Google search hacking
Well if u ask me this is the best Part " how to Search ",Anyone
anywhere needs something out of the great "www", now if u know how to grab hold
to "something" in one click that is the skill, this article henceforth is one of
my best my best, n especially crafted to meet all your needs !!
Google Operators:
Operators are used to refine the results and to maximize the search value. They
are your tools as well as ethical hackers’ weapons
Basic Operators:
+, -, ~ , ., *, “”, |,
OR
Advanced Operators:
allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:,
info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:,
site:, numrange:, daterange
Basic Operators !!
(+) force inclusion of something common
Google ignores common words (where, how, digit, single letters) by default:
Example: StarStar Wars Episode +I
(-) exclude a search term
Example: apple –red
(“) use quotes around a search term to search exact phrases:
Example: “Robert Masse”
Robert masse without “” has the 309,000 results, but “robert masse” only has 927
results. Reduce the 99% irrelevant results
Basic Operators
(~) search synonym:
Example: ~food
Return the results about food as well as recipe, nutrition and cooking
information
( . ) a single-character wildcard:
Example: m.trix
Return the results of M@trix, matrix, metrix…….
( * ) any word wildcard
Advanced Operators: “Site:”
Site: Domain_name
Find Web pages only on the specified domain. If we search a specific site,
usually we get the Web structure of the domain
Examples:
site:http://shaswat.bravehost.com
Advanced Operators:
“Filetype:”
Filetype: extension_type
Find documents with specified extensions
The supported extensions are:
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt)
- Adobe Portable Document Format (pdf) - Microsoft Word (doc)
- Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb)
- Lotus 1-2-3 - Microsoft Excel (xls)
(wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri)
- Lotus WordPro (lwp) - Rich Text Format (rtf)
- MacWrite (mw) - Shockwave Flash (swf)
- Text (ans, txt)
Note: We actually can search asp, php and cgi, pl files as long as it is
text-compatible.
Example: Budget filetype: xls
Advanced Operators
“Intitle:”
Intitle: search_term
Find search term within the title of a Webpage
Allintitle: search_term1 search_term2 search_term3
Find multiple search terms in the Web pages with the title that includes all
these words
These operators are specifically useful to find the directory lists
Example:
Find directory list:
Intitle: Index.of “parent directory”
Advanced Operators “Inurl:”
Inurl: search_term
Find search term in a Web address
Allinurl: search_term1 search_term2 search_term3
Find multiple search terms in a Web address
Examples:
Inurl: cgi-bin
Allinurl: cgi-bin password
Advanced Operators “Intext;”
Intext: search_term
Find search term in the text body of a document.
Allintext: search_term1 search_term2 search_term3
Find multiple search terms in the text body of a document.
Examples:
Intext: Administrator login
Allintext: Administrator login
Advanced Operators: “Cache:”
Cache: URL
Find the old version of Website in Google cache
Sometimes, even the site has already been updated, the old information might be
found in cache
Examples:
Cache: http://shaswat.bravehost.com
Advanced Operators
<number1>..<number2>
Conduct a number range search by specifying two numbers, separated by two
periods, with no spaces. Be sure to specify a unit of measure or some other
indicator of what the number range represents
Examples:
Computer $500..1000
DVD player $250..350
Advanced Operators:
“Daterange:”
Daterange: <start_date>-<end date>
Find the Web pages between start date and end date
Note: start_date and end date use the Julian date
The Julian date is calculated by the number of days since January 1, 4713 BC.
For example, the Julian date for August 1, 2001 is 2452122
Examples:
2004.07.10=2453196
2004.08.10=2453258
Vulnerabilities date range: 2453196-2453258
Advanced Operators “Link:”
Link: URL
Find the Web pages having a link to the specified URL
Related: URL
Find the Web pages that are “similar” to the specified Web page
info: URL
Present some information that Google has about that Web page
Define: search_term
Provide a definition of the words gathered from various online sources
Examples:
Link: shaswat.bravehost.com
Related: shaswat.bravehost.com
Info: shaswat.bravehost.com
Define: Network security
Advanced Operators “phonebook:”
Phonebook
Search the entire Google phonebook
rphonebook
Search residential listings only
bphonebook
Search business listings only
Examples:
Phonebook: robert las vegas (robert in Las Vegas)
Phonebook: (702) 944-2001 (reverse search, not always work)
The phonebook is quite limited to U.S.A
But the Question rises What can Google can do for an Ethical
Hacker?
Search sensitive
information like payroll, SIN, even the personal email box
Vulnerabilities
scanner
Transparent
proxy
So how but if i tell u a different way to search
k lets do this type in the following statements n c d results
we can only provide u the guidelines, now u need to implement your Creativity to
Keep it rolling.
http://shaswat.bravehost.com
Salary
Salary filetype:
xls site: edu
Security social
insurance number
Intitle: Payroll intext: ssn filetype: xls site: edu
Security Social
Insurance Number
Payroll intext: Employee intext: ssn Filetype: xls
Filetype: xls “checking account” “credit card” - intext: Application -intext:
Form (only 39 results)
Financial
Information
Intitle: “Index of” finances.xls (9)
Personal Mailbox
Intitle: Index.of inurl: Inbox (inurl: User OR inurl: Mail) (220)
Confidential
Files
“not for distribution” confidential (1,760)
Confidential Files
“not for distribution” confidential filetype: pdf (marketing info) (456)
OS Detection
Use the keywords
of the default installation page of a Web server to search.
Use the title to
search
Use the footer
in a directory index page
OS Detection-Windows
“Microsoft-IIS/5.0 server at”
OS Detection - Windows
Default web page?
Intitle: “Welcome to Windows 2000 Internet Services” IIS 5.0
OS Detection –Apache 1.3.11-1.3.26
Intitle: Test.Page.for.Apache seeing.this.instead
OS Detection-Apache SSL enable
Intitle: Test.page “SSL/TLS-aware” (127)
Search Passwords
Search the well known password filenames in URL
Search the database connection files or configuration files to find a password
and username
Search specific username file for a specific product
Search Passwords
Inurl: etc inurl: passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Inurl: admin.pwd filetype: pwd
Search Passwords
Filetype: inc dbconn
Search Passwords
Filetype: inc intext: mysql_connect
Search Passwords
Filetype: ini +ws_ftp +pwd (get the encrypted passwords)
Search Passwords
Filetype: log inurl: “password.log”
Search Username
+intext: "webalizer" +intext: “Total Usernames” +intext: “Usage Statistics for”
License Key
Filetype: lic lic intext: key (33) (license key)
Sensitive Directories Listing
Powerful buzz word: Index of
Search the well known vulnerable directories names
Sensitive Directories Listing
“index of cgi-bin” (3590)
Sensitive Directories Listing
Intitle: “Index of” cfide (coldfusion directory)
Sensitive Directories Listing
Intitle: index.of.winnt
Get the serial number you need ! (For Certain Things)
1)
Go to Google.
2)
Use Keyword as "Product name" 94FBR
3)
Where, "Product Name" is the name of the item you want to find the serial
number for.
4)
And voila - there you go - the serial number you needed.
HOW DOES THIS
WORK?
Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely
distributed as it bypasses the activation requirements of Office 2K Pro. By
searching for the product name and 94fbr, you guarantee two things. 1) The pages
that are returned are pages dealing specifically with the product you're wanting
a serial for. 2) Because 94FBR is part of a serial number, and only part of a
serial number, you guarantee that any page being returned is a serial number
list page.
See these example searches:
|
|
|
|