[转载]Using Google to find passwords & other nice things
<P align=justify>信息来源:fr33d0m.net </P><P align=justify>>>Google hacking at its finest.. <BR><BR>Using Google, and some finely crafted searches we can find a lot of interesting information. <BR><BR>For Example we can find: <BR>Credit Card Numbers <BR>Passwords <BR>Software / MP3's <BR>...... (and on and on and on) <BR><BR>Presented below is just a sample of interesting searches <BR>that we can send to google to obtain info that some people might not <BR>want us having.. After you get a taste using some of these, try your <BR>own crafted searches to find info that you would be interested in. <BR><BR>Try a few of these searches: <BR>intitle:"Index of" passwords modified <BR>allinurl:auth_user_file.txt <BR>"access denied for user" "using password" <BR>"A syntax error has occurred" filetype:ihtml <BR>allinurl: admin mdb <BR>"ORA-00921: unexpected end of SQL command" <BR>inurl:passlist.txt <BR>"Index of /backup" <BR>"Chatologica MetaSearch" "stack tracking:" <BR><BR>Amex Numbers: 300000000000000..399999999999999 <BR>MC Numbers: 5178000000000000..5178999999999999 <BR><A class=postlink href="http://www.google.com/search?q=visa+4356000000000000..4356999999999999&sourceid=firefox&start=0&start=0&ie=utf-8&oe=utf-8" target=_blank>visa 4356000000000000..4356999999999999</A> <BR><BR>"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums <BR><BR>"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums <BR><BR>"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums <BR><BR>"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums <BR><BR>"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums <BR><BR>"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums <BR><BR>Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff. <BR><BR><BR>>METHOD 2 <BR><BR>put this string in google search: <BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=Example%3A+%3Fintitle%3Aindex.of%3F+mp3+jackson" target=_blank>?intitle:index.of? mp3</A> <BR>You only need add the name of the song/artist/singer. <BR>Example: ?intitle:index.of? mp3 jackson <BR><BR><BR>>METHOD 3 <BR><BR>put this string in google search: <BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=inurl%3Amicrosoft+filetype%3Aiso" target=_blank>inurl:microsoft filetype:iso</A> <BR>You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc… <BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=%22%23+-FrontPage-%22+inurl%3Aservice.pwd" target=_blank>"# -FrontPage-" inurl:service.pwd</A> <BR>Frontpage passwords.. very nice clean search results listing !! <BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=%22AutoCreate%3DTRUE+password%3D*%22+" target=_blank>"AutoCreate=TRUE password=*" </A><BR>This searches the password for "Website Access Analyzer", a Japanese <BR>software that creates webstatistics. For those who can read Japanese, <BR>check out the author's site at: [url]http://www.coara.or.jp/~passy/[/url] <BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=%22http%3A%2F%2F*%3A*@www%22+domainname" target=_blank>"http://*:*@www" domainname</A> <BR>This is a query to get inline passwords from search engines (not just <BR>Google), you must type in the query followed with the the domain name <BR>without the .com or .net <BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=%22http%3A%2F%2F*%3A*@www%22+bangbus" target=_blank>"http://*:*@www" bangbus</A> or <A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=%22http%3A%2F%2F*%3A*@www%22bangbus" target=_blank>"http://*:*@www"bangbus</A> <BR><BR>Another way is by just typing <BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=%22http%3A%2F%2Fbob%3Abob@www%22" target=_blank>"http://bob:bob@www"</A> <BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=%22sets+mode%3A+%2Bk%22" target=_blank>"sets mode: +k"</A> <BR>This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs. <BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=allinurl%3A+admin+mdb" target=_blank>allinurl: admin mdb</A> <BR>Not all of these pages are administrator's access databases containing <BR>usernames, passwords and other sensitive information, but many are! <BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=allinurl%3Aauth_user_file.txt" target=_blank>allinurl:auth_user_file.txt</A> <BR>DCForum's password file. This file gives a list of (crackable) passwords, <BR>usernames and email addresses for DCForum and for DCShop (a shopping <BR>cart program(!!!). Some lists are bigger than others, all are fun, and <BR>all belong to googledorks. =) <BR><BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=intitle%3A%22Index+of%22+config.php" target=_blank>intitle:"Index of" config.php</A> <BR>This search brings up sites with "config.php" files. To skip the technical <BR>discussion, this configuration file contains both a username and a <BR>password for an SQL database. Most sites with forums run a PHP message <BR>base. This file gives you the keys to that forum, including FULL ADMIN <BR>access to the database. <BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=eggdrop+filetype%3Auser+user" target=_blank>eggdrop filetype:user user</A> <BR>These are eggdrop config files. Avoiding a full-blown descussion about <BR>eggdrops and IRC bots, suffice it to say that this file contains <BR>usernames and passwords for IRC users. <BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=intitle%3Aindex.of.etc" target=_blank>intitle:index.of.etc</A> <BR>This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but <BR>crawling etc directories can be really fun! <BR><BR><A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=filetype%3Abak+inurl%3A%22htaccess%7Cpasswd%7Cshadow%7Chtusers%22" target=_blank>filetype:bak inurl:"htaccess|passwd|shadow|htusers"</A> <BR>This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). <BR>Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences. <BR><BR>Let's pretend you need a serial number for windows xp pro. In the google search bar type in just like this - <A class=postlink href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&c2coff=1&q=%22Windows+XP+Professional%22+94FBR" target=_blank>"Windows XP Professional" 94FBR</A> <BR><BR>the key is the 94FBR code.. it was included with many MS Office <BR>registration codes so this will help you dramatically reduce the amount <BR>of 'fake' porn sites that trick you. <BR><BR>or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR</P><BR>
<P align=justify>Credits and More Info <BR>[url]http://johnny.ihackstuff.com/[/url]</P> 这个Google Hacking后果很严重,需小心使用
页:
[1]