Finding files such as the /etc/passwd file on web servers is very easy online.
There are heaps of servers where the /etc directory is exposed online. Using a simple Google Dork, it is possible to find exposed /etc/passwd files.
index of: /etc/passwd |
This just works perfectly.
I found this example online.
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false _apt:x:104:65534::/nonexistent:/bin/false Debian-exim:x:105:109::/var/spool/exim4:/bin/false messagebus:x:106:110::/var/run/dbus:/bin/false ntp:x:107:112::/home/ntp:/bin/false sshd:x:108:65534::/run/sshd:/usr/sbin/nologin rdnssd:x:109:65534::/var/run/rdnssd:/bin/false vnstat:x:110:113::/var/lib/vnstat:/bin/false postfix:x:111:115::/var/spool/postfix:/bin/false varnish:x:112:117::/nonexistent:/bin/false vcache:x:113:117::/nonexistent:/bin/false varnishlog:x:114:117::/nonexistent:/bin/false mysql:x:115:118:MySQL Server,,,:/var/lib/mysql:/bin/false memcache:x:116:119:Memcached,,,:/nonexistent:/bin/false sensu:x:999:999:Sensu Monitoring Framework:/opt/sensu:/bin/false newrelic:x:998:998:New Relic daemons:/opt/newrelic:/bin/false shellinabox:x:117:120:Shell In A Box,,,:/var/lib/shellinabox:/bin/false ansible:x:1000:1000:Cloudways Ansible:/var/cw/ansible:/bin/bash systeam:x:1001:1001:Cloudways Systeam:/var/cw/systeam:/bin/bash master_tgycmhqabh:x:1002:33::/home/master:/usr/bin/mysecureshell mtwggxjdwg:x:1003:33::/home/481123.cloudwaysapps.com/mtwggxjdwg:/usr/sbin/nologin qfycpgjxzf:x:1004:33::/home/481123.cloudwaysapps.com/qfycpgjxzf:/usr/sbin/nologin jungkmsdth:x:1005:33::/home/481123.cloudwaysapps.com/jungkmsdth:/usr/sbin/nologin rnueayafdj:x:1008:33::/home/481123.cloudwaysapps.com/rnueayafdj:/usr/sbin/nologin frankel2020:x:1008:33::/home/481123.cloudwaysapps.com/rnueayafdj:/usr/bin/mysecureshell zbuhrzhuey:x:1009:33::/home/481123.cloudwaysapps.com/zbuhrzhuey:/usr/sbin/nologin fhssneufja:x:1010:33::/home/481123.cloudwaysapps.com/fhssneufja:/usr/sbin/nologin zcard-team:x:1010:33::/home/481123.cloudwaysapps.com/fhssneufja:/usr/bin/mysecureshell fxxsvsbzyn:x:1011:33::/home/481123.cloudwaysapps.com/fxxsvsbzyn:/usr/sbin/nologin platformops:x:1012:1012:Cloudways PlatformOps:/var/cw/platformops:/bin/bash systemd-coredump:x:997:997:systemd Core Dumper:/:/usr/sbin/nologin redis:x:103:122::/var/lib/redis:/usr/sbin/nologin |
To find SSH keys online, use this Google Dork.
index of /etc/ssh/ssh_config |
This will find /etc/ssh directories that could contain SSH keys.
To find directories that contain SSL keys, use this Google Dork.
index of /etc/ssl |
This could be very useful.
To find directories containing database backups on websites, use this Google Dork. These could contain passwords and user accounts and would be very useful to get ahold of.
indexof /backup database |
There are plenty of SSH keys available online, this is how to get ahold of them. Use this Google Dork to download SSH keys whenever you wish.
intitle:"index of /" ssh |
Finally, to find Putty logs that contain a lot of useful information, use this Google Dork.
filetype:log username putty |
Find Amazon AWS buckets online using this simple Google Dork.
site:http://amazonaws.com inurl:". s3.amazonaws.com/" |
Open s3 buckets can be a nightmare in terms of bill shock.
S3 bucket find Using Google Dorks 🌍
Here are a couple of examples: site:http://amazonaws.com inurl:”. s3.amazonaws.com/” site:http://s3.amazonaws.com intitle:index.