Home > Database > phpMyAdmin > body text

How to obtain phpMyAdmin information in batches

藏色散人
Release: 2020-12-16 17:00:35
forward
2904 people have browsed it

Below, phpmyadmin uses the tutorial column to introduce the method of obtaining phpMyAdmin information in batches. I hope it will be helpful to friends in need!

How to obtain phpMyAdmin information in batches

by antian365 simeon
introduced phpMyAdmin in the previous topic To violently crack the Mysql Root account password, the prerequisite for cracking is to know which websites or URLs contain phpMyAdmin. In other words, how to obtain these URLs. There is too much interference when searching for the keyword "phpMyAdmin" using search engines such as Google and Baidu. According to the author's research , currently the most useful search engines are Zoomeye.org and shodan.io, which are better for batch keyword retrieval. After a vulnerability occurs, batch penetration can be achieved through these two search engines. The following is a detailed introduction to how to apply it.

  1. shodan search engine use
    1.1 Use shodan to search keywords
    Searching with shodan.io is very simple. Users can register for free. After registration, you can log in to the website and use it in its input box. Just enter keywords to search, as shown in Figure 1, enter "phpMyAdmin", then click the search icon, and the system will automatically search. You can also search directly using the link address:
    https://www.shodan.io/search?query=phpMyAdmin
    How to obtain phpMyAdmin information in batches
    Figure 1 Use shodan search engine to search for keywords
    1.2 more Keyword search
    If you do not log in to the shodan search engine, you can only view the simplest results. In the search results interface, you can view a certain country, Services, etc. By default, the shodan search engine displays five types of results: "TOP COUNTRIES", "TOP SERVICES", "TOP ORGANIZATIONS", "TOP OPERATING SYSTEMS" and "TOP PRODUCTS". Free users can only search the first five pages of results. As shown in Figure 2, you can add a country to the search keyword to search, or you can click on the map on the left. For example, the following keywords: phpMyAdmin country: "CN" product: "Apache httpd" means the search keyword "phpMyAdmin", the country is China, and the product type is "Apache httpd".
    How to obtain phpMyAdmin information in batches
    Figure 2 Add keywords to search
    1.3 View search results
    In the search result records, you can see that each record will contain "phpMyAdmin", and then there is a Details below , clicking this link will display detailed information about the IP port opening, etc., as shown in Figure 3. In this information, the possible geographical information of the IP will also be displayed in a map by default.
    How to obtain phpMyAdmin information in batches
    Figure 3 View the detailed information of the search IP
    1.4 Test and collect URL addresses
    If you only view the details of the keyword, click the keyword link address in the search results That's it. It is recommended to use a new window to open the link address. As shown in Figure 4, the search result "http://123.56.190.193/" will be the login interface of phpMyAdmin. If it can be opened and realized correctly, then the URL Copy to txt file for collection. As shown in Figure 5, URLs of the same type are organized into a txt file for subsequent use.
    How to obtain phpMyAdmin information in batches
    Figure 4 Testing whether the URL address can be opened correctly
    How to obtain phpMyAdmin information in batches
    Figure 5 Organizing the URL address
    1.5 Search restrictions
    When using shodan to search for 5 pages, Prompt to purchase, otherwise it will not be available. At this time, you can change the keywords to search, such as selecting different products, different countries, etc., as shown in Figure 6. There is no limit after purchasing a membership.
    How to obtain phpMyAdmin information in batches
    Figure 6 Search restrictions
    1.6 Tips
    Add ".zip", "index of", "wwwroot.rar", ".tar.gz", etc. to the search keywords It is possible to obtain the source code and directory leak vulnerability, obtain the root account and password through the source code, and directly export a sentence backdoor through query to obtain the webshell.
    Using zoomeye to search for keywords is similar to shadon. For example, use the link below to directly search for Beijing, China. The keyword is phpmyadmin. The effect is shown in Figure 7. There is no limit on the number of records after zoomeye is registered and logged in.
    https://www.zoomeye.org/search?q=phpMyAdmin country:China country:China city:Beijin
    How to obtain phpMyAdmin information in batches
    Figure 7 Search using zoomeye

The above is the detailed content of How to obtain phpMyAdmin information in batches. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:csdn.net
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template