Friday, May 29, 2009

I LOVE GOOLE PART III

I L0Ve G00Le PaRt III... *wait*

HErE ArE THE C0m0N TRicKs, METh0Ds AnD SEArcH TYPes UsEd IN G00Gle And DesCrIBEd In M0sT 0f THE F0RuMS And 0fC0UrSe In G00glE iTseLf .........*wait*

F0R EXAmPle We CAN FiND:
Credit Card Numbers
Passwords
Software / MP3's
...... (and on and on and on)

Code:

Try a few of these searches:
intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"




Code:

Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999




Code:

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums



Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

METHOD 2

put this string in google search:

Code:

?intitle:index.of? mp3



You only need add the name of the song/artist/singer.

Example:
Code:

?intitle:index.of? mp3 jackson



METHOD 3

put this string in google search:

Code:

inurl:microsoft filetype:iso



You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…


Code:

"# -FrontPage-" inurl:service.pwd


Frontpage passwords.. very nice clean search results listing !!

Code:

"AutoCreate=TRUE password=*"


This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/

Code:

"http://*:*@www" domainname


This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

Code:

"http://*:*@www" bangbus or "http://*:*@www"bangbus



Another way is by just typing
Code:

"http://bob:bob@www"



Code:

"sets mode: +k"


This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

Code:

allinurl: admin mdb


Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

Code:

allinurl:auth_user_file.txt


DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)


Code:

intitle:"Index of" config.php


This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

Code:

eggdrop filetype:user user


These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

Code:

intitle:index.of.etc


This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

f
Code:

iletype:bak inurl:"htaccess|passwd|shadow|htusers"


This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.


Let's pretend you need a serial number for windows xp pro.

In the google search bar type in just like this -
Code:

"Windows XP Professional" 94FBR


the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.

or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR

More Google Dorks


www.google.com

Put this string in google search:

Code:

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of artist or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums



Notice that only the search-phrase after ?parent directory? change, and you can use whatever phrase or word that suits you and a lot of otherwise hidden links will turn up.

*wait**wait**wait**wait**wait**wait**wai*wait**wait**wait*


Method 2:

www.google.com

Put this string in google search:

Code:

?intitle:index.of? mp3



You only need to add the name of the song/album/artist/singer
Example:
Code:

?intitle:index.of? mp3 jackson



*wait**wait**wait**wait**wait**wait**wait**wait**wait*


Method 3:

www.google.com

Put this string in google search:

Code:

inurl:Mcft filetype:iso



You can change the search-string to excactly what you desire, eg: Mcft to Ad@be, ISO to zip/rar and so on.

Also check this out:
Code:

http://www.googleguide.com/advanced_operators.html





*wait**wait**wait**wait**wait**wait**wait*



How to search for Warez In GOOGLE?, HElP ThIS t0PiC TO Gr0w!!!!!!!!!


Everyone knows google in the security sector...and what a powerful tool it is, just by entering certain search strings you can gain a vast amount of knowledge and information of your chosen target...often revealing sensitive data...this is all down to badly configured systems...brought on by sloppy administration allowing directory indexing and accessing , password files, log entrys, files, paths, etc , etc


Search Tips so how do we start ?

the common search inputs below will give you an idea...for instance if you
want to search for the an index of "root"

in the search box put in exactly as you see it below

==================*wait*

Example 1:

Code:

allintitle: "index of/root"

result:

http://www.google.com/search?hl=en&ie=ISO-...G=Google+Search


what it reveals is 2,510 pages that you can possible browse at your will...

*wait**wait**wait**wait**wait**wait**wait*

Example 2:

Code:

inurl:"auth_user_file.txt"

http://www.google.com/search?num=100&hl=en...G=Google+Search



this result spawned 414 possible files to access

here is an actual file retrieved from a site and edited , we know who the
admin is and we have the hashes thats a job for JTR (john the ripper)

txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on
qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on

1 comment: