Fast Track “There's Nothing so Permanent as Temporary”
Aug 29, 2014
Fast Track
“There's Nothing so Permanent as Temporary”
Alexa top 1,000,000 websites
Robots
● Robots.txt
Google dork:inurl:robots filetype:txt
Disallow: /admin/*
Disallow: /backup/*
Disallow: /logs/*
Disallow: /secret-file.tar.gz
Robots
Hypertext
● .htaccess● .htpasswd
● _.htpasswd● !.htpasswd● 0.htpasswd● old.htpasswd● %20.htpasswd● backup.htpasswd● 1.htpasswd
OS files
● Thumbs.db● ehthumbs.db● Desktop.ini● .DS_Store
● .apdisk● .AppleDouble● .LSOverride
Logs
● access.log● access_log● error.log● error_log
● /log/*● /logs/*
Logs
Logs
Google dorks:
site:mysite.com filetype:log
site:mysite.com inurl:error_log
site:mysite.com inurl:access_log
Status
● /server-status/● /nginx-status/● /status/● /stats/● /stat/
DGT Release Checker for vBulletin
validator.php
Tools for managing content in databases
● /sqlbuddy/login.php● /adminer/index.php● /adminer/adminer.php● /adminer.php● /phpmyadmin/index.php● /myadmin/index.php● /pma/index.php
Revision control
● /.svn/entries● /.git/index● /.hg/store/undo● /.hg/store/data/
Revision control
● .cvsignore● .gitignore● .gitignore_global● .npmignore● .svnignore● .hgignore
Revision control
● .hgrc (mercurial.ini for win)● .gitconfig● .gitattributes
Test files
● test.php● 1.php● tst.php● test1.php● example.php● demo.php
● phpinfo.php● php.php● info.php● i.php● p.php
● *.dif● *.err● *.orig● *.rej● .*.swo● .*.swn● .*.swm● .*.swp● *.vi● *~● *.sass-cache● *.cache
● *.part● .#.*● *.bak● *.backup● *.un~● *.old● *.tmp● *.sublime-workspace● *.sublime-project
etc…
Swap and backup files
Swap and backup files
Other configs
● /WEB-INF/context.xml● /WEB-INF/web.xml● /web.config● /dataobject.ini● /.travis.yml● /database.yml● /config/AppData.config● /inc/config.inc
/dataobjects.ini
/WEB-INF/context.xml
Statistic
● /webstat/● /cgi-bin/awstats.pl
● /apc.php● /apc/index.php● /apc/apc.php
Ну и там всякий xcache, загуглите сами ;)
IDE and other
● /nbproject/● /.komodotools/● /.sass-cache/● /.idea/
● .project● .buildpath● .settings● .tmproj
IDE and other
● /.config● /.pki● /.local● /.cache● /.filemgr-tmp● /.shrc● /.rhosts
● /.profile● /.mailrc● /.mail_aliases● /.login_conf● /.login● /.cshrc● .cache
home = www
.bash_history
SSH
• /.ssh/known_host• /.ssh/authorized_keys• /.ssh/*
Attn!
/.ssh/id_rsa
@i_bo0om
Спасибо за внимание ;)
Тут я работаю >
< тут принимаю участие
/\Тут я пишу короч)))