64 Excellent tricks and techniques of Google Hacks
Google Hacks
Google Hack 1:
ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can store for later reference. These should not be on the web!
That's some good stuff. Just copy/paste the text into your own WS FTP ini file and you're good as gold (assuming you're using the same version). Don't forget - even if they have taken the file offline, use the "cache:FULL_URL/wsftp.ini" to see the contents.
probably one of the best exploits I have seen in a long time, when I did it there were about 20 vulnerable computers, just recently there was 4 so I hope whitehats got to this before anyone else. really nice !!
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:index.of ws_ftp.ini
Google Hack 2
Frontpage.. very nice clean search results listing !! I magine with me that you can steal or know the password of any web site designed by "Frontpage". But the file containing the password might be encrypted; to decrypt the file download the program " john the ripper".
To see results; just write in the (http://www.google.com/) search engine the code:
"# -FrontPage-" inurl:service.pwd
Google Hack 3
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics.
To see results; just write in the (http://www.google.com/) search engine the code:
"AutoCreate=TRUE password=*"
Google Hack 4
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net.
To see results; just write in the (http://www.google.com/) search engine the code:
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Or
http://bob:bob@www
Or
http://admin:*@www
Google Hack 5
This search is a cleanup of a previous entry by J0hnny. It uses "parent directory" to avoid results other than directory listings.
WS_FTP.ini is a configuration file for a popular win32 FTP client that stores usernames and weakly encoded passwords.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:ini ws_ftp pwd
Or
"index of/" "ws_ftp.ini" "parent directory"
Google Hack 6
Microsoft Frontpage extensions appear on virtually every type of scanner. In the late 90's people thought they where hardcore by defacing sites with Frontpage. Today, there are still vulnerable servers found with Google.
An attacker can simply take advantage from administrators who 'forget' to set up the policies for Frontpage extensions. An attacker can also search for 'filetype:pwd users'.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:pwd service
Google Hack 7
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are! And much adminstrated passwords and user passwords, a lot of emails and the such too…
To see results; just write in the (http://www.google.com/) search engine the code:
allinurl: admin mdb
Google Hack 8
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun.
To see results; just write in the (http://www.google.com/) search engine the code:
allinurl:auth_user_file.txt
Google Hack 9
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. To see view the PHP files; there in lies the catch. Browsers are made to process the commands of PHP before display, so if no commands, nothing to show. You can't use that persay to get into the config file, but it would show potential threats if someone got into server anyway. (If that happens you're basically boned anyway, not much around that.
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:index.of config.php
By the way, to know how to view the PHP file contents, you can use this code:
intitle:"Index of" phpinfo.php
Google Hack 10
These files contain ColdFusion source code. In some cases, the pages are examples that are found in discussion forums. However, in many cases these pages contain live sourcecode with usernames, database names or passwords in plaintext.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:cfm "cfapplication name" password
Google Hack 11
FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an exceptionally stable and robust program that you can always count on to get your job done quickly and efficiently. There are many, many features available in FlashFXP.
The flashFXP.ini file is its configuration file and may contain usernames/passwords and everything else that is needed to use FTP.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:ini inurl:flashFXP.ini
Google Hack 12
The encryption method used in WS_FTP is _extremely_ weak. These files can be found with the "index of" keyword or by searching directly for the PWD= value inside the configuration file.
There is an easy way to decrypt the hash, use the decryptor at:
http://www.codebluehacks.com/Tools.php?ID=1
Or
http://www.hispasec.com/directorio/laboratorio/Software/ws_ftp.html
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:ini ws_ftp pwd
Google Hack 13
These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:log inurl:"password.log"
Google Hack 14
Web Wiz Forums is a free ASP Bulletin Board software package. It uses a Microsoft Access database for storage. The installation instructions clearly indicate to change the default path and filename (admin/database/wwForum.mdb).
vendor: http://www.webwizguide.info/web_wiz_forums/
The forum database contains the members passwords, either encrypted or in plain text, depending on the version.
Please note: this search is proof that results can stay in Google's index for a long time, even when they are not on the site any longer. Currently only 2 out of 9 are actually still downloadable by an attacker.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:mdb wwforum
Google Hack 15
VNC is a remote-controlled desktop product. Depending on the configuration, remote users may not be presented with a password. Even when presented with a password, the mere existance of VNC can be important to an attacker, as is the open port of 5800.
