These methods
will be easily understood by the Hackers
Any help for the Novice
Hackers Please drop in your Comments
You can also drop in your E -
Mail Id's to be mailed a detailed Presentation on Google HACKING
Using
Google, and some finely crafted searches we can find a lot of
interesting information.For
Example we can find:Credit
Card Numbers
Passwords
Software / MP3's
(and on and on and
on) Presented below is just a sample of interesting searches that we
can send to google to obtain infomation that some people might not want
us having.. After you get a taste using some of these, try your own
crafted searches to find info that you would be interested in.Try a few of these searches:
METHOD
1:intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access
denied for user" "using password"
"A syntax error has occurred"
filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of
SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica
MetaSearch" "stack tracking:"
Amex Numbers:
300000000000000..399999999999999
MC Numbers:
5178000000000000..5178999999999999
visa
4356000000000000..4356999999999999
"parent directory " /appz/
-xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory
" DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent
directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent
directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent
directory "MP3-xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent
directory " Name of Singer or album -xxx -html -htm -php -shtml
-opendivx -md5 -md5sums
Notice that I am only changing the word after
the parent directory, change it to what you want and you will get a lot
of stuff.
METHOD 2
Put this string in google search:
?intitle:index.of?
mp3
You only need add the name of the song/artist/singer.
Example:
?intitle:index.of? mp3 jackson
METHOD 3
Put this
string in google search:
inurl:microsoft filetype:iso
You
can change the string to whatever you want, ex. Microsoft to adobe, ISO
to zip etc…
"# -FrontPage-" inurl:service.pwd
Frontpage
passwords.. very nice clean search results listing !!
"AutoCreate=TRUE
password=*"
This searches the password for "Website Access Analyzer"
,
a Japanese software that creates webstatistics. For those who can read
Japanese, check out the author's site at:
[You must be registered and logged in to see this link.]"http://*:*@www"
domainname
This is a query to get inline passwords from search
engines (not just Google), you must type in the query followed with the
the domain name without the .com or .net
"http://*:*@www" bangbus or
"http://*:*@www"bangbus
Another way is by just typing
"http://bob:bob@www"
"sets
mode: +k"
This search reveals channel keys (passwords) on IRC as
revealed from IRC chat logs.
allinurl: admin mdb
Not all
of these pages are administrator's access databases containing
usernames, passwords and other sensitive information, but many are!
allinurl:auth_user_file.txt
DCForum's
password file. This file gives a list of (crackable) passwords,
usernames and email addresses for DCForum and for DCShop (a shopping
cart program(!!!). Some lists are bigger than others, all are fun, and
all belong to googledorks.
intitle:"Index of" config.php
This
search brings up sites with "config.php" files. To skip the technical
discussion, this configuration file contains both a username and a
password for an SQL database. Most sites with forums run a PHP message
base. This file gives you the keys to that forum, including FULL ADMIN
access to the database.
eggdrop filetype:user user
These
are eggdrop config files. Avoiding a full-blown discussion about
eggdrops and IRC bots, suffice it to say that this file contains
usernames and passwords for IRC users.
intitle:index.of.etc
This
search gets you access to the etc directory, where many many many types
of password files can be found. This link is not as reliable, but
crawling etc directories can be really fun!
filetype:bak
inurl:"htaccess|passwd|shadow|htusers"
This will search for
backup files (*.bak) created by some editors or even by the
administrator himself (before activating a new version).
Every
attacker knows that changing the extension of a file on a web server can
have ugly consequences.
Let's pretend you need a serial number
for windows XP pro.
In the google search bar type in just like
this - "Windows XP Professional" 94FBR
The key is the 94FBR
code.. it was included with many MS Office registration codes so this
will help you dramatically reduce the amount of 'fake' porn sites that
trick you.
Or if you want to find the serial for winzip 8.1 - "Winzzip 8.1"