Google Hacking + Finding system / server propertied weaknesses
Looking for a system or server that has a weakness with the syntax "intitle:" or "allintitle:"
1. Using allintitle: "index of / root" (without quotes) will display the list of links on the Web server that provides access to a restricted directory as root directory.
2. Using allintitle: "index of / admin" (without the quotes) will
display links on the site that has an index that can be accessed browsing to the directory as a directory restricted "admin".
Other uses of syntax "intitle:" or "allintitle:" combined with other syntax, among others:
Code: Select all
intitle: "Index of". sh_history
intitle: "Index of". bash_history
intitle: "index of" passwd
intitle: "index of" people.lst
intitle: "index of" pwd.db
intitle: "index of" etc / shadow
intitle: "index of" spwd
intitle: "index of" master.passwd
intitle: "index of" htpasswd
intitle: "index of" members OR accounts
intitle: "index of" user_carts OR user_cart
allintitle: sensitive filetype: doc
allintitle: restricted filetype: mail
allintitle: restricted filetype: doc site: gov
allintitle: *. php? filename =*
allintitle: *. php? page =*
allintitle: *. php? logon =*
The use and combination of the syntax is not only limited to the example above exposure. There are many more combinations of syntax syntax with keywords that can be used. It depends on the creativity and willingness to try. There is good use of discourse that have been outlined was used for purposes that do not cause loss or damage.
Weakness in a system or server that is well known to be sharing with the relevant system administrators that can benefit all parties. Due to the likely outcome of the search information may provide sensitive information, which is often related to the security aspects of a system or server.
Discourse about the syntax that is very helpful in the search for such information ultimately depends on the intention and purpose in the search data. Is it really done for the needs of collecting data, gathering information from a penetration of the target machine. The ultimate goal depends on the individual intentions that the author is not responsible for the misuse of the information that has been presented. As the proverb says new taxes borne winner.
... Om Google ... this collection of tips that I got from various sources of reliable and guaranteed to make percarian in google search engine ..
1. Googling E-Book.
Code: Select all
+ ( "Index of") + ( "/ ebooks" | "/ book") + (chm | pdf | zip | rar) + apache
Is a query that produces Index ebook on Apache based servers
Book Title. [/ B]
Code: Select all
allinurl: + (rar | chm | zip | pdf | tgz | lit)
.
Change the "title of the book" with a book that wants to dicari.sbgai example: If you want to search for "Harry Potter", substitute "the title of the book" with Harry is used if Potter.Cara really know the title of the book you are looking for.
2. Warez Googling.
Code: Select all
"Parent directory" Xvid-xxx-html-htm-php-shtml-opendivx-md5-md5sums
"Parent directory" MP3-xxx-html-htm-php-shtml-opendivx-md5-md5sums
"Parent directory" applications-xxx-html-htm-php-shtml-opendivx-md5-md5sums
"Parent directory" Gamez-xxx-html-htm-php-shtml-opendivx-md5-md5sums
"Parent directory" DVDRip-xxx-html-htm-php-shtml-opendivx-md5-md5sums
Replace the bold words with the query.
For example, if you want to search for LimeWire so instead of "applications" by LimeWire.
if you want to search for songs from Deep Purple Child In Time, entitled, replace "MP3? with Child in Time, or if you want to search for songs Deep Purple live instead of "MP3? with Deep Purple.
3. Googling MP3
Code: Select all
? intitle: index.of? mp3
Another way to search for MP3 in google is to use this query. After MP3 pengen love what sought.
Example, If you want to search for Led Zeppelin then it will query like this:
Code: Select all
? intitle: index.of? mp3 led zeppelin
4. Googling the file on Megaupload
To search for Video file type:
Code: Select all
avi | mpg | mpeg | wmv | rmvb site: megaupload.com
To find music files type:
Code: Select all
mp3 | ogg | wma site: megaupload.com
To search the archive and the program type:
Code: Select all
zip | rar | exe site: megaupload.com
To search for ebooks type:
Code: Select all
pdf | rar | zip | doc | lit site: megaupload.com
5. Googling the file in rapidshare.de
To search for Video file type:
Code: Select all
avi | mpg | mpeg | wmv | rmvb site: rapidshare.de
To find music files type:
Code: Select all
mp3 | ogg | wma site: rapidshare.de
To search the archive and the program type:
Code: Select all
zip | rar | exe site: rapidshare.de
To search for ebooks type:
Code: Select all
pdf | doc | lit | rar | zip site: rapidshare.de
To Googling on Megaupload and rapidshare can just put what you want in the first part.
Example: If you want to search for DA VINCI CODE ebook use this query:
Code: Select all
da vinci code pdf | doc | lit | rar | zip site: rapidshare.de
(this if we really know the title of his book.)
