Pages

Google Hacking








Google Hacking









Google Hacking



                                                                                                                                       



src="Google%20Hacking_files/image002.jpg"
alt="google hacking: Rahul Dutt Avasthy" v:shapes="Picture_x0020_3">



For Example we can find: Credit Card Numbers,
Passwords, Software / MP3's



...... (and on and on and on) Presented below is just a sample of interesting
searches that we can send to google to obtain info that some people might not
want us having.. After you get a taste using some of these, try your own crafted
searches to find info that you would be interested in.





Try a few of these searches:




intitle:"Index of" passwords modified

allinurl:auth_user_file.txt

"access denied for user" "using password"

"A syntax error has occurred" filetype:ihtml

allinurl: admin mdb


"ORA-00921: unexpected end of SQL command"

inurl:passlist.txt

"Index of /backup"

"Chatologica MetaSearch" "stack tracking:"







Amex Numbers: 300000000000000..399999999999999

MC Numbers: 5178000000000000..5178999999999999




visa 4356000000000000..4356999999999999



"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums


"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "MP3-xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of Singer or album -xxx -html -htm -php -shtml
-opendivx -md5 -md5sums

Notice that I am only changing the word after the parent directory, change it to
what you want and you will get a lot of stuff.





METHOD 2





put this string in google search:



?intitle:index.of? mp3



You only need add the name of the song/artist/singer.



Example: ?intitle:index.of? mp3 jackson





METHOD 3





put this string in google search:



inurl:microsoft filetype:iso



You can change the string to watever you want, ex. microsoft to adobe, iso to
zip etc…



"# -FrontPage-" inurl:service.pwd




Frontpage passwords.. very nice clean search results listing !!

"AutoCreate=TRUE password=*"

This searches the password for "Website Access Analyzer"

, a Japanese software that creates webstatistics. For those who can read
Japanese, check out the author's site at:

http://www.coara.or.jp/~passy/

"http://*:*@www"
domainname


This is a query to get inline passwords from search engines (not just Google),
you must type in the query followed with the the domain name without the .com or
.net

"http://*:*@www"
bangbus or "http://*:*@www"bangbus

Another way is by just typing

"http://bob:bob@www"

"sets mode: +k"








This search reveals channel keys (passwords) on IRC as revealed from IRC chat
logs.





allinurl: admin mdb



Not all of these pages are administrator's access databases containing
usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt



DCForum's password file. This file gives a list of (crackable) passwords,
usernames and email addresses for DCForum and for DCShop (a shopping cart
program(!!!). Some lists are bigger than others, all are fun, and all belong to
googledorks. =)





intitle:"Index
of" config.php










This search brings up sites with "config.php" files. To skip the technical
discussion, this configuration file contains both a username and a password for
an SQL database. Most sites with forums run a PHP message base. This file gives
you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user







These are eggdrop config files. Avoiding a full-blown descussion about eggdrops
and IRC bots, suffice it to say that this file contains usernames and passwords
for IRC users.




intitle:index.of.etc







This search gets you access to the etc directory, where many many many types of
password files can be found. This link is not as reliable, but crawling etc
directories can be really fun!





filetype:bak inurl:"htaccess|passwd|shadow|htusers"







This will search for backup files (*.bak) created by some editors or even by the
administrator himself (before activating a new version).




Every attacker knows that changing the extenstion of a file on a webserver can
have ugly consequences.



Let's pretend you need a serial number for windows xp pro.



In the google search bar type in just like this - "Windows XP Professional"
94FBR



the key is the 94FBR code.. it was included with many MS Office registration
codes so this will help you dramatically reduce the amount of 'fake' porn sites
that trick you.

or if you want to




find the serial for winzip 8.1 - "Winzip
8.1"