Skip to main content

Hacking Tips From Google Search

Google search engine can be used to hack into remote servers or gather confidential or sensitive information which are not visible through common searches.




Google is the world’s most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results.



Google’s Advanced Search Query Syntax



Discussed below are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for getting confidential data.



[ intitle: ]



The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title.



intitle: login password





will return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.



Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title.



intitle: login intitle: password





is same as



allintitle: login password





[ inurl: ]



The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have "passwd" in the URL.



Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it.



allinurl: etc/passwd





will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.



[ site: ]



The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.



exploits site:hackingspirits.com





will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.



[ filetype: ]



This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).



filetype:doc site:gov confidential





will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.





[ link: ]



“link:” syntax will list down webpages that have links to the specified webpage.



link:www.expertsforge.com





will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the "link:" and the web page url.





[ related: ]



The “related:” will list web pages that are "similar" to a specified

web page.



related:www.expertsforge.com





will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the "related:" and the web page url.





[ cache: ]



The query “cache:” will show the version of the web page that Google

has in its cache.



cache:www.hackingspirits.com





will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.



If you include other words in the query, Google will highlight those words within the cached document.



cache:www.hackingspirits.com guest





will show the cached content with the word "guest" highlighted.



[ intext: ]



The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles.



intext:exploits





will return only links to those web pages that has the search keyword "exploits" in its webpage.





[ phonebook: ]



“phonebook” searches for U.S. street address and phone number information.



phonebook:Lisa+CA





will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.



Google Hacks



Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.



Now Google being so intelligent search engine, hackers don’t mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.



Index Of



Using “Index of ” syntax to find sites enabled with Index browsing



A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of “index of” syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.



Index of /admin

Index of /passwd

Index of /password

Index of /mail



"Index of /" +passwd

"Index of /" +password.txt

"Index of /" +.htaccess



"Index of /secret"

"Index of /confidential"

"Index of /root"

"Index of /cgi-bin"

"Index of /credit-card"

"Index of /logs"

"Index of /config"





Looking for vulnerable sites or servers using “inurl:” or “allinurl:”



a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and is able to execute it.





b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:



http://www.securiteam.com/exploits/2BUQ4S0SAW.html



c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.



d. Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.



For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following

links: http://www.securiteam.com/securitynews/6M00H2K5PG.html



Other similar search using “inurl:” or “allinurl:” combined with other syntax





inurl:admin filetype:txt

inurl:admin filetype:db

inurl:admin filetype:cfg

inurl:mysql filetype:cfg

inurl:passwd filetype:txt

inurl:iisadmin

inurl:auth_user_file.txt

inurl:orders.txt

inurl:"wwwroot/*."

inurl:adpassword.txt

inurl:webeditor.php

inurl:file_upload.php



inurl:gov filetype:xls "restricted"

index of ftp +.mdb allinurl:/cgi-bin/ +mailto





Looking for vulnerable sites or servers using “intitle:” or “allintitle:”



a. Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.



b. Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.



Other similar search using “intitle:” or “allintitle:” combined with other syntax



intitle:"Index of" .sh_history

intitle:"Index of" .bash_history

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"index of" etc/shadow

intitle:"index of" spwd

intitle:"index of" master.passwd

intitle:"index of" htpasswd

intitle:"index of" members OR accounts

intitle:"index of" user_carts OR user_cart



allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov







Other interesting Search Queries



· To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:



allinurl:/scripts/cart32.exe

allinurl:/CuteNews/show_archives.php

allinurl:/phpinfo.php







· To search for sites vulnerable to SQL Injection attacks:



allinurl:/privmsg.php

allinurl:/privmsg.php

Comments

Popular posts from this blog

SEO Optimizing A Website For Improved Value

SEO or search engine optimization is something that every web owner and creator should be aware of. Even if a website owner hires an expert to carry out the online marketing, understanding the very basics and how it really can improve a websites performance and popularity is important. Simply put, optimizing a website is important and is built around keywords that are valuable to a website and to the products or services it is trying to provide. By focusing on main keywords or key phrases for a business, and expanding on them over time, can improve the amount of visitors a website receives, in turn increasing profits or simply improving its popularity if it is an information website. SEO is valuable, and means a way of making a site appear at a higher ranking in search engines such as Google, Yahoo, AOL etc. Using this important type of online marketing can reap great benefits. It takes time to learn and time to complete, and is a constant job to keep a website performing well above co...

Email On Deck: A disposable email address that works

Today, Team Inforpioneer brings an interesting Email service for our reader which will definitely help our readers to improve their internet security and will benefit in some other ways.  Here is a short description of this service.  EmailOnDeck.com is the premier site for all things relating to temporary, disposable and throwaway email addresses. We want to help you avoid SPAM, protect your online privacy, and stop you from having to give away your personal email address to every company and person on the internet who insists on you giving it to them. We work hard and will continue to work hard to give you a disposable email address that works with any site or app. We hope to help give you back the control of deciding who you want to give your personal info to. Temporary emails are perfect for any transaction where you want to improve your online privacy. Use them when you buy or sell Bitcoins or trade cryptocurrency, at exchanges, or locally. They can be used for QA tes...

Dr. Elmi Zulkarnain Osman. The Award Winning Trainer With The Right Humour.

Dr. Elmi Zulkarnain Osman – an award-winning educator, a popular corporate trainer and a highly paid Malay English Language Coach started his career as a teacher in a government school in Singapore before becoming a lecturer in a government-based institute. Throughout his career with the Singapore Public Service, Dr. Elmi has already been acknowledged as an accomplished public speaker and a motivational speaker known for his high energy delivery and humorous approach. He is also well known in the grassroots circle as an experienced Chief Facilitator and an accomplished Forum Moderator. Upon completing his PhD in Educational Leadership with Trident University International in 2018, he and a few like-minded friends decided to set up Elemantra Training Consultancy. A consultancy that has been delivering their promise to deliver an “enriching experience every time”. As the CEO and Principal Trainer at Elemantra Consultancy, Dr. Elmi is very much known for his exceptional communication ...