windows auditing
+ Reply to Thread
Page 1 of 4 123 ... LastLast
Results 1 to 15 of 54

Thread: Google Hacks Volume VI

  1. #1
    Join Date
    Jan 2006
    Posts
    153

    Google Hacks Volume VI

    Thought you guys would enjoy:
    [url]http://one.revver.com/watch/***867[/url]

  2. #2
    Join Date
    Sep 2005
    Posts
    2,050
    Haha, I'm going to have some fun with that Google Maps trick at the end.

    You'd think they would see the abuse/prank potential for something like that.

  3. #3
    Join Date
    Apr 2007
    Posts
    922
    heh heh, It IS fun. I just had the **** Club call my boss, who is bald. Great find

  4. #4
    Join Date
    Sep 2006
    Posts
    1,649
    "I hope you'll stop emailing me."

    I don't think that you should've given out that phpMyAdmin thing, that's really dangerous, and you put it so easily that even skiddeis can get it, that's even more dangerous.

    Oh, and I agree with mike, thanks for that Google Map hack. My imagination has widened.

  5. #5
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by Moonbat View Post
    "I hope you'll stop emailing me."

    I don't think that you should've given out that phpMyAdmin thing, that's really dangerous, and you put it so easily that even skiddeis can get it, that's even more dangerous.
    They can find that sort of info on the internet anyway if they're determined, so I don't really see the problem.

    Besides, white hat hacking is bullshit. There are those that hack for fun without causing serious damage, there are those that hack for profit and there are those that provide information without getting involved, but those that think they are providing vulnerability information for the benefit of the 'security community' are just kidding themselves, just like the people who write tools such as nmap for 'security testing'. Everyone knows what they're mostly used for.

    It's the same as the companies that provide rolling paper. They can claim that it's used purely for tobacco, but they know that most use it for cannabis. If they really objected to that use of their product, they would stop selling it. If hackers really wanted to become a slave to random companies and protect their security, they would not disclose the information at all to the public. They all have purely personal reasons for doing it, whatever legitimate reason they give.

    Hacking is a personal thing, either for respect, for fun or for profit.
    Last edited by Ezekiel; 07-04-2007 at 06:54 AM.

  6. #6
    Join Date
    Sep 2006
    Posts
    1,649
    Quote Originally Posted by mike*5* View Post
    They can find that sort of info on the internet anyway if they're determined, so I don't really see the problem.

    Besides, white hat hacking is bullshit. There are those that hack for fun without causing serious damage, there are those that hack for profit and there are those that provide information without getting involved, but those that think they are providing vulnerability information for the benefit of the 'security community' are just kidding themselves, just like the people who write tools such as nmap for 'security testing'. Everyone knows what they're mostly used for.

    It's the same as the companies that provide rolling paper. They can claim that it's used purely for tobacco, but they know that most use it for cannabis. If they really objected to that use of their product, they would stop selling it. If hackers really wanted to become a slave to random companies and protect their security, they would not disclose the information at all to the public. They all have purely personal reasons for doing it, whatever legitimate reason they give.

    Hacking is a personal thing, either for respect, for fun or for profit.
    I'm not one to advocate white-hatting or anything of that sort. I'm saying that if a hacker is gonna deface a site, he should've done something to make it his deface, not just Googled up a simple Google dork.

  7. #7
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by Moonbat View Post
    I'm not one to advocate white-hatting or anything of that sort. I'm saying that if a hacker is gonna deface a site, he should've done something to make it his deface, not just Googled up a simple Google dork.
    Yeah, I agree.

  8. #8
    Join Date
    Jun 2006
    Posts
    459
    Holy shit you are a genious dude. Please hook us up with more of these
    Last edited by ~~smart~fool~~; 07-06-2007 at 06:57 PM.
    7h* L**7*57 c4n7 h4ck m*!
    Proud to have quit playing ®µÑȧ©ÅÞË

    If you write like a semi-literate boob you will very likely be ignored.
    Writing like a l**t script kiddie hax0r is the absolute l**t*st way to write!
    L0L

  9. #9
    Join Date
    Jun 2006
    Posts
    459
    Google takes fraud and spamming very seriously. We use ********* methods to prevent future prank calls from the same user within a reasonable period of time. You won't be charged for any such calls. Please contact [email]clicktocall-support@google.com[/email] if you believe someone is entering your phone number without your permission or knowledge.
    Looks like they know what is up


