google hacks

Posted by

Friday, June 6, 2008

GOOGLE HACK V1.6

Google is a pretty powerful search tool. You knew that. You can use it to find information, but you can also use it to find downloadable MP3s, books, videos, and other items. We're going to assume you're just looking for legally available downloads, but the truth of the matter is if someone's posted an MP3 (copyrighted or not) to their web page, Google can find it.

Image Hosted by ImageShack.us

But who has the time to memorize all the search modifiers like "-inurlhtm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(.mp3|.wma|.ogg) ?" That's where Google Hacks comes in. This handy little app will let you search for dozens of file types, song lyrics, cached pages, fonts, and other little goodies hanging out on the web.


Just download and install Google Hacks for Mac, Linux, or Windows, fire it up and enter your search term and check the boxes next to the type of search you want to perform. Your results will show up in your default web browser.

Photobucket

Photobucket

Thursday, May 22, 2008

Access on Webcam thru google search

i share this tutorials from my post before.. its all about google dorks..

here is one of them search this from google and see those webcams all over the world just like the what you see from the screenies

search this
allinurl: view/index.shtml

Free Image Hosting at www.ImageShack.us

Monday, May 19, 2008

Google Earth Pro Original Copy

With Google Earth Pro, it’s easy to research locations and present your discoveries. In just a few clicks, you can import site plans, property lists or client sites and share the view with your client or colleague. You can even export high-quality images to documents or the web.

Free Image Hosting at www.ImageShack.us

Image Hosted by ImageShack.us
You Have GPS option Works Fine 100%
Image Hosted by ImageShack.us
And you can save Image resolution Premium 4800x4210
Image Hosted by ImageShack.us


Annotate and visualize

Represent your location-based data using 3D drawing tools, or transfer up to 2,500 locations by address or geospatial coordinates from a spreadsheet. The GIS Data Importing Module lets you incorporate GIS data in file formats such as .shp and .tab. Examples include parcel, demographic, and 3D building data.
Share and analyze

Share your Google Earth views and data representations with your clients as a KML, Google Earth‘s original file format. With your upgraded Pro subscription, you get additional measurement tools (square feet, mile, acreage, radius and so on), so simply select the points on the screen using your mouse and let Google Earth calculate the rest.

Create visually powerful presentations

Export high-resolution images up to 11" x 17" (4800 pixels, sample print - 890k), and use them in documents, presentations, web or printed materials. Your audience can come along for the ride as you create your own compressed movies (.wmv, sample movie - 13MB) of the zooms and virtual tours you take in Google Earth.
Useful for many industries

Whether you’re in commercial real estate, insurance or media, Google Earth Pro lets you represent geo-specific information to full dramatic effect. Learn how it’s applicable to your industry.

Installation Guide:

1. Install Image Hosted by ImageShack.us

2. Take Note of this part.. once you reach this part remember to uncheck this area.. so that the Program wont run..
Image Hosted by ImageShack.us

3. You need to apply the crack first before you open the Program
Image Hosted by ImageShack.us

Free Image Hosting at www.ImageShack.usFree Image Hosting at www.ImageShack.usFree Image Hosting at www.ImageShack.us
Free Image Hosting at www.ImageShack.usFree Image Hosting at www.ImageShack.usImage Hosted by ImageShack.us

4. You may open now your Google Earth Pro...
Don't Update the Program.. all crack programs are not suitable to update if not the crack will be deleted..

Photobucket

Photobucket

Friday, April 11, 2008

Secret Backdoor to many Websites

Ever experienced this? You ask Google to look something up; the engine returns with a number of finds, but if you try to open the ones with the most promising content, you are confronted with a registration page instead, and the stuff you were looking for will not be revealed to you unless you agree to a credit card transaction first....
The lesson you should have learned here is: Obviously Google can go where you can't.

Can we solve this problem? Yes, we can. We merely have to convince the site we want to enter, that WE ARE GOOGLE.
In fact, many sites that force users to register or even pay in order to search and use their content, leave a backdoor open for the Googlebot, because a prominent presence in Google searches is known to generate sales leads, site hits and exposure.
Examples of such sites are Windows Magazine, .Net Magazine, Nature, and many, many newspapers around the globe.
How then, can you disguise yourself as a Googlebot? Quite simple: by changing your browser's User Agent. Copy the following code segment and paste it into a fresh notepad file. Save it as Useragent.reg and merge it into your registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Googlebot/2.1"
"Compatible"="+http://www.googlebot.com/bot.html"


Voila! You're done!

You may always change it back again.... I know only one site that uses you User Agent to establish your eligability to use its services, and that's the Windows Update site...
To restore the IE6 User Agent, save the following code to NormalAgent.reg and merge with your registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"


Ps:
Opera allows for on-the-fly switching of User Agents through its "Browser Identification" function, while for Mozilla/FireFox browsers a switching utility is available as an installable extension from this url:
help://chrispederick.myacen.com/work/fi ... /download/

Monday, March 24, 2008

Google Dorks and Google Hacking

We call them ‘googledorks’ (gOO gôl’Dôrk, noun, slang) : An inept or foolish person as revealed by Google.

Google dorks are the center of the Google Hacking. Many hackers use google to find vulnerable webpages and later use these vulnerabilities for hacking.
Example Dorks:-
1. CGI directories contain scripts which can often be exploited by attackers. search this one

“index of cgi-bin”

This way you will find many CGI directories some of them may be vulnerable.
2. Another famous Google Dork is the PhpMyAdmin Dork. phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security mechanism is to leave it up to the admin of the website to put a .htaccess file in the directory of the application. Well gues what, obviously some admins are either too lazy or don’t know how to secure their directories.

“Welcome to phpMyAdmin” ” Create new database”

This way you may find some vulnerable pages to gain access to someone’s PhpMyAdmin.
Honeypots
Honeypot or Honeypages are webpages designed to attract Google Dorkyz or Google Hackers. If you search for

“index of /etc/passwd”

on google. The first link you find is a very famous gray-world.net honeypot.
The biggest database of Google Dorks is here.

Wednesday, March 19, 2008

Online tutorials on Google tricks

Tuesday, March 18, 2008

Google hacking at its finest

Using Google, and some finely crafted searches we can find a lot of interesting information.

For Example we can find:
Credit Card Numbers
Passwords
Software / MP3's
...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:
intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"


Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999


"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

METHOD 2

put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.

Example: ?intitle:index.of? mp3 jackson

METHOD 3

put this string in google search:

inurl:microsoft filetype:iso

You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…


"# -FrontPage-" inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!

"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/

"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

"http://*:*@www" bangbus or "http://*:*@www"bangbus

Another way is by just typing
"http://bob:bob@www"

"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)


intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc
This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.


Let's pretend you need a serial number for windows xp pro.

In the google search bar type in just like this - "Windows XP Professional" 94FBR

the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.

or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR

Monday, March 17, 2008

How to use Google advanced hidden Calculator?

Normally search engine keep the record of website addresses along with the important words for description of each web page, but the interesting thing is that you can use Google search box as calculator. Using the Google calculator you can perform standard and advanced scientific functions. Google built-in calculator can solve your routine mathematical problems for example (simple Arithmetic function, Trigonometric, Inverse trigonometric, Hyperbolic and Logarithm functions). One important feature of this calculator to evaluate the Constants values, units of measurement and currency conversion also.

Follow these examples with different type of calculations:

Arithmetic Function

First open the Google.com and type the value like 100+500-10= in search box and press search button to show the result.

Logarithm Functions



To calculate logarithm base 10 values, type log (100) in search box and press search button to show the result.

Advanced Math Function

To calculate cos90 value, type cos(90) in search box and press search button to show the result.

Currency Conversion

To convert the 100 USD in British pounds, type 100 USD in British pounds and press search button to show the result.

Monday, February 25, 2008

More Google Dorks

www.google.com

Put this string in google search:

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of artist or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Notice that only the search-phrase after ?parent directory? change, and you can use whatever phrase or word that suits you and a lot of otherwise hidden links will turn up.

===========================


Method 2:

www.google.com

Put this string in google search:

?intitle:index.of? mp3

You only need to add the name of the song/album/artist/singer
Example:
?intitle:index.of? mp3 jackson

==============================


Method 3:

www.google.com

Put this string in google search:

inurl:Mcft filetype:iso

You can change the search-string to excactly what you desire, eg: Mcft to Ad@be, ISO to zip/rar and so on.

Also check this out:
http://www.googleguide.com/advanced_operators.html



================



How to search for Warez In GOOGLE?, Help this topic to grow!!!!!!!!!


Everyone knows google in the security sector...and what a powerful tool it is, just by entering certain search strings you can gain a vast amount of knowledge and information of your chosen target...often revealing sensitive data...this is all down to badly configured systems...brought on by sloppy administration allowing directory indexing and accessing , password files, log entrys, files, paths, etc , etc


Search Tips so how do we start ?

the common search inputs below will give you an idea...for instance if you
want to search for the an index of "root"

in the search box put in exactly as you see it below

==================

Example 1:

allintitle: "index of/root"

result:

http://www.google.com/search?hl=en&ie=ISO-...G=Google+Search

what it reveals is 2,510 pages that you can possible browse at your will...

====================

Example 2:

inurl:"auth_user_file.txt"

http://www.google.com/search?num=100&hl=en...G=Google+Search

this result spawned 414 possible files to access

here is an actual file retrieved from a site and edited , we know who the
admin is and we have the hashes thats a job for JTR (john the ripper)

txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on
qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on

with the many variations below it should keep you busy for a long time mixing them reveals many different permutations

*************************************

SEARCH PATHS....... more to be added

*************************************

"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto

administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index

allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

inurl:passwd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."


top secret site:mil
confidential site:mil

allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history

intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

ALTERNATIVE INPUTS====================

_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
wwwstats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi


there are to many people to thank for the bits of information cut and pasted and added to form this paper most have been collected from various forums , txt , doc's etc...like to thank you all, its not intended to rip anyone its just a combo of various search inputs...put on the one Paper to use as a reference.


