Thursday, July 30, 2009

Google Hacking!

There’s one big secret everybody knows and nobody seems to care about. Google is the key to your Universe. It can open doors beyond imagination. And the plus point is, you don’t have to pay for anything Google does for you.

Okay, so now we begin with what we shall call google hacking. Exploiting the search engine’s massive listings to your very advantage. Let’s begin!

Google for Music, Videos and other files!
Google can search for almost any file type, including Mp3s and PDFs and what not. Open web directories are one of the easiest places to quickly find an endless number of freely downloadable files. This is exactly what webmasters leave their servers open for! =D
For example:

A more general approach would go like this : intitle:"index of" songname/artist name



Notice that just by changing the required formats or the keywords, we can give the same search a completely new dimension. Replace (pdf|doc) by (ppt) to get powerpoint presentations, for instance.

View Unsecured Webcams Worldwide!
Did you know that you can sit infront of your screen and control open webcams 10, 000 miles away? Yes, you can! And it’s heck a lot of fun! =D
To view Axis Webcams: inurl:view/index.shtml
To view Cannon Webcams: sample/LvAppl/
To view MOBOTIX Webcams: control/userimage.html
To view FlexWatch Webcams: /app/idxas.html


Find Free Anonymous Web Proxies!
At school and want to visit your social bee website but being stopped by irritating filters? Or at office and striving for privacy for reasons obvious enough? Now, it’s all yours with free web proxies! A free anonymous web proxy site allows any web browser to access other third-party websites by channeling the browser’s connection through the proxy.
This trick is free and easy to access from anywhere via Google. All you have to do is look through the search results returned by the queries below, find a proxy that works, and enter in the URL of the site you want to browse anonymously.
inurl:”nph-proxy.cgi” “start using cgiproxy”
inurl:”nph-proxy.cgi” “Start browsing through this CGI-based proxy”


Find Free Passwords!
You can find free passwords using Google! This can be done for different sites aswell as different paid accounts or softwares which cost alot! =)
"# -FrontPage-" inurl:service.pwd
Frontpage passwords!

"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/

"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)

intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc
This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Changing the extenstion of a file on a webserver can have ugly consequences.

Looking for a serial key!
In the google search bar type in just like this - "Windows XP Professional" 94FBRthe key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
Or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR


A little explanation of what is happening!
Here is an explanation of what is meant by each term and what it does behind the scene.
link:URL = lists other pages that link to the URL
related:URL = lists other pages that are related to the URL.
site:domain.com “search term = restricts search results to the given domain.
allinurl:WORDS = shows only pages with all search terms in the url.
inurl:WORD = like allinurl: but filters the URL based on the first term only.
allintitle:WORD = shows only results with terms in title.
intitle:WORD = similar to allintitle, but only for the next word.
cache:URL = will show the Google cached version of the URL.
info:URL = will show a page containing links to related searches, backlinks, and pages containing the url. This is the same as typing the url into the search box.
filetype:SOMEFILETYPE = will restrict searches to that filetype
-filetype:SOMEFILETYPE = will remove that file type from the search.
site:www.somesite.net “+www.somesite.net” = shows you how many pages of your site are indexed by google.
allintext: = searches only within text of pages, but not in the links or page title.
allinlinks: = searches only within links, not text or title.
WordA OR WordB = search for either the word A or B.
“Word” OR “Phrase” = search exact word or phrase.
WordA -WordB = find word A but filter results that include word B.
WordA +WordB = results much contain both Word A and Word B.
Courtesy MarcAndAngel and i-hacked.

0 comments:

Post a Comment