Thursday, April 14, 2011

Google Hacks

Manipulate the google engine by using it to locate mp3 files online as well as some free software, and more! Using Google, and some finely crafted searches we can find a lot of interesting information.

For Example we can find:
Passwords
Software / MP3′s
etc.

Presented below is just a sample of interesting searches that we can send to google to obtain info. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:

intitle:”Index of” passwords modified
allinurl:auth_user_file.txt
“access denied for user” “using password”
“A syntax error has occurred” filetype:ihtml
allinurl: admin mdb
“ORA-00921: unexpected end of SQL command”
inurl:passlist.txt
“Index of /backup”
“Chatologica MetaSearch” “stack tracking:”

And these:

“parent directory ” /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory “Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” Name of Singer or album -xxx -html -htm -php -shtml -
opendivx -md5 -md5sums

Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

METHOD 2

put this string in google search:
intitle:index.of mp3
You only need add the name of the song/artist/singer. Example: intitle:index.of mp3 jackson

METHOD 3

put this string in google search:
inurl:microsoft filetype:iso
You can change the string to watever you want, ex. microsoft to adobe, iso to
zip etc…

“AutoCreate=TRUE password=*”
This searches the password for “Website Access Analyzer”, a Japanese software that creates webstatistics. For those who can read Japanese, check out the
author’s site at: coara.or.jp/~passy/ [coara.or.jp/~passy/]

“http://*:*@www” domainname
This is a query to get inline passwords from search engines (not just Google),
you must type in the query followed with the the domain name without the .com
or .net

Another way is by just typing
“http://bob:bob@www”

“sets mode: +k”
This search reveals channel keys (passwords) on IRC as revealed from IRC chat
logs.

allinurl: admin mdb
Not all of these pages are administrator’s access databases containing
usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt
DCForum’s password file. This file gives a list of (crackable) passwords,
usernames and email addresses for DCForum and for DCShop (a shopping cart
program(!!!). Some lists are bigger than others, all are fun, and all belong to
googledorks. =)

intitle:”Index of” config.php
This search brings up sites with “config.php” files. To skip the technical
discussion, this configuration file contains both a username and a password for
an SQL database. Most sites with forums run a PHP message base. This file gives
you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops
and IRC bots, suffice it to say that this file contains usernames and passwords
for IRC users.

Posted via email from Mocha Brain Freeze

No comments: