Google is a pretty powerful search tool. You knew that. You can use it to find information, but you can also use it to find downloadable MP3s, books, videos, and other items. We're going to assume you're just looking for legally available downloads, but the truth of the matter is if someone's posted an MP3 (copyrighted or not) to their web page, Google can find it.
METHOD I
Try a few of these searches ( type words bellow on google search):
* intitle:"Index of" passwords modified
* allinurl:auth_user_file.txt
* allinurl: admin mdb
* inurl:passlist.txt
* "Index of /backup"
* Amex Numbers: 300000000000000..399999999999999
* MC Numbers: 5178000000000000..5178999999999999
* visa 4356000000000000..4356999999999999
or,
* "parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Change the word after the "parent directory" to whatever you want and you will get a lot of stuff.
METHOD 2
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
example: ?intitle:index.of? mp3 jackson
METHOD 3
put this string in google search:
inurl:microsoft filetype:iso
You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…
"# -FrontPage-" inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!
"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/
"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
"http://*:*@www" brazzer
Another way is by just typing
"http://bob:bob@www"
"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)
intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.
eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.
intitle:index.of.etc
This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.
Let's pretend you need a serial number for windows xp pro.
In the google search bar type in just like this - "Windows XP Professional" 94FBR
the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR
List of few more Searches:
* inurl:/db/main.mdb |ASP-Nuke passwords
* filetype:cfm "cfapplication |ColdFusion source with potential passwords name" password
* filetype:pass |dbman credentials pass intext:userid
* allinurl:auth_user_file.txt |DCForum user passwords
* eggdrop filetype:user user |Eggdrop IRC user credentials
* filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
* filetype:url +inurl:"ftp://" |FTP bookmarks cleartext passwords
+inurl:"@"
* inurl:zebra.conf intext: |GNU Zebra passwords
password -sample -test
-tutorial –download
* filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
* intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
"htgroup" -intitle:"dist"
-apache -htpasswd.c
* intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
htpasswd.bak
* "http://*:*@www" bob:bob |HTTP passwords (bob is a sample username)
* "sets mode: +k" |IRC channel keys (passwords)
* "Your password is * |Remember IRC NickServ registration passwords
this for later use"
* signin filetype:url |JavaScript authentication credentials
* LeapFTP intitle:"index.of./" |LeapFTP client login credentials
sites.ini modified
* inurl:lilo.conf filetype:conf |LILO passwords
password -tatercounter2000
-bootpwd –man
* filetype:config config intext: |Mcft .NET application credentials
appSettings "User ID"
* filetype:pwd service |Mcft FrontPage Service Web passwords
* intitle:index.of |Mcft FrontPage Web credentials
administrators.pwd
* "# -FrontPage-" |Mcft FrontPage Web passwords
inurl:service.pwd
ext:pwd inurl:_vti_pvt inurl: |Mcft FrontPage Web passwords
(Service | authors | administrators)
* inurl:perform filetype:ini |mIRC nickserv credentials
* intitle:"index of" intext: |mySQL database credentials
connect.inc
* intitle:"index of" intext: |mySQL database credentials
globals.inc
* filetype:conf oekakibbs |Oekakibss user passwords
* filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials
* inurl:ospfd.conf intext: |OSPF Daemon Passwords
password -sample -test
-tutorial –download
* index.of passlist |Passlist user credentials
* inurl:passlist.txt |passlist.txt file user credentials
* filetype:dat "password.dat" |password.dat files
* inurl:password.log filetype:log |password.log file reveals usernames,
|passwords,and hostnames
* filetype:log inurl:"password.log" |password.log files cleartext
|passwords