    :Edit: what is really ownage is having it call your aim phoneline rofl
    Last edited by ~~smart~fool~~; 07-06-2007 at 07:08 PM.
    7h* L**7*57 c4n7 h4ck m*!
    Proud to have quit playing ®µÑȧ©ÅÞË

    If you write like a semi-literate boob you will very likely be ignored.
    Writing like a l**t script kiddie hax0r is the absolute l**t*st way to write!
    L0L

  10. #10
    Join Date
    Aug 2006
    Posts
    233

    Talking Hey Guys,it's been a while

    I had to burry my windows,they died on me slowly..lol
    anyways,i'm sure you guys seen this,but for the kiddies and newbies,here ya go with some more google stuff.

    the common search inputs below will give you an idea...for instance if you want to search for the an index of "root"

    in the search box put in exactly as you see it in bold

    ===================

    example *:


    allintitle: "index of/root"


    result:

    [url]http://www.google.com/search?hl=en&ie=ISO-...G=Google+Search[/url]

    what it reveals is 2,5*0 pages that you can possible browse at your will...

    ====================

    example 2


    inurl:"auth_user_file.txt"

    [url]http://www.google.com/search?num=*00&hl=en...G=Google+Search[/url]

    this result spawned 4*4 possible files to access

    here is an actual file retrieved from a site and edited , we know who the admin is and we have the hashes thats a job for JTR (john the ripper)

    txUKhXYi4xeFs|******|admin|Worasit|Junsawang|xxx@xxx|on
    qk6GaDj*iBfNg|tomjang||Bug|Tom|xxx@xxx|on

    with the many variations below, it should keep you busy for a long time mixing them reveals many different permutations

    *************************************

    SEARCH PATHS more to be added

    *************************************

    "Index of /admin"
    "Index of /password"
    "Index of /mail"
    "Index of /" +passwd
    "Index of /" +password.txt
    "Index of /" +.htaccess
    index of ftp +.mdb allinurl:/cgi-bin/ +mailto

    administrators.pwd.index
    authors.pwd.index
    service.pwd.index
    filetype:config web
    gobal.asax index

    allintitle: "index of/admin"
    allintitle: "index of/root"
    allintitle: sensitive filetype:doc
    allintitle: restricted filetype :mail
    allintitle: restricted filetype:doc site:gov

    inurlasswd filetype:txt
    inurl:admin filetype:db
    inurl:iisadmin
    inurl:"auth_user_file.txt"
    inurl:"wwwroot/*."


    top secret site:mil
    confidential site:mil

    allinurl: winnt/system*2/ (get cmd.exe)
    allinurl:/bash_history

    intitle:"Index of" .sh_history
    intitle:"Index of" .bash_history
    intitle:"index of" passwd
    intitle:"index of" people.lst
    intitle:"index of" pwd.db
    intitle:"index of" etc/shadow
    intitle:"index of" spwd
    intitle:"index of" ******.passwd
    intitle:"index of" htpasswd
    intitle:"index of" members OR accounts
    intitle:"index of" user_carts OR user_cart

    ALTERNATIVE INPUTS

    _vti_inf.html
    service.pwd
    users.pwd
    authors.pwd
    administrators.pwd
    shtml.dll
    shtml.exe
    fpcount.exe
    default.asp
    showcode.asp
    sendmail.cfm
    getFile.cfm
    imagemap.exe
    test.bat
    msadcs.dll
    htimage.exe
    counter.exe
    browser.inc
    hello.bat
    default.asp\
    dvwssr.dll
    cart*2.exe
    add.exe
    index.jsp
    SessionServlet
    shtml.dll
    index.cfm
    page.cfm
    shtml.exe
    web_store.cgi
    shop.cgi
    upload.asp
    default.asp
    pbserver.dll
    phf
    test-cgi
    finger
    Count.cgi
    jj
    php.cgi
    php
    nph-test-cgi
    handler
    webdist.cgi
    webgais
    websendmail
    faxsurvey
    htmlscript
    perl.exe
    www***rd.pl
    www-sql
    view-source
    campas
    aglimpse
    glimpse
    man.sh
    AT-admin.cgi
    AT-generate.cgi
    filemail.pl
    maillist.pl
    info2www
    files.pl
    bnbform.cgi
    survey.cgi
    classifieds.cgi
    wrap
    cgiwrap
    edit.pl
    perl
    names.nsf
    webgais
    dumpenv.pl
    test.cgi
    submit.cgi
    guestbook.cgi
    guestbook.pl
    cachemgr.cgi
    responder.cgi
    perlshop.cgi
    query
    w*-msql
    plusmail
    htsearch
    infosrch.cgi
    publisher
    ultra***rd.cgi
    db.cgi
    formmail.cgi
    allmanage.pl
    ssi
    adpassword.txt
    redirect.cgi
    cvsweb.cgi
    login.jsp
    dbconnect.inc
    admin
    htgrep
    wais.pl
    amadmin.pl
    subscribe.pl
    news.cgi
    auctionweaver.pl
    .htpasswd
    acid_main.php
    access.log
    log.htm
    log.html
    log.txt
    logfile
    logfile.htm
    logfile.html
    logfile.txt
    logger.html
    stat.htm
    stats.htm
    stats.html
    stats.txt
    webaccess.htm
    wwwstats.html
    source.asp
    perl
    mailto.cgi
    YaBB.pl
    mailform.pl
    cached_feed.cgi
    global.cgi
    Search.pl
    build.cgi
    common.php
    show
    global.inc
    ad.cgi
    WSFTP.LOG
    index.html~
    index.php~
    index.html.bak
    index.php.bak
    print.cgi
    register.cgi
    webdriver
    bbs_forum.cgi
    mysql.class
    sendmail.inc
    CrazyWWW***rd.cgi
    search.pl
    way-***rd.cgi
    webpage.cgi
    pwd.dat
    adcycle
    post-query
    help.cgi
    ---------------------------------------------------------------------
    Part2 more from google
    ---------------------------------------------------------------------
    Yeah it's more than great, this Google.com

    Here's a few additions to my previous post regarding specialcommands/search strings:

    __________________________________
    Intitle restricts your search to titles of the web pages.
    Allintitle does the same, but where all the words in the searchstring must be in the title.
    intitle:"Gorge Bush"
    allintitle:"***** supply" economics

    __________________________________
    Inurl restricts your search to the URL of web pages.
    Inurl:help
    Inurl:Search Help

    __________________________________
    Intext searches only bodytext (Ignores link text, URLs and titles)
    intext:"**********"
    intext:html

    __________________________________
    Inanchor searches for a page's link anchors. A link anchor is the descriptive text of a link. For example in <a href="whatever.htm">A Cool Page</a> the anchor is "A Cool Page".
    inanchor:"t0bban"

    __________________________________
    Site allows you to narrow down your search by either a site or a top level domain.
    site:loc.gov
    site:thomas.loc.gov
    site:edu
    site:nc.us

    __________________________________
    Link returns a list of pages linking to that specific URL.
    Use link:[url]www.google.com[/url] and you'll end up with a bunch of pages which all link to Google.com. (Don't bother to put http:// infront, google just disregards it)..
    link:[url]www.google.com[/url]

    __________________________________
    Cache finds a copy of the page that Google indexed even if that page is no longer availible at it's original URL or has since changed it's content completely. This is great for pages that changes often.
    cache:[url]www.google.com[/url]

    __________________________________
    Daterange limits your search to a particular date or range of dates that a page was indexed.
    NOTE: It works with Julian, not Gregorian dates.
    "George Bush" daterange:2452*8*-2452*8*
    neurosurgery daterange:2452*8*-2452*8*

    __________________________________
    Filetype searches the suffices of filename extensions.
    As long as the site isn't hiding behind proxy'ing stuff, or redirection, this is great.
    filetypedf homeschooling
    "leading economic indicators" filetypept

    __________________________________
    Related as you might expect, finds pages that are related to the specified page. This is a good way to find categories of pages; a search for related:google.com would return a variety of searchengines, including HotBot, Yahoo! and Northern light.
    related:[url]www.**********[/url]
    related:[url]www.cnn.com[/url]

    __________________________________
    Info provides a page of links to more information about a specified URL. Information includes a link to the URL's cache, a list of pages that links to thar URL, pages related to that URL, and pages containing that URL.
    NOTE: This works only if google.com has indexed the page(s).
    info:[url]www.oreilly.com[/url]
    info:[url]www.nytimes.com/technology[/url]

    __________________________________
    Phonebook as you might expect, looks up phonenumbers.
    phonebook:John Doe CA
    phonebook(5*0) 555-*2*2
    ---------------------------------------------------------------------
    More for google-
    Some old & new stuff to search in uncle google:

    "Index of /admin"
    "index of/root"
    "Index of /etc"
    "Index of /mail"

    "Index of /" +passwd
    "Index of /" +password.txt
    "Index of /" +.htaccess

    inurl:/cgi-bin/exemplobugado
    ---------------------------------------------------------------------

    Noz
    jabber: gh05t*d@jabb*r.org Email: gh05t*d@hack.cl

    Internet security is as real as your Dreams !

  11. #11
    Join Date
    Sep 2006
    Posts
    1,649
    Very informative post n0z, thanks

    Here is a site (Halla's site) with links to a bunch of nice tutorials, including volumes *-* of Halla's previous Google Hacking videos.

    [url]http://informationleak.net/[/url]

  12. #12
    Join Date
    Aug 2007
    Posts
    5

    =d

    nice i like the map thing i am a n00b

  13. #13
    Join Date
    Aug 2007
    Posts
    122

    Sometimes, When I'm Alone, I Google Myself

    I'm Not Really Evil, But I Play Evil On TV

    I'm in a moral dilemma.

    WHAT DO YOU DO IF YOU DISCOVER AN EGREGIOUS BREACH OF ******** DATA SECURITY AND THE WEB****** NEVER REPLIES TO SEVERAL EMAILS WHEN YOU TRY TO TELL HIM?

    I give up. Hence my moral dilemma.

    I have found what appears to be a very long list of personal ****** card info in Google cache - complete with names, addresses, phone numbers, ****** card numbers and expiration dates, mother's maiden names, etc.

    One company I told about it took their ******** data file off-line immediately - and never even thanked me for bringing it to their attention - grrrrrrrrr.

    Another company I contacted about a similar problem hasn't done anything in over a month or replied to my emails and the list is still there in all its tempting glory.

    Wonder if it's a clever hoax - like a honeypot. I love honey.

    I Googled several of the phone numbers in the list and they matched real listings - same names, addresses and phone numbers as in the apparent ******** data list.


    Hmmmmmmmmmmm.

    Google, you have been very, very naughty!
    Just you wait till your father gets home!


    P.S.

    I tried to contact Google about it, but they never replied either!
    Am I really that ugly?

    :&#222;
    Last edited by JayT; 09-03-2007 at 07:43 PM.
    Oh to be free, so blissfully free, of the ravages of intelligence, there is no greater joy! - The Cweationist's Cweed

    All that is necessary for evil to triumph is a good PR firm.
    Very funny, Scotty. Now beam down my clothes!

  14. #14
    Join Date
    Jan 2005
    Posts
    623
    You will never contact "Google". But if you would like to directly contact someone with VERY HIGH AUTHORITY that actually listens to feedback you can visit [url]http://www.mattcutts.com/blog/[/url] and drop him a message.
    [url=http://www.syntax******.info/tools/services.php]Speed Up Windows XP[/url]
    [url=http://www.syntax******.info/tools/ip.php]Get An Ip Address[/url]
    [url=http://www.syntax******.info/tools/base_converter.php]Base Converter[/url]
    --------------------------------
    [URL=http://www.boninroad.com/syntax******/]Old Site[/URL]
    [URL=http://www.syntax******.info]Comming Soon[/URL]

  15. #15
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by JayT View Post
    I have found what appears to be a very long list of personal ****** card info in Google cache - complete with names, addresses, phone numbers, ****** card numbers and expiration dates, mother's maiden names, etc.
    I'm sure this happens very often. It is the company's responsibility, not Google's. They might remove the offending cache page, but they usually require the web****** of the site in question to verify first. Since it's ****** card information, they probably would remove it.

+ Reply to Thread

Similar Threads

  1. Mac hacks.. a question
    By Aleeeek in forum General discussion
    Replies: 1
    Last Post: 06-29-2008, 12:21 AM
  2. MsN hacks?
    By HaX_ChIx in forum Viruses and Trojans
    Replies: 0
    Last Post: 06-27-2008, 12:39 PM
  3. Gladiatus Hacks
    By RJVetter831 in forum Internet Privacy
    Replies: 1
    Last Post: 06-19-2007, 07:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts