Ethical Hacking | Footprinting

Footprinting - Google Hacking

Google Hacking

Google hacking involves using advance operators in the Google search engine to locate specific strings of text within search results.

Allintitle

allintitle:Brains, Corp. camera

allintitle:"index of/admin"

allintitle:"index of/root"

allintitle:restricted filetype:doc site:gov

allintitle:restricted filetype :mail

allintitle:sensitive filetype:doc

allinurl:/bash_history

allinurl:winnt/system32/ (get cmd.exe)

ext:ini eudora.ini

ext:pwd inurl:(service|authors|administrators |users) "# -FrontPage-"

Filetype

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

filetype:conf slapd.conf

filetype:ctt "msn"

filetype:mdb inurl:users.mdb

filetype:QDF QDF

filetype:pdf "Host Vulnerability Summary Report" "Assessment Report"

filetype:sql ("passwd values ****" | "password values ****" | "pass values ****" )

filetype:xls inurl:"email.xls"

filetype:user eggdrop user

Index

"Index of /admin"

"Index of /" +.htaccess

"Index of /mail"

"Index of /" "Parent Directory" "WS_FTP.ini" filetype:ini

"Index of /" +passwd

"Index of /password"

"Index of /" +password.txt

Intitle

intext:"BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board"

intext:centreware inurl:status

intext:"MOBOTIX M1"

intext:"MOBOTIX M10"

intext:"Open Menu"

intext:"powered by Web Wiz Journal"

intext:"Tobias Oetiker" "traffic analysis"

intitle:index.of "Apache/1.3.28 Server at"

intitle:index.of "Apache/2.0 Server at"

intitle:index.of "Apache/* Server at"

intitle:index.of "HP Apache-based Web Server/*"

intitle:index.of "IBM _ HTTP _ Server/* * Server at"

intitle:index.of "Microsoft-IIS/4.0 Server at"

intitle:index.of "Microsoft-IIS/5.0 Server at"

intitle:index.of "Microsoft-IIS/6.0 Server at"

intitle:index.of "Microsoft-IIS/* Server at"

intitle:index.of "Netscape/* Server at"

intitle:index.of "Oracle HTTP Server/* Server at"

intitle:index.of "Red Hat Secure/*"

intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)

intitle:"Welcome to IIS 4.0!"

intitle:"Welcome to Windows 2000 Internet Services"

intitle:"Welcome to Windows XP Server Internet Services"

intitle:"Welcome to Your New Home Page!"

intitle:"Test Page for Apache Installation" "It worked!" "this Web site!"

intitle:"Test Page for Apache Installation" "Seeing this instead"

intitle:"Test Page for Apache Installation" "You are free"

intitle:"Test Page for the Apache Http Server on Fedora Core"

intitle:"Test Page for the Apache Web Server on RedHat Linux"

intitle:"Test Page for the SSL/TLS-aware Apache Installation" "Hey, it worked!"

intitle:"index of" .bash_history

intitle:"index of" etc/shadow

intitle:"index.of" finances.xls

intitle:"index of" htpasswd

intitle:"Index Of" inurl:maillog

intitle:"index of" master.passwd

intitle:"index of" members OR accounts

intitle:"index.of" mystuff.xml

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"Index of" pwd.db

intitle:"Index of" .sh_history

intitle:"index of" spwd

intitle:"index.of" trillian.ini

intitle:"index of" user_carts OR user_cart

intitle:"active webcam page"

intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"

intitle:"curriculum vitae" "phone * * *" "address *"

intitle:"Dell Laser Printer" ews

intitle:"EvoCam" inurl:"webcam.html"

intitle:liveapplet inurl:LvAppl

intitle:"Multimon UPS status page"

intitle:"my webcamXP server!" inurl:":8080"

intitle:"statistics of" "advanced web statistics"

intitle:"System Statistics" +"System and Network Information Center"

intitle:"Terminal Services Web Connection"

intitle:"Usage Statistics for" "Generated by Webalizer"

intitle:"VNC Desktop" inurl:5800

intitle:"Web Server Statistics for ****"

Inurl

inurl:admin filetype:db

inurl:admin inurl:backup intitle:index.of

inurl:"auth_user_file.txt"

inurl:"/axs/ax-admin.pl" -script

inurl:"/cricket/grapher.cgi"

inurl:hp/device/this.LCDispatcher

inurl:iisadmin

inurl:indexFrame.shtml Axis

inurl:"main.php" "phpMyAdmin" "running on"

inurl:passwd filetype:txt

inurl:"printer/main.html" intext:"settings"

inurl:server-info "Apache Server Information"

inurl:"ViewerFrame?Mode="

inurl:"wvdial.conf" intext:"password"

inurl:"wwwroot/*."

site:gov confidential

site:mil confidential

site:mil "top secret"

"Copyright (c) Tektronix, Inc." "printer status"

"Host Vulnerability Summary Report"

"http://*:*@www"

"Network Vulnerability Assessment Report"

"not for distribution"

"Output produced by SysWatch *"

"These statistics were produced by getstats"

"This file was generated by Nessus"

"This report was generated by WebLog"

"This summary was generated by wwwstat"

"Generated by phpSystem"

"Host Vulnerability Summary Report"

"my webcamXP server!"

sample/LvAppl/

"TOSHIBA Network Camera - User Login"

/home/homeJ.html

/ViewerFrame?Mode=Motion

Other Googlehacking Searches

This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitive information. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23mysql+dump%22+filetype%3Asql&btnG=Search

These log files record info about the SSH client PUTTY. These files contain usernames, site names, IP addresses, ports and various other information about the SSH server connected to. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+username+putty

These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3A%22password.log%22

This file contains port number, version number and path info to MySQL server. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22index+of%22+mysql.conf+OR+mysql_config

This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site. The usernames and passwords for this type of login mechanism are often stored in plaintext inside the source of the .swl file. http://www.google.com/search?hl=en&lr=&q=inurl%3Alogin+filetype%3Aswf+swf

These are oulook express email files which contain emails, with full headers. The information in these emails can be useful for information gathering about a target. http://www.google.com/search?hl=en&lr=&q=filetype%3Aeml+eml+%2 Bintext%3A%22Subject%22+%2 Bintext%3A%22From%22+%2 Bintext%3A%22To%22

This google search reveals users names, pop3 passwords, email addresses, servers connected to and more. The IP addresses of the users can also be revealed in some cases. http://www.google.com/search?num=100&hl= en&lr=&q=filetype%3 Areg+reg+%2Bintext%3A%22internet+account+manager

Footprinting Links

There is plenty of additional information on the Internet to help you learn more about ethical hacking and penetration testing. Some sites to review include:

Google Hacking Database

A search that finds password hashes

Nessus Reports from Google

More Passwords from Google

Google Hacks Volume III by Halla

G-Zapper Blocks the Google Cookie to Search Anonymously

SiteDigger 2.0 searches Google’s cache to look for vulnerabilities

BeTheBot - View Pages as the Googlebot Sees Them

An experts-exchange page to demonstrate the Googlebot

HTTP Header Viewer

Masquerading Your Browser

User Agent Switcher :: Firefox Add-ons