How to obtain phpMyAdmin information in batches
Below, phpmyadmin uses the tutorial column to introduce the method of obtaining phpMyAdmin information in batches. I hope it will be helpful to friends in need!
by antian365 simeon
introduced phpMyAdmin in the previous topic To violently crack the Mysql Root account password, the prerequisite for cracking is to know which websites or URLs contain phpMyAdmin. In other words, how to obtain these URLs. There is too much interference when searching for the keyword "phpMyAdmin" using search engines such as Google and Baidu. According to the author's research , currently the most useful search engines are Zoomeye.org and shodan.io, which are better for batch keyword retrieval. After a vulnerability occurs, batch penetration can be achieved through these two search engines. The following is a detailed introduction to how to apply it.
- shodan search engine use
1.1 Use shodan to search keywords
Searching with shodan.io is very simple. Users can register for free. After registration, you can log in to the website and use it in its input box. Just enter keywords to search, as shown in Figure 1, enter "phpMyAdmin", then click the search icon, and the system will automatically search. You can also search directly using the link address:
https://www.shodan.io/search?query=phpMyAdmin
Figure 1 Use shodan search engine to search for keywords
1.2 more Keyword search
If you do not log in to the shodan search engine, you can only view the simplest results. In the search results interface, you can view a certain country, Services, etc. By default, the shodan search engine displays five types of results: "TOP COUNTRIES", "TOP SERVICES", "TOP ORGANIZATIONS", "TOP OPERATING SYSTEMS" and "TOP PRODUCTS". Free users can only search the first five pages of results. As shown in Figure 2, you can add a country to the search keyword to search, or you can click on the map on the left. For example, the following keywords: phpMyAdmin country: "CN" product: "Apache httpd" means the search keyword "phpMyAdmin", the country is China, and the product type is "Apache httpd".
Figure 2 Add keywords to search
1.3 View search results
In the search result records, you can see that each record will contain "phpMyAdmin", and then there is a Details below , clicking this link will display detailed information about the IP port opening, etc., as shown in Figure 3. In this information, the possible geographical information of the IP will also be displayed in a map by default.
Figure 3 View the detailed information of the search IP
1.4 Test and collect URL addresses
If you only view the details of the keyword, click the keyword link address in the search results That's it. It is recommended to use a new window to open the link address. As shown in Figure 4, the search result "http://123.56.190.193/" will be the login interface of phpMyAdmin. If it can be opened and realized correctly, then the URL Copy to txt file for collection. As shown in Figure 5, URLs of the same type are organized into a txt file for subsequent use.
Figure 4 Testing whether the URL address can be opened correctly
Figure 5 Organizing the URL address
1.5 Search restrictions
When using shodan to search for 5 pages, Prompt to purchase, otherwise it will not be available. At this time, you can change the keywords to search, such as selecting different products, different countries, etc., as shown in Figure 6. There is no limit after purchasing a membership.
Figure 6 Search restrictions
1.6 Tips
Add ".zip", "index of", "wwwroot.rar", ".tar.gz", etc. to the search keywords It is possible to obtain the source code and directory leak vulnerability, obtain the root account and password through the source code, and directly export a sentence backdoor through query to obtain the webshell.
Using zoomeye to search for keywords is similar to shadon. For example, use the link below to directly search for Beijing, China. The keyword is phpmyadmin. The effect is shown in Figure 7. There is no limit on the number of records after zoomeye is registered and logged in.
https://www.zoomeye.org/search?q=phpMyAdmin country:China country:China city:Beijin
Figure 7 Search using zoomeye
The above is the detailed content of How to obtain phpMyAdmin information in batches. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1378
52
How to set primary key in phpmyadmin
Apr 07, 2024 pm 02:54 PM
The primary key of a table is one or more columns that uniquely identify each record in the table. Here are the steps to set a primary key: Log in to phpMyAdmin. Select database and table. Check the column you want to use as the primary key. Click "Save Changes". Primary keys provide data integrity, lookup speed, and relationship modeling benefits.
How to add foreign keys in phpmyadmin
Apr 07, 2024 pm 02:36 PM
Adding a foreign key in phpMyAdmin can be achieved by following these steps: Select the parent table that contains the foreign key. Edit the parent table structure and add new columns in "Columns". Enable foreign key constraints and select the referencing table and key. Set update/delete operations. save Changes.
Where is the phpmyadmin log?
Apr 07, 2024 pm 12:57 PM
Default location for PHPMyAdmin log files: Linux/Unix/macOS:/var/log/phpmyadminWindows: C:\xampp\phpMyAdmin\logs\ Log file purpose: Troubleshooting Audit Security
Where does the wordpress database exist?
Apr 15, 2024 pm 10:39 PM
The WordPress database is housed in a MySQL database that stores all website data and can be accessed through your hosting provider’s dashboard, FTP, or phpMyAdmin. The database name is related to the website URL or username, and access requires the use of database credentials, including name, username, password, and hostname, which are typically stored in the "wp-config.php" file.
What is the password for the phpmyadmin account?
Apr 07, 2024 pm 01:09 PM
The default username and password for PHPMyAdmin are root and empty. For security reasons, it is recommended to change the default password. Method to change password: 1. Log in to PHPMyAdmin; 2. Select "privileges"; 3. Enter the new password and save it. When you forget your password, you can reset it by stopping the MySQL service and editing the configuration file: 1. Add the skip-grant-tables line; 2. Log in to the MySQL command line and reset the root password; 3. Refresh the permission table; 4. Delete skip-grant-tables line, restart the MySQL service.
How to delete data table in phpmyadmin
Apr 07, 2024 pm 03:00 PM
Steps to delete a data table in phpMyAdmin: Select the database and data table; click the "Action" tab; select the "Delete" option; confirm and perform the deletion operation.
why phpmyadmin access denied
Apr 07, 2024 pm 01:03 PM
Reasons and solutions for access denied by phpMyAdmin: Authentication failed: Check whether the username and password are correct. Server configuration error: adjust firewall settings and check whether the database port is correct. Permissions issue: Granting users access to the database. Session timeout: Refresh the browser page and reconnect. phpMyAdmin configuration error: Check the configuration file and file permissions to make sure the required Apache modules are enabled. Server issue: Wait for a while and try again or contact your hosting provider.
What kind of vulnerability does the phpmyadmin vulnerability belong to?
Apr 07, 2024 pm 01:36 PM
phpMyAdmin is susceptible to multiple vulnerabilities, including: 1. SQL injection vulnerability; 2. Cross-site scripting (XSS) vulnerability; 3. Remote code execution (RCE) vulnerability; 4. Local file inclusion (LFI) vulnerability; 5. Information disclosure Vulnerability; 6. Privilege escalation vulnerability.
