Posts from the ‘google tricks’ Category

Google hacking tools

admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg
"parent directory" +proftpdpasswd
Duclassified" "DUware All Rights reserved"
Elite Forum Version *.*"
Link Department"
"sets mode: +k"
"your password is" filetype:log
allinurl: admin mdb
eggdrop filetype:user user
enable password | secret "current configuration" -intext:the
etc (index.of)
ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn
ext:inc "pwd=" "UID="
ext:ini eudora.ini
ext:ini Version= password
ext:passwd -intext:the -sample -example
ext:txt inurl:unattend.txt
ext:yml database inurl:config
filetype:bak createobject sa
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:cfg mrtg "target
filetype:cfm "cfapplication name" password
filetype:conf oekakibbs
filetype:conf slapd.conf
filetype:config config intext:appSettings "User ID"
filetype:dat "password.dat"
filetype:dat inurl:Sites.dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec --copyright"
filetype:log inurl:"password.log"
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:netrc password
filetype:pass pass intext:userid
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pwd service
filetype:pwl pwl
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg +intext:â? WINVNC3â?
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"Web Wiz Journal"
intitle:"index of"
intitle:"index of"
intitle:"Index of" passwords modified
intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql.default_password" +"Zend s?ri?ting Language Engine"
intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp)
intitle:index.of administrators.pwd
intitle:Index.of etc shadow
intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"
intitle:rapidshare intext:login
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
inurl:"GRC.DAT" intext:"password"
inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample
inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample
inurl:"wvdial.conf" intext:"password"
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar.cfg
inurl:chap-secrets -cvs
inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man
inurl:nuke filetype:sql
inurl:ospfd.conf intext:password -sample -test -tutorial -download
inurl:pap-secrets -cvs
inurl:perform filetype:ini
inurl:perform.ini filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:server.cfg rcon password
inurl:ventrilo_srv.ini adminpassword
inurl:vtund.conf intext:pass -cvs
inurl:zebra.conf intext:password -sample -test -tutorial -download
LeapFTP intitle:"index.of./" sites.ini modified
mysql history files
NickServ registration passwords
passlist.txt (a better way)
passwd / etc (reliable)
psyBNC config files
server-dbs "intitle:index of"
signin filetype:url
spwd.db / passwd
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
[WFClient] Password= filetype:ica
intitle:"remote assessment" OpenAanval Console "resistance is obsolete" "Report Bugs" "Username" "password"
"bp blog admin" intitle:login | intitle:admin
"Emergisoft web applications are a part of our"
"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights-
"HostingAccelerator" intitle:"login" +"Username" -"news" -demo
"iCONECT 4.1 :: Login"
"IMail Server Web Messaging" intitle:login
"inspanel" intitle:"login" -"cannot" "Login ID"
"intitle:3300 Integrated Communications Platform" inurl:main.htm
"Login - Sun Cobalt RaQ"
"login prompt" inurl:GM.cgi
"Login to Usermin" inurl:20000
"Microsoft CRM : Unsupported Browser Version"
"OPENSRS Domain Management" inurl:manage.cgi
"Please authenticate yourself to get access to the management interface"
"please log in"
"Please login with admin pass" -"leak" -sourceforge
CuteNews" "2003..2005 CutePHP"
DWMail" password intitle:dwmail
Merak Mail Server Software"
Midmart Messageboard" "Administrator Login"
Monster Top List" MTL numrange:200-
"site info for" "Enter Admin Password"
"SquirrelMail version" "By the SquirrelMail development Team"
"SysCP - login"
"This is a restricted Access Server" "Javas?ri?t Not Enabled!"|"Messenger Express" -edu -ac
"This section is for Administrators only. If you are an administrator then please"
"VHCS Pro ver" -demo
"VNC Desktop" inurl:5800
"Web-Based Management" "Please input password to login"
"WebExplorer Server - Login" "Welcome to WebExplorer Server"
"WebSTAR Mail - Please Log In"
"You have requested access to a restricted area of our website. Please authenticate yourself to continue."
"You have requested to access the management functions"
(intitle:"Please login - Forums
UBB.threads")|(inurl:login.php "ubb")
(intitle:"Please login - Forums
(intitle:"rymo Login")|(intext:"Welcome to rymo") -family
(intitle:"WmSC e-Cart Administration")|(intitle:"WebMyStyle e-Cart Administration")
(inurl:"ars/cgi-bin/arweb?O=0" | inurl:arweb.jsp) -site:mil
4images Administration Control Panel
allintitle:"Welcome to the Cyclades"
allinurl:wps/portal/ login
ASP.login_aspx "ASP.NET_SessionId"
ext:cgi intitle:"control panel" "enter your owner password to continue!"
ez Publish administration
filetype:php inurl:"webeditor.php"
filetype:pl "Download: SuSE Linux Openexchange Server CA"
filetype:r2w r2w
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu
intext:"Mail admins login here to administrate your domain."
intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin
intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin
intext:"Storage Management Server for" intitle:"Server Administration"
intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee
intext:"vbulletin" inurl:admincp
intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press
intitle:"Admin Login" "admin login" "blogware"
intitle:"Admin login" "Web Site Administration" "Copyright"
intitle:"AlternC Desktop"
intitle:"Athens Authentication Point"
intitle:"b2evo > Login form" "Login form. You must log in! You will have to accept cookies in order to log in" -demo
intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button to co
intitle:"ColdFusion Administrator Login"
intitle:"communigate pro * *" intitle:"entrance"
intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo
intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo
intitle:"Dell Remote Access Controller"
intitle:"Docutek ERes - Admin Login" -edu
intitle:"Employee Intranet Login"
intitle:"eMule *" intitle:"- Web Control Panel" intext:"Web Control Panel" "Enter your password here."
intitle:"ePowerSwitch Login"
intitle:"eXist Database Administration" -demo
intitle:"EXTRANET * - Identification"
intitle:"EXTRANET login"
intitle:"EZPartner" -netpond
intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists
intitle:"i-secure v1.1" -edu
intitle:"Icecast Administration Admin Page"
intitle:"iDevAffiliate - admin" -demo
intitle:"ISPMan : Unauthorized Access prohibited"
intitle:"ITS System Information" "Please log on to the SAP System"
intitle:"Kurant Corporation StoreSense" filetype:bok
intitle:"ListMail Login" admin -demo
intitle:"Login -
Easy File Sharing Web Server"
intitle:"Login Forum
AnyBoard" intitle:"If you are a new user:" intext:"Forum
AnyBoard" inurl:gochat -edu
intitle:"Login to @Mail" (ext:pl | inurl:"index") -dwaffleman
intitle:"Login to Cacti"
intitle:"Login to the forums -" inurl:login.cfm?id=
intitle:"MailMan Login"
intitle:"Member Login" "NOTE: Your browser must have cookies enabled in order to log into the site." ext:php OR ext:cgi
intitle:"Merak Mail Server Web Administration"
intitle:"microsoft certificate services" inurl:certsrv
intitle:"MikroTik RouterOS Managing Webpage"
intitle:"MX Control Console" "If you can't remember"
intitle:"Novell Web Services" "GroupWise" -inurl:"doc/11924" -filetype:pdf
intitle:"Novell Web Services" intext:"Select a service and a language."
intitle:"oMail-admin Administration - Login"
intitle:"OnLine Recruitment Program - Login"
intitle:"Philex 0.2*" -s?ri?t
intitle:"PHP Advanced Transfer" inurl:"login.php"
intitle:"php icalendar administration"
intitle:"php icalendar administration"
intitle:"phpPgAdmin - Login" Language
intitle:"PHProjekt - login" login password
intitle:"please login" "your password is *"
intitle:"Remote Desktop Web Connection" inurl:tsweb
intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin - sfx_local" | intitle:"SFXAdmin - sfx_test"
intitle:"SHOUTcast Administrator" inurl:admin.cgi
intitle:"site administration: please log in" "site designed by emarketsouth"
intitle:"Supero Doctor III" -inurl:supermicro
intitle:"SuSE Linux Openexchange Server" "Please activate Javas?ri?t!"
intitle:"teamspeak server-administration
intitle:"Tomcat Server Administration"
intitle:"TOPdesk ApplicationServer"
intitle:"TUTOS Login"
intitle:"TWIG Login"
intitle:"vhost" intext:"vHost . 2000-2004"
intitle:"Virtual Server Administration System"
intitle:"VisNetic WebMail" inurl:"/mail/"
intitle:"VitalQIP IP Management System"
intitle:"VMware Management Interface:" inurl:"vmware/en/"
intitle:"VNC viewer for Java"
intitle:"web-cyradm"|"by Luc de Louw" "This is only for authorized users" -tar.gz
intitle:"WebLogic Server" intitle:"Console Login" inurl:console
intitle:"Welcome Site/User Administrator" "Please select the language" -demos
intitle:"Welcome to Mailtraq WebMail"
intitle:"welcome to netware *"
intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."
intitle:"xams 0.0.0..15 - Login"
intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite inurl:admin
intitle:"XMail Web Administration Interface" intext:Login intext:password
intitle:"Zope Help System" inurl:HelpSys
intitle:"ZyXEL Prestige Router" "Enter password"
intitle:"inc. vpn 3000 concentrator"
intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") web-access
intitle:endymion.sak? | inurl:sake.servlet
intitle:Group-Office "Enter your username and password to login"
intitle:ilohamail "
intitle:ilohamail intext:"Version 0.8.10" "
intitle:IMP inurl:imp/index.php3
intitle:Login * Webmailer
intitle:Login intext:"RT is ? Copyright"
intitle:Node.List Win32.Version.3.11
intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc"
intitle:Ovislink inurl:private/login
intitle:plesk inurl:login.php3
inurl:"/admin/configuration. php?" Mystore
inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS)
inurl:":10000" intext:webmin
inurl:"Activex/default.htm" "Demo"
inurl:"default/login.php" intitle:"kerio"
inurl:"typo3/index.php?u=" -demo
inurl:"vsadmin/login" | inurl:"vsadmin/admin" inurl:.php|.asp


inurl:/Merchant2/ | inurl:/Merchant2/admin.mvc | intitle:"Miva Merchant Administration Login"
inurl:/modcp/ intext:Moderator+vBulletin
inurl:/SUSAdmin intitle:"Microsoft Software upd?t? Services"
inurl:/webedit.* intext:WebEdit Professional -html
inurl:1810 "Oracle Enterprise Manager"
inurl:2000 intitle:RemotelyAnywhere
inurl::2082/frontend -demo
inurl:administrator "welcome to mambo" | inurl:bin.welcome.bat | intitle:eHealth.5.0
inurl:confixx inurl:login|anmeldung
inurl:coranto.cgi intitle:Login (Authorized Users Only)
inurl:default.asp intitle:"WebCommander"
inurl:irc filetype:cgi cgi:irc
inurl:login filetype:swf swf
inurl:login.php "SquirrelMail version"
inurl:metaframexp/default/login.asp | intitle:"Metaframe XP Login"
inurl:postfixadmin intitle:"postfix admin" ext:php
inurl:webmail./ "Interface"
inurl:webvpn.html "login" "Please enter your"
Login ("
Jetbox One CMS â?¢" | "
Jetstream ? *")
Novell NetWare intext:"netware management portal version"
Outlook Web Access (a better way)
PhotoPost PHP Upload
PHPhotoalbum Statistics
PHPhotoalbum Upload
Please enter a valid password! inurl:polladmin

Ultima Online loginservers
W-Nailer Upload Area
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql
"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
"allow_call_time_pass_reference" "PATH_INFO"
"Certificate Practice Statement" inurl:(PDF | DOC)
"Generated by phpSystem"
"generated by wwwstat"
"Host Vulnerability Summary Report"
"HTTP_FROM=googlebot" "Server_Software="
"Index of" / "chat/logs"
"Installed Objects Scanner" inurl:default.asp
"MacHTTP" filetype:log inurl:machttp.log
"Mecury Version" "Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log
"Most Submitted Forms and s?ri?ts" "this section"
"Network Vulnerability Assessment Report"
"not for distribution" confidential
"not for public release"
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
"phpMyAdmin" "running on" inurl:"main.php"
"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt
"Running in Child mode"
"sets mode: +p"
"sets mode: +s"
"Thank you for your order" +receipt
"This is a Shareaza Node"
"This report was generated by WebLog"
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject
(intitle:"PRTG Traffic Grapher" inurl:"allsensors")|(intitle:"PRTG Traffic Grapher - Monitoring Results")
(intitle:WebStatistica inurl:main.php) | (intitle:"WebSTATISTICA server") -inurl:statsoft -inurl:statsoftsa -edu -software -rob
(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt
+":8080" +":3128" +":80" filetype:txt
+"HSTSNR" -"" -"The PHP Group" inurl:source inurl:url ext:pHp
AIM buddy lists
contacts ext:wml
data filetype:mdb -site:gov -site:mil
exported email addresses
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential
ext:asp inurl:pathto.asp
ext:ccm ccm -catacomb
ext:cgi inurl:editcgi.cgi inurl:file=
ext:conf inurl:rsyncd.conf -cvs -man
ext:conf NoCatAuth -cvs
ext:dat bpk.dat
ext:gho gho
ext:ics ics
ext:ini intext:env.ini
ext:jbf jbf
ext:ldif ldif
ext:log "Software: Microsoft Internet Information Services *.*"
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:nsf nsf -gov -mil
ext:plist filetype:plist inurl:bookmarks.plist
ext:pqi pqi -database
ext:reg "username=*" putty
ext:txt "Final encryption key"
ext:txt inurl:dxdiag
ext:vmdk vmdk
ext:vmx vmx
filetype:asp DBQ=" * Server.MapPath("*.mdb")
filetype:bkf bkf
filetype:blt "buddylist"
filetype:blt blt +intext:screenname
filetype:cfg auto_inst.cfg
filetype:cnf inurl:_vti_pvt access.cnf
filetype:conf inurl:firewall -intitle:cvs
filetype:config web.config -CVS
filetype:ctt Contact
filetype:ctt ctt messenger
filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To"
filetype:fp3 fp3
filetype:fp5 fp5 -site:gov -site:mil -"cvs log"
filetype:fp7 fp7
filetype:inf inurl:capolicy.inf
filetype:lic lic intext:key
filetype:log access.log -CVS
filetype:log cron.log
filetype:mbx mbx intext:Subject
filetype:myd myd -CVS
filetype:ns1 ns1
filetype:ora ora
filetype:ora tnsnames
filetype:pdb pdb backup (Pilot | Pluckerdb)
filetype:php inurl:index inurl:phpicalendar
filetype:pot inurl:john.pot
filetype:PS ps
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:qbb qbb
filetype:QBW qbw
filetype:rdp rdp
filetype:reg "Terminal Server Client"
filetype:vcs vcs
filetype:wab wab
filetype:xls -site:gov inurl:contact
filetype:xls inurl:"email.xls"
Financial spreadsheets: finance.xls
Financial spreadsheets: finances.xls
Ganglia Cluster Reports
haccess.ctl (one way)
haccess.ctl (VERY reliable)
ICQ chat logs, please...
intext:"Session Start * * * *:*:* *" filetype:log
intext:"Tobias Oetiker" "traffic analysis"
intext:(password | passcode) intext:(username | userid | user) filetype:csv
intext:gmail invite intext:
intext:SQLiteManager inurl:main.php
intext:ViewCVS inurl:Settings.php
intitle:"admin panel" +"
intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)
intitle:"AppServ Open Project"
intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"
intitle:"Big Sister" +"OK Attention Trouble"
intitle:"curriculum vitae" filetype:doc
intitle:"edna:streaming mp3 server" -forums
intitle:"FTP root at"
intitle:"index of" +myd size
intitle:"Index Of" -inurl:maillog maillog size
intitle:"Index Of" cookies.txt size
intitle:"index of" mysql.conf OR mysql_config
intitle:"Index of" upload size parent directory
intitle:"index.of *" admin news.asp configview.asp
intitle:"index.of" .diz .nfo last modified
intitle:"Joomla - Web Installer"
intitle:"LOGREP - Log file reporting system"
intitle:"Multimon UPS status page"
intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )
intitle:"PhpMyExplorer" inurl:"index.php" -cvs
intitle:"statistics of" "advanced web statistics"
intitle:"System Statistics" +"System and Network Information Center"
intitle:"urchin (5|3|admin)" ext:cgi
intitle:"Usage Statistics for" "Generated by Webalizer"
intitle:"wbem" compaq login "Compaq Information Technologies Group"
intitle:"Web Server Statistics for ****"
intitle:"web server status" SSH Telnet
intitle:"Welcome to F-Secure Policy Manager Server Welcome Page"
intitle:admin intitle:login
intitle:Bookmarks inurl:bookmarks.html "Bookmarks
intitle:index.of "Apache" "server at"
intitle:index.of cleanup.log
intitle:index.of dead.letter
intitle:index.of inbox
intitle:index.of inbox dbx
intitle:index.of ws_ftp.ini
intitle:intranet inurl:intranet +intext:"phone"
inurl:"/axs/" -s?ri?t
inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM
inurl:"newsletter/admin/" intitle:"newsletter admin"
inurl:"smb.conf" intext:"workgroup" filetype:conf conf
inurl:*db filetype:mdb
inurl:admin filetype:xls
inurl:admin intitle:login
inurl:backup filetype:mdb
inurl:cgi-bin/testcgi.exe "Please distribute TestCGI"
inurl:email filetype:mdb
inurl:forum filetype:mdb
inurl:forward filetype:forward -cvs
inurl:getmsg.html intitle:hotmail
inurl:log.nsf -gov
inurl:main.php phpMyAdmin
inurl:main.php Welcome to phpMyAdmin
inurl:odbc.ini ext:ini -cvs
inurl:php.ini filetype:ini
inurl:preferences.ini "[emule]"
inurl:profiles filetype:mdb
inurl:report "EVEREST Home Edition "
inurl:server-info "Apache Server Information"
inurl:server-status "apache"
inurl:ssl.conf filetype:conf
inurl:vbstats.php "page generated"
inurl:wp-mail.php + "There doesn't seem to be any new mail."
Lotus Domino address books
mail filetype:csv -site:gov intext:name
Microsoft Money Data Files
mt-db-pass.cgi files
MySQL tabledata dumps
mystuff.xml - Trillian data files
OWA Public Folders (direct view)
Peoples MSN contact lists
php-addressbook "This is the addressbook for *" -warning
phpMyAdmin dumps
phpMyAdmin dumps
private key files (.csr)
private key files (.key)
Quicken data files
site:edu admin grades
SQL data dumps
Squid cache server reports
Unreal IRCd
WebLog Referrers
Welcome to ntop!
Fichier contenant des informations sur le r?seau :
filetype:log intext:"ConnectionManager2"
"apricot - admin" 00h
"by Reimar Hoven. All Rights Reserved. Disclaimer" | inurl:"log/logdb.dta"
"Network Host Assessment Report" "Internet Scanner"
"Output produced by SysWatch *"
"Phorum Admin" "Database Connection" inurl:forum inurl:admin
phpOpenTracker" Statistics
"powered | performed by Beyond Security's Automated Scanning" -kazaa -example
"Shadow Security Scanner performed a vulnerability assessment"
"SnortSnarf alert page"
"The following report contains confidential information" vulnerability -search
"The statistics were last upd?t?d" "Daily"
"this proxy is working fine!" "enter *" "URL***" * visit
"This report lists" "identified by Internet Scanner"
"Traffic Analysis for" "RMON Port * on unit *"
"Version Info" "Boot Version" "Internet Settings"
((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph"))
Analysis Console for Incident Databases
ext:cfg radius.cfg
ext:cgi intext:"nrg-" " This web page was created on "
filetype:pdf "Assessment Report" nessus
filetype:php inurl:ipinfo.php "Distributed Intrusion Detection System"
filetype:php inurl:nqt intext:"Network Query Tool"
filetype:vsd vsd network -samples -examples
intext:"Welcome to the Web V.Networks" intitle:"V.Networks [Top]" -filetype:htm
intitle:"ADSL Configuration page"
intitle:"Azureus : Java BitTorrent Client Tracker"
intitle:"Belarc Advisor Current Profile" intext:"Click here for Belarc's PC Management products, for large and small companies."
intitle:"BNBT Tracker Info"
intitle:"Microsoft Site Server Analysis"
intitle:"Nessus Scan Report" "This file was generated by Nessus"
intitle:"PHPBTTracker Statistics" | intitle:"PHPBT Tracker Statistics"
intitle:"Retina Report" "CONFIDENTIAL INFORMATION"
intitle:"start.managing.the.device" remote pbx acc
intitle:"sysinfo * " intext:"Generated by Sysinfo * written by The Gamblers."
intitle:"twiki" inurl:"TWikiUsers"
inurl:"/catalog.nsf" intitle:catalog
inurl:"map.asp?" intitle:"WhatsUp Gold"
inurl:"NmConsole/Login.asp" | intitle:"Login - Ipswitch WhatsUp Professional 2005" | intext:"Ipswitch WhatsUp Professional 2005 (SP1)" "Ipswitch, Inc"
inurl:"sitescope.html" intitle:"sitescope" intext:"refresh" -demo
inurl:/cgi-bin/finger? "In real life"
inurl:/cgi-bin/finger? Enter (account|host|user|username)
inurl:/counter/index.php intitle:"+PHPCounter 7.*"
inurl:CrazyWWWBoard.cgi intext:"detailed debugging information"
inurl:phpSysInfo/ "created by phpsysinfo"
inurl:portscan.php "from Port"|"Port Range"
inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl
inurl:statrep.nsf -gov
inurl:testcgi xitami
inurl:webalizer filetype:png -opendarwin
Looking Glass intitle:That.Site.Running Apache
"A syntax error has occurred" filetype:ihtml
"access denied for user" "using password"
"An illegal character has been found in the statement" -"previous message"
"ASP.NET_SessionId" "data source="
"Can't connect to local" intitle:warning
"Chatologica MetaSearch" "stack tracking"
"detected an internal error [IBM][CLI Driver][DB2/6000]"
"error found handling the request" cocoon filetype:xml
"Fatal error: Call to undefined function" -reply -the -next
"Incorrect syntax near"
"Incorrect syntax near"
"Internal Server Error" "server at"
"Invision Power Board Database Error"
"ORA-00933: SQL command not properly ended"
"ORA-12541: TNS:no listener" intitle:"error occurred"
"Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php
"PostgreSQL query failed: ERROR: parser: parse error"
"Supplied argument is not a valid MySQL result resource"
"Syntax error in query expression " -the
"The s?ri?t whose uid is " "is not allowed to access"
"There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser."
"Unable to jump to row" "on MySQL result index" "on line"
"Unclosed quotation mark before the character string"
"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum
"Warning: Cannot modify header information - headers already sent"
"Warning: Division by zero in" "on line" -forum