To see results; just write in the (http://www.google.com/) search engine the code:
"VNC Desktop" inurl:5800
By the way, New version of VNC changed title to VNC Viewer so now you can search for…
intitle:vnc.desktop inurl:5800
Google Hack 16
linux vpns store their usernames and passwords for CHAP authentification in a file called "chap-secrets" where the usernames and the passwords are in cleartext.
To see results; just write in the (http://www.google.com/) search engine the code:
inurl:chap-secrets -cvs
Google Hack 17
These lock files often contain usernames of the user that has locked the file. Username harvesting can be done using this technique.
To see results; just write in the (http://www.google.com/) search engine the code:
"index of" / lck
Google Hack 18
A standard FTP configuration file that provides far too many details about how the server is setup, including installation paths, location of logfiles, generic username and associated group, etc.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:conf inurl:proftpd.conf -sample
Google Hack 19
This search finds registry files from the Windows Operating system. Considered the "soul" of the system, these files, and snippets from these files contain sensitive information, in this case usernames and/or passwords.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:reg reg HKEY_CURRENT_USER username
Google Hack 20
Allows an attacker to create an account on a server running Argosoft mail server pro for windows with unlimited disk quota (but a 5mb per message limit should you use your account to send mail).
To see results; just write in the (http://www.google.com/) search engine the code:
"adding new user" inurl:addnewuser -"there are no domains"
Google Hack 21
The famous Sun linux appliance. The default page displays this text:
"Congratulations on Choosing a Cobalt RaQ - the premier server appliance platform for web hosting. This page can easily be replaced with your own page. To replace this page, transfer your new content to the directory /home/sites/home/web".
To see results; just write in the (http://www.google.com/) search engine the code:
(inurl:81/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")
Google Hack 22
WS_FTP.LOG can be used in many ways to find more information about a server. This query is very flexible, just substitute "+htpasswd" for "+FILENAME" and you may get several hits that you hadn't seen with the 'normal' search.
Filenames suggested by the forum to explore are: phpinfo, admin, MySQL, password, htdocs, root, Cisco, Oracle, IIS, resume, inc, sql, users, mdb, frontpage, CMS, backend, https, editor, intranet . The list goes on and on..
A different approach might be "allinurl: "some.host.com" WS_FTP.LOG filetype:log" which tells you more about who's uploading files to a specific site.
To see results; just write in the (http://www.google.com/) search engine the code:
+htpasswd +WS_FTP.LOG filetype:log
Google Hack 23
The Web Data Administrator is a utility program implemented in ASP.NET that enables you to easily manage your SQL Server data wherever you are. Using its built-in features, you can do the following from Internet Explorer or your favorite Web browser.
Create and edit databases in Microsoft SQL Server 2000 or Microsoft SQL Server 2000 Desktop Engine (MSDE) Perform ad-hoc queries against databases and save them to your file system Export and import database schema and data.
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:"Web Data Administrator - Login"
Google Hack 24
The Aanval Intrusion Detection Console is an advanced intrusion detection monitor and alerting system. Currently supporting modules for Snort and syslog - Aanval provides real-time monitoring, reporting, alerting and stability. Aanval's web-browser interface provides real-time event viewing and system/sensor management.
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:"remote assessment" OpenAanval Console
Google Hack 25
Google is so smart, it’s scary sometimes. I has found another interesting (to say the least) Google use.
I just ran across a pretty scary new google trick. It seems they have just recently added number span searching to their engine. Take a look at this example:
To see results; just write in the (http://www.google.com/) search engine the code:
visa 4356000000000000..4356999999999999
Basically, what this search does is search for the word “visa” [credit card] with any numbers that fit within your query. i.e. any Visa credit card number with the first four digits 4356.
As you can see, Google has searched the entire range against its DB. Within minutes I found some crazy sites like this one. Now please know that Google didn’t create this tool to be used like this. It’s actually quite handy when used correctly. Just an FYI for all of you.
Google Hack 26
Tired of websearching ? Want something to read ? You can find Ebooks (thousands of them) with this search..LIT files can be opened with Microsoft Reader (http://www.microsoft.com/reader/).
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:lit lit (books|ebooks)
Google Hack 27
Using Google, and some finely crafted searches we can find a lot of interesting information.
