How to Find Some or All of Your Search Terms in Google
There are two basic Boolean search commands supported in Google, AND and OR. AND searches search for all the search terms, “Car AND Insurance,” (all documents containing both Car and Insurance) while OR searches search for one term or the other, “Car OR Insurance.” (all documents containing either Car or Insurance)
AND
Google defaults to AND searches automatically, so you don’t need to type “AND” into the search engine to get that result.
OR
If you want to find one keyword or another, use the term OR. It’s important that you use all caps, or Google will ignore your request.
To find all documents containing either sausages or biscuits, type: sausages OR biscuits. You can also substitute the | character for OR, so sausages | biscuits searches for the same thing.
Adding Phrases
If you’re searching for a phrase rather than just a single word, you can group the words together with quotation marks. Searching for “sausage biscuits” will search for only the exact phrase sausage biscuits. It will ignore sausage and cheese biscuits. Searching for “sausage biscuits” |”cheese sauce” searches for either the exact phrase sausage biscuits or the exact phrase cheese sauce.
If you’re searching for more than one phrase or keyword in addition to the Boolean, you can group them with parenthesis, such as recipes gravy (sausage | biscuit) to search for gravy recipes for either sausages or biscuits. You could even combine exact phrases and search for “sausage biscuit” (
Find Exactly What You Want
Sometimes you want to exclude a keyword from Google searches, and sometimes you want to include a word that Google thinks is too common and usually excludes.
Including Words
Google automatically ignores many common words, such as “and,” “or,” “of,” “a,” etc. It also ignores some single digits or letters. This is usually not a bad thing, because the common words would just slow searches down and not yield better results.
Occasionally it might be important to include one of these words in your search results. There are two ways to do this. One technique is to use quotation marks. Anything inside quotation marks is automatically included in the search, and the search will include the exact phrase. For instance, “Rocky I” searches for the exact phrase Rocky I and will not find lyrics to “I Love Rocky Road.”
Another way to force common words in your searches is with the plus sign. Searching for Rocky +I would find references to the movie and the Weird Al song. Make sure that you do put a space before the plus sign and do not put a space between the plus sign and the search word you want to include. Otherwise, the forced inclusion won’t work.
Excluding Words
In some search engines, you’d exclude words by using the “NOT” syntax. This doesn’t work with Google. Use the minus sign instead.
If you were researching health issues, and you wanted to find out about pot bellies, you wouldn’t want to find out about pot-bellied pigs. To conduct this search, you could type “pot bellied” -pig. Just as with the plus sign, put a space before the minus sign but do not put a space between the minus sign and the word or phrase you want excluded.
You can also exclude a phrase by enclosing it in quotation marks, so if you were researching livestock swine, you could search for pigs -”pot bellied” to exclude any mention of pot-bellied pigs. This wouldn’t exclude pages that talked about pig bellies, because it only excludes the exact phrase “pot bellied.”
How to Search Only the Body Text of Pages in Google
Ignore Links, Titles, and URLs. Occasionally you might want to restrict your searches to only the text of Web sites and ignore all the links, Titles, and URLs. This might be useful if you wanted to find Web pages that were talking about other Web sites. The command to search only the body text is intext: To find Web pages talking about Google, for example, you could search for:
intext:review google.com
You can also use the variation allintext: Allintext searches for all of the specified words in the body text, but it can’t be combined with other commands.
How to Search Within Web Site Titles
- Find Web Pages by Title. The “title” of a Web page is the name of the page as it appears on the top of your Web browser. For instance, the title of this page is How to Search Within Web Site Titles Using Google’s Intitle: Syntax.
Sometimes you may want to find Web pages where one or more words appear in the title of the page. For instance, many Web pages may mention feeding iguanas, even if that’s not the main focus of the page. If you’d like to find a page dedicated to iguana feeding, you can use the Google syntax intitle: to force Google to only list results that have the word “feeding” in the title. Do not put a space between the colon and the next word. The search would look something like this:
intitle:feeding iguana
This will find Web pages that are relevant to the keyphrase “feeding iguana,” and it will only list results that have the word “feeding” in the title.
If you’d like to restrict the search further, you could search for:
intitle:feeding intitle:iguana
You can also use the syntax allintitle: which only list results where all the words in the key phrase are in the title.
allintitle:iguana feeding
How to Restrict Your Search to Specific File Types
- Find by File Type. Google can let you restrict your searches to only certain file types. This can be very helpful if you’re looking specifically for file types, such as PowerPoint, (ppt) Word, (doc) or Adobe PDF.
To restrict your search to a specific file type, use the filetype: command. For example, try searching for:
hotel filetype:doc
You can use this same syntax with Google Desktop. To search for that forgotten widget report, try:
widget report filetype:doc
How to Use Google to Search Withing a Single Web Site
Ever want to use Google to search a single Web site?
You can use Google’s site: syntax to restrict your search to a single Web site. Make sure there’s no space between site: and your Web site. Follow with a space and then your search terms. You don’t need to use the “http://” portion of your URL.
site:googlepowersearch.com power search
his same search can be widened to include all the Web sites within a domain.
site:edu books
site:com vacation
site:co.uk holiday
Google’s site: syntax can be mixed with other syntax
How to Restrict Your Google Search to Specific Domains or Specific Countries
- Easy Google Trick to Find Better Results. Most Web sites have a .com domain name. Sometimes it’s better to restrict your searches to other domains, such as .edu or .net.
One great example of this is if you are looking for information about textbooks, but you didn’t want to buy a textbook. An unrestricted Google search would mostly yield results from Web sites selling textbooks. One way to avoid this problem is to restrict your search to American universities. To do this, you’d search for:
site:edu textbook
You can use this to restrict searches are to US government sites site:gov, or only specific countries site:uk. You can combine the site: syntax with many other types of Google syntax
I’m Feeling Lucky ButtonTM – Are You Feeling Lucky?
One of the most notable objects on the Google Web search is the I’m Feeling LuckyTM button. The button may have been named as a play on the Clint Eastwood line in the movie Dirty Harry.
“Do you feel lucky, punk? Well, do you?”
Ordinarily when you type in a key phrase in a Google search, you press the search button, (you can also just press return or enter on your keyboard) and Google returns a results page that shows multiple Web sites matching your search phrase. The I’m Feeling LuckyTM button skips the search results page and goes directly to the first ranked page for that search phrase.
If you type “white house” in the search box and press I’m Feeling LuckyTM you’ll go straight to www.whitehouse.gov. If you type “apple” into the search box and press I’m Feeling LuckyTM you’ll go directly to Apple Computer’s Web site.
I’m Feeling LuckyTM is very handy if you’re fairly confident that the first result in the search engine is going to be exactly the page you want to find. It saves time and clicking to just go to the page with the first click. Using the I’m Feeling LuckyTM button is also a common game for Google bombs. It adds an element of surprise to the joke.
Searches
So, for starters here is a query that will give you a search results page of unprotected directories:
-inurl(html|htm|php) intitle:”index of” +”last modified” +”parent directory” +description +size
But, this is kind of boring. Too many unknown program files, text files, web pages etc. Let’s narrow it down. You can narrow it down by looking for something in the name of a file in the list, or by the file type, or both.
For example, this query tries to find any types of files about Jennifer Lopez. Within the directories I found music, image and movie files.
-inurl(html|htm|php) intitle:”index of” +”last modified” +”parent directory” +description +size +”jennifer lopez”
Let’s say that we wanted to find any movie files in WMV or AVI format:
-inurl(htm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(wmv|avi)
Or audio files in WMA or MP3 format:
-inurl(htm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(wma|mp3)
Or images in JPG or GIF format:
-inurlhtm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(jpg|gif)
You can get more specific by specifying both the file types and a search word to hopefully find in the name. For example, the following will attempt to find the infamous Paris Hilton video tape:
-inurlhtm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(wmv|avi) “paris hilton”
Or, you can even take a guess at the file name someone might call it:
-inurl(htm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +(“paris_hilton.wmv”|”paris_hilton.avi”)
So there you go. You can combine various search terms and experiment with this. As you’ve seen, this is not an exact science. The directory pages you bring up may have many or even all files which are unrelated to what you are looking for. But, it does make some good hits very often.
Files containing juicy info
Squid cache server reports. Google Search: “cacheserverreport for” “This analysis was produced by calamaris”
Admin rates this entry 5 out of 10.
Submitted: 2003-06-24 12:41:16
Added by: Admin
Hits: 4111
Score: 5
These are squid server cache reports. Fairly benign, really except when you consider using them for evil purposes. For example, an institution stands up a proxy server for their internal users to get to the outside world. Then, the internal user surf all over to their hearts content (including intranet pages cuz well, the admins are stupid) Voila, intranet links show up in the external cache report. Want to make matters worse for yourself as an admin? OK, configure your external proxy server as a trusted internal host. Load up your web browser, set your proxy as their proxy and surf your way into their intranet. Not that I’ve noticed any examples of this in this google list. *COUGH* *COUGH* *COUGH* unresolved DNS lookups give clues *COUGH* *COUGH* (‘scuse me. must be a furball) OK, lets say BEST CASE scenario. Let’s say there’s not security problems revealed in these logs. Best case scenario is that outsiders can see what your company/agency/workers are surfing.
Ganglia Cluster Reports
Google Search: intitle:”Ganglia” “Cluster Report for”
Admin rates this entry 2 out of 10.
Submitted: 2003-06-24 12:44:17
Added by: Admin
Hits: 2639
Score: 2
These are server cluster reports, great for info gathering. Lesse, what were those server names again?
ICQ chat logs, please…
Google Search: intitle:”Index of” dbconvert.exe chats
Admin rates this entry 2 out of 10.
Submitted: 2003-06-24 12:45:51
Added by: Admin
Hits: 10557
Score: 2
ICQ (http://icq.com) allows you to store the contents of your online chats into a file. These folks have their entire ICQ directories online. On purpose?
AIM buddy lists
Google Search: buddylist.blt
Admin rates this entry 4 out of 10.
Submitted: 2003-06-24 14:21:05
Added by: Admin
Hits: 19846
Score: 4
These searches bring up common names for AOL Instant Messenger “buddylists”. These lists contain screen names of your “online buddies” in Instant Messenger. Not that’s not too terribly exciting or stupid unless you want to mess with someone’s mind, and besides, some people make these public on purpose. The thing that’s interesting are the files that get stored ALONG WITH buddylists. Often this stuff includes downloaded pictures, resumes, all sorts of things. This is really for the peepers out there, and it’ possible to spend countless hours rifling through people’s personal crap. Also try buddylist.blt, buddy.blt, buddies.blt.
site:edu admin grades
Google Search: site:edu admin grades
I never really thought about this until I started coming up with juicy examples for DEFCON 11.. A few GLARINGLY bad examples contain not only student grades and names, but also social security numbers, securing the highest of all googledork ratings!
phpMyAdmin dumps
Google Search: “# phpMyAdmin MySQL-Dump” filetype:txt
From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.” Great, easy to use, but don’t leave your database dumps laying around on the web. They contain all SORTS of sensitive information…
Sensitive Online Shopping Info
intext:”Powered by X-Cart: shopping cart software” -site:x-cart.com
Google Search: intext:”Powered by X-Cart: shopping cart software” -site:x-cart.com
X-Cart (version 4.0.8) has multiple input validation vulnerabilities. There doesn’t seem to be any way to search for specific versions of the software with Google. See http://www.securitytracker.com/alerts/2005/May/1014077.html for more information.
Ups Package tracking
Google Search: site:ups.com intitle:”Ups Package tracking” intext:”1Z ### ### ## #### ### #”
Ever use the UPS Automated Tracking Service?? Wanna see where packages are going? Want to Man-in-the-middle their delivery? Well, then here it is. -Digital Spirit
Comersus.mdb database
Google Search: inurl:”/database/comersus.mdb”
Comersus is an e-commerce system and has been installed all over the world in more than 20000 sites. Using Comersus does not require that you know any programming language. BackOffice+ allows you to define virtually all properties of your on-line store through an intuitive, point-&-click interface. This search goes directly for one of the MS Access files used by the shopping cart. Searching Google and the well know security sites for Comersus reveals more security problems.
VP-ASP Shop Administrators only
Google Search: inurl:”shopadmin.asp” “Shop Administrators only”
VP-ASP (Virtual Programming – ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any type of Internet shop and sell anything. It has been reported that the Shopping Cart Administration script is vulnerable to XSS and SQJ injection, resulting in exposure of confidential customer information like credit card details.
Various Online Devices
Google Search: “powered by webcamXP” “Pro|Broadcast”
WebcamXP PRO:http://www.webcamxp.com/productsadv.html. This is the most advanced version of the software. It has all the features of the other versions (including advanced users management, motion detector, and alerts manager) plus remote administration and external server notification when going offline/online.
Axis Network Cameras
Google Search: inurl:indexFrame.shtml Axis
The AXIS 2400 is a Web server of its own. This means that the server is secured like any other Internet host. It is up to the network manager to restrict access to the AXIS Web Cameras camera server. AXIS Network cams have a cam control page called indexFrame.shtml wich can easily be found by searching Google. An attacker can look for the ADMIN button and try the default passwords found in the documentation. An attacker may also find that the directories are browsable. Additional security related information was found on the Internet.
Seyeon FlexWATCH cameras
Google Search: intitle:flexwatch intext:”Home page ver”
Seyeon provides various type of products and software to build up a remote video monitoring and surveillance system over the TCP/IP network. FlexWATCHâ„¢ Network video server series has built-in Web server based on TCP/IP technology. It also has an embedded RTOS. The admin pages are at http://sitename/admin/aindex.htm.
camera linksys inurl:main.cgi
Google Search: camera linksys inurl:main.cgi
Another webcam, Linksys style.
How to Use Google’s Hidden Calculator – Calculate, Measure, Convert, and More
Not only can you search the Web with Google, you can use it as a calculator.
Google’s calculator is more than an ordinary number cruncher. It can calculate both basic and advanced math problems, and it can convert measurements as it calculates. You don’t even need to restrict yourself to numbers. Google can understand many words and abbreviations and evaluate those expressions, too.
Google’s calculator was designed to solve problems without a lot of math syntax, so you may occasionally find calculator results when you didn’t even realize you were searching for the answer to a math equation.
To use Google’s calculator, simply type in whatever you’d like to be calculated in the search box above. For instance, you could type:
3+3
and Google will return the result 3+3=6. You can also type in words and get results. Type in three plus three and Google will return the result three plus three=six. You know your results are from Google’s calculator when you see the picture of the calculator to the left of the result.
Complex Math
Google can calculate more complex problems such as two to the twentieth power, 2^20 the square root of 287, sqrt(2870 or the sine of 30 degrees.
sine(30 degrees)
You can even find the number of possible groups in a set. For instance,
24 choose 7
finds the number of possible choices of 7 items from a group of 24 items.
Convert and Measure
Google can calculate and convert many common measurements, so you could find out how many ounces are in a cup.
oz in a cup
Google’s results reveal that 1 US cup = 8 US fluid ounces. You can use this to convert just about any measurement to any other compatible measurement.
12 parsecs in feet
37 degrees kelvin in Fahrenheit
You can also calculate and convert in one step. Find out how many ounces you have when you have 28 times two cups.
28*2 cups in oz
Google says that 28 * 2 US cups = 448 US fluid ounces. Remember, because this is a computer based calculator, you must multiply with the * symbol, not an X. Google recognizes most common measurements, including weight, distance, time, mass, energy, and monetary currency.
