Google Cracks ?

August 13th, 2007 by elise Leave a reply »

Stumbled upon Google Hacks yesterday. Some are fun, some are useful and some stray into script kiddie territory. Anyway, here’s a rundown.

Fun:
inurl “viewerframe?mode=refresh”: should allow you to check insecure networked webcams. Doesn’t seem to work anymore – probably Google caught on and somehow filters that search.

Interesting:
“intitle:index of” : searching web content for files you want to have, for instance “intitle:index of” killers mp3

Mh, err:
“robots.txt” “disallow:” filetype:txt : find a listing of the text files for which it was explicitely specified not to be listed by search engines. The example given is the white house.
intitle:index of ws_ftp ini : hm. Allows you to pick up some config files from ws_ftp, which seems to have some weaknesses.
intitle:”index of” passwd passwd.bak : the guy goes wrong there, because i haven’t seen a whole lot of plaintext passwords lying around – usually it’s the ‘x’ that goes for password is hashed in shadow file . Fortunately.
inurl:_vti_pvt “service.pwd” : hack sites made with Frontpage. Apparently the pass is encrypted with DES, not that safe.
“vnc desktop” inurl: : you probably get the picture. The password is apparently easy to crack, too.
intext:”UAA (MSB)” Lexmark -ext:pdf or inurl:”port_255″ -htm : web interface of some networked printers are freely available. Room for practical jokes or a little bit of spying.
intitle:”index of” cookies.txt : cookie files lying about. You still need to crack the hashes or to be into exploiting other people’s sessions. What you certainly can see is what people are into (XXX for instance).
intitle “usage statistics for” “generated by webalizer” : lets you see webalizer pages from slightly underprotected servers. Like traffic over time.
intitle:phpMyAdmin “Welcome to phpMyAdmin ***” “running on * as root@*” : yes, for some it actually works.

Well, there’s a dark side to every technology : a powerful search engine can pick holes in your security, especially if there isn’t any. You think you’re safe, protected by the sheer mass of information, but no longer.

Still, it’s interesting to know about commands like intitle, intext, inurl.

Posted in search engine, security

You can follow any responses to this entry through the RSS 2.0 Feed. You can leave a response , or trackback from your own site.

Advertisement

7 comments

Add your comment
  1. elias says:
    August 22, 2007 at 12:18 am

    you suck your just jelous

  2. elias says:
    August 22, 2007 at 12:19 am

    you know why else you suck cause nobody left a comment cause nobody cares about your stupid website you pease of shit

  3. Elise says:
    August 22, 2007 at 9:17 am

    And you seem to be a nice, articulate and intelligent guy who can spell, too.
    what’s your problem with my post, exactly ?

  4. salaz says:
    November 21, 2008 at 8:15 pm

    thank you Elise..ur articles are very helpfull…juz ignore those trash

  5. elise says:
    November 21, 2008 at 8:22 pm

    thx salaz :-)

  6. Aubrey says:
    February 27, 2010 at 1:23 am

    Nice work Elise..and yeah “juz ignore those trash” :D

  7. Jordan OL' School says:
    November 5, 2010 at 10:44 am

    Thanks for sharing your great website with us. i am really love it. Welcome to visit our website at anytime too.

Leave a Reply


Warning: require_once(/home/elise/www/wp-content/plugins/sk2_core_class.php) [function.require-once]: failed to open stream: No such file or directory in /home/elise/www/wp-content/plugins/spam_karma_2_plugin.php on line 1000

Fatal error: require_once() [function.require]: Failed opening required '/home/elise/www/wp-content/plugins/sk2_core_class.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/elise/www/wp-content/plugins/spam_karma_2_plugin.php on line 1000