Cheat Sheet : Google Hacking
Google hacking is a great way to do some recon using advanced operators in the google search engine. Heres some examples:
google hacking lessons:
* google queries are not case-sensitive
* google doesnt use wildcard like most, it sees it just as another character
* google ignores certain common words, characters, and single digits in a search, but you can force google into using them by including them in quotes. You can also precede the word with a + sign like +and with no spaces between the + and the word "and"
* google limits searches to 32 words, but we could use wildcards to omit common words and extend that limit. so a phrase like "we the people of the united states in order to form a more perfect union establish jusice" is 17 words, but if i omit the common words and replace with wildcards: we * people * * united states * order * form * more perfect * establish * would be couonted as 9 words
* if i do a phrase search, which means multiple words enclosed in quotes, google searches for all the words in the phrase in the exact order you provide them. "Google hacker" for instance searches for the phrase Google hacker exactly
* google has boolean operators you can use to great effect: AND , OR , and NOT. The operator AND is redundant however to google, it will regardless of AND or not, search for all the terms listed. it uses the + symbol. The NOT operator excludes a word from a search. Or you could preface a word with the - symbol with no spaces. For instance if i search the word hacker, that could mean a ton of things: a woodcutter, a murderer who slashes people,a golf term for a poor player, or a computer hacker. If i wanted to search hacker but not return results related to the golf term or woodcutters, i would do hacker -golf -woodcutters, etc. The OR operator is represented by the | symbol which tells google to locate either one word or the other. intext:password | passcode | passwd is basically sying looking for, in text, any of these three words. Now add filetype:csv to the end of that and see what you come up with.
* Lets say you were searching for Angelina Jolie, you would probably come up with around 32 million results. The whole idea with google hacking is to narrow down the results as narrow and concise as possible. So if you did this search: inurl:"Angelina Jolie", this would return around 405,000 results, which is a reduction from the 32 million. Then if you were to do filetype:xlsx "Angelina Jolie, you would find excel documents about Angelina Jolie! Try filetype:xlsx username password email and see what you come up with.
Heres some other queries:
this one is for cisco vpn config files:
filetype:pcf "GroupPwd"
and a place to crack it:
http://www.thecampusgeeks.com/tools/cisco-VPN-decrypt/cisco-decrypt.php
admin log files:
admin account info" filetype:log
frontpage hacking:
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"
some irc passwords:
"your password is" filetype:log
Avast purchased licenses:
intext:"Thank you for your purchase/trial of ALWIL Software products.:"
my sql history:
?intitle:index.of?.mysql_history
Cisco IOS
current configuration files with Secret and passwords:
enable password | secret "current configuration" -intext:the
MIT association of student associations and groups database:
ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn
database uids and passwords:
ext:inc "pwd=" "UID="
SA's for databases:
filetype:bak createobject sa
openldap. lots of good info on server OU's and root passwords:
filetype:conf slapd.conf
password data file:
filetype:dat "password.dat"
different sites and users/passes for them:
filetype:dat inurl:Sites.dat
sysprep, some cd keys and admin passes:
filetype:inf sysprep
ServU ftp:
filetype:ini ServUDaemon
more passwords:
filetype:pass pass intext:userid
sql "insert to" functions with usernames and passwords:
filetype:sql "insert into" (pass|passwd|password)
excel user/pass:
filetype:xls username password email
more database:
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
google hacking lessons:
* google queries are not case-sensitive
* google doesnt use wildcard like most, it sees it just as another character
* google ignores certain common words, characters, and single digits in a search, but you can force google into using them by including them in quotes. You can also precede the word with a + sign like +and with no spaces between the + and the word "and"
* google limits searches to 32 words, but we could use wildcards to omit common words and extend that limit. so a phrase like "we the people of the united states in order to form a more perfect union establish jusice" is 17 words, but if i omit the common words and replace with wildcards: we * people * * united states * order * form * more perfect * establish * would be couonted as 9 words
* if i do a phrase search, which means multiple words enclosed in quotes, google searches for all the words in the phrase in the exact order you provide them. "Google hacker" for instance searches for the phrase Google hacker exactly
* google has boolean operators you can use to great effect: AND , OR , and NOT. The operator AND is redundant however to google, it will regardless of AND or not, search for all the terms listed. it uses the + symbol. The NOT operator excludes a word from a search. Or you could preface a word with the - symbol with no spaces. For instance if i search the word hacker, that could mean a ton of things: a woodcutter, a murderer who slashes people,a golf term for a poor player, or a computer hacker. If i wanted to search hacker but not return results related to the golf term or woodcutters, i would do hacker -golf -woodcutters, etc. The OR operator is represented by the | symbol which tells google to locate either one word or the other. intext:password | passcode | passwd is basically sying looking for, in text, any of these three words. Now add filetype:csv to the end of that and see what you come up with.
* Lets say you were searching for Angelina Jolie, you would probably come up with around 32 million results. The whole idea with google hacking is to narrow down the results as narrow and concise as possible. So if you did this search: inurl:"Angelina Jolie", this would return around 405,000 results, which is a reduction from the 32 million. Then if you were to do filetype:xlsx "Angelina Jolie, you would find excel documents about Angelina Jolie! Try filetype:xlsx username password email and see what you come up with.
Heres some other queries:
this one is for cisco vpn config files:
filetype:pcf "GroupPwd"
and a place to crack it:
http://www.thecampusgeeks.com/tools/cisco-VPN-decrypt/cisco-decrypt.php
admin log files:
admin account info" filetype:log
frontpage hacking:
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"
some irc passwords:
"your password is" filetype:log
Avast purchased licenses:
intext:"Thank you for your purchase/trial of ALWIL Software products.:"
my sql history:
?intitle:index.of?.mysql_history
Cisco IOS
current configuration files with Secret and passwords:
enable password | secret "current configuration" -intext:the
MIT association of student associations and groups database:
ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn
database uids and passwords:
ext:inc "pwd=" "UID="
SA's for databases:
filetype:bak createobject sa
openldap. lots of good info on server OU's and root passwords:
filetype:conf slapd.conf
password data file:
filetype:dat "password.dat"
different sites and users/passes for them:
filetype:dat inurl:Sites.dat
sysprep, some cd keys and admin passes:
filetype:inf sysprep
ServU ftp:
filetype:ini ServUDaemon
more passwords:
filetype:pass pass intext:userid
sql "insert to" functions with usernames and passwords:
filetype:sql "insert into" (pass|passwd|password)
excel user/pass:
filetype:xls username password email
more database:
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
Comments
Post a Comment