Google as a Hacking Tool

Monday, November 28, 2011 | comments

Everyday you use Google for searches but will you use it for hacking?

A Search Engine will continuously try to list almost all the websites available on the internet to make compete with other search engines.  In this process they also list vulnerabilities or simply speaking common mistakes/threats also. As we all know Google is one of the best search engine available. Here is some of the searches you can use to find exploits on Google.
Before continuing I have to say since this method is pretty popular most of the sites use honey pots(they pretend like a vulnerability but it is just to make u believe that they have a vulnerability). So BEWARE!!Just kidding
Enough of talking. Lets see some examples.

SSH logs on putty log files
Shell command logs.
Ok, this file contains what a user typed at a shell command prompt. You shouldn’t advertise this file. You shouldn’t flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff… *sigh* Sometimes there aren’t words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations…
SQL history
The .mysql_history file contains commands that were performed against a mysql database. A “history” of said commands. First, you shouldn’t show this file to anyone, especially not a MAJOR SEARCH ENGINE! Secondly, I sure hope you wouldn’t type anything sensitive while interacting with your databases, like oh say USERNAMES AND PASSWORDS…
Get ETC passwords
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin’ jelly doughnuts. Bravo googleDorks! Good show!
Filezilla Passwords
filezilla.xml contains Sites,Logins and cryptic Passwords of ftp connections made with the open source programme filezilla.
Rapid share Passwords
Rapidshare login passwords.
Password XML
This returns xls files containing login names and passwords. it works by showing all the xls files with password:(something)so a downside is that u do get stuff like “password protected”, “password services” etc. (and the same for login)But…most of the decent ones have the login and password in the text given to you by google, so its easy to seperate the useful ones from the others. There are so many searches you can run on Google to find exploits. I will add them accordingly so stay tuned.Winking smile
Finally I am not taking any responsibility on any of the things you may do or you try to do using this information. Open-mouthed smile
Share this article :
Posted by Sanjaya Einstein at 12:16 AM
Labels: , , , ,

Post a Comment

 
Support : Sanjaya Einy | Blogger Tricks Templatee
Copyright © 2011. Tips and Tricks NET - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Premium Blogger Template