Are you deprived of some of the facilities that google provides you that is importantly beneficial for you when you are in the way of searching? Then I am here to present you with some of the google hacks that can be really a fruit to take.
(i) Google Search: "login: *" "password= *" filetype:xls
This returns xls files containing login names and passwords. it works by showing all the xls files with password:(something)so a downside is that u do get stuff like "password protected", "password services" etc. (and the same for login)But... most of the decent ones have the login and password in the text given to you by google, so its easy to seperate the useful ones from the others.
******************************
(ii) Google Search: intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"
PGP is a great encryption technology. It keeps secrets safe. Everyone from drug lords to the head of the DEA can download PGP to encrypt their sensitive documents. Everyone, that is except googleDorks. GoogleDorks, it seems, don't understand that anyone in possession of your private keyring (secring) can get to your secret stuff. It should noever be given out, and should certainly not be posted on the Internet. The highest ranking is awarded for this surprising level of ineptitude.
*********************************
(iii) Google Search: intitle:index.of config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. Way to go, googleDorks!!
***********************************
(iv) Google Search: index.of passlist
I'm not sure what uses this, but the passlist and passlist.txt files contain passwords in CLEARTEXT! That's right, no decoding/decrypting/encrypting required. How easy is this? *sigh* Supreme googledorkage
************************************
(v) Google Search: inurl:secring ext:skr | ext:pgp | ext:bak
This file is the secret keyring for PGP encryption. Armed with this file (and perhaps a passphrase), a malicious user can read all your encrypted files! This should not be posted on the web!
*************************************
(vi) Google Search: filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
These pages display windows registry keys which reveal passwords and/or usernames.
*************************************
(vii) Google Search: filetype:pwl pwl
These are Windows Password List files and have been known to be easy to crack since the release of Windows 95. An attacker can use the PWLTools to decode them and get the users passwords. The following example has been provided: --- Resource table: 0292 0294 0296 0298 (..etc..) File: C:\Downloads\2004-07\07-26\USER1.PWL User name: 'USER1' Password: '' Dial-up:'*Rna\Internet\PJIU_TAC' Password:'PJIUSCAC3000' ---
**************************************
(viii) Google Search: "http://*:*@www" bob:bob
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net "http://*:*@www" bangbus or "http://*:*@www"bangbus Another way is by just typing "http://bob:bob@www"
****************************************
(ix) Google Search: filetype:ini inurl:flashFXP.ini
FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an exceptionally stable and robust program that you can always count on to get your job done quickly and efficiently. There are many, many features available in FlashFXP. The flashFXP.ini file is its configuration file and may contain usernames/passwords and everything else that is needed to use FTP.
*****************************************
(x) Google Search: inurl:/yabb/Members/Admin.dat
This search will show you the Administrator password (very first line) on YaBB forums whose owners didnt configure the permissions correctly. Go up a directory to get a full memberlist (the .dat files have the passwords).
*****************************************
(xi) Google Search: intitle:rapidshare intext:login
Rapidshare login passwords.
*****************************************
(xi) Google Search: inurl:filezilla.xml -cvs
filezilla.xml contains Sites,Logins and crypted Passwords of ftp connections made with the open source programm filezilla.
Courtesy: johnny.ihackstuff.com
List of Google Parameters Very Useful One.
------------------------------------------------
------------------------------------------------
(i) Google Search: "login: *" "password= *" filetype:xls
This returns xls files containing login names and passwords. it works by showing all the xls files with password:(something)so a downside is that u do get stuff like "password protected", "password services" etc. (and the same for login)But... most of the decent ones have the login and password in the text given to you by google, so its easy to seperate the useful ones from the others.
******************************
(ii) Google Search: intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"
PGP is a great encryption technology. It keeps secrets safe. Everyone from drug lords to the head of the DEA can download PGP to encrypt their sensitive documents. Everyone, that is except googleDorks. GoogleDorks, it seems, don't understand that anyone in possession of your private keyring (secring) can get to your secret stuff. It should noever be given out, and should certainly not be posted on the Internet. The highest ranking is awarded for this surprising level of ineptitude.
*********************************
(iii) Google Search: intitle:index.of config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. Way to go, googleDorks!!
***********************************
(iv) Google Search: index.of passlist
I'm not sure what uses this, but the passlist and passlist.txt files contain passwords in CLEARTEXT! That's right, no decoding/decrypting/encrypting required. How easy is this? *sigh* Supreme googledorkage
************************************
(v) Google Search: inurl:secring ext:skr | ext:pgp | ext:bak
This file is the secret keyring for PGP encryption. Armed with this file (and perhaps a passphrase), a malicious user can read all your encrypted files! This should not be posted on the web!
*************************************
(vi) Google Search: filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
These pages display windows registry keys which reveal passwords and/or usernames.
*************************************
(vii) Google Search: filetype:pwl pwl
These are Windows Password List files and have been known to be easy to crack since the release of Windows 95. An attacker can use the PWLTools to decode them and get the users passwords. The following example has been provided: --- Resource table: 0292 0294 0296 0298 (..etc..) File: C:\Downloads\2004-07\07-26\USER1.PWL User name: 'USER1' Password: '' Dial-up:'*Rna\Internet\PJIU_TAC' Password:'PJIUSCAC3000' ---
**************************************
(viii) Google Search: "http://*:*@www" bob:bob
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net "http://*:*@www" bangbus or "http://*:*@www"bangbus Another way is by just typing "http://bob:bob@www"
****************************************
(ix) Google Search: filetype:ini inurl:flashFXP.ini
FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an exceptionally stable and robust program that you can always count on to get your job done quickly and efficiently. There are many, many features available in FlashFXP. The flashFXP.ini file is its configuration file and may contain usernames/passwords and everything else that is needed to use FTP.
*****************************************
(x) Google Search: inurl:/yabb/Members/Admin.dat
This search will show you the Administrator password (very first line) on YaBB forums whose owners didnt configure the permissions correctly. Go up a directory to get a full memberlist (the .dat files have the passwords).
*****************************************
(xi) Google Search: intitle:rapidshare intext:login
Rapidshare login passwords.
*****************************************
(xi) Google Search: inurl:filezilla.xml -cvs
filezilla.xml contains Sites,Logins and crypted Passwords of ftp connections made with the open source programm filezilla.
Courtesy: johnny.ihackstuff.com
No comments:
Post a Comment