Agdlp's Blog


intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql
"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
"allow_call_time_pass_reference" "PATH_INFO"
"Certificate Practice Statement" inurl:(PDF | DOC)
"Generated by phpSystem"
"generated by wwwstat"
"Host Vulnerability Summary Report"
"HTTP_FROM=googlebot" googlebot.com "Server_Software="
"Index of" / "chat/logs"
"Installed Objects Scanner" inurl:default.asp
"MacHTTP" filetype:log inurl:machttp.log
"Mecury Version" "Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log
"Most Submitted Forms and Scripts" "this section"
"Network Vulnerability Assessment Report"
"not for distribution" confidential
"not for public release" -.edu -.gov -.mil
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
"phpMyAdmin" "running on" inurl:"main.php"
"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt
"Running in Child mode"
"sets mode: +p"
"sets mode: +s"
"Thank you for your order" +receipt
"This is a Shareaza Node"
"This report was generated by WebLog"
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject
(intitle:"PRTG Traffic Grapher" inurl:"allsensors")|(intitle:"PRTG Traffic Grapher - Monitoring Results")
(intitle:WebStatistica inurl:main.php) | (intitle:"WebSTATISTICA server") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob
(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt
+":8080" +":3128" +":80" filetype:txt
+"HSTSNR" -"netop.com"
-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp
94FBR "ADOBE PHOTOSHOP"
AIM buddy lists
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:cdkey.txt
allinurl:servlet/SnoopServlet
cgiirc.conf
cgiirc.conf
contacts ext:wml
data filetype:mdb -site:gov -site:mil
exported email addresses
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential
ext:asp inurl:pathto.asp
ext:ccm ccm -catacomb
ext:CDX CDX
ext:cgi inurl:editcgi.cgi inurl:file=
ext:conf inurl:rsyncd.conf -cvs -man
ext:conf NoCatAuth -cvs
ext:dat bpk.dat
ext:DBF DBF
ext:DCA DCA
ext:gho gho
ext:ics ics
ext:ini intext:env.ini
ext:jbf jbf
ext:ldif ldif
ext:log "Software: Microsoft Internet Information Services *.*"
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:nsf nsf -gov -mil
ext:plist filetype:plist inurl:bookmarks.plist
ext:pqi pqi -database
ext:reg "username=*" putty
ext:txt "Final encryption key"
ext:txt inurl:dxdiag
ext:vmdk vmdk
ext:vmx vmx
filetype:asp DBQ=" * Server.MapPath("*.mdb")
filetype:bkf bkf
filetype:blt "buddylist"
filetype:blt blt +intext:screenname
filetype:cfg auto_inst.cfg
filetype:cnf inurl:_vti_pvt access.cnf
filetype:conf inurl:firewall -intitle:cvs
filetype:config web.config -CVS
filetype:ctt Contact
filetype:ctt ctt messenger
filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To"
filetype:fp3 fp3
filetype:fp5 fp5 -site:gov -site:mil -"cvs log"
filetype:fp7 fp7
filetype:inf inurl:capolicy.inf
filetype:lic lic intext:key
filetype:log access.log -CVS
filetype:log cron.log
filetype:mbx mbx intext:Subject
filetype:myd myd -CVS
filetype:ns1 ns1
filetype:ora ora
filetype:ora tnsnames
filetype:pdb pdb backup (Pilot | Pluckerdb)
filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net
filetype:pot inurl:john.pot
filetype:PS ps
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:qbb qbb
filetype:QBW qbw
filetype:rdp rdp
filetype:reg "Terminal Server Client"
filetype:vcs vcs
filetype:wab wab
filetype:xls -site:gov inurl:contact
filetype:xls inurl:"email.xls"
Financial spreadsheets: finance.xls
Financial spreadsheets: finances.xls
Ganglia Cluster Reports
haccess.ctl (one way)
haccess.ctl (VERY reliable)
ICQ chat logs, please...
intext:"Session Start * * * *:*:* *" filetype:log
intext:"Tobias Oetiker" "traffic analysis"
intext:(password | passcode) intext:(username | userid | user) filetype:csv
intext:gmail invite intext:http://gmail.google.com/gmail/a
intext:SQLiteManager inurl:main.php
intext:ViewCVS inurl:Settings.php
intitle:"admin panel" +"Powered by RedKernel"
intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)
intitle:"AppServ Open Project" -site:www.appservnetwork.com
intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"
intitle:"Big Sister" +"OK Attention Trouble"
intitle:"curriculum vitae" filetype:doc
intitle:"edna:streaming mp3 server" -forums
intitle:"FTP root at"
intitle:"index of" +myd size
intitle:"Index Of" -inurl:maillog maillog size
intitle:"Index Of" cookies.txt size
intitle:"index of" mysql.conf OR mysql_config
intitle:"Index of" upload size parent directory
intitle:"index.of *" admin news.asp configview.asp
intitle:"index.of" .diz .nfo last modified
intitle:"Joomla - Web Installer"
intitle:"LOGREP - Log file reporting system" -site:itefix.no
intitle:"Multimon UPS status page"
intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )
intitle:"PhpMyExplorer" inurl:"index.php" -cvs
intitle:"statistics of" "advanced web statistics"
intitle:"System Statistics" +"System and Network Information Center"
intitle:"urchin (5|3|admin)" ext:cgi
intitle:"Usage Statistics for" "Generated by Webalizer"
intitle:"wbem" compaq login "Compaq Information Technologies Group"
intitle:"Web Server Statistics for ****"
intitle:"web server status" SSH Telnet
intitle:"Welcome to F-Secure Policy Manager Server Welcome Page"
intitle:"welcome.to.squeezebox"
intitle:admin intitle:login
intitle:Bookmarks inurl:bookmarks.html "Bookmarks
intitle:index.of "Apache" "server at"
intitle:index.of cleanup.log
intitle:index.of dead.letter
intitle:index.of inbox
intitle:index.of inbox dbx
intitle:index.of ws_ftp.ini
intitle:intranet inurl:intranet +intext:"phone"
inurl:"/axs/ax-admin.pl" -script
inurl:"/cricket/grapher.cgi"
inurl:"bookmark.htm"
inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM
inurl:"newsletter/admin/"
inurl:"newsletter/admin/" intitle:"newsletter admin"
inurl:"putty.reg"
inurl:"smb.conf" intext:"workgroup" filetype:conf conf
inurl:*db filetype:mdb
inurl:/cgi-bin/pass.txt
inurl:/_layouts/settings
inurl:admin filetype:xls
inurl:admin intitle:login
inurl:backup filetype:mdb
inurl:build.err
inurl:cgi-bin/printenv
inurl:cgi-bin/testcgi.exe "Please distribute TestCGI"
inurl:changepassword.asp
inurl:ds.py
inurl:email filetype:mdb
inurl:fcgi-bin/echo
inurl:forum filetype:mdb
inurl:forward filetype:forward -cvs
inurl:getmsg.html intitle:hotmail
inurl:log.nsf -gov
inurl:main.php phpMyAdmin
inurl:main.php Welcome to phpMyAdmin
inurl:netscape.hst
inurl:netscape.hst
inurl:netscape.ini
inurl:odbc.ini ext:ini -cvs
inurl:perl/printenv
inurl:php.ini filetype:ini
inurl:preferences.ini "[emule]”
inurl:profiles filetype:mdb
inurl:report “EVEREST Home Edition ”
inurl:server-info “Apache Server Information”
inurl:server-status “apache”
inurl:snitz_forums_2000.mdb
inurl:ssl.conf filetype:conf
inurl:tdbin
inurl:vbstats.php “page generated”
inurl:wp-mail.php + “There doesn’t seem to be any new mail.”
inurl:XcCDONTS.asp
ipsec.conf
ipsec.secrets
ipsec.secrets
Lotus Domino address books
mail filetype:csv -site:gov intext:name
Microsoft Money Data Files
mt-db-pass.cgi files
MySQL tabledata dumps
mystuff.xml - Trillian data files
OWA Public Folders (direct view)
Peoples MSN contact lists
php-addressbook “This is the addressbook for *” -warning
phpinfo()
phpMyAdmin dumps
phpMyAdmin dumps
private key files (.csr)
private key files (.key)
Quicken data files
rdbqds -site:.edu -site:.mil -site:.gov
robots.txt
site:edu admin grades
site:www.mailinator.com inurl:ShowMail.do
SQL data dumps
Squid cache server reports
Unreal IRCd
WebLog Referrers
Welcome to ntop