* inurl:people.lst filetype:lst |People.lst generic password file
* intitle:index.of config.php |PHP Configuration File database
|credentials
* inurl:config.php dbuname dbpass |PHP Configuration File database
|credentials
* inurl:nuke filetype:sql |PHP-Nuke credentials
* filetype:conf inurl:psybnc.conf |psyBNC IRC user credentials
"USER.PASS="
* filetype:ini ServUDaemon |servU FTP Daemon credentials
* filetype:conf slapd.conf |slapd configuration files root password
* inurl:"slapd.conf" intext: |slapd LDAP credentials
"credentials" -manpage
-"Manual Page" -man: -sample
* inurl:"slapd.conf" intext: |slapd LDAP root password
"rootpw" -manpage
-"Manual Page" -man: -sample
* filetype:sql "IDENTIFIED BY" –cvs |SQL passwords
* filetype:sql password |SQL passwords
* filetype:ini wcx_ftp |Total Commander FTP passwords
* filetype:netrc password |UNIX .netrc user credentials
* index.of.etc |UNIX /etc directories contain
|various credential files
* intitle:"Index of..etc" passwd |UNIX /etc/passwd user credentials
* intitle:index.of passwd |UNIX /etc/passwd user credentials
passwd.bak
* intitle:"Index of" pwd.db |UNIX /etc/pwd.db credentials
* intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
* intitle:index.of master.passwd |UNIX master.passwd user credentials
* intitle:"Index of" spwd.db |UNIX spwd.db credentials
passwd -pam.conf
* filetype:bak inurl:"htaccess| |UNIX various password file backups
passwd|shadow|htusers
* filetype:inc dbconn |Various database credentials
* filetype:inc intext:mysql_ |Various database credentials, server names
connect
* filetype:properties inurl:db |Various database credentials, server names
intext:password
* inurl:vtund.conf intext:pass –cvs |Virtual Tunnel Daemon passwords
* inurl:"wvdial.conf" intext: |wdial dialup user credentials
"password"
* filetype:mdb wwforum |Web Wiz Forums Web credentials
* "AutoCreate=TRUE password=*" |Website Access Analyzer user passwords
* filetype:pwl pwl |Windows Password List user credentials
* filetype:reg reg +intext: |Windows Registry Keys containing user
"defaultusername" intext: |credentials
"defaultpassword"
* filetype:reg reg +intext: |Windows Registry Keys containing user
"internet account manager" |credentials
* "index of/" "ws_ftp.ini" |WS_FTP FTP credentials
"parent directory"
* filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
* inurl:admin filetype: |asp Generic userlist files
inurl:userlist |
* inurl:php inurl: |Half-life statistics file, lists username and
hlstats intext: |other information
Server Username |
* filetype:ctl |
inurl:haccess. |Mcft FrontPage equivalent of htaccess
ctl Basic |shows Web user credentials
* filetype:reg |
reg intext: |Mcft Internet Account Manager can
* "internet account manager" |reveal usernames and more
filetype:wab wab |Mcft Outlook Express Mail address
|books
* filetype:mdb inurl:profiles |Mcft Access databases containing
|profiles.
* index.of perform.ini |mIRC IRC ini file can list IRC usernames and
|other information
* inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
|used to discover usernames
* filetype:conf inurl:proftpd. |PROFTP FTP server configuration file
conf –sample |reveals
|username and server information
* filetype:log username putty |PUTTY SSH client logs can reveal
|usernames
|and server information
* filetype:rdp rdp |Remote Desktop Connection files reveal user
|credentials
* intitle:index.of |UNIX bash shell history reveals commands
.bash_history |typed at a bash command prompt; usernames
|are often typed as argument strings
* intitle:index.of |UNIX shell history reveals commands typed at
.sh_history |a shell command prompt; usernames are
|often typed as argument strings
* "index of " lck |Various lock files list the user currently using
|a file
* +intext:webalizer +intext: |Webalizer Web statistics page lists Web user-
Total Usernames +intext: |names and statistical information
"Usage Statistics for"
* filetype:reg reg HKEY_ |Windows Registry exports can reveal
CURRENT_USER |username usernames and other information
For More download the PDF:
http://www.mediafire.com/file/dxob0oyxp9d0y17/Google-Hacking.pdf
Hope you have enjoyed reading !
