Google Hacking Week : Grab juicy info with the right search query.

So we showed you how powerful a good Google search could be this week. Time to turn to the dark side and give you some examples of how hackers can use these skills to get to some pretty scary things. To create a dangerous situation where the wrong information can fall into the wrong hands, you need 2 ingredients. Somebody who is stupid enough to put it online, and somebody who is clever enough to find it. Below are some pretty creepy examples of how some Google dorks spill some information that was supposed to be private.

Some juicy searches.

Some people write down their domain registration information in a .doc file .. and then put it on the internet. Whoever can put two and two together .. can steal their domain.

• filetype:docx Domain Registrar $user $pass

How about finding product licence files for the Avast antivirus program ? Some of them are just up for grabs.

•  

  filetype:avastlic

How about we go searching for a randomly published list of phonenumbers.

• allinurl:phonenumbers filetype:xls

Search for random resume’s that candidates (or their employees) put online.

• inurl:Curriculum Vitae filetype:pdf

How about some “Confidential Salary” documents that people put online. (we stood in awe at the first hit )

• ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential

Or take a peek at people’s random downloaded hotmail emails. 

• inurl:getmsg.html intitle:hotmail

Its a little bit of history .. but how about a random netscape browser history file. (we giggled at THIS one)

• inurl:netscape.hst

And when combining this generic search query for root directories of certain FTP servers with a certain domain .. you can find out a lot. If you use it as listed below .. its just an interesting way to browse random file directories.

• intitle:”FTP root at”

Msn messenger does not exist anymore, but there are plenty of contact lists well stocked with juicy email addresses up for grabs.

• filetype:ctt “msn”

And the list goes on and on and on. Now, standing by themselves the Google searches above are quite harmless. They are too generic to do any harm and are only good for a chuckle. The dangerous part begins when these queries are targeted at a certain person, site our domain. Armed with ONLY their browser and an internet connection, the wrong people can find out all the right things they need to know to make you / your company / your website have a really bad day. Knowledge is power and it is also ambivalent. It can be used for good and for evil… So are you SURE that there is not digital flotsam with your username/passwords floating around on the internet ? Because once Google indexes it .. anybody with the right skills can find it.

Related Posts

• Google hacking week : Using Google to “Hack” stuff.
• Google Hacking Week : Find webcams, mediacenters and more with Inurl
• kw608 : Sniffing anyones Wifi with a Pineapple.
• Google Sync: your bookmarks everywhere.
• kw908 : Getting Things Done, the cross platform way.

Google hacking week : Using Google to “Hack” stuff.

This week it’s ‘Google hacking week’ on Knightwise.com where we are going to show you some fun and interesting things you can do with Google. We sometimes forget that Google’s main mission is to “index the information of the world” and this means that the Google “bots” (little search and index programs) constantly crawl the internet in their never ending quest to gather information and index it in the massive Google database.

The end result is that if you type stuff into Google’s search bar like ” My Little Pownie ” it will cross reference your search with its massive database and bring back some results you can click on. Although searches like these make up 99% of what Google needs to do all day long .. its only the tip of the iceberg of what Google can REALLY do.

If you play your cards right and ask Google the right questions you can find out a whole lot more. And sometimes you will even find stuff that was not meant to be found. You would be amazed at what people throw online (and forget about). Google quietly indexes it all and you have just one thing to do … ask the right questions.

This weeks articles have nothing to do with “Hacking Google” (good luck with that if you want to try) It’s more about realising the power of the biggest search engine in the world … and the blatant disregard for security that people can have when they put stuff online that was never supposed to be found. Stand by as we teach you some interesting Google Search ‘operators’ as they are called.

We are going to kick you off with a nice examples of how you can use a modified Google search string to find some interesting stuff. Later on in the week we will explain the different google “operators” and how you can combine them to find cool stuff.

Here is a very simple one to get you started : Copy and past the search query below into the google search box … and browse random peoples lives by peeking at their iPhone backups. This is not a hack. This is an indexation of information put online BY USERS, indexed by Google .. and found by you.

intitle:”index of” inurl:”iphone”

Related Posts

• Google Hacking Week : Grab juicy info with the right search query.
• Google Hacking Week : Find webcams, mediacenters and more with Inurl
• Google Hacking week : Plunder a site’s MP3’s, PDF’s and more.
• Talk to your tech : Tell Google Now what you really want !
• Use your smartphone as a portable scanner with Google Drive.