 Google Hacks |
|
Google hacking is the practice of using specially crafted search engine queries to cull information about a target. It should be part of every pen-tester's repertoire. The idea is to turn Google's extensive search powers after an enterprise's vulnerable servers and files, password logs, open directories, Web-based device-management panels, remote desktop protocol clients or administration interfaces for routers and switches. You want to discover the sensitive security information that's exposed on the Internet before a black hat does. The trick is to use advanced operators, special searching techniques offered by Google that enable advanced queries. Here is a sampling of advanced operators that you can combine with a search term against your company's domain:
intitle, allintitle -- searches for terms in Web page or Google group title
inurl, allinurl -- searches for terms in URLs
filetype -- searches URLs that end in a particular file extension
allintext -- searches for a string within text of a page
site -- searches only for pages hosted on a specific server or domain
link -- searches for pages that link to other pages
inanchor -- searches text representation of a link in an HTML anchor
daterange -- searches for pages indexed by Google within certain date ranges
cache -- searches for cached versions of pages
info -- searches summary information of a site
related -- displays sites related to a site
phonebook -- searches for business or residential phone listings
rphonebook -- searches for residential phone listings only
bphonebook -- searches for business phone listings only
author -- searches for authors of newsgroup posts
group -- searches title of Google Groups posts for search terms
msgid -- searches for Google Groups message identifiers, strings that identify newsgroup posts
insubject -- searches Google Groups for subject lines stocks -- searches for stock market information about a company
MSN chat users, I advice you to be careful in giving out sensitive information as google and other spy tools can copy your chat converstaion.
This is then exported into a .txt file ready to be given to a cyberlog for people to view or purchase. :|
Example : Type "Index of" / "chat/logs" exactly in google.com or google.co.uk and you will see complete logs of users.
Here is a transcript http://chatlogs.musicbrainz.org/2006/2006-01/2006-01-01.html
Underneath are some google strings i found
Search and control live security video cameras
inurl:"viewerframe?mode=refresh"
Search for MP3's
intitle:index.of + mp3
You can also add the name of the artist you are looking for - intitle:index.of + mp3 + queen
Search for PDF eBooks
intitle:index.of + pdf + ebook
You can also add the name or subject of the book you are looking for - intitle:index.of + pdf + ebook + cars
More Samples
intitle:"Index of" + mp3
intitle:"Index of" + mp4
intitle:"Index of" + avi
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart Article By L Bargit
|
|