"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum
"Warning: mysql_query()" "invalid query"
"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"
"Warning: Supplied argument is not a valid File-Handle resource in"
"Warning:" "failed to open stream: HTTP request failed" "on line"
"Warning:" "SAFE MODE Restriction in effect." "The s?ri?t whose uid is" "is not allowed to access owned by uid 0 in" "on line"
"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near"
An unexpected token "END-OF-STATEMENT" was found
Coldfusion Error Pages
filetype:asp + "[ODBC SQL"
filetype:asp "Custom Error Message" Category Source
filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error"
filetype:php inurl:"logging.php" "Discuz" error
ht://Dig htsearch error
IIS 4.0 error messages
IIS web server error messages
Internal Server Error
intext:"Error Message : Error loading required libraries."
intext:"Warning: Failed opening" "on line" "include_path"
intitle:"Apache Tomcat" "Error Report"
intitle:"Default PLESK Page"
intitle:"Error Occurred While Processing Request" +WHERE (SELECT|INSERT) filetype:cfm
intitle:"Error Occurred" "The error occurred in" filetype:cfm
intitle:"Error using Hypernews" "Server Software"
intitle:"Execution of this s?ri?t not permitted"
intitle:"Under construction" "does not currently have"
intitle:Configuration.File inurl:softcart.exe
MYSQL error message: supplied argument....
mysql error with query
Netscape Application Server Error page
ORA-00921: unexpected end of SQL command
ORA-00921: unexpected end of SQL command
ORA-00936: missing expression
PHP application warnings failing "include_path"
Snitz! forums db path error
SQL syntax error
Supplied argument is not a valid PostgreSQL result
warning "error on line" php sablotron
Windows 2000 web server error messages
"ftp://" ""
"html allowed" guestbook
: vBulletin Version 1.1.5"
"Select a database to view" intitle:"filemaker pro"
"set up the administrator user" inurl:pivot
"There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row
"Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin
"Welcome to Intranet"
"Welcome to PHP-Nuke" congratulations
"Welcome to the Prestige Web-Based Configurator"
"YaBB SE Dev Team"
"you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos
("Indexed.By"|"Monitored.By") hAcxFtpScan
(inurl:/shop.cgi/page=) | (inurl:/
allinurl:"index.php" "site=sglinks"
allinurl:intranet admin
filetype:cgi inurl:"fileman.cgi"
filetype:cgi inurl:"Web_Store.cgi"
filetype:php inurl:vAuthenticate
filetype:pl intitle:"Ultraboard Setup"
Gallery in configuration mode
Hassan Consulting's Shopping Cart Version 1.18
intext:"Warning: * am able * write ** configuration file" "includes/configure.php" -
intitle:"Gateway Configuration Menu"
intitle:"Horde :: My Portal" -"[Tickets"
intitle:"Mail Server CMailServer Webmail" "5.2"
intitle:"MvBlog powered"
intitle:"Remote Desktop Web Connection"
intitle:"Samba Web Administration Tool" intext:"Help Workgroup"
intitle:"Terminal Services Web Connection"
intitle:"Uploader - Uploader v6"
intitle:osCommerce inurl:admin intext:"redistributable under the GNU" intext:"Online Catalog" -demo
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
inurl:"index.php? module=ew_filemanager"
inurl:newsdesk.cgi? inurl:"t="
inurl:search.php vbulletin
natterchat inurl:home.asp
XOOPS Custom Installation
inurl:htpasswd filetype:htpasswd
inurl:yapboz_detay.asp + View Webcam User Accessing
intitle:"WJ-NT104 Main Page"
intitle:"supervisioncam protocol"

