Google search engine can be used to hack into remote servers or gather confidential or sensitive information which are not visible through common searches.
Google is the worldās most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results.
Googleās Advanced Search Query Syntax
Discussed below are various Googleās special commands and I shall be explaining each command in brief and will show how it can be used for getting confidential data.
[ intitle: ]
The āintitle:ā syntax helps Google restrict the search results to pages containing that word in the title.
intitle: login password
will return links to those pages that has the word āloginā in their title, and the word āpasswordā anywhere in the page.
Similarly, if one has to query for more than one word in the page title then in that case āallintitle:ā can be used instead of āintitleā to get the list of pages containing all those words in its title.
intitle: login intitle: password
is same as
allintitle: login password
[ inurl: ]
The āinurl:ā syntax restricts the search results to those URLs containing the search keyword. For example: āinurl: passwdā (without quotes) will return only links to those pages that have āpasswdā in the URL.
Similarly, if one has to query for more than one word in an URL then in that case āallinurl:ā can be used instead of āinurlā to get the list of URLs containing all those search keywords in it.
allinurl: etc/passwd
will look for the URLs containing āetcā and āpasswdā. The slash (ā/ā) between the words will be ignored by Google.
[ site: ]
The āsite:ā syntax restricts Google to query for certain keywords in a particular site or domain.
exploits site:hackingspirits.com
will look for the keyword āexploitsā in those pages present in all the links of the domain āhackingspirits.comā. There should not be any space between āsite:ā and the ādomain nameā.
[ filetype: ]
This āfiletype:ā syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
filetype:doc site:gov confidential
will look for files with ā.docā extension in all government domains with ā.govā extension and containing the word āconfidentialā either in the pages or in the ā.docā file. i.e. the result will contain the links to all confidential word document files on the government sites.
[ link: ]
ālink:ā syntax will list down webpages that have links to the specified webpage.
link:www.expertsforge.com
will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the ālink:ā and the web page url.
[ related: ]
The ārelated:ā will list web pages that are āsimilarā to a specified
web page.
web page.
related: www.expertsforge.com
will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the ārelated:ā and the web page url.
[ cache: ]
The query ācache:ā will show the version of the web page that Google
has in its cache.
has in its cache.
cache:www.hackingspirits.com
will show Googleās cache of the Google homepage. Note there can be no space between the ācache:ā and the web page url.
If you include other words in the query, Google will highlight those words within the cached document.
cache:www.hackingspirits.com guest
will show the cached content with the word āguestā highlighted.
[ intext: ]
The āintext:ā syntax searches for words in a particular website. It ignores links or URLs and page titles.
intext:exploits
will return only links to those web pages that has the search keyword āexploitsā in its webpage.
[ phonebook: ]
āphonebookā searches for U.S. street address and phone number information.
phonebook:Lisa+CA
will list down all names of person having āLisaā in their names and located in āCalifornia (CA)ā. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.
Google Hacks
Well, the Googleās query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.
Now Google being so intelligent search engine, hackers donāt mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.
Index Of
Using āIndex of ā syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of āindex ofā syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
Index of /passwd
Index of /password
Index of /mail
āIndex of /ā +passwd
āIndex of /ā +password.txt
āIndex of /ā +.htaccess
āIndex of /ā +password.txt
āIndex of /ā +.htaccess
āIndex of /secretā
āIndex of /confidentialā
āIndex of /rootā
āIndex of /cgi-binā
āIndex of /credit-cardā
āIndex of /logsā
āIndex of /configā
āIndex of /confidentialā
āIndex of /rootā
āIndex of /cgi-binā
āIndex of /credit-cardā
āIndex of /logsā
āIndex of /configā
Looking for vulnerable sites or servers using āinurl:ā or āallinurl:ā
a. Using āallinurl:winnt/system32/ā (without quotes) will list down all the links to the server which gives access to restricted directories like āsystem32ā through web. If you are lucky enough then you might get access to the cmd.exe in the āsystem32ā directory. Once you have the access to ācmd.exeā and is able to execute it.
b. Using āallinurl:wwwboard/passwd.txtā(without quotes) in the Google search will list down all the links to the server which are vulnerable to āWWWBoard Password vulnerabilityā. To know more about this vulnerability you can have a look at the following link:
http://www.securiteam.com/exploits/2BUQ4S0SAW.html
c. Using āinurl:.bash_historyā (without quotes) will list down all the links to the server which gives access to ā.bash_historyā file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using āJohn The Ripperā.
d. Using āinurl:config.txtā (without quotes) will list down all the links to the servers which gives access to āconfig.txtā file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.
For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html
Other similar search using āinurl:ā or āallinurl:ā combined with other syntax
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:āwwwroot/*.ā
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:āwwwroot/*.ā
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls ārestrictedā
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using āintitle:ā or āallintitle:ā
a. Using [allintitle: "index of /rootā] (without brackets) will list down the links to the web server which gives access to restricted directories like ārootā through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
b. Using [allintitle: "index of /adminā] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like āadminā through web. Most of the web application sometimes uses names like āadminā to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Other similar search using āintitle:ā or āallintitle:ā combined with other syntax
intitle:āIndex ofā .sh_history
intitle:āIndex ofā .bash_history
intitle:āindex ofā passwd
intitle:āindex ofā people.lst
intitle:āindex ofā pwd.db
intitle:āindex ofā etc/shadow
intitle:āindex ofā spwd
intitle:āindex ofā master.passwd
intitle:āindex ofā htpasswd
intitle:āindex ofā members OR accounts
intitle:āindex ofā user_carts OR user_cart
intitle:āIndex ofā .bash_history
intitle:āindex ofā passwd
intitle:āindex ofā people.lst
intitle:āindex ofā pwd.db
intitle:āindex ofā etc/shadow
intitle:āindex ofā spwd
intitle:āindex ofā master.passwd
intitle:āindex ofā htpasswd
intitle:āindex ofā members OR accounts
intitle:āindex ofā user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
Ā· To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php
allinurl:/privmsg.php
1 comments:
It's really nice blog Its helps you to find error and fix them please go through this site and make good solution of your problem.
Fix Windows 7 Error 1068
Thank you
Aalia lyon
Post a Comment