Google give us Chrome 3 today

and the new BIG visible update from this  beta 3
are the new templates,skins

Application -> get templates/skins …

Or  “personas” on firefox ! 
you can get it here https://addons.mozilla.org/fr/firefox/addon/10900

Social Engineering is for me, one of the best ways to get informations about people !
but what is it ?

Social engineering cannot be describe without talking about Kevin Mitnick   http://en.wikipedia.org/wiki/Kevin_Mitnick
It’s the art of talking to someone and obtain informations or acces to something.

Yesterday i went to see someone to the hospital … i wanted to know about his state before going to see him, i went to the doctors room and asked them
some informations about Mr X …  they just asked me if i was from the family … and ABSOLUTLY NOT !
I talked 10 minutes with the doctor and got a copy of the admission documents from Mister X …. it was so easy !
I gave all those documents to Mr X … he was happy to get is own admission documents.

People are weakneses for other people ….

Another example can be, I want to get some informations about a company  ( This is totally factice ! )
The first part of my job will be
1# analyse employees
2# analyse Directors
3# Keep everything in mind about them

Imagine a Company  called  XYZ  i need informations for a client !

First day :
I analyse Directors … where are they living ?, Which kind of Hobbies ? Wifie ? Single ? Childs ?
I’ll do that until i know everything !

Next Days :
Employee analyse ( i’ll do the same )

Bob, Alice, Jhon

Bob … is single … he likes money and wives … he drink alone in a pub after work … bob has an important job in this company …
Alice … Has a child  … this child is sick … she need money to help her child …. but she is only cleaner in the company
Jhon … has everything he need !

… as you can see  we are going to choose hour targets Bob and Alice !

Next Morning …. Bob will meed a beautifull wife in the pub … bob .. will fall in love … and she will present us to bob …
Her friends … and Bob will listen to us by love to his new girlfriend … ( this part can take a month ! )

Next Moring we will wait Alice … and ask her documents who are in the trashbins against money !
each important documents can be paid from 10$ until  200$ ( we will insist on the Sick point from her child )

This can be a nice social engineering work !
there are many ways to use social engineering !

I founded a useful software this afternoon !

software is actually not free ! but there is 30 days free trial test

I’ll paste here the Wikipedia Page !

Jaikoz is a Java program used for editing and mass tagging music file tags. Jaikoz performs acoustic fingerprint matching and metadata lookups. Accuracy is determined by the completeness of the database being used and the quality of the recording. Jaikoz uses the MusicBrainz service. It generates fingerprints (MusicIP’s MusicDNS PUIDs) of your files and compares them with the data from the MusicBrainz server.

Additionally Jaikoz matching algorithm compares the metadata files to each other, and performs an analysis on the sameness of values. If sufficiently similar, the values are changed to the most popular value. This mechanism allows automatic correction of typos. For example, if there were fifty records with the artist name “The Beatles” and ten with the artist name “The Beetles,” the sameness of the two values would indicate they were the same and all values would be modified to the most popular (the correct) value “The Beatles”.

Jaikoz is commercially licensed software, written in Java 1.5 by Paul Taylor. A shareware version, in which changes can only be saved to 20 files during one use, is also available as a 30-day free trial. 10% of every sale is paid to Metabrainz to support Musicbrainz development

the software is actually nice !

http://www.jthink.net/jaikoz

I read a book ( i actually read a lot of books ! )
this book explain some good practices in Oriented Object,
I founded those good practices nice and i’ll try to apply them in my programming projects.

1# Variables Name

- The variables names have to be readable !
If you are programming in a 10 programmers team … giving names like
x=1; y=0;

why ?
imagine the next programmer who have to read again your work !

- Don’t give names with prefixes like
Imagine this in your program


int iCount=0;
double dPersonal=1;


Why?
Because, if you use Eclipse or any other completion program you’ll have all the variables name with de prefix …
and you waste time to search your variable !

- Use nice names
Imagine a code like this one

int dmy;
int smh;


Why?
because nobody knows the signification !
Day Month Year = dym … Wtf ?
it’ll be better to use DayMonthYear;
and SecondMinutHour; to give names for your variables !
it’s actually a little bit longer but … when people are reading you’r programming part … they just understand everything

- Dont Make jokes in your code !
why?
Only people who have the same humour as you will understand what you’r speaking about !
all the other people … will waste time on you’r coding part !

2# Classes

- Class length ?
The length of a class has to be short !
the “good” length of a class is 40 lines …( this is theoretical a thing )

3# Functions / Methods

- Function Length ?
We have to remeber that a function has also to be short !

- A function as only one function ?
this is very important !!
A function have to have only one function …
you cannot make a lot of things in a function

i don’t have any examples yet … but i’ll show more later here !

hep,

I was reading a book when i found this little commands for linux about connexion ( it can be helpfull for administrators )

Commands :

who : show the connected users : Linux/Mac
last : show last connexion (passed ) : Linux / Mac
lastb : show last connexion (failed) : Linux


Files


/etc/passwd : local users
/etc/group : local groups
/etc/log/wtmp : binary file with all connexion log ( Only Linux )
/var/log/utmp : binray file with all user actually connected ( Only Linux)
/var/log/btmp : Binary file with all failed connexion ( Only Linux )



Hey,

I’m agdlp IT student,
i’ll speak here about security,linux,java,… and lot of other it subjects.

I hope you’ll enjoy it

Agdlp.