1. "Login: *" "password =*" filetype:xls (searching data command to the system files that are stored inMicrosoft Excel)
2. allinurl: auth_user_file.txt (to find files auth_user_file.txtcontaining password on server).
3. filetype: xls inurl: "password.xls" (looking for usernameand password in ms excel format). This command can change with admin.xls)
4. intitle: login password (get link to the login page with the loginwords on the title and password words anywhere. If you want to the query indexmore pages, type allintitle)
5. intitle: "Index of" master.passwd (index the masterpassword page)
6. index of / backup (will search the index backup file on server)
7. intitle: index.of people.lst (will find web pages that contain userlist).
8. intitle: index.of passwd.bak ( will search the index backup passwordfiles)
9. intitle: "Index of" pwd.db (searching database passwordfiles).
10. intitle: "Index of .. etc" passwd (this command will indexthe password sequence page).
2. allinurl: auth_user_file.txt (to find files auth_user_file.txtcontaining password on server).
3. filetype: xls inurl: "password.xls" (looking for usernameand password in ms excel format). This command can change with admin.xls)
4. intitle: login password (get link to the login page with the loginwords on the title and password words anywhere. If you want to the query indexmore pages, type allintitle)
5. intitle: "Index of" master.passwd (index the masterpassword page)
6. index of / backup (will search the index backup file on server)
7. intitle: index.of people.lst (will find web pages that contain userlist).
8. intitle: index.of passwd.bak ( will search the index backup passwordfiles)
9. intitle: "Index of" pwd.db (searching database passwordfiles).
10. intitle: "Index of .. etc" passwd (this command will indexthe password sequence page).
11. index.of passlist.txt (will load the page containing password listin the clear text format).
12. index.of.secret (google will bring on the page contains confidentialdocument). This syntax also changed with government query site: gov to searchfor government secret files, including password data) or use syntax:index.of.private
13. filetype: xls username password email (will find spreadsheets filesecontaining a list of username and password).
14. "# PhpMyAdmin MySQL-Dump" filetype: txt (will index thepage containing sensitive data administration that build with php)
15. inurl: ipsec.secrets-history-bugs (contains confidential data thathave only by the super user). or order with inurl: ipsec.secrets "holdsshared secrets"
16. inurl: ipsec.conf-intitle: manpage (useful to find files containingimportant data for hacking)
17. inurl: "wvdial.conf" intext: "password" (displaythe dialup connection that contain phone number, username and password)
18. inurl: "user.xls" intext: "password" (showingurl that save username and passwords in spread sheet files)
19. filetype: ldb admin (web server will look for the store password ina database that dos not delete by googledork)
20.inurl: search / admin.php (will look for php web page for adminlogin). If you are lucky, you will find admin configuration page to create anew user.
21. inurl: password.log filetype:log (this keyword is to search for logfiles in a specific url)
22. filetype: reg HKEY_CURRENT_USER username (this keyword used to lookfor reg files (registyry) to the path HCU (Hkey_Current_User))
In fact, there are many more commands that google can crawl in use in thepassword. One who has the ability google reveals in this case ishttp://johnny.ihackstuff.com. For that, visit the web to add insight about thegoogle ability.
Here, some of the other syntax google that we need to look for confidentialdata :
"Http://username: password @ www ..." filetype: bak inurl:"htaccess | passwd | shadow | ht users"
(this command is to take the user names and passwords for backup files)
filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdbfiles (this command is to take the password information)
filetype:ini ws_ftp pwd (searching admin password with ws_ftp.ini file)
intitle: "Index of" pwd.db (searching the encrypted usernamesand passwords)
inurl:admin inurl:backup intitle:index.of (searching directories whosenames contain the words admin and backup)
“Index of/” “Parent Directory” “WS _ FTP.ini” filetype:ini WS _ FTP PWD(WS_FTP configuration files is to take FTP server access passwords)
ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-”(there is Microsoft FrontPage passwords)
filetype: sql ( "passwd values ****" |" password values****" | "pass values ****") searching a SQL code andpasswords stored in the database)
intitle:index.of trillian.ini (configuration files for the Trillian IM)
eggdrop filetype:user (user configuration files for the Eggdrop ircbot)
filetype:conf slapd.conf (configuration files for OpenLDAP)
inurl:”wvdial.conf” intext:”password” (configuration files for WV Dial)
ext:ini eudora.ini (configuration files for the Eudora mail client)
filetype: mdb inurl: users.mdb (potentially to take user accountinformation with Microsoft Access files)
intext:”powered by Web Wiz Journal” (websites using Web Wiz Journal,which in its standard configuration allows access to the passwords file – justenter http:///journal/journal.mdb instead of the default http:///journal/)
“Powered by DUclassified” -site:duware.com "Powered byDUclassified"-site: duware.com
“Powered by DUcalendar” -site:duware.com "Powered byDUcalendar"-site: duware.com
“Powered by DUdirectory” -site:duware.com "Powered byDUdirectory"-site: duware.com
“Powered by DUclassmate” -site:duware.com "Powered byDUclassmate"-site: duware.com
“Powered by DUdownload” -site:duware.com "Powered byDUdownload"-site: duware.com
“Powered by DUpaypal” -site:duware.com "Powered by DUpaypal"-site:duware.com
“Powered by DUforum” -site:duware.com "Powered by DUforum"-site:duware.com
intitle:dupics inurl:(add.asp | default.asp |view.asp | voting.asp)-site:duware.com (websites that use DUclassified, DUcalendar, DUdirectory,DUclassmate, DUdownload, DUpaypal, DUforum or DUpics applications, by defaultallows us to retrieve passwords file)
To DUclassified, just visit http:///duClassified/ _private / duclassified.mdb
or http:///duClassified/ or http:///duClassified/
intext: "BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board"(Bitboard2 use the website bulletin board, the default settings make itpossible to retrieve the passwords files to be obtained with the wayshttp:///forum/admin/data _ passwd.dat
or http:///forum/forum.php) or http:///forum/forum.php)
Searching for specific documents :
filetype: xls inurl: "email.xls" (potentially to take theinformation contact)
“phone * * *” “address *” “e-mail” intitle:”curriculum vitae”
CVs "not for distribution" (confidential documents containing theconfidential clause
buddylist.blt)
AIM contacts list AIM contacts list
intitle:index.of mystuff.xml intitle: index.of mystuff.xml
Trillian IM contacts list Trillian IM contacts list
filetype:ctt “msn” filetype: Note "msn"
MSN contacts list MSN contacts list
filetype:QDF (QDF database files for the Quicken financial application)
intitle: index.of finances.xls (finances.xls files, potentially to takeinformation on bank accounts, financial Summaries and credit card numbers)
intitle: "Index Of"-inurl: maillog (potentially to retrievee-mail account)
No comments:
Post a Comment