EntertainmentExploit Google's Search Power
Sat, Jun 29 2007
The internet is a network to which hundreds of thousands, if not millions of web servers are connected and in theory, all data can be reached, unless properly protected. Both software designers and end users should pay more attention to default installation security configuration and security policy. In the end, there are always going to be people who make mistakes, use default installs, use poorly secured software or just don't care or still believe there's no danger in putting this kind of data online. And in the end there's also always going to be curious people who love to find that interesting information they have been hoping for. Google can help you considerably, in locating this kind of information and it's easy and fun.
In the last few years a number of news articles appeared that warned of the fact that hackers (or crackers if you will) make use of the Google search engine to gain access to files they shouldn't be allowed to see or have access to. This knowledge is nothing new to some people but personally I have always wondered how exactly a thing like this works.
For example, typing the phrase "Select a database to view" -- a common phrase in the FileMaker Pro database interface -- into Google recently yielded about 200 links, almost all of which led to FileMaker databases accessible online.
Another such posting on a security newsgroup claimed that searching using the string 'Index of / +banques +filetype:xls' eventually turned up sensitive Excel spreadsheets from French banks. The same technique could also be used to find password files.
The above mentioned search options might or might not be known to you, but even though they can amount to some interesting results, it's a fact that when you start combining them, that's when Google's magic starts to show. For example, one could try this search string:
inurl:nasa.gov filetype:xls "restricted" or this one: site:mil filetype:xls "password" or maybe
site:mil "index of" admin
The theory behind this is actually quite simple. Either you think of certain data you would like to acquire and try and imagine in what files this kind of data could be stored and you search for these files directly or you take the more interesting approach and you try to think of a certain software that allows you to perform certain tasks or to access certain things and you search for critical files of this software.
The most important thing is to have a clear goal, to know what it is you want to find. Then search for these specific files or trademarks that these files have.
Tips for powerful google search optionsGoogle allows you to search for specific file types, so instead of getting html-files as a result (websites) you get Microsoft excel files for example. The search string you would use would be this:
Filetype:xls (for excel files) or filetype:doc for word files.
But maybe more interesting would be searching for *.db files and *.mdb files. Google by the way doesn't tell you you can search for *.db and *mdb files. I wonder what other file types one can search for. Things that come to mind are *.cfg files or *.pwd files, *.dat files, stuff like that. Try and think of something that might get you some interesting results.
Extra tipsRemember English is the most used language online, but it's not the only one. Try and search for words or strings that are specific to your language or French or German, etc. For example "beheer" is a Dutch word for "administration" or "privat" is German for "private".
Search for files like " config.inc.php" or "mysql.cfg" that could contain mySQL password and username combinations. Try to think of good search strings using words like PHP, SQL, mySQl, etc.
P.S. When you hack trough google, make sure you use the Black version and save some energy for the world 
Sorry: you have already voted!
Related Articles:
| Black Google Saves Energy | Skype founders are launching net TV | Save the Internet | Who invented the Popcorn Machine? | Clean up your bad web reputation