GOOGLE TRICKS AND HACKS Print E-mail
Google.com is undoubtedly the most popular search engine in the world. It offers multiple search features like the ability to search images and news groups.However it's true power lies in it's powerful commands that can be used and misused.I am writing this article on the basis of my experience using google and trying out ideas when i am bored.Now enough of lecturing...let's get down to business.)


--- Searching URLs :



The "allinurl" command is used to search for a particular string present in

the URL.Goto google.com and type this in the search box:



allinurl:wwwboard/passwd.txt



Wow! 139 results and allmost every result displays a file containing a string

in the form of ---> username:password (password is encrypted using DES crypto and can be cracked using john the ripper) "WWWBOARD" is a CGI message board which saves it's password by default in a filename called "passwd.txt".This is a very outdated message board script but many new types of CGI/PHP/ASP messages boards and scripts save their passwords

in a text file (some are not encrypted i.e. in plain text !! and the rest can most of the time be cracked with john the ripper)



allinurl:passwd.txt site:virtualave.net



This time too you will get some results which leads to the file containing the

passwords.



This command searched for a file called passwd.txt present in the URL.However

using the "site:virtualave.net" part has limited the search to virutalave.net only! (virtualave.net is a web hosting provider)



Similarly you can also search partcular top level domains like

.net,.org,.np,.jp,.in,.gr etc :



allinurl:config.txt site:.jp

allinurl:admin.txt site:.edu



These and many other ideas can return interesting results in google.



--- Searching for Index browsing enabled directories :



Index browsing is a very simple but powerful way of gaining information and interesting things.First of all we need to understand that "index browsing" enabled directories are those directories on the internet that can be browsed just like ordinary directories. We will be using google to find such type of "interesting" directories.



Try these out this in google:

[offer]


"Index of /admin"



"Index of /secret"



"Index of /cgi-bin" site:.edu



Be more creative and think of more interesting ways to exploit index browsing,



-- Searching for partcular file types:



You can specify the extension of the filename you want to search using "filetype" command. Examples to try in google:



filetype:.doc site:.mil classified



-Yeah searching for classified millitary documents ;)



-- Examples of some real life hacks using google:



1) My personal hack



One day i was reading about an exploit for phpBB 2.0.0 I decided to check

if any sites were vulnerable, so i fired up google and searched for:



"Powered by phpBB 2.0.2"



I found out that there were a lot of site.But i got curious to see if any

Nepali sites were vulnerable too because I am a Nepali myself ;)



"Powered by phpBB 2.0.2" site:.np



I came up with a vulnerable Nepali site that used phpBB 2.0.2



2) Big brother hack



Phrack 60 has an article on Big Brother...(a program that will monitor

various computer equipment; things it can monitor are connectivity, cpu

utilization, disk usage, ftp status, http status, pop3 status, etc.)



You can search for sites using big brother by typing this search string in

google:

"green:Big Brother" (with the quotes)



For more info check out article titled "Watchin Big Brother" @ phrack.org



--Conclusion:



This document is only meant to give some basic ideas about exploiting

google.com. I was very much inspired by +Fravia and his site : http://searchlores.org which has lots of innovative ideas and tricks.Please send positive

"index of/root"
inurl:"auth_user_file.txt"
"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto

administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index

allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

inurl:passwd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."

top secret site:mil
confidential site:mil

allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history

intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

ALTERNATIVE INPUTS==============

_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
wwwstats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi