Sponsor |  PinGUY | Feb 24, 2006 3:02pm | Google hacking at its finest..
Using Google, and some finely crafted searches we can find a lot of interesting information.
For Example we can find:
Credit Card Numbers
Passwords
Software / MP3's
...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.
Try a few of these searches:
intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"
Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.
METHOD 2
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson
METHOD 3
put this string in google search:
inurl:microsoft filetype:iso
You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc...
"# -FrontPage-" inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!
"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: coara.or.jp/~passy/ [coara.or.jp/~passy/]
"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Another way is by just typing
"http://bob:bob@www"
"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)
intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.
eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.
|
|
| 
Sponsor | | Thlayli | Feb 25, 2006 11:11am | Ergh. This is such a good list, and we're talking about hacking in the proper sense, as it's just manipulation of the Google engine. Still, this thread comes a little too close to cracking. Is there anything constructive to do with this list? Perhaps with the method, but not the examples. Anyway, I'm gonna save it. ;)
Ooh, your post was too long. They need to fix this bug. |
|
| | | lectric1 | Mar 11, 2006 5:47pm | | Hella good post! Thank you for sharing this information. I would very much like to see more stuff like this for purposes such as accessing various records about myself that might be erroneous. I also would like to find out how to scan the frequencies that law enforcement uses in their wireless surveillance cameras. |
|
| 
|  sljepi | Mar 24, 2006 10:25am | | Hella good post indeed! |
|
| 
|  jp3z | Apr 29, 2006 4:57pm | | Ironically, the credit card hack no longer works because it's filled with results talking about itself. |
|
|
Sponsor | | PinGUY | Apr 29, 2006 5:09pm | ya i know, this post is a bit out of date now but most of the hacks still work.
i will be posting another one soon got some good webcam and network printers hacks but if you like this post go to Johnny.ihackdtuff.com thats where i learnt all of this or go to my site for a crash course. |
|
| 
|  systemf | May 17, 2006 8:25pm | | wow, great post! very interesting |
|
|  |  107553 | May 18, 2006 5:01am | | Very informative. |
|
| 
Sponsor | |
| | | lectric1 | May 21, 2006 3:58am | | Thanks |
|
| Google hacking at its finest.. | 11-20>| | | |
Hack → Discussion
