Text: google fun and "fundamental flaws
Author: Caffeine Overlord
================================================== ========
section 1: tools
================================================== ========
#1: calculator, google added this tool fairly rescently
example 9*.09
LINK=
http://www.google.com/search?source...F-8&q=9%2A%2E09
or
http://www.google.com/search?source...+in+tablespoons
and even
http://www.google.com/search?hl=en&...arth+% 5E+2%29
#2: language tool translates/domains for other countrys
http://www.google.com/language_tools
#3: The powerful google API, create your own key today and start making your own advanced search options using googles extremely powerful API
http://www.google.com/apis/
#4: google cacheing, they cache listed sites so if the site is down try viewing the cache
example cache:hackers.com a nice tool to view old cached sites is
http://archive.org (thanks fish for the link)
#5:
http://www.buzztoolbox.com/google/
this site contains numerous different interesting tools defenitely check them out
#6:google viewer
a great tool that allows you to view a slide show that reloads next page in results every few seconds till you find what you want--
http://labs.google.com/gviewer.html
================================================== ========
Section 2: google services
================================================== ========
#1: froogle -->
http://froogle.google.com/
#2: answers-->
http://answers.google.com/answers/main
#3: catalogues-->
http://catalogs.google.com/
#4: groups-->
http://groups.google.com/
#5: images-->
http://images.google.com/
#6: labs-->
http://labs.google.com/
#7: news-->
http://news.google.com/
#8: specific search-->
http://www.google.com/options/specialsearches.html
#9: university search-->
http://www.google.com/options/universities.html
#10: wireless-->
http://www.google.com/options/wireless.html
================================================== ========
section 3: search options
================================================== ========
#1 advanced filetype search's
http://www.google.com/help/faq_filetypes.html
example: "filetype:pdf hacking" enter that into search and it will find all coresponding pdf files listed in the search hacking.
other file types of interest are:
Adobe Portable Document Format (pdf)
Adobe PostScript (ps)
Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
Lotus WordPro (lwp)
MacWrite (mw)
Microsoft Excel (xls)
Microsoft PowerPoint (ppt)
Microsoft Word (doc)
Microsoft Works (wks, wps, wdb)
Microsoft Write (wri)
Rich Text Format (rtf)
Text (ans, txt)
microsoft db (mdb)
database (db)
#2:listing specific sites
-------------------------
ie gov, edu etc... say you wanted to search military sites for specific pdf documents containing the words top secret, to do this we well mix a few different options to get the best results.
syntax: "site:mil top secret" this outputs this search:
http://www.google.com/search?source...Apdf+top+secret
#3:Synonym Search
------------------
Another powerful search option would be to use the ~ (tildy) symbol to search for synonyms of a word(for those of you whom never passed english a synonym is basicly just words that have the same meaning).
example: ~hacker
#4:similar pages
-----------------
once you have made a search and are viewing the results under each one there is a text link titled "similar pages" it will odviously take you to other like pages. "related:
www.hackers.com"
#5:stocks
----------
if you input a stock ticker google recognizes, just enter either NYSE, NASDAQ, AMEX, or the corresponding ticker symbols, or even the name of a corporation traded on one of the stock indices.
#6:street maps/phone numbers
--------------
to find a map to an adress simply enter the adress into the search bar
google's example: "165 University Ave Palo Alto CA" replace this with a name or a buisness to get a phone# at the very top of returned results will be link to mapquest. you can even enter two points and it will tell you how to get from point a to point b. google provides a full listing with an address, phone number and a link to a map. google will also do reverse lookups on numbers, just enter a number and search.
#7:linked sites
---------------
if your interesting in finding out who has linked to your site this comes in handy
example: this search "link:hackers.com" will output sites linked to hackers.com.
#8:recipe search
----------------
to search google for recipes use this search "recipe: chicken" that searches google for chicken recipes.
#9:extra operators:
-------------------
there are numerous operators view them here:
http://www.google.com/help/refinesearch.html
10#:Search All the Sites on a Subject
-------------------------------------
"allinURL:hackers" this would find all the sites with hackers in there url
================================================== ========
section 4: cool google tricks
================================================== ========
#1:Google Zeitgeist - Search patterns, trends, and surprises according to Google
http://www.google.com/press/zeitgeist.html
#2:search google like th 31337 do
http://www.google.com/intl/xx-hacker/
#3:
================================================== ===
section 5: google hacking fundamental flaws in google's indexing ================================================== ===
rescently i came across an article that gave some interesting examples of what you can do with google here are some examples:
#1: i mentioned earlier that google allows you to search for certain filetypes this can be quite beneficial. an example might be db files or cfg files. mix those with interesting words like passwords, pwd, account, userid, uid, login, secret, top secret, private, etc.. you get the idea.
