DOTE

Chain And Rate

Showing posts with label Google Hacking Sport. Show all posts
Showing posts with label Google Hacking Sport. Show all posts

Monday, November 2, 2009

A Sport Called "Google Hacking" :)

Google Hacking

Yes, I am a criminal. My crime is that of curiosity.

– Mentor, The Hacker Manifesto


There’s a sport called “Google Hacking” which is all about searching for seemingly private websites using Google. In fact, you can only find public websites using Google, because private (password-protected) pages can’t be found by Google – so it’s no real hacking (let alone “cracking,” which would consist of deleting, changing or abusing the found data). But it’s fun nevertheless, and often enables people to discover pages someone was hoping for to stay private. This happens when the site is misconfigured, i.e. when the webmaster doesn’t know enough about how to set up a website.
Here are some of the most popular and powerful “Google hack” search queries. Enter them at your own risk, and know that every once in a while you step onto a so-called honeypot (a fake website set up to lure hackers into it, with the goal of finding out more about them and their tactics).

Finding Error Messages
Search for: “A syntax error has occurred” filetype:ihtml
You’ll find: Pages which caused errors the last time Google checked them. This may hint at vulnerabilities or other unwanted side-effects.
How this works: The first phrase simply looks for an error the target server itself did once output. The “filetype” operator on the other hand restricts the result pages to only those which have the “ihtml” extension (which are sites using Informix). A related search is “Warning: mysql_query()”.

Finding Seemingly Private Files
Search for: (password | passcode) (username | userid | user) filetype:csv
You’ll find: Files containing user names and similar.
How this works: The “filetype” operator makes sure only “Comma Separated Values” files will be returned. Those are not typical web pages, but data files. “(password | passcode)” tells Google the file must contain either the text “password” or “passcode,” or both (the “|” character means “or”). Also, result pages are restricted to those containing either of the words “username,” “userid” or “user.”

Finding File Listings
Search for: intitle:index-of last-modified private
You’ll find: Pages which list files found on the server.
How this works: The “intitle” operator used above will ensure that the target page contains the words “Index of” in the title. This is typical for those open directories which list files (they will have a title like “Index of /private/foo/bar”). “Last modified” on the other hand is a column
header often used on those pages. And the word “private” makes sure we’ll find something of interest. A related search query which finds FTP (File Transfer Protocol) information is intitle:index.of ws_ftp.ini.

Finding Webcams
Search for: “powered by webcamXP” “Pro|Broadcast”
You’ll find: Public webcams set up by people to film a location, or themselves.
How this works: “Powered by WebcamXP” is a text found on specific kinds of webcam pages. A related search query to find cameras is inurl:“ViewerFrame?Mode=”.

Finding Weak Servers
Search for: intitle:“the page cannot be found” inetmgr
You’ll find: Potentially weak (IIS4) servers.
How this works: An old Microsoft Internet Information server may hint at security issues. This is one of many approaches that can be used to find such a weak server.

Finding Chat Logs
Search for: something “has quit” “has joined” filetype:txt
You’ll find: Chat log files showing what people talked about in a chat room.
How this works: Though the files found are all public, not everyone chatting on IRC (the Internet Relay Chat) is aware of potential logging mechanisms. The “filetype” operator makes sure only text files are found, and “has quit”/ “has joined” are automated messages appearing in chat rooms. This search is your chance to tune into people’s chatter.
Note you should replace “something” with the thing you are looking for.