Llist of Password Search Queries on Google


“admin account info” filetype:log
! Host=*.* intext :enc_UserPassword=* ext:pcf
“# -FrontPage-” ext:pwd inurl: (service | authors | administrators | users) “# -FrontPage-” inurl:service.pwd “AutoCreate=TRUE password =*” “http://*:*@www” domainname
“index of/” “ws_ftp.ini” “parent directory” “liveice configuration file” ext:cfg -site:
“parent directory” +proftpdpasswd
“powered by ducalendar” “Powered by Duclassified” -site:
“Powered by Duclassified” “DUware All Rights reserved”
“powered by duclassmate” –
“Powered by Dudirectory” “powered by dudownload” -site:
“Powered By Elite Forum Version *.*”
“Powered by Link Department”
“sets mode: +k”
“your password is” filetype:log
” Powered by DUpaypal” -site:
allinurl: admin mdb auth_user_file.txt
eggdrop filetype:user user
enable password | secret “current configuration” -intext : the
etc (index.of)
ext:asa | ext:bak intext :uid intext :pwd -“uid..pwd” database | server | dsn
ext:inc “pwd=” “UID=” ext:ini eudora.ini
ext:ini Version= password ext:passwd -intext :the – sample -example
ext:txt inurl:unattend. txt
ext:yml database inurl:config filetype:bak createobject sa
filetype: bak inurl:”htaccess|passwd|shadow| htusers”
filetype:cfg mrtg “target[*]” – sample -cvs -example
filetype:cfm “cfapplication name” password filetype: conf oekakibbs
filetype:conf slapd.conf filetype:config config intext : appSettings “User ID”
filetype:dat “password .dat”
filetype:dat inurl:Sites. dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext : mysql_connect
filetype:inc mysql_connect OR mysql_pconnect filetype:inf sysprep
filetype:ini inurl:”serv-u.ini”
filetype:ini inurl: flashFXP.ini
filetype:ini ServUDaemon filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log “See `ipsec –copyright”
filetype:log inurl:”password .log”
filetype:mdb inurl: users.mdb
filetype:mdb wwforum filetype:netrc password filetype:pass pass intext :userid
filetype:pem intext : private
filetype:properties inurl:db intext :password filetype:pwd service filetype:pwl pwl
filetype:reg reg +intext :”defaultusername” +intext
filetype:reg reg +intext :”WINVNC3”
filetype:sql “insert into” (pass|passwd|password )
filetype:sql (“values * MD5” | “values * password ” | “values * encrypt”;)
filetype:sql (“passwd values” | ” password values” | “pass values” )
filetype:sql +”IDENTIFIED BY” -cvs
filetype:sql password filetype:url +inurl:”ftp://” +inurl:”;@”
filetypels username password email
htpasswd / htgroup
htpasswd / htpasswd.bak
:”enable password 7″
intext :”enable secret 5 {:content:}quot;
:”powered by EZGuestbook”
:”powered by Web Wiz Journal” intitle:”index of” intext intitle:”index of” intext intitle:”Index of” passwords modified intitle:”Index of” sc_serv.conf sc_serv content
intitle:”phpinfo()” +”mysql. default_password” +”Zend Scripting Language Engine”
intitle:dupics inurl: (add.asp | default.asp | view.asp | voting.asp)
intitle: index.of administrators.pwd
intitle: Index.of etc shadow
intitle:index.of intext :”secring.skr”|”secring. pgp”|”secring.bak”
intitle:rapidshare intext :login
inurl:”calendarscript/users. txt”
inurl:”editor/list.asp” | inurl:”database_editor.asp” | inurl:”login.asa” “are set”
inurl:”GRC. DAT” intext :”password “
inurl:”Sites. dat”+”PASS=”
inurl:”slapd.conf” intext
:”credentials” -manpage -“Manual Page” -man: -sample
inurl:”slapd.conf” intext :”rootpw” -manpage -“Manual Page” -man: -sample
inurl:”wvdial. conf” intext :”password “
inurl:/db/main. mdb
inurl:/yabb/ Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar. cfg
inurl:chap-secrets -cvs
inurl:config. php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd – man
inurl:nuke filetype:sql
inurl:ospfd. conf intext :password -sample -test – tutorial -download
inurl:pap-secrets – cvs
inurl:perform filetype: ini
inurl:perform.ini filetype:ini
inurl: secring ext:skr | ext:pgp | ext:bak
inurl: server.cfg rcon password inurl: ventrilo_srv.ini adminpassword
inurl: vtund.conf intext :pass -cvs
inurl:zebra. conf intext :password -sample -test – tutorial -download
LeapFTP intitle:”index.of./” sites.ini modified master.passwd
mysql history files NickServ registration passwords
passlist passlist.txt (a better way)
passwd passwd / etc (reliable)
people.lst psyBNC config files
server-dbs “intitle:index of”
signin filetype:url spwd.db / passwd
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
[WFClient] Password = filetype:ica


Google Operators:

Operators are used to refine the results and to maximize the search value. They are your tools as well as ethical hackers’ weapons
Basic Operators: +, -, ~ , ., *, “”, |,
Advanced Operators: allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange

Basic Operators !!
(+) force inclusion of something common Google ignores common words (where, how, digit, single letters) by default: Example: StarStar Wars Episode +I
(-) exclude a search term Example: apple –red
(“) use quotes around a search term to search exact phrases: Example: “Robert Masse” Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results
Basic Operators (~) search synonym: Example: ~food Return the results about food as well as recipe, nutrition and cooking information
( . ) a single-character wildcard: Example: m.trix Return the results of M@trix, matrix, metrix…….
( * ) any word wildcard

Advanced Operators:
“Site:” Site: Domain_name Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain Examples: site:
Advanced Operators: “Filetype:” Filetype: extension_type Find documents with specified extensions The supported extensions are: – HyperText Markup Language (html) – Microsoft PowerPoint (ppt) – Adobe Portable Document Format (pdf) – Microsoft Word (doc) – Adobe PostScript (ps) – Microsoft Works (wks, wps, wdb) – Lotus 1-2-3 – Microsoft Excel (xls) (wk1, wk2, wk3, wk4, wk5, wki, wks, wku) – Microsoft Write (wri) – Lotus WordPro (lwp) – Rich Text Format (rtf) – MacWrite (mw) – Shockwave Flash (swf) – Text (ans, txt) Note: We actually can search asp, php and cgi, pl files as long as it is text-compatible. Example: Budget filetype: xls

Advanced Operators “Intitle:”
Intitle: search_term Find search term within the title of a Webpage
Allintitle: search_term1 search_term2 search_term3 Find multiple search terms in the Web pages with the title that includes all these words
These operators are specifically useful to find the directory lists Example: Find directory list: Intitle: Index.of “parent directory”

Advanced Operators “Inurl:”
Inurl: search_term Find search term in a Web address Allinurl: search_term1 search_term2 search_term3 Find multiple search terms in a Web address Examples: Inurl: cgi-bin Allinurl: cgi-bin password

Advanced Operators “Intext;”
Intext: search_term Find search term in the text body of a document. Allintext: search_term1 search_term2 search_term3 Find multiple search terms in the text body of a document. Examples: Intext: Administrator login Allintext: Administrator login

Advanced Operators: “Cache:”
Cache: URL Find the old version of Website in Google cache Sometimes, even the site has already been updated, the old information might be found in cache Examples: Cache:

Advanced Operators .. Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents Examples: Computer $500..1000 DVD player $250..350

Advanced Operators: “Daterange:”
Daterange: – Find the Web pages between start date and end date Note: start_date and end date use the Julian date The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122 Examples: 2004.07.10=2453196 2004.08.10=2453258 Vulnerabilities date range: 2453196-2453258

Advanced Operators “Link:”
Link: URL Find the Web pages having a link to the specified URL Related: URL Find the Web pages that are “similar” to the specified Web page info: URL Present some information that Google has about that Web page Define: search_term Provide a definition of the words gathered from various online sources Examples: Link: Define: Network security

Advanced Operators “phonebook:”
Phonebook Search the entire Google phonebook rphonebook Search residential listings only bphonebook Search business listings only Examples: Phonebook: robert las vegas (robert in Las Vegas) Phonebook: (702) 944-2001 (reverse search, not always work) The phonebook is quite limited to U.S.A

But the Question rises What can Google can do for an Ethical Hacker?
Search sensitive information like payroll, SIN, even the personal email box
Vulnerabilities scanner
Transparent proxy So how but if i tell u a different way to search k lets do this type in the following statements n c d results we can only provide u the guidelines, now u need to implement your Creativity to Keep it rolling.

Salary filetype: xls site: edu
Security social insurance number

Intitle: Payroll intext: ssn filetype: xls site: edu
Security Social Insurance Number

Payroll intext: Employee intext: ssn Filetype: xls Filetype: xls “checking account” “credit card” – intext: Application -intext: Form (only 39 results)
Financial Information

Intitle: “Index of” finances.xls (9)
Personal Mailbox

Intitle: Index.of inurl: Inbox (inurl: User OR inurl: Mail) (220)
Confidential Files

“not for distribution” confidential (1,760) Confidential Files “not for distribution” confidential filetype: pdf (marketing info) (456)
OS Detection
Use the keywords of the default installation page of a Web server to search.
Use the title to search
Use the footer in a directory index page

OS Detection-Windows “Microsoft-IIS/5.0 server at” OS Detection – Windows Default web page? Intitle: “Welcome to Windows 2000 Internet Services” IIS 5.0 OS Detection –Apache 1.3.11-1.3.26 Intitle: Test.Page.for.Apache seeing.this.instead OS Detection-Apache SSL enable Intitle: “SSL/TLS-aware” (127)
Search Passwords

Search the well known password filenames in URL Search the database connection files or configuration files to find a password and username Search specific username file for a specific product
Search Passwords

Inurl: etc inurl: passwd
Search Passwords

Intitle: “Index of..etc” passwd
Search Passwords

Intitle: “Index of..etc” passwd
Search Passwords

Inurl: admin.pwd filetype: pwd
Search Passwords Filetype: inc dbconn
Search Passwords

Filetype: inc intext: mysql_connect
Search Passwords

Filetype: ini +ws_ftp +pwd (get the encrypted passwords)
Search Passwords

Filetype: log inurl: “password.log” Search Username +intext: “webalizer” +intext: “Total Usernames” +intext: “Usage Statistics for” License Key Filetype: lic lic intext: key (33) (license key) Sensitive Directories Listing Powerful buzz word: Index of Search the well known vulnerable directories names Sensitive Directories Listing “index of cgi-bin” (3590) Sensitive Directories Listing Intitle: “Index of” cfide (coldfusion directory) Sensitive Directories Listing Intitle: index.of.winnt
Get the serial number you need ! (For Certain Things)

1) Go to Google. 2) Use Keyword as “Product name” 94FBR 3) Where, “Product Name” is the name of the item you want to find the serial number for. 4) And voila – there you go – the serial number you needed.
HOW DOES THIS WORK? Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro. By searching for the product name and 94fbr, you guarantee two things. 1) The pages that are returned are pages dealing specifically with the product you’re wanting a serial for. 2) Because 94FBR is part of a serial number, and only part of a serial number, you guarantee that any page being returned is a serial number list page. See these example searches:


“Photoshop 7″+94FBR “Age of Mythology”+94FBR “Nero Burning Rom 5.5″+94FBR

Google search tips !

You can make your search more efficient by learning some search basics !

Try these tips :

1. Use Of ‘+’ sign :

This ensures that the results returned to you will definatly consist of the word following the ‘+’ sign. For Eg :

Search: reviews of +iPhone and iPod

This will show results containing the word reviews or iPod but the results will definatly consist of iPhone !

2. Use Of ‘-‘ sign :

Using ‘-‘ sign before any word will ensure that the particular word will not be included in the results !