For Example we can find: Credit Card Numbers / Passwords / Software / MP3's
...... (and on and on and on)Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:"Index of" passwords modified
And
allinurl:auth_user_file.txt
And
"access denied for user" "using password"
And
"A syntax error has occurred" filetype:ihtml
And
allinurl: admin mdb
And
"ORA-00921: unexpected end of SQL command"
And
inurl:passlist.txt
And
"Index of /backup"
And
"Chatologica MetaSearch" "stack tracking:"
And
Amex Numbers: 300000000000000..399999999999999
And
MC Numbers: 5178000000000000..5178999999999999
And
visa 4356000000000000..4356999999999999
Google Hack 28
Notice I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.
To see results; just write in the (http://www.google.com/) search engine the code:
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
And
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
And
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
And
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
And
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
And
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Or
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson
Google Hack 29
You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…
To see results; just write in the (http://www.google.com/) search engine the code:
inurl:microsoft filetype:iso
Google Hack 30
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
To see results; just write in the (http://www.google.com/) search engine the code:
"sets mode: +k"
Google Hack 31
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.
To see results; just write in the (http://www.google.com/ search engine the code:
eggdrop filetype:user user
Google Hack 32
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.
see results; just write in the (http://www.google.com/) search engine the code:
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
Google Hack 33
Let's pretend you need a serial number for windows xp pro. The key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
To see results; just write in the (http://www.google.com/) search engine the code:
"Windows XP Professional" 94FBR
By the way, don't forget to change "Window sXP Professional" to any product you need its serial number.
Google Hack 34
Notice this excellent trick. You can search for any product whether hardware or software (between any prices price: for example, $250.. $350 ).
To see results; just write in the (http://www.google.com/) search engine the code:
DVD player $250..350
By the way, don't forget to change "DVD player" to any product you need to search for.
Google Hack 35
At first glance, this search reveals even more examples of operating system users enabling the operating system default web server software. This is generally accepted to be a Bad Idea(TM) as mentioned in the previous example. However, the googleDork index on this particular category gets quite a boost from the fact that this particular screen should NEVER be seen by the general public. To quote the default index screen: "Any users attempting to connect to this site are currently receiving an 'Under Construction page'" THIS is not the 'Under Construction page.' I was only able to generate this screen while sitting at the console of the server. The fact that this screen is revealed to the general public may indicate a misconfiguration of a much more insidious nature...
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:"Welcome to Windows 2000 Internet Services"
Google Hack 36
Suppose you want a certain song to a singer and you can not find it; by this trick you can find the song in the original directory of the original web site.
To see results; just write in the (http://www.google.com/) search engine the code:
"index of/" "Top Gun" .mp3
By the way, don't forget to change "Top Gun" to any song you need to search for.
Google Hack 37
This is a fabulous link. This is the secret link of the web site "Google" to search for any "Crack" you need.
Just write the following link in the address bar:
http://www.googlecrack.com/WWW/
Google Hack 38
By the way, for anyone who needs to have an account in the google mail for "One GigaByte", go to the following address bar. You will receive within "36 hours" the confirmation mail for your registration:
http://www.googlemail.cjb.net/
Or from:
http://www.gmailforums.com/index.php
By the way, you can open your Google mail from your browser through this link:
http://toolbar.google.com/gmail-helper/
Google Hack 39
Imagine that when you enter any web site, and you are surprised that when searching for any program in it you can not find it. By this fabulous trick, you can find the link for downloading any program in this site through any search engine.
For example, suppose you want to search for the program "Norton" in the web site www.download.com ; when you go to www.google.com and write the following code, you will be surprised that the "Google" search engine searches only in the site www.download.com. To do this:
Write in the address bar of the web browser this address: www.google.com.
When opening the web site; write in the search engine this code: "norton site: www.download.com", and press the button search or "ÃÈÍË".
As mentioned earlier: the code is easy, you just write in the place of the word "Norton"; any word you need to search for in the site followed in the code.
The code again is....
norton site:www.download.com
By the way, you can practice this code at any search engine.
Another trick is that you can force the search engine of the "Google" web site to search for a certain category like "Linux" topics. When you add any category after the Google link and write any thing in the search engine, you will surprised that the site searched for Linux only. For example, if you wrote the following code:
http://www.google.com/linux
As I mentioned in the code earlier, the site followed by the word "Linux". So the web site is forced for searching for the Linux topics only all over the internet.
Google Hack 41
Imagine that you can connect to another computer remotely through the internet from the feature called "Remote Desktop Web Connection".
