIX .netrc user credentials
--------------------------------------------------------index.of.etc |UNIX /etc directories contain
|various credential files
--------------------------------------------------------intitle:Index of..etc passwd |UNIX /etc/passwd user credentials
--------------------------------------------------------intitle:index.of passwd |UNIX /etc/passwd user credentials
passwd.bak
--------------------------------------------------------intitle:Index of pwd.db |UNIX /etc/pwd.db credentials
--------------------------------------------------------intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
--------------------------------------------------------intitle:index.of master.passwd |UNIX master.passwd user credentials
--------------------------------------------------------intitle:Index of spwd.db |UNIX spwd.db credentials
passwd -pam.conf
--------------------------------------------------------filetype:bak inurl:htaccess| |UNIX various password file backups
passwd|shadow|htusers
--------------------------------------------------------filetype:inc dbconn |Various database credentials
--------------------------------------------------------filetype:inc intext:mysql_ |Various database credentials, server names
connect
--------------------------------------------------------filetype:properties inurl:db |Various database credentials, server names
intext:password
--------------------------------------------------------inurl:vtund.conf intext:pass cvs |Virtual Tunnel Daemon passwords
--------------------------------------------------------inurl:wvdial.conf intext: |wdial dialup user credentials
password
--------------------------------------------------------filetype:mdb wwforum |Web Wiz Forums Web credentials
--------------------------------------------------------AutoCreate=TRUE password=* |Website Access Analyzer user passwords
--------------------------------------------------------filetype:pwl pwl |Windows Password List user credentials
--------------------------------------------------------filetype:reg reg +intext: |Windows Registry Keys containing user
defaultusername intext: |credentials
defaultpassword
---------------------------------------------------------

filetype:reg reg +intext: |Windows Registry Keys containing user

internet account manager |credentials
--------------------------------------------------------index of/ ws_ftp.ini |WS_FTP FTP credentials
parent directory
--------------------------------------------------------filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
--------------------------------------------------------inurl:/wwwboard |wwwboard user credentials
--------------------------------------------------------mungkin temen2 ada yang ingin melihat password dari website jerman?
mungkin sebaiknya kita juga mengganti kata "password" dengan memakai bahasa jerman
tentunya dibawah ini adalah tabel 5 negara beserta terjemahan password dalam bahasa
masing2 negara.
----------------------------------------------------BAHASA |KATA-KATA| TRANSLATE
----------------------------------------------------German |password | Kennwort
Spanish |password | contrasea
French |password | mot de passe
Italian |password | parola daccesso
Portuguese |password | senha
Dutch |password | Paswoord
----------------------------------------------------setelah temen2 banyak mendapatkan password, apa yang akan anda lakukan?jangan berbuat
jahat yang pasti, lihat2 saja isinya atau anda terlalu baik dengan memberitahu admin. jangan
lupa sediakan john the ripper dirumah, sapa tau password yang disimpan sudah dalam
keadaan terenkripsi.
keterangan :
karena ketidak teraturan kata2 pada artikel ini, setelah tanda "|" berarti itu merupakan
keterangan dari kata kunci. MOHON MAAF
NB: sory aku bikin format code, biar ramping :D
Oleh : Ardiansyah