Google is a treasure trove full of important information, especially for the underground world. This Potential fact can also be utilized in the data for the username and password stored on a server.
If the administrator save important data not in the complete system authentifikasi folder, then most likely be reached by the google search engine.
 If data is successfully steal in by the unauthorized person, then the will be in misuse.
Here, some google search syntax to crawl the password:

 1. “Login: *” “password =*” filetype: xls (searching data command to the system files that are stored in Microsoft Excel) 

2. allinurl: auth_user_file.txt (to find files auth_user_file.txt containing password on server). 

3. filetype: xls inurl: “password.xls” (looking for username and password in ms excel format). This command can change with admin.xls) 

4. intitle: login password (get link to the login page with the login words on the title and password words anywhere. If you want to the query index more pages, type allintitle)

5. intitle: “Index of” master.passwd (index the master password page)

6. index of / backup (will search the index backup file on server) 

7. intitle: index.of people.lst (will find web pages that contain user list). 

8. intitle: index.of passwd.bak ( will search the index backup password files)
9. intitle: “Index of” pwd.db (searching database password files). 

10. intitle: “Index of .. etc” passwd (this command will index the password sequence page). 

11. index.of passlist.txt (will load the page containing password list in the clear text format). 

12. index.of.secret (google will bring on the page contains confidential document). This syntax also changed with government query site: gov to search for government secret files, including password data) or use syntax: index.of.private 

13. filetype: xls username password email (will find spreadsheets filese containing a list of username and password). 

14. “# PhpMyAdmin MySQL-Dump” filetype: txt (will index the page containing sensitive data administration that build with php) 

15. inurl: ipsec.secrets-history-bugs (contains confidential data that have only by the super user). or order with inurl: ipsec.secrets “holds shared secrets” 

16. inurl: ipsec.conf-intitle: manpage (useful to find files containing important data for hacking) 

17. inurl: “wvdial.conf” intext: “password” (display the dialup connection that contain phone number, username and password) 

18. inurl: “user.xls” intext: “password” (showing url that save username and passwords in spread sheet files)

 19. filetype: ldb admin (web server will look for the store password in a database that dos not delete by googledork) 

20.inurl: search / admin.php (will look for php web page for admin login). If you are lucky, you will find admin configuration page to create a new user. 

21. inurl: password.log filetype:log (this keyword is to search for log files in a specific url) 

22. filetype: reg HKEY_CURRENT_USER username (this keyword used to look for reg files (registyry) to the path HCU (Hkey_Current_User))

1 Comment
  1. Reply
    nipasarker May 9, 2013 at 4:10 pm

    Stories that can be read in a short time for ages 5-12.
    Each story contains a moral in a fun and non judgmental way.
    Short 10 Minute Stories

Leave a reply