example: "inurl:FBI.gov filetype:xls "top secret" this would search for excel spread sheets containing the words top secret in the url fbi.gov, im sure you can understand why this type of search might benefit a blackhat but since were white hats, if we were to find something wede report it immediately *cough* try mixxing this basic query with some different options like "index of" or site:
example "site:theurl.com filetype:db "passwords" ---dont forget mdb
#2: using google it isnt hard to search for exploitable web services
example: an older phpbb v2.x.x that you know exploits exist for, google makes it easy as pie finding these sites. this goes for many different things like CMS tools like php nuke etc...
#3:"index of" can be a dangerous search query for dumb webmasters that forget to protect there dir/ structure via .htaccess or some other method.
example: "site:edu “index of” /admin" lol thats for all you disgruntled kids lol
#4: interesting files to look for: find tons here:
https://internetbankingaudits.com/l...erabilities.htm
here are some more great query's:
Footprinting:
1. "#mysql dump" filetype:sql <-this search will show you DB dumps from mySQL
2. "Host Vulnerability Summary Report" this will show you other peoples scans for vulnerabilities on there server.
3. "phpMyAdmin" "running on" inurl:"main.php" this should give more incentive for them to lock down there phpmyadmin panels.
4. "not for distribution" confidential <-- this one gets you a lot of different stuff, but thered a few gems in there.
5. "Request Details" "Control Tree" "Server Variables" <-- haha this one will get you a lot of great info, which will make auditing the target much easier.
6. "Running in Child mode" <--- this one is great if you want to target someone using the gnutell network.
7. "This report was generated by WebLog" <-- you have to love how much info weblog generates in its reports.
8. intitle:index.of cgiirc.config <-- as far as i know its a cgi based irc prog. this will give you everything from settings to passwords.
9. filetype:conf inurl:firewall -intitle:cvs <-- firewall config files
10. intitle:index.of finances.xls <--what makes people think of putting this stuff online? lol
11. intitle:"Index of" dbconvert.exe chats <-- icq chat logs
statistics:
12. intext:"Tobias Oetiker" "traffic analysis"
13. intitle:"Usage Statistics for" "Generated by Webalizer"
14. intitle:"statistics of" "advanced web statistics"
15. intitle:index.of ws_ftp.ini <-- ws ftp config file, has pass's etc..
16. inurl:ipsec.secrets "holds shared secrets" <-- its plain scary to see these not guarded.
17. inurl:main.php Welcome to phpMyAdmin <--another great
18. inurl:server-info "Apache Server Information" <-- gee let me think
19. site:edu admin grades <--- ROFL
20. "ORA-00921: unexpected end of SQL command" <--this error, gives you some great stuff like paths
ok lets get to the meat and potatoes again, lol
.:PASSWORDS:.
21. intitle:index.of trillian.ini
22. intitle:"Index of" pwd.db
23. intitle:index.of people.lst
24. intitle:index.of master.passwd
25. inurl:passlist.txt
26. intitle:"Index of" .mysql_history
27. intitle:"index of" intext:globals.inc
28. intitle:index.of administrators.pwd
29. intitle:Index.of etc shadow
30. intitle:index.of secring.pgp
31. inurl:config.php dbuname dbpass
32. inurl:perform filetype:ini
33. intitle:"index of" intext:connect.inc
34. intitle:"Index of" ".htpasswd" htpasswd.bak
35. intitle:"Index of" ".htpasswd" "htgroup" -intitle:"dist" -apache -htpasswd.c
36. filetype:htpasswd htpasswd
37. filetype:xls username password email
38. filetype:properties inurl:db intext:password
39. filetype:inc intext:mysql_connect
40. filetype:cfm "cfapplication name" password
41. intitle:index.of.etc
42. eggdrop filetype:user user
43. intitle:"Index of" config.php
44. allinurl:auth_user_file.txt
Other sensative data:
45. "Network Host Assessment Report" "Internet Scanner"
46. "SnortSnarf alert page"
47. "This file was generated by Nessus"
48. "This report lists" "identified by Internet Scanner"
49. filetype:pdf "Assessment Report" nessus
50. inurl:phpSysInfo/ "created by phpsysinfo"
51. "Welcome to phpMyAdmin" AND " Create new database"
52. inurl:index.of.password
53. inurl:backup intitle:index.of inurl:admin
54. intitle:"Index of" cfide
55. "Welcome to Intranet"
all of these can be used by simply copying them and pasting them into google.