I Used These Secret Searches for Hacking
WHICH AND HOW?
Well, if you are a newbie, you won't believe that I used Google Searches for most of my H*cks and Cr*cks.
It's called Google Dorks. We can use Google dork to find vulnerabilities, hidden information and access pages on certain websites. Sounds cool? Let's turn up....
HOW TO SEARCH?
> For personal data and confidential documents, Search:
filetype:xls inurl:"email.xls" This shows many email.xls files, potentially containing contact information.
buddylist.blt This shows many AIM contacts list.
filetype:ctt "msn" This shows MSN contacts list.
intitle:"lndex Of" -inurl:maillog maillog size This shows maillog files, potentially containing e-mail
For locating various Web servers Search:
"Apache/ 1.3.28 Server at" intitle:index.of for Apache 1.3.28
"Microsoft-llS/6.O Server at" intitle:index.of For Microsoft Internet Information Services 6.0
"Red Hat Secure/ *" intitle:index.of For any version of the Red Hat Secure serve
"Netscape/ * Server at" intitle:index.of For any version of Netscape Server
"IBM _ HTTP _ Server/ * * Server at" intitle:index.of For any version of IBM HTTP Server
Google queries for locating passwords Search:
inurl:admin inurl:backup intitle:index.of Shows directories whose names contain the words admin and backup.
intitle:"lndex of" pwd.db pwd.db Shows results with files, potentially containing user names and passwords.
filetype:conf slapd.conf Shows configuration files for OpenLDAP
filetype:mdb inurl:users.mdb Shows Microsoft Access files, potentially containing user account information.
> For locating network device like cctv, Printers, Search:
inurl:"printer/main.html" intext:"settings" Shows many Brother HL printers.
intitle:"EvoCam" inurl:"webcam.html" Shows live Evocam webcams of various locations.
allintitle:Brains, Corp. camera Shows webcams accessible via mmEye
intitle:"active webcam page" Shows USB webcams
inurl:hp/device/this.LCDispatcher Shows HP printers.
> For database error hacks, Search:
"A syntax error has occurred" filetype:ihtml It shows many vulnerable websites with this error.
"Access denied for user" "Using password" This is Authorization errors potentially contains user names, function names, file structure information and pieces of SQL code.
IT'S NOT THE END.
It's just a sample of few searches by which you can get a lot of details.
In H*cking, it is used for finding vulnerabilities.
In Cr*cking, it is used to find informatiot of an individual.
Soon we will come up with more such information gathering techniques.