Darker Side Of Google!
Saturday | Labels: Google, Hacking | |Hacking is an art. Its a fascinating mind game unless you are harming someone. Its since long been an attractive field for computer lovers.
Simplest kind of attack to a webserver could be done in a very simple way. its so simple that u won't like to call it a hacking. but the result is all the same, u break into a remote web server and get the access to EVERYTHING. Its all at ur will!
GOOGLE! its a very deadly weapon if u know how to use it. Yeah man, i'm talking about that web search. It can reach everywhere n sees everything, If u can talk correctly with the engine it will show you the data that u won't believe.
ofcourse this method won't work for sites having high security, but those with lower can be easily exploited.
there are some specific commands in google meant to generate most appropriate result for the query. in this post i'll discuss some of these and how they can be exploited.
1. "Index of /" +password.txt (don't remove the quotes)---> root directory with plain text file containing passwords!
2. Index of /password ---> password folder
3. Index of /admin ---> administrator folder
4. Index of /mail --->displays folder with the archive of email communication
5. Index of / ---> displays root directory of the site
there are a hell of more, and u'll get a big list of sites where u have sensitive data ALL AT UR WILL! u can browse every data on site like any local folder on ur system.
all of these could be magnified with the use of additional
"allintitle:"
ex.- allintitle: "index of/root"
in search result u'll get a no of things some being important while other useless. try to read the URL of that result... suppose my search result showed a page with url
www.something.com/index/YR622545727HP432.pdf
if ur intelligent enough u can understand that this url don't points to ant specific directory of the website, it just has the word "index of /root" written somewhere on the page.
another url:-
abcdef.ghi.com/root
is pointing towars the root directory, so this is the one useful for us.!
SOME EXAMPLES:-
i tried googling with following keywords --->
allintitle: "index of/root" (with the quotes)
and the result was a enormous 404 sites waiting to be exploited.
again i tried my luck with the keyword---->
inurl:"auth_user_file.txt"
this time i got the list of some sites with very critical infos
in the result i got something like
txUKhXYi4xeFs|master|admin|ram|delhi|xxx@xxx|on
(ofcourse i've changed the data here [;)] )
here is the user name contact details, mail id, password, which is in hashes (a minor job to decript using software like "John The Ripper")
Reply for any kind of clarification, if needed.
and one more thing, try going to that site through "cached" option rather than directly clicking the link. it will get u there through googles cache memory(its kinda safe).
try using proxies while doing these kind of artistry works ... they will keep ur IP hidden.
Great!!! Thanks for the info man!! That was a nice article.
I know this don't belongs to the topic of this post but can you tell me how can i hack administrator account on my collage lappy?
thanks in advance
thanks for appreciation.
I've posted the Topic to answer your question.