Math Syntax
Google’s calculator is designed to calculate problems without a lot of complicated math formatting, but sometimes it’s easier and more accurate to use some math syntax. For instance, if you want to evaluate an equation that looks like a phone number,
1-555-555-1234
Google will probably confuse this with its hidden phonebook. You can force Google to evaluate an expression by using an equal sign.
1-555-555-1234=
This only works for problems that are mathematically possible to resolve. You can’t divide by zero with or without an equal sign. You can force parts of an equation to be resolved before other parts by enclosing them in parenthesis.
(3+5)*9
Some other math syntax Google recognizes:
+ for addition
- for subtraction
* for multiplication
/ for division
^ for exponential (x to the power of y)
% for modulo (to find the remainder after division)
choose X choose Y fines the number of possible subset groups of Y out of the set of X.
th root of creates the nth root of a number
% of finds percentages X % of Y finds X percent of Y.
sqrt finds the square root of the number that follows
ln logarithm base e
log logarithm base 10
lg logarithm base 2
! factorial – This must follow the number you wish to factor.
Google’s calculator isn’t completely documented, so it may take some experimenting to find all of the hidden features. The next time you find yourself wondering how much five liters is in gallons, rather than searching for a Web site for conversion, just use Google’s hidden calculator.
How to Use Google as a Dictionary
- Unlock Google’s Hidden Dictionary. You may notice occasionally when you’re searching for a word, Google will offer a link to Web definitions of your word. This is part of Google’s hidden dictionary, a search of definitions on the Web.
Say you’d like to find out what a “clew” is. You could search for define clew, and most of the search results would have some sort of definition. However, this is really just a keyword search, so some of the results might be long articles on clews or only mention the definition in passing.
Define: Your Terms
If you’re really only interested in finding a quick dictionary style definition of clew, use the syntax define:. The search in this case would be define: clew. From that search, we can instantly see that a clew is the lower corner of a boat sail.
The information is coming from a variety of dictionary related Web sites, and there’s a link to the full entry for each Web site. Google also provides links to related searches, such as “clew bay.”
What If You Can’t Spell? If you aren’t the best speller or you make a typo, don’t worry. Google will still suggest an alternate search, just as it does for regular Web searches. If we type in define: cliw, Google helpfully asks “Did you mean: define: clew.”
Use Google as Your Phonebook
- Let Your Keyboard Do the Walking. Google’s phonebook can find US public business and residential numbers, and it can find them with less information than you need to look through the paper phonebook. Google’s phonebook is hiding within http://www.google.com. Occasionally, phone numbers will appear in the search results page, depending on the keywords you type into the search box. To access the phonebook directly, type phonebook: before your search. This opens up Google’s residential phonebook.
You can find someone’s phone number, but you do have to give Google a little information. For personal numbers, you generally need at least a last name and a state. To find all the Smiths in Alaska, for example, type phonebook: smith ak. That’s a lot of Smiths, and probably not very useful to find a specific Smith. If you know more information, such as the city you’re looking for or the full name, type that in, too.
Limitations
Google’s phonebook can only find public phone numbers. It can’t find cell numbers. Quite often the numbers are outdated. I found two outdated phone numbers for a relative of mine, and his current phone number wasn’t listed at all, even though it is public.
Reverse Lookup
Say you have a phone number and you want to find out who’s number it is, such as from a message left on your cell phone. To do a reverse lookup, simply type the phone number into the main Google search engine, including the area code. Type using the format 555-555-5555 for best results. Google will still find the phone number if you use parenthesis around the area code, but you may also find some irrelevant results. Remember, Google’s phonebook doesn’t contain any cell phone data.
Find Business Phone Numbers
Business phone numbers appear within Google search results, but they aren’t as easy to access from the phonebook.
How to Use Google to Snoop Security Cams
Here’s something fun to do when you’re bored. Just copy paste one of the lines below into Google search. Happy snooping!
* inurl:”ViewerFrame?Mode=
* intitle:Axis 2400 video server
* inurl:/view.shtml
* intitle:”Live View / – AXIS” | inurl:view/view.shtml^
* inurl:ViewerFrame?Mode=
* inurl:ViewerFrame?Mode=Refresh
* inurl:axis-cgi/jpg
* inurl:axis-cgi/mjpg (motion-JPEG)
* inurl:view/indexFrame.shtml
* inurl:view/index.shtml
* inurl:view/view.shtml
* liveapplet
* intitle:”live view” intitle:axis
* intitle:liveapplet
* allintitle:”Network Camera NetworkCamera”
* intitle:axis intitle:”video server”
* intitle:liveapplet inurl:LvAppl
* intitle:”EvoCam” inurl:”webcam.html”
* intitle:”Live NetSnap Cam-Server feed”
* intitle:”Live View / – AXIS”
* intitle:”Live View / – AXIS 206M”
* intitle:”Live View / – AXIS 206W”
* intitle:”Live View / – AXIS 210″
* inurl:indexFrame.shtml Axis
* inurl:”MultiCameraFrame?Mode=Motion”
* intitle:start inurl:cgistart
* intitle:”WJ-NT104 Main Page”
* intext:”MOBOTIX M1″ intext:”Open Menu”
* intext:”MOBOTIX M10″ intext:”Open Menu”
* intext:”MOBOTIX D10″ intext:”Open Menu”
* intitle:snc-z20 inurl:home/
* intitle:snc-cs3 inurl:home/
* intitle:snc-rz30 inurl:home/
* intitle:”sony network camera snc-p1″
* intitle:”sony network camera snc-m1″
* site:.viewnetcam.com -www.viewnetcam.com
* intitle:”Toshiba Network Camera” user login
* intitle:”netcam live image”
* intitle:”i-Catcher Console – Web Monitor”
THIS IS A LIL OFF TOPIC BUT WHAT THE HELL……
Firefox
This is an interesting from my good friend, Bill Dawson. Using Mozilla, go to www.justintimberlake.com. You can see and play his new song on the site, Sexy Back.
Type in about:cache in the Address Bar and you’ll see all of the files that the page references. Unfortunately for Justin, his Flash developers lead us directly to the file to download… very well disguised I must say!
Google search engine can be used to hack into remote servers or gather confidential or sensitive information which are not visible through common searches.
Google is the world’s most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results.
Google’s Advanced Search Query Syntax
Discussed below are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for getting confidential data.
[ intitle: ]
The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title.
intitle: login password
will return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.
Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title.
intitle: login intitle: password
is same as
allintitle: login password
[ inurl: ]
The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have "passwd" in the URL.
Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it.
allinurl: etc/passwd
will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.
[ site: ]
The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.
exploits site:hackingspirits.com
will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.
[ filetype: ]
This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
filetype:doc site:gov confidential
will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.
[ link: ]
“link:” syntax will list down webpages that have links to the specified webpage.
link:www.expertsforge.com
will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the "link:" and the web page url.
[ related: ]
The “related:” will list web pages that are "similar" to a specified
web page.
related:www.expertsforge.com
will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the "related:" and the web page url.
[ cache: ]
The query “cache:” will show the version of the web page that Google
has in its cache.
cache:www.hackingspirits.com
will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.
If you include other words in the query, Google will highlight those words within the cached document.
cache:www.hackingspirits.com guest
will show the cached content with the word "guest" highlighted.
[ intext: ]
The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles.
intext:exploits
will return only links to those web pages that has the search keyword "exploits" in its webpage.
[ phonebook: ]
“phonebook” searches for U.S. street address and phone number information.
phonebook:Lisa+CA
will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.
Google Hacks
Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.
Now Google being so intelligent search engine, hackers don’t mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.
Index Of
Using “Index of ” syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of “index of” syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and is able to execute it.
b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:
http://www.securiteam.com/exploits/2BUQ4S0SAW.html
c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.
d. Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.
For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html
Other similar search using “inurl:” or “allinurl:” combined with other syntax
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
a. Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
b. Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntax
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
· To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
· To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php