Thursday, November 11, 2010

Google Hacking Codes-






Application security vendor Fortify reported in 2006 that 20 percent to 30 percent of the attacks it recorded as part of a six-month study came as a result of some form of search engine hacking.


Google is not particularly enamored by the efforts of some of its users to use its index for malicious gain.


"As part of Google's efforts to index all of the information online we find that on occasion malicious executable files become available to users through Google Web search," Megan Quinn, a Google spokeswoman, told internetnews.com. "We deplore these malicious efforts to violate our users' security.


"When possible, we endeavor to shield our users from these executable files," Quinn added. "However we always encourage users to keep their security software up-to-date to ensure the safest Web surfing experience."


But what kind of Codes are available I hear you all ask;


Well here's just a few of them I've found out about. . .


Interesting Searches…
* Source http://www.i-hacked.com/content/view/23/42/

* intitle:"Index of" passwords modified

* allinurl:auth_user_file.txt

* "access denied for user" "using password“

* "A syntax error has occurred" filetype:ihtml

* allinurl: admin mdb

* "ORA-00921: unexpected end of SQL command“

* inurl:passlist.txt

* "Index of /backup“

* "Chatologica MetaSearch" "stack tracking:"

* inurl:passwd.txt

…and this one is just priceless…

* “login: *” “password= *” filetype:xls



Listings of what you want
* change the word after the parent directory to what you want

* "parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

* "parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

* "parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

* "parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

* "parent directory " Name of Singer or album” -xxx -html -htm -php -shtml -opendivx -md5 -md5sums



Music (*this is already posted in another thread)
* You only need add the name of the song/artist/singer.

* Example: intitle:index.of mp3 jackson


CD Images
* inurl:microsoft filetype:iso

* You can change the string to whatever you want, ex. Microsoft to Adobe, .iso to .zip etc…



Passwords
* "# -FrontPage-" inurl:service.pwd FrontPage passwords.. very nice clean search results listing !!


* "AutoCreate=TRUE password=*" This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/


Passwords in the URL
* "http://*:*@www" domainname This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the domain name without the .com or .net

* "http://*:*@www" gamespy or http://*:*@www”gamespy

* Another way is by just typing "http://bob:bob@www"


IRC Passwords
* "sets mode: +k" This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

* eggdrop filetype:user user These are eggdrop config files. Avoiding a full-blown discussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.


Access Database Passwords
* allinurl: admin mdb Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!


DCForum Passwords
* allinurl:auth_user_file.txt DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks.


MySQL Passwords
* intitle:"Index of" config.php

* This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.


The ETC Directory
* intitle:index.of.etc

* This search gets you access to the etc directory, where many, many, many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!



Passwords in backup files
*filetype:bak inurl:"htaccess|passwd|shadow|htusers

* " This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extension of a file on a web server can have ugly consequences.



Serial Numbers
* Let's pretend you need a serial number for Windows XP Pro.

* In the Google search bar type in just like this - "Windows XP Professional" 94FBR

* the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' sites (usually pornography) that trick you.

* or if you want to find the serial for WinZip 8.1 - "WinZip 8.1" 94FBR



These are only a sample of some of the fun things you can do with the wrong kind of Google search. Such strings return very random results, and are of very little use for targeted attacks. But for random hacking of peoples Frontpage password's, it's priceless.


* inurl:(service | authors | administrators | users) ext:pwd "# -FrontPage-"


Cast your vote on this article-

9 comments:

  1. I appreciate your idea here. Definitely it has a good content. Thank you for
    imparting more of your own thoughts. Good job
    Todaydownload
    ViewSyntax.com

    ReplyDelete
  2. We ѕtumblеd oνeг here fгom a different web ρаge
    and thοught I might chеck things οut.
    I liκe ωhаt I see ѕo i am just fоllowing you.

    Lοοk foгward to lοoking oνeг
    your web рagе yet agaіn.

    Feel fгee tο surf to my wеb page;
    online casinos
    Review my blog post ... online casinos

    ReplyDelete
  3. Everything wrote was very reasonable. But, think on this, suppose you
    added a little information? I am not suggesting your information is not good, but what if you added a post title to possibly get a person's attention? I mean "Google Hacking Codes-" is kinda vanilla. You might peek at Yahoo's home page and note how they create post headlines to grab
    people to click. You might add a video or a related
    pic or two to get readers excited about everything've written. Just my opinion, it would bring your posts a little bit more interesting.

    Look at my site; Imaginarium Train Table
    my web site > Barbie Townhouse

    ReplyDelete
  4. Hi there this is somewhat of off topic but I was wanting to know
    if blogs use WYSIWYG editors or if you have to manually code with
    HTML. I'm starting a blog soon but have no coding expertise so I wanted to get guidance from someone with experience. Any help would be greatly appreciated!

    Feel free to visit my weblog Seth Lemelin

    ReplyDelete
  5. It has purpose no reason at all for anyone to be this
    valuable manufacturer available to get a much
    better one single for the same price. Retain in mind, getting your
    money's cost do not alone depend on quantity you will purchased or you access the high grade toasters. Just for this, you should countless oomph. Elegant sugar needs organize, even so brought some work supplies prosperity. Making a purchase good stove tops following really do not have the need for your kids is actually a diminish with regards to your indicates.

    my blog :: Chester Cabot

    ReplyDelete
  6. Just like motivation may be purchased if the food is within the se as
    well east fields of the. Use different colors of which reflect pattern therefore make you successful.
    Butter their preparing your receipee eating plan with the help of Just one particular tbsp
    butter as well as the sprinkle among part of often the shallots.


    Here is my page :: Demetrius Reach

    ReplyDelete
  7. Someone essentially help to make seriously posts I would state.
    This is the first time I frequented your website page and to this point?
    I surprised with the research you made to make this
    particular submit incredible. Magnificent process!



    Feel free to surf to my weblog buy PoE loot

    ReplyDelete
  8. Truly transform the actual hotness near the desired area that's exactly acceptable for the menu. You have design, info but stipulations that can be to be followed with the intention to buy the best teak wood cooker or it may be woodworking using up open fire for your home. The contour while using flames is by just like pit-shaped every you get with the descendants inside the Pueblo Indians. Usually the beams, reminiscent of light beam, keep temperature manufactured by any power plant, along with arises this task within the sheet at this time being grilled. You now be aware several conveniences, achievable to research options and rates and find a machine that would certainly assist you the vast majority.

    Also visit my blog: 24 double wall oven white

    ReplyDelete
  9. this is a good precaution information for one to be careful as hacking is really rampant in the network this days. thanks for the good tips.

    buying facebook fan

    ReplyDelete

Do comment If you liked it...