Google Search Engine Optimisation-Part 2

Google is a double edge sword and you can use it either ways. if you choose to be a bad person then Google will be very useful to you , it can sometimes be a hackers best friend. You will be surprise on the amount of restricted info available and open via Google, by using the appropriate search strings one can have a lot of restricted access due to carelessness of system administrators. One thing to keep in mind is that people have been exploiting the Google algorithm lately, a lot of false positives get brought back and you end up with sites linking to other sites in a constant loop.

Try some of this stuffs

In the search box put in exactly as you see it in bold

Example 1:

allintitle: “index of/root”

result:

http://www.google.com/search?hl=en&ie=ISO-…G=Google+Search

What it reveals is 2,510 pages that you can possible browse at your will…

Example 2

inurl:”auth_user_file.txt”

http://www.google.com/search?num=100&hl=en…G=Google+Search

This result spawned 414 possible files to access

Here is an actual file retrieved from a site and edited , we know who the admin is and we have the hashes, that’s a job for JTR (john the ripper)

txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on

intitle:index.of + mp3 -asp -html -htm -php -pls -txt

In the above example, when entered into Google this search result looks for any index of MP3 files that does not contain the standard web pages like HTML, PHP, etc. or any other non-related pages. In the above example you can replace mp3 with avi or other file extension to search for these types of files.

intitle:index.of + mp3 “<artist name / track / group>” -asp -html -htm -php -pls -txt

In the above example you could replace “<artist name / track / group>” with the artists name, track, group, or name of the MP3 you’re looking for. Keep in mind when downloading MP3 that you should own the track or song you’re downloading otherwise it’s considered illegal.

inurl:”ViewerFrame?Mode=”

In the above simple example, Google will return results of insecure live web cams and with some of the services even allow you to control the cameras over the Internet.

Below are some other stringe and you can have many different permutations.

“Index of /admin”

“Index of /password”

“Index of /mail”

“Index of /” +passwd

“Index of /” +password.txt

“Index of /” +.htaccess

index of ftp +.mdb allinurl:/cgi-bin/ +mailto

administrators.pwd.index

authors.pwd.index

service.pwd.index

filetype:config web

gobal.asax index

allintitle: “index of/admin”

allintitle: “index of/root”

allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov

inurl:passwd filetype:txt

inurl:admin filetype:db

inurl:iisadmin

inurl:”auth_user_file.txt”

inurl:”wwwroot/*.”

top secret site:mil

confidential site:mil

allinurl: winnt/system32/ (get cmd.exe)

allinurl:/bash_history

intitle:”Index of” .sh_history

intitle:”Index of” .bash_history

intitle:”index of” passwd

intitle:”index of” people.lst

intitle:”index of” pwd.db

intitle:”index of” etc/shadow

intitle:”index of” spwd

intitle:”index of” master.passwd

intitle:”index of” htpasswd

intitle:”index of” members OR accounts

intitle:”index of” user_carts OR user_cart

There are codes I chose not to disclose for fear of abuse, and you would be wondering why I am exposing some of these codes. The bad guys already know of these codes centuries ago, it is the good guys and innocent users that don’t know them.

The important part here is not to show how to attack something, but to show how attackers take advantage of your mistakes. This will enable you to protect your network by avoiding the pitfalls attackers use. Let me make one thing absolutely clear: I neither condone nor will I ever aid or defend those who attack networks or systems they do not own or that they have not been asked to attack.

One of the greatest challenges the security community faces is lack of information on the enemy. Questions like who is the threat, why do they attack, how do they attack, what are their tools, and possibly when will they attack? It is questions like these the security community often cannot answer.

For centuries military organizations have focused on information gathering to understand and protect against an enemy. To defend against a threat, you have to first know about it. However, in the information security world we have little such information.

Our lives is about securing networks, not distributing tools to break them. In addition, to stop a criminal hacker requires the ability to think like a criminal. After all, the objective is to demonstrate what an attacker would do.

Most of us have been taught from a very early age to be good law-abiding people and are simply not good at thinking up very plausible and innovative criminal schemes.

I hold no responsibility for what you do via the information supplied here, this is for educational purpose only, use at your own risk. You have been warned.