Download Google Hacking PDF

TitleGoogle Hacking
TagsWeb Server Php World Wide Web Technology Software Engineering
File Size1015.8 KB
Total Pages63
Document Text Contents
Page 31

31 | P a g e


# 31 Google Search: filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS

This search reveals SSH host key fro the Windows Registry. These files contain information about where the
user connects including hostnames and port numbers, and shows sensitive information such as the SSH host
key in use by that client.

# 32 Google Search: inurl:vtund.conf intext:pass -cvs

Theses are vtund configuration files (http://vtun.sourceforge.net). Vtund is an encrypted tunneling program. The
conf file holds plaintext passwords. Many sites use the default password, but some do not. Regardless,
attackers can use this information to gather information about a site.

# 33 Google Search: filetype:url +inurl:”ftp://” +inurl:”@”

These are FTP Bookmarks, some of which contain plaintext login names and passwords.

# 34 Google Search: filetype:log inurl:”password.log”

These files contain cleartext usernames and passwords, as well as the sites associated with those credentials.
Attackers can use this information to log on to that site as that user.

# 35 Google Search: filetype:dat “password.dat”

This file contains plaintext usernames and password. Deadly information in the hands of an attacker.

# 36 Google Search: filetype:conf slapd.conf

slapd.conf is the file that contains all the configuration for OpenLDAP, including the root password, all in clear
text. Other useful information that can be gleaned from this file includes full paths of other related installed
applications, the r/w/e permissions for various files, and a bunch of other stuff.

# 37 Google Search: filetype:pem intext:private

This search will find private key files… Private key files are supposed to be, well… private.

# 38 Google Search: inurl:”wvdial.conf” intext:”password”

The wvdial.conf is used for dialup connections.it contains phone numbers, usernames and passwords in
cleartext.

# 39 Google Search: filetype:inc dbconn

This file contains the username and password the website uses to connect to the db. Lots of these Google
results don’t take you straight to ‘dbconn.inc’, instead they show you an error message — that shows you
exactly where to find dbconn.inc!!

# 40 Google Search: inurl:”slapd.conf” intext:”credentials” -manpage -”Manual Page” -man: -sample

slapd.conf is the configuration file for slapd, the opensource LDAP deamon. The key “credentinals” contains
passwords in cleartext.

# 41 Google Search: inurl:”slapd.conf” intext:”rootpw” -manpage -”Manual Page” -man: -sample

Page 32

32 | P a g e


slapd.conf is the configuration file for slapd, the opensource LDAP deamon. You can view a cleartext or crypted
password for the “rootdn”.

# 42 Google Search: filetype:ini ws_ftp pwd

The encryption method used in WS_FTP is _extremely_ weak. These files can be found with the “index of”
keyword or by searching directly for the PWD= value inside the configuration file.

# 43 Google Search: filetype:netrc password

The .netrc file is used for automatic login to servers. The passwords are stored in cleartext.

# 44 Google Search: signin filetype:url

Javascript for user validation is a bad idea as it shows cleartext user/pass combos. There is one googledork
who forgot that.

# 45 Google Search: filetype:dat wand.dat

The world-famous web-browser Opera has the ability to save the password for you, and it call the system
“Magic Wand”. When on a site, you can save the username and password to the magic wand, then on the site
again, click the magic wand icon and it will fill it out automaticly for you. What a joy! Opera saves this file on
you’r computer, it is located (on winXP) here: D:\Documents and
Settings\Peefy\Programdata\Opera\Opera75\profile\wand.dat for me offcourse, change it so its suitable for
you..But, if you don’t have a descrambler or whatever, the passwords arent cleartext, but you have to put the
wand file in the location specified above, then open opera, click tools, Wand Passwords, then see the URL’s
saved, then go to theese URL’s and click the wand button.

# 46 Google Search: filetype:ldb admin

According to filext.com, the ldb file is “A lock file is used to keep muti-user databases from being changed in the
same place by two people at the same time resulting in data corruption.” These Access lock files contain the
username of the last user and they ALWAYS have the same filename and location as the database. Attackers
can substitute mdb for ldb and dowload the database file.

# 47 Google Search: filetype:cfg mrtg “target[*]” -sample -cvs -example

Mrtg.cfg is the configuration file for polling SNMP enabled devices. The community string (often ‘public’) is
found in the line starting with target:#Target[test]:
1.3.6.1.4.1.2021.10.1.5.1&1.3.6.1.4.1.2021.10.1.5.2:[email protected] not all targets are SNMP
devices. Users can monitor CPU info for example.

# 48 Google Search: filetype:sql +”IDENTIFIED BY” -cvs

Database maintenance is often automated by use of .sql files wich may contain many lines of batched SQL
commands. These files are often used to create databases and set or alter permissions. The passwords used
can be either encrypted or even plaintext.An attacker can use these files to acquire database permissions that
normally would not be given to the masses.

# 49 Google Search: filetype:sql password

Database maintenance is often automated by use of .sql files that contain many lines of batched SQL
commands. These files are often used to create databases and set or alter permissions. The passwords used

Page 62

62 | P a g e


# 8 Google Search: “seeing this instead” intitle:”test page for apache”

This is the default web page for Apache 1.3.11 – 1.3.26. Hackers can use this information to determine the
version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web
server is not well maintained.

# 9 Google Search: intitle:”Test Page for Apache” “It Worked!”

This is the default web page for Apache 1.2.6 – 1.3.9. Hackers can use this information to determine the
version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web
server is not well maintained.

# 10 Google Search: intitle:”Test Page for Apache” “It Worked!” “on this web”

This is the default web page for Apache 1.2.6 – 1.3.9. Hackers can use this information to determine the
version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web
server is not well maintained.

# 11 Google Search: allintitle:Netscape FastTrack Server Home Page

This finds default installations of Netscape Fasttrack Server. In many cases, default installations can be
insecure especially considering that the administrator hasn’t gotten past the first few installation steps.

# 12 Google Search: intitle:”Test Page for Apache”

This is the default web page for Apache 1.2.6 – 1.3.9. Hackers can use this information to determine the
version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web
server is not well maintained.

# 13 Google Search: intitle:Snap.Server inurl:Func=

This page reveals the existance of a SNAP server (Netowrk attached server or NAS devices) Depending on the
configuration, these servers may be vulnerable, but regardless the existance of this server is useful for
information gathering.

# 14 Google Search: intitle:”300 multiple choices”

This search shows sites that have the 300 error code, but also reveal a server tag at the bottom of the page
that an attacker could use to profile a system.

# 15 Google Search: inurl:domcfg.nsf

This will return a listing of servers running Lotus Domino. These servers by default have very descriptive error
messages which can be used to obtain path and OS information. In addition, adding “Login Form Mapping” to
the search will allow you to see detailed information about a few of the servers that have this option enabled.

# 16 Google Search: allinurl:”.nsconfig” -sample -howto -tutorial

Access to a Web server’s content, CGI scripts, and configuration files is controlled by entries in an access file.
On Apache and NCSA Web servers the file is .htaccess, on Netscape servers it is .nsconfig.These files
associate users, groups, and IP addresses with various levels of permissions: GET (read), POST (execute),
PUT (write), and DELETE. For example, a FrontPage author would have permission to use HTTP POST

Similer Documents