Below, phpmyadmin uses the tutorial column to introduce the method of obtaining phpMyAdmin information in batches. I hope it will be helpful to friends in need!
by antian365 simeon introduced phpMyAdmin in the previous topic To violently crack the Mysql Root account password, the prerequisite for cracking is to know which websites or URLs contain phpMyAdmin. In other words, how to obtain these URLs. There is too much interference when searching for the keyword "phpMyAdmin" using search engines such as Google and Baidu. According to the author's research , currently the most useful search engines are Zoomeye.org and shodan.io, which are better for batch keyword retrieval. After a vulnerability occurs, batch penetration can be achieved through these two search engines. The following is a detailed introduction to how to apply it.
shodan search engine use 1.1 Use shodan to search keywords Searching with shodan.io is very simple. Users can register for free. After registration, you can log in to the website and use it in its input box. Just enter keywords to search, as shown in Figure 1, enter "phpMyAdmin", then click the search icon, and the system will automatically search. You can also search directly using the link address: https://www.shodan.io/search?query=phpMyAdmin
Figure 1 Use shodan search engine to search for keywords 1.2 more Keyword search If you do not log in to the shodan search engine, you can only view the simplest results. In the search results interface, you can view a certain country, Services, etc. By default, the shodan search engine displays five types of results: "TOP COUNTRIES", "TOP SERVICES", "TOP ORGANIZATIONS", "TOP OPERATING SYSTEMS" and "TOP PRODUCTS". Free users can only search the first five pages of results. As shown in Figure 2, you can add a country to the search keyword to search, or you can click on the map on the left. For example, the following keywords: phpMyAdmin country: "CN" product: "Apache httpd" means the search keyword "phpMyAdmin", the country is China, and the product type is "Apache httpd".
Figure 2 Add keywords to search 1.3 View search results In the search result records, you can see that each record will contain "phpMyAdmin", and then there is a Details below , clicking this link will display detailed information about the IP port opening, etc., as shown in Figure 3. In this information, the possible geographical information of the IP will also be displayed in a map by default.
Figure 3 View the detailed information of the search IP 1.4 Test and collect URL addresses If you only view the details of the keyword, click the keyword link address in the search results That's it. It is recommended to use a new window to open the link address. As shown in Figure 4, the search result "http://123.56.190.193/" will be the login interface of phpMyAdmin. If it can be opened and realized correctly, then the URL Copy to txt file for collection. As shown in Figure 5, URLs of the same type are organized into a txt file for subsequent use.
Figure 4 Testing whether the URL address can be opened correctly
Figure 5 Organizing the URL address 1.5 Search restrictions When using shodan to search for 5 pages, Prompt to purchase, otherwise it will not be available. At this time, you can change the keywords to search, such as selecting different products, different countries, etc., as shown in Figure 6. There is no limit after purchasing a membership.
Figure 6 Search restrictions 1.6 Tips Add ".zip", "index of", "wwwroot.rar", ".tar.gz", etc. to the search keywords It is possible to obtain the source code and directory leak vulnerability, obtain the root account and password through the source code, and directly export a sentence backdoor through query to obtain the webshell. Using zoomeye to search for keywords is similar to shadon. For example, use the link below to directly search for Beijing, China. The keyword is phpmyadmin. The effect is shown in Figure 7. There is no limit on the number of records after zoomeye is registered and logged in. https://www.zoomeye.org/search?q=phpMyAdmin country:China country:China city:Beijin
Figure 7 Search using zoomeye
The above is the detailed content of How to obtain phpMyAdmin information in batches. For more information, please follow other related articles on the PHP Chinese website!
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn