Friday, December 31, 2010
Anu
Google search engine can be used to hack into remote servers or gatherconfidential or sensitive information which are not visible throughcommon searches.
Google is the world’s most popular and powerfulsearch engine. It has the ability to accept pre-defined commands asinputs which then produces unbelievable results.
Google’s Advanced Search Query Syntax
Discussedbelow are various Google’s special commands and I shall be explainingeach command in brief and will show how it can be used for gettingconfidential data.
[ intitle: ]The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title.
intitle: login passwordwill return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.
Similarly,if one has to query for more than one word in the page title then inthat case “allintitle:” can be used instead of “intitle” to get thelist of pages containing all those words in its title.
intitle: login intitle: passwordis same as
allintitle: login password
[ inurl: ]The“inurl:” syntax restricts the search results to those URLs containingthe search keyword.
For example: “inurl: passwd” (without quotes) willreturn only links to those pages that have "passwd" in the URL.
Similarly,if one has to query for more than one word in an URL then in that case“allinurl:” can be used instead of “inurl” to get the list of URLscontaining all those search keywords in it.
allinurl: etc/passwdwill look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.
[ site: ]The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.
exploits site:google.comwilllook for the keyword “exploits” in those pages present in all the linksof the domain “google.com”. There should not be any spacebetween “site:” and the “domain name”.
[ filetype: ]This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
filetype:doc site:gov confidentialwilllook for files with “.doc” extension in all government domains with“.gov” extension and containing the word “confidential” either in thepages or in the “.doc” file. i.e. the result will contain the links toall confidential word document files on the government sites.
[ link: ]“link:” syntax will list down webpages that have links to the specified webpage.
link:www.expertsforge.comwilllist webpages that have links pointing to the SecurityFocus homepage.Note there can be no space between the "link:" and the web page url.
[ related: ]The “related:” will list web pages that are "similar" to a specified
web page.
related:www.expertsforge.comwilllist web pages that are similar to the Securityfocus homepage. Notethere can be no space between the "related:" and the web page url.
[ cache: ]The query “cache:” will show the version of the web page that Google has in its cache.
cache:www.pctipsbyanu.tkwill show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.
If you include other words in the query, Google will highlight those words within the cached document.
cache:www.pctipsbyanu.tk guestwill show the cached content with the word "guest" highlighted.
[ intext: ]The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles.
intext:exploitswill return only links to those web pages that has the search keyword "exploits" in its webpage.
[ phonebook: ]“phonebook” searches for U.S. street address and phone number information.
phonebook:Anu+INwilllist down all names of person having “Anu” in their names and locatedin “India(IN)”. This can be used as a great tool for hackersincase someone want to do dig personal information for socialengineering.
Google Hacks
Well, the Google’s querysyntaxes discussed above can really help people to precise their searchand get what they are exactly looking for.
Now Google being sointelligent search engine, hackers don’t mind exploiting its ability todig much confidential and secret information from the net which theyare not supposed to know. Now I shall discuss those techniques indetails how hackers dig information from the net using Google and howthat information can be used to break into remote servers.
Index OfUsing “Index of ” syntax to find sites enabled with Index browsing
Awebserver with Index browsing enabled means anyone can browse thewebserver directories like ordinary local directories. The use of“index of” syntax to get a list links to webserver which has gotdirectory browsing enabled will be discussd below. This becomes an easysource for information gathering for a hacker. Imagine if the get holdof password files or others sensitive files which are not normallyvisible to the internet. Below given are few examples using which onecan get access to many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
a.Using “allinurl:windows/system32/” (without quotes) will list down allthe links to the server which gives access to restricted directorieslike “system32” through web. If you are lucky enough then you might getaccess to the cmd.exe in the “system32” directory. Once you have theaccess to “cmd.exe” and is able to execute it.
b. Using“allinurl:wwwboard/passwd.txt”(without quotes) in the Google searchwill list down all the links to the server which are vulnerable to“WWWBoard Password vulnerability”. To know more about thisvulnerability you can have a look at the following link: HERE
c.Using “inurl:.bash_history” (without quotes) will list down all thelinks to the server which gives access to “.bash_history” file throughweb. This is a command history file. This file includes the list ofcommand executed by the administrator, and sometimes includes sensitiveinformation such as password typed in by the administrator. If thisfile is compromised and if contains the encrypted unix (or *nix)password then it can be easily cracked using “John The Ripper”.
d.Using “inurl:config.txt” (without quotes) will list down all the linksto the servers which gives access to “config.txt” file through web.This file contains sensitive information, including the hash value ofthe administrative password and database authentication credentials.
ForExample: Ingenium Learning Management System is a Web-based applicationfor Windows based systems developed by Click2learn, Inc. IngeniumLearning Management System versions 5.1 and 6.1 stores sensitiveinformation insecurely in the config.txt file. For more informationrefer the following
links: HERE
Other similar search using “inurl:” or “allinurl:” combined with other syntax
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
a.Using [allintitle: "index of /root”] (without brackets) will list downthe links to the web server which gives access to restricteddirectories like “root” through web. This directory sometimes containssensitive information which can be easily retrieved through simple webrequests.
b. Using [allintitle: "index of /admin”] (withoutbrackets) will list down the links to the websites which has got indexbrowsing enabled for restricted directories like “admin” through web.Most of the web application sometimes uses names like “admin” to storeadmin credentials in it. This directory sometimes contains sensitiveinformation which can be easily retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntax
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
- To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
- To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.phpFor more hacks n tips you can leave a comment or contact me on "pctipsbyanu@yahoo.com OR pctipsbyanu@gmail.com"
Thanks..
Posted in
1 comments:
interesting codes. i think pctipsbyanu is best in hacking
Post a Comment