3. Use Of ‘~’ sign :

Using ‘~’ before any word will return the results also containing the synonyms of the word !

4. Search a particular site :

To search a particular website you can use the following syntax in the google search :

Search: abc

For Eg :

Search: site: Google Search Tips

5. Define a word :

To get the definition of a word just use :

Search: define:abc

For Eg : Search: define:Computer

This will return you results which define ‘Computer’.

6. Find Pages similar to a page :

To find a page similar i.e. consisting of same type of content, use the following syntax :

Search: related:

7. Search for exact phrase :

To search a set of words exactly together i.e.

For Eg :

Search: “contact us”

This will return the results containing both contact and us together !

8. Using the wild card ‘*’ :

The * sign can be used in places where the whole word is not known.

For Eg:

Search: friend*

This will return the results containing friend , friends , friendship.

9. Using the ‘?’ sign :

This is used when the full spelling of the word is not known.

For Eg:

Search: fri??d

This will result that in the results in which any alphabet can take the place of ‘?’ sign.

10. Use of boolean operators :

The boolean operators like AND,OR,NOT can be used in search box to connect the words !

The search engine understands them as what they mean but the must be in capital letters !

For Eg:

Search: swim OR float

This will return the results containing either swim or float !

Advanced Google Search Codes

Advanced Google Search Codes

This How-To will teach you how to use google to find mp3s. This How-To
will be highly pragmatic and will focus on the hows and not the
wherefores of the various search strings.

0) Key
1) Directories
2) Xitami Servers
3) Directory Listing
4) Andromeda Servers
5) Zina Artists
6) Apache mp3 Servers
7) Individual Songs

Section 0 – KEY

You this are just some definitions I will use below.

[Directory String] can be any of the following :
1) “index of”
2) “last modified”
3) “parent of”

[file type] can be any of the following :
1) “mp3”
2) “shn”
3) “wma”

[mp3 name] can be any of the following :
1) the name of the album in quotes
2) the name of the artist in quotes
3) be daring and leave it blank and have lots of links
4) be creative!

1) -html -htm -php -asp -txt -pls

(inurl:) is optional and may be omitted and in fact most be
omitted if not using a search tool other than google.

(intitle:) can be used in place of (inurl:) and has a similar effect
again you must be useing google.

(-filetype:txt) adding this to the end of your search string can
filter some false positives.

(-playlist) adding this to the end of your search string can
filter some false positives.

Section 1 – Directories

These are the most common way that mp3s are stored on the www, you
should try these strings first.

String Format :
Type 1 : [Directory String] + (inurl:)[file type] + [mp3 name]
Type 2 : [Directory String] + (intitle:)[file type] + [mp3 name]

Type 3 : [Directory String] + [file type] + [mp3 name] + [limitors]

Example Strings :
– intitle:index.of + mp3 + “grandaddy” -html -htm -php -asp -txt -pls
– “index of” + “mp3” + “radiohead” -html -htm -php
– “index of” + mp3 + “grandaddy”
– “index of” + inurl:mp3 + “beatles” -txt -pls
– “index of” + intitle:mp3 + beatles
– “last modified” + “shn” + “dylan”
– “last modified” + inurl:shn + “bob dylan”
– “parent of” + inurl:wma + “grandaddy”

Suggestions :
– Try (intitle:index.of + “mp3” + “band name” -htm -html -php -asp) first it
is usually the most effective.

Another Little Trick:
– If you have been getting alot of results on google but the pages don’t seem
to be there try adding dates and the “apache” string to your search i.e.

– intitle:index.of + mp3 + “grandaddy” -html -htm -php -asp apache feb-2005
– intitle:index.of + mp3 + “grandaddy” -html -htm -php -asp apache 2005

or if you just want a big list of mp3′ doing a search like this everymonth
– intitle:index.of + mp3 + -html -htm -php -asp apache mar

Section 2 – Xitami Servers

String Format :
Type 1 : “xitami web server” + (inurl:)[file type] + [mp3 name]
Type 2 : “xitami web server” + (intitle:)[file type] + [mp3 name]

Example Strings :
– “xitami web server” + “mp3” + “radiohead”
– “xitami web server” + intitle:shn + “beatles”
– “xitami web server” + inurl:mp3 + “magnetic fields”

Section 3 – Directory Listing

String Format :
Type 1 : “directory listings” + (inurl:)[file type] + [mp3 name]
Type 2 : “directory listings” + (intitle:)[file type] + [mp3 name]
Type 3 : “directory listings of” + (inurl:)[file type] + [mp3 name]
Type 4 : “directory listings of” + (intitle:)[file type] + [mp3 name]

Example Strings
– “directory listings” + “mp3” + “radiohead”
– “directory listings” + intitle:shn + “beatles”
– “directory listings” + inurl:mp3 + “magnetic fields”
– “directory listings of” + “mp3” + “radiohead”
– “directory listings of” + intitle:shn + “beatles”
– “directory listings of” + inurl:mp3 + “magnetic fields”

Section 4 – Andromeda Servers

String Format :
Type 1 : “scott matthews” + andromeda + [mp3 name]
Type 2 : “scott matthews” + andromeda + [file type] + [mp3 name]
Type 3 : “powered by andromeda” + [mp3 name]
Type 4 : “powered by andromeda” + [file type] + [mp3 name]
Type 5 : inurl:andromeda.php + [mp3 name]
Type 6 : inurl:anromeda.php + [file type] + [mp3 name]
Type 7 : “scott matthews”
Type 8 : “powered by andromeda”
Type 9 : inurl:andromeda.php

Examples :
– “scott matthews” + andromeda + “radiohead”
– “scott matthews” + andromeda + “mp3” + “fitter”
– “powered by andromeda” + “gradaddy”
– “powered by andromeda” + “mp3” + “just like women”
– inurl:andromeda.php + “shn”
– inurl:anromeda.php + “wma” + “dylan”
– “scott matthews”
– “powered by andromeda”
– inurl:andromeda.php

Section 5 – Zina Artists

String Format :
Type 1 : “zina artists”

Examples :
– “zina artists”

Section 6 – Apache mp3 Servers

String Format :
Type 1 : “stream all” + apache + [mp3 name]
Type 2 : “stream all” + apache
Type 3 : “shuffle all” + apache + [mp3 name]
Type 4 : “shuffle all” + apache

Examples :
– “stream all” + apache
– “stream all” “shuffle all” mp3
– “stream all” + apache + radiohead
– “shuffle all” + beatles

Section 7 – Individual Songs

Format : [mp3 name].mp3 -playlist -filetype:txt

Examples :
– “ok_computer_live.mp3” -playlist -filetype:txt
– “*ok_computer*.mp3” -playlist -filetype:txt
– kid*a.mp3 -playlist -filetype:txt


2nd Method:

Here is a second example of maximizing search results on Google:

1. At Google Search, type in one of the following two phrases (try the first one; if you’re not happy with the results, try the second one on your second search):

* “index of/mp3” -playlist -html -lyrics
* “index of/” mp3 -playlist -html -lyrics

2. If you’d like, add an artist’s name or song name to the end of the phrase, then click the Search Button.
3. Here are a few examples:

* “index of/mp3” -playlist -html -lyrics beatles
* “index of/mp3” -playlist -html -lyrics punk

This tip helps you find directories filled with mp3 files by finding Apache’s Index page:

1. At Google Search type in the following code:
2. +(“index of”) +(“/mp3″|”/mp3s”|”/music”) +(mp3|zip|rar) +apache
3. By editing this code, you can search for any type of media; oog, wav, pdf, etc.
4. Be sure to edit both the directory names as well as the file extensions if edited.

Finding mp3 and compressed files searching by title:

1. At Google Search type in the following code:
2. allinurl: +(mp3|rar|zip|tgz) TheTitle
3. Replace TheTitle with either a song title, artist name, or album.
4. Here are a few examples:
* allinurl: +(mp3|rar|zip|tgz) beatles
* allinurl: +(mp3|rar|zip|tgz) revolver
* allinurl: +(mp3|rar|zip|tgz) greatest hits
& to find cell phone programs:

just type the following line in your google search box and see experience a new world of finding games

for games
“parent directory” nokia games -*b -html -htm -php -shtml -opendivx -md5 -md5sums

for tones
“parent directory ” nokia polyphonic -*b -html -htm -php -shtml -opendivx -md5 -md5sums

for symbian games
“parent directory ” symbian games -*b -html -htm -php -shtml -opendivx -md5 -md5sums

for Wallpapers
“parent directory ” nokia wallpapers -*b -html -htm -php -shtml -opendivx -md5 -md5sums

for general Midi
“parent directory ” midi -*b -html -htm -php -shtml -opendivx -md5 -md5sums

also try using “Index of” instead of “parent directory”
and other tips:

You’ve probably seen some sites that allow you to Google their site for a certain term. This is accomplished via the “site” advanced operator. The following syntax is used for the site operator:


For example, if we wanted to search
for the term “CoolIndianGuy”, we would use the following:




The “inurl” advanced operator is used to search for a term within
URL’s. For example, searching for “inurl:binaryuniverse” searched
for all sites that have the term “binaryuniverse” in their URL.
The “intitle” is used to search for a term in the title. Thus,
“intitle:binaryuniverse” finds all pages with “binaryuniverse”
in their title.
Google keeps caches of pages. When the Google spider indexes a page,
it stores a copy of it. Thus, the cache is a copy of what the page was
like at an earlier date. To view the cache for a page, you can simply
search for the page, and then click the “cache” link underneath.
However, there is a quicker way, that involves only typing in
search terms, and not clicking. Simply type “”
to view the cache of a page (in this case
Google also allows you to search for pages of a certain filetype,
using the syntax “filetype:TYPE”. Replace ‘TYPE’ with the file type
you want to search for. So, if you wanted to search for tutorials
on SQL that are in PDF format, you would search for the following:

SQL Tutorial filetype:PDF

Not only is Google the world’s best search engine, it also happens
to be a mighty fine dictionary. To use it as a dictionary, just type
“define:TERM”, and replace TERM with the word you wish to look up.
For example, if you want to look up “roflmao”, type “define:roflmao”,
without the quotes. This will give you several different resources
for definitions or roflmao. Fyi, roflmao means “rolling on the floor laughing my **** off”.
And now, it’s time for some fun — Google whacking. Actually, after
a couple minutes, I have found Google whacking to become extremely
boring, not to mention frustrating. A google whack is a two-word query
that returns one result. You may not use quotes, and both words in
the query must be real words. And yes, it is very hard.
For more info, I suggest you check out

At this point, the basics of Google have been covered, and you should
be a moderately good Googler.
how to search for STUFF at google

method 1
put this string in google search:

“parent directory ” /appz/ -*b -html -htm -php -shtml -opendivx -md5 -md5sums

“parent directory ” DVDRip -*b -html -htm -php -shtml -opendivx -md5 -md5sums

“parent directory “Xvid -*b -html -htm -php -shtml -opendivx -md5 -md5sums

“parent directory ” Gamez -*b -html -htm -php -shtml -opendivx -md5 -md5sums

“parent directory ” MP3 -*b -html -htm -php -shtml -opendivx -md5 -md5sums

“parent directory ” Name of Singer or album -*b -html -htm -php -shtml -opendivx -md5 -md5sums

Notice that i am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

method 2
put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson

method 3
put this string in google search:

inurl:microsoft filetype:???

method 4
put this string in google search:


method 5
put this string in google search:

“name of object”download
“name of object download”
free “name of object”download
free “name of object download”

Or just look for the filename(s).
and instead of using the inurl: tag, use site: that works too.

For Rapidshare:

or movies:

or music:

Just play with the extensions.

inurl:ebook.DDU | inurl:ebook.EEN | inurl:ebook.JGT | inurl:ebook.LiB | inurl:ebook.EAT

There’s a few ways to differentiate from that to change the outcome in your favor as well. For example, you can take away the “inurl:” to get many hits on things like forum posts or BitTorrent links. (Helpful if you’re looking for something rare.)

You can also add the file type you like (such as PDF, CHM, LIT, etc) to get a specialized search. Finally, don’t forget to put () or else Google may get confused. When defining a OR statement, Google expects the () to surround it. For example, you could search for:

– (ebook.DDU | ebook.EEN | ebook.JGT | ebook.LiB | ebook.EAT )
– PDF (ebook.DDU | ebook.EEN | ebook.JGT | ebook.LiB | ebook.EAT )
or get fancy with
– (PDF | CHM | LIT | ZIP | RAR | ISO) (ebook.DDU | ebook.EEN | ebook.JGT | ebook.LiB | ebook.EAT)

You can also use “Parent Directory”+ in front of it but don’t limit the search to Google, try several engines.

A nice site for Rabbits & webbits:


Music Filetypes:

Movie Filetypes:

Picture Filetypes:

Compressed Filetypes (Used to search for programs):
EXE <- Be extremely careful when searching for EXE files, make sure you run a complete virus scan on any of the compressed filetypes.

Document Filetypes:

These are just a few of the things that you can search for using Google. It is an extremely powerful tool that can be used to find just about anything you could ever want on the internet. While I am not condoning pirating and filesharing, I feel that the sharing of information is absolutely essential to the survival of the internet. After all, the internet was founded on the idea of sharing information, Google just allows us to index all of that information into an easily searched archive

Search passwords and Juicy Info : Digg Google

This is not about finding sensitive data during an assessment as much as
it is about what the “bad guys” might do to troll for the data.The examples presented
generally represent the lowest-hanging fruit on the security
tree. Hackers target this information on a daily basis.To protect against this type
of attacker, we need to be fairly candid about the worst-case possibilities.We
won’t be overly candid, however.
We start by looking at some queries that can be used to uncover usernames,
the less important half of most authentication systems.The value of a username is
often overlooked, but, an entire multimilliondollar
security system can be shattered through skillful crafting of even the
smallest, most innocuous bit of information.
Next, we take a look at queries that are designed to uncover passwords. Some
of the queries we look at reveal encrypted or encoded passwords, which will take
a bit of work on the part of an attacker to use to his or her advantage.We also
take a look at queries that can uncover cleartext passwords.These queries are some
of the most dangerous in the hands of even the most novice attacker. What could
make an attack easier than handing a username and cleartext password to an
We wrap up by discussing the very real possibility of uncovering
highly sensitive data such as credit card information and information used to
commit identity theft, such as Social Security numbers. Our goal here is to
explore ways of protecting against this very real threat.To that end, we don’t go
into details about uncovering financial information and the like. If you’re a “dark
side” hacker, you’ll need to figure these things out on your own.
Searching for Usernames
Most authentication mechanisms use a username and password to protect information.
To get through the “front door” of this type of protection, you’ll need to
determine usernames as well as passwords. Usernames also can be used for social
engineering efforts, as we discussed earlier.
Many methods can be used to determine usernames. In Chapter 10, we
explored ways of gathering usernames via database error messages. In Chapter 8
we explored Web server and application error messages that can reveal various
information, including usernames.These indirect methods of locating usernames
are helpful, but an attacker could target a usernames directory
query like “your username is”. This phrase can locate help pages that describe the
username creation process,
information gleaned from other sources, such as Google Groups posts or phone
listings.The usernames could then be recycled into various other phases of the
attack, such as a worm-based spam campaign or a social-engineering attempt.An
attacker can gather usernames from a variety of sources, as shown in the sample
queries listed
Sample Queries That Locate Usernames
Query Description
inurl:admin inurl:userlist Generic userlist files
inurl:admin filetype:asp Generic userlist files
inurl:php inurl:hlstats intext: Half-life statistics file, lists username and
Server Username other information
filetype:ctl inurl:haccess. Microsoft FrontPage equivalent of htaccess
ctl Basic shows Web user credentials
Query Description
filetype:reg reg intext: Microsoft Internet Account Manager can
”internet account manager” reveal usernames and more
filetype:wab wab Microsoft Outlook Express Mail address
filetype:mdb inurl:profiles Microsoft Access databases containing (user)
index.of perform.ini mIRC IRC ini file can list IRC usernames and
other information
inurl:root.asp?acs=anon Outlook Mail Web Access directory can be
used to discover usernames
filetype:conf inurl:proftpd. PROFTP FTP server configuration file reveals
conf –sample username and server information
filetype:log username putty PUTTY SSH client logs can reveal usernames
and server information
filetype:rdp rdp Remote Desktop Connection files reveal user
intitle:index.of .bash_history UNIX bash shell history reveals commands
typed at a bash command prompt; usernames
are often typed as argument strings
intitle:index.of .sh_history UNIX shell history reveals commands typed at
a shell command prompt; usernames are
often typed as argument strings
“index of ” lck Various lock files list the user currently using
a file
+intext:webalizer +intext: Webalizer Web statistics page lists Web user-
Total Usernames +intext: names and statistical information
”Usage Statistics for”
filetype:reg reg HKEY_ Windows Registry exports can reveal
CURRENT_USER username usernames and other information

Underground Googling Searching for a Known Filename
Remember that there are several ways to search for a known filename.
One way relies on locating the file in a directory listing, like intitle:index.of
install.log. Another, often better, method relies on the filetype operator,
as in filetype:log inurl:install.log. Directory listings are not all that
common. Google will crawl a link to a file in a directory listing, meaning
that the filetype method will find both directory listing entries as well as
files crawled in other ways.

In some cases, usernames can be gathered from Web-based statistical programs
that check Web activity.The Webalizer program shows all sorts of information
about a Web server’s usage. Output files for the Webalizer program can be
located with a query such as intext:webalizer intext:”Total Usernames” intext:”Usage
Statistics for”. Among the information displayed is the username that was used to
connect to the Web server, as shown in Figure 9.2. In some cases, however, the
usernames displayed are not valid or current, but the “Visits” column lists the
number of times a user account was used during the capture period.This enables
an attacker to easily determine which accounts are more likely to be valid.