German manual:
http://www.stephan-bender.de/download/its_tutorials/google/geheime%20google%20tipps.pdf

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums


http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Amicrosoft+filetype%3Aiso&btnG=Search


http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Amicrosoft+%22msdn%22+filetype%3Amsi&btnG=Search

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Alonghorn+%22leaked%22&btnG=Search

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Aoffice+filetype%3Aiso&btnG=Search

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Apanther+filetype%3Aiso&btnG=Search

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Amicrosoft+filetype%3Aiso+%22server%22&btnG=Search

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Aantivirus++filetype%3Aiso&btnG=Search

What u think? Yes, google is a powerfull instrument:


http://www.wolfgarten.com/downloads/Watch_out_google.pdf


http://johnny.ihackstuff.com/security/premium/The_Google_Hackers_Guide_v1.0.pdf



http://www.law.fsu.edu/current_students/technology/pdf/google.pdf



Other google Searchtips:

http://"user:password"@site.com/members -> in search space / user& pwd replace for * and google find the alternatives in existing pages.-

Hand type the following prefixes and note their utility:



link:url Shows other pages with links to that url.

related:url same as "what's related" on serps.

site:domain restricts search results to the given domain.

allinurl: shows only pages with all terms in the url.

inurl: like allinurl, but only for the next query word.

allintitle: shows only results with terms in title.

intitle: similar to allintitle, but only for the next word. "intitle:webmasterworld google" finds only pages with webmasterworld in the title, and google anywhere on the page.

cache:url will show the Google version of the passed url.

info:url will show a page containing links to related searches, backlinks, and pages containing the url. This is the same as typing the url into the search box.

spell: will spell check your query and search for it.

stocks: will lookup the search query in a stock index.

filetype: will restrict searches to that filetype. "-filetype:doc" to remove Mcft word files.

daterange: is supported in Julian date format only. 2452384 is an example of a Julian date.

maps: If you enter a street address, a link to Yahoo Maps and to MapBlast will be presented.

phone: enter anything that looks like a phone number to have a name and address displayed. Same is true for something that looks like an address (include a name and zip code)

site:www.somesite.net "+www.somesite.+net"
(tells you how many pages of your site are indexed by google)

allintext: searches only within text of pages, but not in the links or page title

allinlinks: searches only within links, not text or title

Here are some tips to find eBooks with Google:


Find Apache's (default) Index page

Try this query:


+("index of") +("/ebooks"|"/book") +(chm|pdf|zip|rar) +apache



Find a particular eBook file

Try this query:


allinurl: +(rar|chm|zip|pdf|tgz) TheTitle




Finding wareshizzle using Google

Disclaimer: This post is not about encouraging you to download unlicensed software (reads: w00t!). Use at your own risk.

Finding pirated software is surprisingly easy with Google. Yes, we have astalavista to find the serial numbers and key generators, but it might take you a little more time to find the original setup files, and software that do not use serial numbers to validate the license.

Enter Google. Google China, to be exact.

It's okay if you don't read chinese. You just have to know some keywords (with trasnlation below) to download any files successfully, with the success rate of as high as 100%. Believe it.

1. First, go to Google China (http://www.google.com/intl/zh-cn/ - the trailing slash is important).

2. Key in the software name you want to download in the search field. And remember to check the following option. It tells Google to look for China only web sites (distinguished by the use of simplified chinese only characters).


Image


3. Now, look for the following highlighted keywords:

Image


Hang on cowboy, don't worry if you don't understand what the heck they mean. The words highlighted in yellow mean "fixed version", and the words in green mean "download".

4. Follow the links. Now you will see more chinese characters! Don't worry though, their layouts are typically the same. Now keep looking for the green keywords above, they should be at the bottom of the page, or the row of the table that describes the software. You can usually get to know their ratings too. Talk about professional w00t!!

5. That's it!

There is absolutely no magic or advanced techniques to be used here. The root of the problem is, China has way too many w00t! sites run by individuals, and Google is so far still crawling and indexing them. The high number of w00t! sites makes Google to usually return links to w00t! sites on the first page of the results, some even get to ranked first. And of course, this technique can be used with Google Russia (http://www.google.ru) too.

The table of translations you might find useful. Of course, do not hesitate to use some online translation tools like Babelfis

Saturday, February 23, 2008

Google Hacking

Google hacking at its finest..

Using Google, and some finely crafted searches we can find a lot of interesting information.

For Example we can find:
Credit Card Numbers
Passwords
Software / MP3's
...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:
intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"

Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

METHOD 2

put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.

Example: ?intitle:index.of? mp3 jackson

METHOD 3

put this string in google search:

inurl:microsoft filetype:iso

You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…

"# -FrontPage-" inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!

"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/

"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

"http://*:*@www" bangbus or "http://*:*@www"bangbus

Another way is by just typing
"http://bob:bob@www"

"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)


intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc
This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.

Let's pretend you need a serial number for windows xp pro.

In the google search bar type in just like this - "Windows XP Professional" 94FBR

the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR

0 comments