Google Search Tips for Hacking
Google is
the world’s most popular and ultimate research tool. It has the ability to
accept pre-defined commands as inputs which then produces unbelievable results.
Here is the list of best search engine tips, which will help you to find
interesting and useful information. These special searches will make your life
more easier with relevant results from google.
Google’s Advanced Search Query Syntax:
Discussed below are various
Google’s special commands and I shall be explaining each command in brief and
will show how it can be used for getting confidential data.
[ intitle: ]
The “intitle:” syntax helps
Google restrict the search results to pages containing that word in the title.
intitle: login password
will return links to those pages
that has the word "login" in their title, and the word "password"
anywhere in the page.
Similarly, if one has to query for
more than one word in the page title then in that case “allintitle:” can
be used instead of “intitle” to get the list of pages containing all those
words in its title.
intitle: login intitle: password
is same as
allintitle: login password
[ inurl: ]
The “inurl:” syntax
restricts the search results to those URLs containing the search keyword. For
example: “inurl: passwd” (without quotes) will return only links to those pages
that have "passwd" in the URL.
Similarly, if one has to query for
more than one word in an URL then in that case “allinurl:” can be used
instead of “inurl” to get the list of URLs containing all those search
keywords in it.
allinurl: etc/passwd
will look for the URLs containing “etc”
and “passwd”. The slash ( “/”) between the words will be ignored
by Google.
[ site: ]
The “site:” syntax restricts
Google to query for certain keywords in a particular site or domain.
exploits site:trickswithhacker.blogspot.com
will look for the keyword “exploits”
in those pages present in all the links of the domain “trickswithhacker.blogspot.com”.
There should not be any space between “site:” and the “domain name”.
[ filetype: ]
This “filetype:” syntax
restricts Google search for files on internet with particular extensions (i.e.
doc, pdf or ppt etc).
filetype:doc site:gov
confidential
will look for files with “.doc”
extension in all government domains with “.gov” extension and containing
the word “confidential” either in the pages or in the “.doc”
file. i.e. the result will contain the links to all confidential word document
files on the government sites.
[ link: ]
“link:” syntax will list
down webpages that have links to the specified webpage.
link:www.maiacc.blogspot.com
will list webpages that have links
pointing to the Security Focus homepage. Note there can be no space between the
"link:" and the web page url.
[ related: ]
The “related:” will list web
pages that are "similar" to a specified web page.
related:www.maiacc.blogspot.com
will list web pages that are
similar to the Security focus homepage. Note there can be no space between the "related:"
and the web page url.
[ cache: ]
The query “cache:” will show
the version of the web page that Google has in its cache.
cache: www.maiacc.blogspot.com
will show Google's cache of the
Google homepage. Note there can be no space between the "cache:"
and the web page url.
If you include other words in the
query, Google will highlight those words within the cached document.
cache: www.maiacc.blogspot.com guest
will show the cached content with
the word "guest" highlighted.
[ intext: ]
The “intext:” syntax
searches for words in a particular website. It ignores links or URLs and page
titles.
intext:exploits
will return only links to those web
pages that has the search keyword "exploits" in its webpage.
[ phonebook: ]
“phonebook” searches for U.S. street address
and phone number information.
phonebook:Lisa+CA
will list down all names of person
having “Lisa” in their names and located in “California (CA)”. This can be used as a
great tool for hackers incase someone want to do dig personal information for
social engineering.
Google Hacks:
Well, the Google’s query syntaxes
discussed above can really help people to precise their search and get what
they are exactly looking for.
Now Google being so intelligent
search engine, hackers don’t mind exploiting its ability to dig much
confidential and secret information from the net which they are not supposed to
know. Now I shall discuss those techniques in details how hackers dig
information from the net using Google and how that information can be used to
break into remote servers.
Index Of
Using “Index of ” syntax to
find sites enabled with Index browsing
A webserver with Index browsing
enabled means anyone can browse the webserver directories like ordinary local
directories. The use of “index of” syntax to get a list links to webserver
which has got directory browsing enabled will be discussed below. This becomes
an easy source for information gathering for a hacker. Imagine if the get hold
of password files or others sensitive files which are not normally visible to
the internet. Below given are few examples using which one can get access to
many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /"
+password.txt
"Index of /"
+.htaccess
"Index of /secret"
"Index of
/confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of
/credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or
servers using “inurl:” or “allinurl:”
a. Using “allinurl:winnt/system32/”
(without quotes) will list down all the links to the server which gives access
to restricted directories like “system32” through web. If you are lucky enough
then you might get access to the cmd.exe in the “system32” directory. Once you
have the access to “cmd.exe” and is able to execute it.
b. Using “allinurl:wwwboard/passwd.txt”(without
quotes) in the Google search will list down all the links to the server which
are vulnerable to “WWWBoard Password vulnerability”. To know more about
this vulnerability you can have a look at the following link:
c. Using “inurl:.bash_history”
(without quotes) will list down all the links to the server which gives access
to “.bash_history” file through web. This is a command history file. This file
includes the list of command executed by the administrator, and sometimes
includes sensitive information such as password typed in by the administrator.
If this file is compromised and if contains the encrypted unix (or *nix)
password then it can be easily cracked using “John The Ripper”.
d. Using “inurl:config.txt”
(without quotes) will list down all the links to the servers which gives access
to “config.txt” file through web. This file contains sensitive
information, including the hash value of the administrative password and
database authentication credentials.
For Example: Ingenium Learning
Management System is a Web-based application for Windows based systems
developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1
and 6.1 stores sensitive information insecurely in the config.txt file. For
more information refer the following
Other similar search using “inurl:”
or “allinurl:” combined with other syntax
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls
"restricted"
index of ftp +.mdb
allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or
servers using “intitle:” or “allintitle:”
a. Using [allintitle:
"index of /root”] (without brackets) will list down the links to the
web server which gives access to restricted directories like “root”
through web. This directory sometimes contains sensitive information which can
be easily retrieved through simple web requests.
b. Using [allintitle:
"index of /admin”] (without brackets) will list down the links to the
websites which has got index browsing enabled for restricted directories like “admin”
through web. Most of the web application sometimes uses names like “admin” to
store admin credentials in it. This directory sometimes contains sensitive
information which can be easily retrieved through simple web requests.
Other similar search using “intitle:”
or “allintitle:” combined with other syntax
intitle:"Index of"
.sh_history
intitle:"Index of"
.bash_history
intitle:"index of"
passwd
intitle:"index of"
people.lst
intitle:"index of"
pwd.db
intitle:"index of"
etc/shadow
intitle:"index of"
spwd
intitle:"index of"
master.passwd
intitle:"index of"
htpasswd
intitle:"index of"
members OR accounts
intitle:"index of"
user_carts OR user_cart
allintitle: sensitive
filetype:doc
allintitle: restricted filetype
:mail
allintitle: restricted
filetype:doc site:gov
Other interesting Search Queries:
• To search for sites vulnerable
to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable
to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php
No comments:
Post a Comment