The Windows registry holds all sorts of authentication information, including
usernames and passwords.Though it is unlikely (and fairly uncommon) to locate
live, exported Windows registry files on the Web, at the time of this writing
there are nearly 100 hits on the query filetype:reg HKEY_CURRENT_USER
username, which locates Windows registry files that contain the word username
and in some cases passwords,

As any talented attacker or security person will tell you, it’s rare to get information
served to you on a silver platter. Most decent finds take a bit of persistence,
creativity, intelligence, and just a bit of good luck. For example, consider
the Microsoft Outlook Web Access portal, which can be located with a query
like inurl:root.asp?acs=anon. At the time of this writing, fewer than 50 sites are
returned by this query, even though there a certainly more than 50 sites running
the Microsoft Web-based mail portal. Regardless of how you might locate a site
running this e-mail gateway, it’s not uncommon for the site to host a public
directory (denoted “Find Names,” by default)

The public directory allows access to a search page that can be used to find
users by name. In most cases, wildcard searching is not allowed, meaning that a
search for * will not return a list of all users, as might be expected. Entering a
search for a space is an interesting idea, since most user descriptions contain a
space, but most large directories will return the error message “This query would
return too many addresses!” Applying a bit of creativity, an attacker could begin
searching for individual common letters, such as the “Wheel of Fortune letters”
R, S,T, L, N, and E. Eventually one of these searches will most likely reveal a list
of user information like

Once a list of user information is returned, the attacker can then recycle the
search with words contained in the user list, searching for the words Voyager,
Freshmen, or Campus, for example.Those results can then be recycled, eventually
resulting in a nearly complete list of user information.
Searching for Passwords
Password data, one of the “Holy Grails” during a penetration test, should be protected.
Unfortunately, many examples of Google queries can be used to locate
passwords on the Web, as shown in Table 9.2.
Table 9.2 Queries That Locate Password Information
Query Description
inurl:/db/main.mdb ASP-Nuke passwords
filetype:cfm “cfapplication ColdFusion source with potential passwords
name” password
filetype:pass pass intext:userid dbman credentials
allinurl:auth_user_file.txt DCForum user passwords
eggdrop filetype:user user Eggdrop IRC user credentials
filetype:ini inurl:flashFXP.ini FlashFXP FTP credentials
filetype:url +inurl:”ftp://” FTP bookmarks cleartext passwords
inurl:zebra.conf intext: GNU Zebra passwords
password -sample -test
-tutorial –download
filetype:htpasswd htpasswd HTTP htpasswd Web user credentials
intitle:”Index of” “.htpasswd” HTTP htpasswd Web user credentials
“htgroup” -intitle:”dist”
-apache -htpasswd.c
intitle:”Index of” “.htpasswd” HTTP htpasswd Web user credentials
“http://*:*@www” bob:bob HTTP passwords (bob is a sample username)
“sets mode: +k” IRC channel keys (passwords)
“Your password is * Remember IRC NickServ registration passwords
this for later use”
signin filetype:url JavaScript authentication credentials

Queries That Locate Password Information
Query Description
LeapFTP intitle:”index.of./” LeapFTP client login credentials
sites.ini modified
inurl:lilo.conf filetype:conf LILO passwords
password -tatercounter2000
-bootpwd –man
filetype:config config intext: Microsoft .NET application credentials
appSettings “User ID”
filetype:pwd service Microsoft FrontPage Service Web passwords
intitle:index.of Microsoft FrontPage Web credentials
“# -FrontPage-” inurl:service.pwd Microsoft FrontPage Web passwords
ext:pwd inurl:_vti_pvt inurl: Microsoft FrontPage Web passwords
(Service | authors | administrators)
inurl:perform filetype:ini mIRC nickserv credentials
intitle:”index of” intext: mySQL database credentials
intitle:”index of” intext: mySQL database credentials
filetype:conf oekakibbs Oekakibss user passwords
filetype:dat wand.dat Opera‚ ÄúMagic Wand‚Äù Web credentials
inurl:ospfd.conf intext: OSPF Daemon Passwords
password -sample -test
-tutorial –download
index.of passlist Passlist user credentials
inurl:passlist.txt passlist.txt file user credentials
filetype:dat “password.dat” password.dat files
inurl:password.log filetype:log password.log file reveals usernames, passwords,
and hostnames
filetype:log inurl:”password.log” password.log files cleartext passwords
inurl:people.lst filetype:lst People.lst generic password file
intitle:index.of config.php PHP Configuration File database credentials
inurl:config.php dbuname dbpass PHP Configuration File database credentials
inurl:nuke filetype:sql PHP-Nuke credentials
Queries That Locate Password Information
Query Description
filetype:conf inurl:psybnc.conf psyBNC IRC user credentials
filetype:ini ServUDaemon servU FTP Daemon credentials
filetype:conf slapd.conf slapd configuration files root password
inurl:”slapd.conf” intext: slapd LDAP credentials
”credentials” -manpage
-”Manual Page” -man: -sample
inurl:”slapd.conf” intext: slapd LDAP root password
”rootpw” -manpage
-”Manual Page” -man: -sample
filetype:sql “IDENTIFIED BY” –cvs SQL passwords
filetype:sql password SQL passwords
filetype:ini wcx_ftp Total Commander FTP passwords
filetype:netrc password UNIX .netrc user credentials
index.of.etc UNIX /etc directories contain various credential
intitle:”Index of..etc” passwd UNIX /etc/passwd user credentials
intitle:index.of passwd UNIX /etc/passwd user credentials
intitle:”Index of” pwd.db UNIX /etc/pwd.db credentials
intitle:Index.of etc shadow UNIX /etc/shadow user credentials
intitle:index.of master.passwd UNIX master.passwd user credentials
intitle:”Index of” spwd.db UNIX spwd.db credentials
passwd -pam.conf
filetype:bak inurl:”htaccess| UNIX various password file backups
filetype:inc dbconn Various database credentials
filetype:inc intext:mysql_ Various database credentials, server names
filetype:properties inurl:db Various database credentials, server names
inurl:vtund.conf intext:pass –cvs Virtual Tunnel Daemon passwords
inurl:”wvdial.conf” intext: wdial dialup user credentials

Queries That Locate Password Information
Query Description
filetype:mdb wwforum Web Wiz Forums Web credentials
“AutoCreate=TRUE password=*”Website Access Analyzer user passwords
filetype:pwl pwl Windows Password List user credentials
filetype:reg reg +intext: Windows Registry Keys containing user
”defaultusername” intext: credentials
filetype:reg reg +intext: Windows Registry Keys containing user
”internet account manager” credentials
“index of/” “ws_ftp.ini” WS_FTP FTP credentials
“parent directory”
filetype:ini ws_ftp pwd WS_FTP FTP user credentials
inurl:/wwwboard wwwboard user credentials
In most cases, passwords discovered on the Web are either encrypted or
encoded in some way. In most cases, these passwords can be fed into a password
cracker such as John the Ripper from to produce
plaintext passwords that can be used in an attack. Figure 9.6 shows the results of
the search ext:pwd inurl:_vti_pvt inurl:(Service | authors | administrators), which
combines a search for some common

Exported Windows registry files often contain encrypted or encoded passwords
as well. If a user exports the Windows registry to a file and Google subsequently
crawls that file, a query like filetype:reg intext:”internet account manager”
could reveal interesting keys containing password data

ress. Note that live, exported Windows registry files are not very common, but it’s
not uncommon for an attacker to target a site simply because of one exceptionally
insecure file. It’s also possible for a Google query to uncover cleartext passwords.
These passwords can be used as is without having to employ a
password-cracking utility. In these extreme cases, the only challenge is determining
the username as well as the host on which the password can be used. As
shown in Figure 9.8, certain queries will locate all the following information:
usernames, cleartext passwords, and the host that uses that authentication!

There is no magic query for locating passwords, but during an assessment,
remember that the simplest queries directed at a site can have amazing results, as
we discussed in , Chapter 7, Ten Simple Searches. For example, a query like “Your
password” forgot would locate pages that provide a forgotten password recovery
mechanism.The information from this type of query can be used to formulate
any of a number of attacks against a password. As always, effective social engineering
is a terrific nontechnical solution to “forgotten” passwords.
Another generic search for password information, intext:(password | passcode |
pass) intext:(username | userid | user), combines common words for passwords and
user IDs into one query.This query returns a lot of results, but the vast majority
of the top hits refer to pages that list forgotten password information, including
either links or contact information. Using Google’s translate feature, found at, we could also create multilingual password
searches.Table 9.3 lists common translations for the word password
English Translations of the Word Password
Language Word Translation
German password Kennwort
Spanish password contraseña
French password mot de passe
Italian password parola d’accesso
Portuguese password senha
Dutch password Paswoord
The terms username and userid in most languages translate to username
and userid, respectively.
Searching for Credit Card Numbers,
Social Security Numbers, and More
Most people have heard news stories about Web hackers making off with customer
credit card information.With so many fly-by night retailers popping up
on the Internet, it’s no wonder that credit card fraud is so prolific.These momand-
pop retailers are not the only ones successfully compromised by hackers.
Corporate giants by the hundreds have had financial database compromises over
the years, victims of sometimes very technical, highly focused attackers. What
might surprise you is that it doesn’t take a rocket scientist to uncover live credit
card numbers on the Internet, thanks to search engines like Google. Everything
from credit information to banking data or supersensitive classified government
documents can be found on the Web. Consider the (highly edited) Web page

This document, found using Google, lists hundreds and hundreds of credit
card numbers (including expiration date and card validation numbers) as well as
the owners’ names, addresses, and phone numbers.This particular document also
included phone card (calling card) numbers. Notice the scroll bar on the righthand
side of Figure 9.9, an indicator that the displayed page is only a small part
of this huge document—like many other documents of its kind. In most cases,
pages that contain these numbers are not “leaked” from online retailers or ecommerce
sites but rather are most likely the fruits of a scam known as phishing,
in which users are solicited via telephone or e-mail for personal information.
Several Web sites, including, document these scams and
hoaxes. Figure 9.10 shows a screen shot of a popular eBay phishing scam that
encourages users to update their eBay profile information.

Once a user fills out this form, all the information is sent via e-mail to the
attacker, who can use it for just about anything.
Tools and Traps
Catching Online Scammers
In some cases, you might be able to use Google to help nab the bad guys.
Phishing scams are effective because the fake page looks like an official
page. To create an official-looking page, the bad guys must have examples
to work from, meaning that they must have visited a few legitimate companies’
Web sites. If the fishing scam was created using text from several
companies’ existing pages, you can key in on specific phrases from the fake
page, creating Google queries designed to round up the servers that hosted
some of the original content. Once you’ve located the servers that contained
the pilfered text, you can work with the companies involved to
extract correlating connection data from their log files. If the scammer visited
each company’s Web page, collecting bits of realistic text, his IP should
appear in each of the log files. Auditors at SensePost (
have successfully used this technique to nab online scam artists.
Unfortunately, if the scammer uses an exact copy of a page from only one
company, this task becomes much more difficult to accomplish.
Social Security Numbers
Social Security numbers (SSNs) and other sensitive data can be easily located
with Google as well as via the same techniques used to locate credit card numbers.
For a variety of reasons, SSNs might appear online—for example, educational
facilities are notorious for using an SSN as a student ID, then posting
grades to a public Web site with the “student ID” displayed next to the grade.A
creative attacker can do quite a bit with just an SSN, but in many cases it helps
to also have a name associated with that SSN. Again, educational facilities have
been found exposing this information via Excel spreadsheets listing student’s
names, grades, and SSNs, despite the fact that the student ID number is often
used to help protect the privacy of the student! Although we don’t feel it’s right
to go into the details of how this data is located, several media outlets have irresponsibly
posted the details online. Although the blame lies with the sites that are
leaking this information, in our opinion it’s still not right to draw attention to
how exactly the information can be located.
Personal Financial Data
In some cases, phishing scams are responsible for publicizing personal information;
in other cases, hackers attacking online retails are to blame for this breach of
privacy. Sadly, there are many instances where an individual is personally responsible
for his own lack of privacy. Such is the case with personal financial information.
With the explosion of personal computers in today’s society, users have
literally hundreds of personal finance programs to choose from. Many of these
programs create data files with specific file extensions that can be searched with
Google. It’s hard to imagine why anyone would post personal financial information
to a public Web site (which subsequently gets crawled by Google), but it
must happen quite a bit, judging by the number of hits for program files generated
by Quicken and Microsoft Money, for example. Although it would be
somewhat irresponsible to provide queries here that would unearth personal
financial data, it’s important to understand the types of data that could potentially
be uncovered by an attacker.To that end,Table 9.4 shows file extensions for various
financial, accounting, and tax return programs. Ensure that these filetypes
aren’t listed on a webserver you’re charged with protecting.
File Extension Description
afm Abassis Finance Manager
ab4 Accounting and Business File
mmw AceMoney File
Iqd AmeriCalc Mutual Fund Tax Report
et2 Electronic Tax Return Security File (Australia)
tax Intuit TurboTax Tax Return
t98-t04 Kiplinger Tax Cut File (extension based on two-digit return
mny Microsoft Money 2004 Money Data Files
mbf Microsoft Money Backup Files
inv MSN Money Investor File
ptdb Peachtree Accounting Database
qbb QuickBooks Backup Files reveal financial data
qdf Quicken personal finance data
soa Sage MAS 90 accounting software
sdb Simply Accounting
stx Simply Tax Form
tmd Time and Expense Tracking
tls Timeless Time & Expense
fec U.S. Federal Campaign Expense Submission
wow Wings Accounting File
Searching for Other Juicy Info
As we’ve seen, Google can be used to locate all sorts of sensitive information. In
this section we take a look at some of the data that Google can find that’s harder
to categorize. From address books to chat log files and network vulnerability
reports, there’s no shortage of sensitive data online.Table 9.5 shows some queries
that can be used to uncover various types of sensitive data.
Query Description
intext:”Session Start AIM and IRC log files
* * * *:*:* *” filetype:log
filetype:blt blt +intext: AIM buddy lists
buddylist.blt AIM buddy lists
intitle:index.of cgiirc.config CGIIRC (Web-based IRC client) config file,
shows IRC servers and user credentials
inurl:cgiirc.config CGIIRC (Web-based IRC client) config file,
shows IRC servers and user credentials
“Index of” / “chat/logs” Chat logs
intitle:”Index Of” cookies.txt cookies.txt file reveals user information
“phone * * *” “address *” Curriculum vitae (resumes) reveal names
“e-mail” intitle:”curriculum vitae” and address information
ext:ini intext:env.ini Generic environment data
intitle:index.of inbox Generic mailbox files
“Running in Child mode” Gnutella client data and statistics
“:8080” “:3128” “:80” HTTP Proxy lists
intitle:”Index of” ICQ chat logs
dbconvert.exe chats
“sets mode: +p” IRC private channel information
“sets mode: +s” IRC secret channel information
“Host Vulnerability Summary ISS vulnerability scanner reports, reveal
Report” potential vulnerabilities on hosts and
“Network Vulnerability ISS vulnerability scanner reports, reveal
Assessment Report” potential vulnerabilities on hosts and networks
filetype:pot inurl:john.pot John the Ripper password cracker results
intitle:”Index Of” -inurl:maillog Maillog files reveals e-mail traffic
maillog size information
ext:mdb inurl:*.mdb inurl: Microsoft FrontPage database folders
Query Description
filetype:xls inurl:contact Microsoft Excel sheets containing contact
intitle:index.of haccess.ctl Microsoft FrontPage equivalent(?)of htaccess
shows Web authentication info
ext:log “Software: Microsoft Microsoft Internet Information Services
Internet Information Services *.*” (IIS) log files
filetype:pst inurl:”outlook.pst” Microsoft Outlook e-mail and calendar
backup files
intitle:index.of mt-db-pass.cgi Movable Type default file
filetype:ctt ctt messenger MSN Messenger contact lists
“This file was generated Nessus vulnerability scanner reports, reveal
by Nessus” potential vulnerabilities on hosts and networks
inurl:”newsletter/admin/” Newsletter administration information
inurl:”newsletter/admin/” Newsletter administration information
intitle:”newsletter admin”
filetype:eml eml intext: Outlook Express e-mail files
”Subject” +From
intitle:index.of inbox dbx Outlook Express Mailbox files
intitle:index.of inbox dbx Outlook Express Mailbox files
filetype:mbx mbx intext:Subject Outlook v1–v4 or Eudora mailbox files
inurl:/public/?Cmd=contents Outlook Web Access public folders or
filetype:pdb pdb backup (Pilot Palm Pilot Hotsync database files
| Pluckerdb)
“This is a Shareaza Node” Shareaza client data and statistics
inurl:/_layouts/settings Sharepoint configuration information
inurl:ssl.conf filetype:conf SSL configuration files, reveal various configuration
site:edu admin grades Student grades
intitle:index.of mystuff.xml Trillian user Web links
inurl:forward filetype: UNIX mail forward files reveal e-mail
forward –cvs addresses
intitle:index.of dead.letter UNIX unfinished e-mails

Make no mistake—there’s sensitive data on the Web, and Google can find it.
There’s hardly any limit to the scope of information that can be located, if only
you can figure out the right query. From usernames to passwords, credit card and
Social Security numbers, and personal financial information, it’s all out there. As a
purveyor of the “dark arts,” you can relish in the stupidity of others, but as a professional
tasked with securing a customer’s site from this dangerous form of
information leakage, you could be overwhelmed by the sheer scale of your
defensive duties.
As droll as it might sound, a solid, enforced security policy is a great way to
keep sensitive data from leaking to the Web. If users understand the risks associated
with information leakage and understand the penalties that come with violating
policy, they will be more willing to cooperate in what should be a security
In the meantime, it certainly doesn’t hurt to understand the tactics an adversary
might employ in attacking a Web server. One thing that should become
clear as you read this book is that any attacker has an overwhelming number of
files to go after. One way to prevent dangerous Web information leakage is by
denying requests for unknown file types. Whether your Web server normally
serves up CFM,ASP, PHP, or HTML, it’s infinitely easier to manage what should
be served by the Web server instead of focusing on what should not be served.
Adjust your servers or your border protection devices to allow only specific content
or file types.
Solutions Fast Track
Searching for Usernames
_ Usernames can be found in a variety of locations.
_ In some cases, digging through documents or e-mail directories might
be required.
_ A simple query such as “your username is” can be very effective in
locating usernames.

Searching for Passwords
_ Passwords can also be found in a variety locations.
_ A query such as “Your password” forgot can locate pages that provide a
forgotten-password recovery mechanism.
_ intext:(password | passcode | pass) intext:(username | userid | user) is
another generic search for locating password information.
Searching for Credit Cards
Numbers, Social Security Numbers, and More
_ Documents containing credit card and Social Security number
information do exist and are relatively prolific.
_ Some irresponsible news outlets have revealed functional queries that
locate this information.
_ There are relatively few examples of personal financial data online, but
there is a great deal of variety.
_ In most cases, specific file extensions can be searched for.
Searching for Other Juicy Info
_ From address books and chat log files to network vulnerability reports,
there’s no shortage of sensitive data online.

Some google tricks

A few things you might want to try with Google:

Hand type the following prefixes and note their utility:

link:url Shows other pages with links to that url.

related:url same as “what’s related” on serps.

site:domain restricts search results to the given domain.

allinurl: shows only pages with all terms in the url.

inurl: like allinurl, but only for the next query word.

allintitle: shows only results with terms in title.

intitle: similar to allintitle, but only for the next word. “intitle:webmasterworld google” finds only pages with webmasterworld in the title, and google anywhere on the page.

cache:url will show the Google version of the passed url.

info:url will show a page containing links to related searches, backlinks, and pages containing the url. This is the same as typing the url into the search box.

spell: will spell check your query and search for it.

stocks: will lookup the search query in a stock index.

filetype: will restrict searches to that filetype. “-filetype:doc” to remove Microsoft word files.

daterange: is supported in Julian date format only. 2452384 is an example of a Julian date.

maps: If you enter a street address, a link to Yahoo Maps and to MapBlast will be presented.

phone: enter anything that looks like a phone number to have a name and address displayed. Same is true for something that looks like an address (include a name and zip code) “+www.somesite.+net”
(tells you how many pages of your site are indexed by google)

allintext: searches only within text of pages, but not in the links or page title

allinlinks: searches only within links, not text or title

I hope there is something new in here for you and maybe this infos will be