Google Hacks Volume VI

[Halla]

Thought you guys would enjoy:
[url]http://one.revver.com/watch/319867[/url]

[Ezekiel]

Haha, I'm going to have some fun with that Google Maps trick at the end.

You'd think they would see the abuse/prank potential for something like that.

[gordo]

heh heh, It IS fun. I just had the Hair Club call my boss, who is bald. Great find

[Moonbat]

"I hope you'll stop emailing me."

I don't think that you should've given out that phpMyAdmin thing, that's really dangerous, and you put it so easily that even skiddeis can get it, that's even more dangerous.

Oh, and I agree with mike, thanks for that Google Map hack. My imagination has widened.

[Ezekiel]

"I hope you'll stop emailing me."

I don't think that you should've given out that phpMyAdmin thing, that's really dangerous, and you put it so easily that even skiddeis can get it, that's even more dangerous.

They can find that sort of info on the internet anyway if they're determined, so I don't really see the problem.

Besides, white hat hacking is bullshit. There are those that hack for fun without causing serious damage, there are those that hack for profit and there are those that provide information without getting involved, but those that think they are providing vulnerability information for the benefit of the 'security community' are just kidding themselves, just like the people who write tools such as nmap for 'security testing'. Everyone knows what they're mostly used for.

It's the same as the companies that provide rolling paper. They can claim that it's used purely for tobacco, but they know that most use it for cannabis. If they really objected to that use of their product, they would stop selling it. If hackers really wanted to become a slave to random companies and protect their security, they would not disclose the information at all to the public. They all have purely personal reasons for doing it, whatever legitimate reason they give.

Hacking is a personal thing, either for respect, for fun or for profit.

[Moonbat]

They can find that sort of info on the internet anyway if they're determined, so I don't really see the problem.

Besides, white hat hacking is bullshit. There are those that hack for fun without causing serious damage, there are those that hack for profit and there are those that provide information without getting involved, but those that think they are providing vulnerability information for the benefit of the 'security community' are just kidding themselves, just like the people who write tools such as nmap for 'security testing'. Everyone knows what they're mostly used for.

It's the same as the companies that provide rolling paper. They can claim that it's used purely for tobacco, but they know that most use it for cannabis. If they really objected to that use of their product, they would stop selling it. If hackers really wanted to become a slave to random companies and protect their security, they would not disclose the information at all to the public. They all have purely personal reasons for doing it, whatever legitimate reason they give.

Hacking is a personal thing, either for respect, for fun or for profit.

I'm not one to advocate white-hatting or anything of that sort. I'm saying that if a hacker is gonna deface a site, he should've done something to make it his deface, not just Googled up a simple Google dork.

[Ezekiel]

I'm not one to advocate white-hatting or anything of that sort. I'm saying that if a hacker is gonna deface a site, he should've done something to make it his deface, not just Googled up a simple Google dork.

Yeah, I agree.

[~~smart~fool~~]

Holy shit you are a genious dude. Please hook us up with more of these

[~~smart~fool~~]

Google takes fraud and spamming very seriously. We use technical methods to prevent future prank calls from the same user within a reasonable period of time. You won't be charged for any such calls. Please contact [email]clicktocall-support@google.com[/email] if you believe someone is entering your phone number without your permission or knowledge.

Looks like they know what is up


:Edit: what is really ownage is having it call your aim phoneline rofl

[nozf3r4tu]

I had to burry my windows,they died on me slowly..lol
anyways,i'm sure you guys seen this,but for the kiddies and newbies,here ya go with some more google stuff.

the common search inputs below will give you an idea...for instance if you want to search for the an index of "root"

in the search box put in exactly as you see it in bold

===================

example 1:


allintitle: "index of/root"


result:

[url]http://www.google.com/search?hl=en&ie=ISO-...G=Google+Search[/url]

what it reveals is 2,510 pages that you can possible browse at your will...

====================

example 2


inurl:"auth_user_file.txt"

[url]http://www.google.com/search?num=100&hl=en...G=Google+Search[/url]

this result spawned 414 possible files to access

here is an actual file retrieved from a site and edited , we know who the admin is and we have the hashes thats a job for JTR (john the ripper)

txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on
qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on

with the many variations below, it should keep you busy for a long time mixing them reveals many different permutations

*************************************

SEARCH PATHS more to be added

*************************************

"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto

administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index

allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

inurlasswd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."


top secret site:mil
confidential site:mil

allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history

intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

ALTERNATIVE INPUTS

_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp\
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
wwwstats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi
---------------------------------------------------------------------
Part2 more from google
---------------------------------------------------------------------
Yeah it's more than great, this Google.com

Here's a few additions to my previous post regarding specialcommands/search strings:

__________________________________
Intitle restricts your search to titles of the web pages.
Allintitle does the same, but where all the words in the searchstring must be in the title.
intitle:"Gorge Bush"
allintitle:"money supply" economics

__________________________________
Inurl restricts your search to the URL of web pages.
Inurl:help
Inurl:Search Help

__________________________________
Intext searches only bodytext (Ignores link text, URLs and titles)
intext:"yahoo.com"
intext:html

__________________________________
Inanchor searches for a page's link anchors. A link anchor is the descriptive text of a link. For example in <a href="whatever.htm">A Cool Page</a> the anchor is "A Cool Page".
inanchor:"t0bban"

__________________________________
Site allows you to narrow down your search by either a site or a top level domain.
site:loc.gov
site:thomas.loc.gov
site:edu
site:nc.us

__________________________________
Link returns a list of pages linking to that specific URL.
Use link:[url]www.google.com[/url] and you'll end up with a bunch of pages which all link to Google.com. (Don't bother to put http:// infront, google just disregards it)..
link:[url]www.google.com[/url]

__________________________________
Cache finds a copy of the page that Google indexed even if that page is no longer availible at it's original URL or has since changed it's content completely. This is great for pages that changes often.
cache:[url]www.google.com[/url]

__________________________________
Daterange limits your search to a particular date or range of dates that a page was indexed.
NOTE: It works with Julian, not Gregorian dates.
"George Bush" daterange:2452389-2452389
neurosurgery daterange:2452389-2452389

__________________________________
Filetype searches the suffices of filename extensions.
As long as the site isn't hiding behind proxy'ing stuff, or redirection, this is great.
filetypedf homeschooling
"leading economic indicators" filetypept

__________________________________
Related as you might expect, finds pages that are related to the specified page. This is a good way to find categories of pages; a search for related:google.com would return a variety of searchengines, including HotBot, Yahoo! and Northern light.
related:[url]www.yahoo.com[/url]
related:[url]www.cnn.com[/url]

__________________________________
Info provides a page of links to more information about a specified URL. Information includes a link to the URL's cache, a list of pages that links to thar URL, pages related to that URL, and pages containing that URL.
NOTE: This works only if google.com has indexed the page(s).
info:[url]www.oreilly.com[/url]
info:[url]www.nytimes.com/technology[/url]

__________________________________
Phonebook as you might expect, looks up phonenumbers.
phonebook:John Doe CA
phonebook(510) 555-1212
---------------------------------------------------------------------
More for google-
Some old & new stuff to search in uncle google:

"Index of /admin"
"index of/root"
"Index of /etc"
"Index of /mail"

"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess

inurl:/cgi-bin/exemplobugado
---------------------------------------------------------------------

Noz

[Moonbat]

Very informative post n0z, thanks

Here is a site (Halla's site) with links to a bunch of nice tutorials, including volumes 1-3 of Halla's previous Google Hacking videos.

[url]http://informationleak.net/[/url]

[pieman]

nice i like the map thing i am a n00b

[JayT]

I'm Not Really Evil, But I Play Evil On TV

I'm in a moral dilemma.

WHAT DO YOU DO IF YOU DISCOVER AN EGREGIOUS BREACH OF CUSTOMER DATA SECURITY AND THE WEBMASTER NEVER REPLIES TO SEVERAL EMAILS WHEN YOU TRY TO TELL HIM?

I give up. Hence my moral dilemma.

I have found what appears to be a very long list of personal credit card info in Google cache - complete with names, addresses, phone numbers, credit card numbers and expiration dates, mother's maiden names, etc.

One company I told about it took their customer data file off-line immediately - and never even thanked me for bringing it to their attention - grrrrrrrrr.

Another company I contacted about a similar problem hasn't done anything in over a month or replied to my emails and the list is still there in all its tempting glory.

Wonder if it's a clever hoax - like a honeypot. I love honey.

I Googled several of the phone numbers in the list and they matched real listings - same names, addresses and phone numbers as in the apparent customer data list.


Hmmmmmmmmmmm.

Google, you have been very, very naughty!
Just you wait till your father gets home!


P.S.

I tried to contact Google about it, but they never replied either!
Am I really that ugly?

:&#222;

[SyntaXmasteR]

You will never contact "Google". But if you would like to directly contact someone with VERY HIGH AUTHORITY that actually listens to feedback you can visit [url]http://www.mattcutts.com/blog/[/url] and drop him a message.

[Ezekiel]

I have found what appears to be a very long list of personal credit card info in Google cache - complete with names, addresses, phone numbers, credit card numbers and expiration dates, mother's maiden names, etc.

I'm sure this happens very often. It is the company's responsibility, not Google's. They might remove the offending cache page, but they usually require the webmaster of the site in question to verify first. Since it's credit card information, they probably would remove it.