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:"Remote Desktop Web Connection"
Google Hack 42
Through this query you can find every web page "Google" has crawled for a specific site.
To see results; just write in the (http://www.google.com/) search engine the code:
Site: Microsoft.com
Google Hack 43
Through this query, you can see web servers with default pages can serve as juicy targets.
To see results; just write in the (http://www.google.com/) search engine the code:
Intitle:test.page.for.apache "it worked"
Google Hack 44
No one can deny that the directory listings can be a source of great information.
To see results; just write in the (http://www.google.com/) search engine the code:
Intitle:index.of/admin
Google Hack 45
We will use this query to locate additional servers, subtract common hostnames from the query.
To see results; just write in the (http://www.google.com/) search engine the code:
Site: Microsoft.com - Site:www.Microsoft.com
Google Hack 46
From this query you can get huge user names and passwords from huge sites for free.
To see results; just write in the (http://www.google.com/) search engine the code:
"Welcome to *" "Your password is *"
Google Hack 47
From this query you can collect many numbers of ".PST" files, which contain all E-mail folders, addresses or anything else that Outlook 97, 2000, xp or 2003 collects.
To see results; just write in the (http://www.google.com/) search engine the code:
outlook filetype:pst
Google Hack 48
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:Cisco Systems, Inc. VPN 3000 Concentrator
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:Index.Of /" stats merchant online-store cgi-local etc | cgi-bin
Sometimes people make mistakes and post their Cisco configurations on "help sites" and don't edit info. So we might be able to find the enable passwords.
To see results; just write in the (http://www.google.com/) search engine the code:
intext:"enable secret 5 $"
Or, for more specifications
intext:"enable secret 5 $" "Current configuration:"
This query searches for the following in the servers:
Network Statistics
General Info
Total disk space/memory
Php environment!!!
Current network connections!!!
Running services...
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:"sysinfo * " intext:"Generated by Sysinfo *
Imagine that when you enter any web site, and you are surprised that when searching for any program in it you can not find it. By this fabulous trick, you can find the link for downloading any program in this site through any search engine.
For example, suppose you want to search for the program "norton" in the web site www.download.com ; when you go to www.google.com and write the following code, you will be surprised that the "google" search engine searches only in the site www.download.com. To do this:
Write in the address bar of the web browser this address: www.google.com.
When opening the web site; write in the search engine this code: "norton site:www.download.com", and press the button search or "ÃÈÍË".
As mentioned earlier: the code is easy, just write in the place of the word "norton"; any word you need to search for in the site followed in the code.
The code again is ....
norton site:www.download.com
By the way, you can practise this code at any seach engine.
Another trick is that you can force the search engine of the "google" web site to search for a certain category like "Linux" topics. when you add any category after the google link and write any thing in the search engine, you will surprised that the site searched for linux only. For example, if you wrote the following code:
http://www.google.com/linux
As we mentioned in the code earlier, the site followed by the word "linux". So the web site is forced for searching for the linux topics only all over the internet.
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:"Remote Desktop Web Connection"
Through this query you can find every web page "Google" has crawled for a specific site.
To see results; just write in the (http://www.google.com/) search engine the code:
Site: Microsoft.com
To see results; just write in the (http://www.google.com/) search engine the code:
Intitle:test.page.for.apache "it worked"
No one can deny that the directory listings can be a source of great information.
To see results; just write in the (http://www.google.com/) search engine the code:
Intitle:index.of/admin
We will use this query to locate additional servers, subtract common hostnames from the query.
To see results; just write in the (http://www.google.com/) search engine the code:
Site: Microsoft.com - Site:www.Microsoft.com
From this query you can get huge user names and passwords from huge sites for free.
To see results; just write in the (http://www.google.com/) search engine the code:
"Welcome to *" "Your password is *"
To see results; just write in the (http://www.google.com/) search engine the code:
outlook filetype:pst
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:Cisco Systems, Inc. VPN 3000 Concentrator
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:Index.Of /" stats merchant online-store cgi-local etc | cgi-bin
To see results; just write in the (http://www.google.com/) search engine the code:
intext:"enable secret 5 $"
Or, for more specifications
intext:"enable secret 5 $" "Current configuration:"
Network Statistics
General Info
Total disk space/memory
Php environment!!!
Current network connections!!!
Running services...
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:"sysinfo * " intext:"Generated by Sysinfo *
