GOOGLE HACKING Part 2

Using Google, we can find a lot of interesting information.

For Example we can find Credit Card Numbers, Passwords, Software / MP3's etc.

Try a few of these searches:

intitle:"Index of" passwords modified

allinurl:auth_user_file.txt

"access denied for user" "using password"

"A syntax error has occurred" filetype:ihtml

allinurl: admin mdb

"ORA-00921: unexpected end of SQL command"

inurl:passlist.txt

"Index of /backup"

"Chatologica MetaSearch" "stack tracking:"

Amex Numbers: 300000000000000..399999999999999

MC Numbers: 5178000000000000..5178999999999999

visa 4356000000000000..4356999999999999

inurl:microsoft filetype:iso

You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc

"# -FrontPage-" inurl:service.pwd

Frontpage passwords.This is very nice clean search result listing !!

"AutoCreate=TRUE password=*"

This searches the password for "Website Access Analyzer", a Japanese software that creates web statistics.

"http://*:*@www" domainname

This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the domain name without the .com or .net

"http://*:*@www" bangbus or "http://*:*@www"bangbus

Another way is by just typing

"http://bob:bob@www"

"sets mode: +k"

This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb

Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt

DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop.

intitle:"Index of" config.php

This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user

These are eggdrop config files. Avoiding a full-blown discussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc

This search gets you access to the etc directory, where many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).

Disclaimer

I don't take any responsibility with the information presented. Any information provided on this site is not guaranteed in any way. Some articles may discuss topics that are illegal, so this information is provided for educational purposes only, use at your own risk.

------------------------------------------