Articles

Home

Downloads

 

Google,Hackers best friend?

 

           

SUMMERY

 

Everyone knows google in the security sector...and what a powerful tool it is , just by entering certain search strings you can gain a vast amount of knowledge and information of your chosen target...often revealing sensitive data...this is all down to badly configured systems...brought on by sloppy administration allowing directory indexing and accessing , password files , log entrys , files , paths ,etc , etc

 

 

Search Tips

 

So how do we start?

 

the common search inputs below will give you an idea...for instance if you want to search for the an index of "root"

 

in the search box put in exactly as you see it in bold

 

===================

 

Example 1:

 

 

allintitle: "index of/root"

 

 

Result:

 

http://www.google.com/search?hl=en&ie=ISO-...G=Google+Search <http://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search>

 

What it reveals is 2,510 pages that you can possible browse at your will...

 

====================

 

Example 2

 

 

inurl:"auth_user_file.txt"

 

http://www.google.com/search?num=100&hl=en...G=Google+Search <http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search>

 

this result spawned 414 possible files to access

 

Here is an actual file retrieved from a site and edited , we know who the admin is and we have the hashes that’s a job for JTR (john the ripper)

 

txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on

qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on

 

with the many variations below, it should keep you busy for a long time mixing them reveals many different permutations

 

*************************************

 

SEARCH PATHS more to be added

 

*************************************

 

"Index of /admin"

"Index of /password"

"Index of /mail"

"Index of /" +passwd

"Index of /" +password.txt

"Index of /" +.htaccess

index of ftp +.mdb allinurl:/cgi-bin/ +mailto

 

administrators.pwd.index

authors.pwd.index

service.pwd.index

filetype:config web

gobal.asax index

 

allintitle: "index of/admin"

allintitle: "index of/root"

allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov

 

inurl:passwd filetype:txt

inurl:admin filetype:db

inurl:iisadmin

inurl:"auth_user_file.txt"

inurl:"wwwroot/*."

 

 

top secret site:mil

confidential site:mil

 

allinurl: winnt/system32/ (get cmd.exe)

allinurl:/bash_history

 

intitle:"Index of" .sh_history

intitle:"Index of" .bash_history

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"index of" etc/shadow

intitle:"index of" spwd

intitle:"index of" master.passwd

intitle:"index of" htpasswd

intitle:"index of" members OR accounts

intitle:"index of" user_carts OR user_cart

 

   Credits go to Comsec, G.S.O

 

                        ===========================