Hacking with Google!
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Hacking with Google!

  1. #1
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795

    Hacking with Google!

    As the title states, I found this article last night while surfing

    the net. Posted on January 14, 2006 so fairly new. Full story can be found

    here

    http://castlecops.com/article-6466-nested-0-0.html

    One of the most common remote web authoring tools is

    Microsoft's Front Page. Front page extensions and WebDav, the

    services on the web server that allow you to remotely connect and

    author web pages, can be configured with a certain degree of

    security. However, in certain configurations, the userID and password

    are stored in local files on the server. Using a Google query, you

    can easily locate thousands of these files and dump the contents.

    The query form is quite simple: "inurlfilename).pwd", where

    (filename) is the name of the .pwd file. This query can be expanded

    to be very specific and target a specific site by using a command to

    search for a specific site or domain. The results of a specific

    search like this would list hundreds if not thousands of these files

    that would contain something like "# -FrontPage-

    dmiller:I1KEaH1TZqxEw". Basically dumping the userID and password.

    This type of basic query can be used to find all kinds of interesting

    information such as using the "intitle:"index of" (name of directory

    you want to locate)" which not only reveals many web directory

    structures of "index of/", it also reveals how many web servers on

    the Internet do not have even the most basic forms of permissions and

    directory security. You will find that once you access a particular

    directory, that you can then move up the directory tree and you never

    know what you may find.
    A lot of 'Free' webspace providers and ISP's with their 'free' 10mb

    of webspace doesn't support front page extensions, for security

    reasons.

    The Google Search Engine supports very complex query types.

    For instance, if you were to construct a query like ""parent

    directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5

    -md5sums", the query would result in lists upon list of systems that

    have a /Gamez directory off the root of the "parent directory" of the

    web server. Or, to locate music files of type mp3 you could issue a

    query like "intitle:index.of mp3 (name of band/song)".

    The bottom line here is that it is possible to locate very specific

    types of files. It is also possible to perform queries for inline

    passwords from various search engines by performing a query similar

    to "http://*:*@www".
    Interesting stuff indeed.

    The Google Search Engine is a powerful tool that can be used

    by people with ill intentions just as it can be used for basic

    web searching.
    How safe and smart would it be to do this? I personally wouldn't. One

    I'm not that type of person to try to obtain password files and such

    and second, google 'records'/'logs' what you type. For instance, the

    dude that killed his wife, he went to google and typed broken neck,

    snap neck, 1001 ways to break a neck etc... remember what happened to

    him right? Anyways whats your take on the subject?

  2. #2
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795

    Hacking with Google!

    As the title states, I found this article last night while surfing

    the net. Posted on January 14, 2006 so fairly new. Full story can be found

    here

    http://castlecops.com/article-6466-nested-0-0.html

    One of the most common remote web authoring tools is

    Microsoft's Front Page. Front page extensions and WebDav, the

    services on the web server that allow you to remotely connect and

    author web pages, can be configured with a certain degree of

    security. However, in certain configurations, the userID and password

    are stored in local files on the server. Using a Google query, you

    can easily locate thousands of these files and dump the contents.

    The query form is quite simple: "inurlfilename).pwd", where

    (filename) is the name of the .pwd file. This query can be expanded

    to be very specific and target a specific site by using a command to

    search for a specific site or domain. The results of a specific

    search like this would list hundreds if not thousands of these files

    that would contain something like "# -FrontPage-

    dmiller:I1KEaH1TZqxEw". Basically dumping the userID and password.

    This type of basic query can be used to find all kinds of interesting

    information such as using the "intitle:"index of" (name of directory

    you want to locate)" which not only reveals many web directory

    structures of "index of/", it also reveals how many web servers on

    the Internet do not have even the most basic forms of permissions and

    directory security. You will find that once you access a particular

    directory, that you can then move up the directory tree and you never

    know what you may find.
    A lot of 'Free' webspace providers and ISP's with their 'free' 10mb

    of webspace doesn't support front page extensions, for security

    reasons.

    The Google Search Engine supports very complex query types.

    For instance, if you were to construct a query like ""parent

    directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5

    -md5sums", the query would result in lists upon list of systems that

    have a /Gamez directory off the root of the "parent directory" of the

    web server. Or, to locate music files of type mp3 you could issue a

    query like "intitle:index.of mp3 (name of band/song)".

    The bottom line here is that it is possible to locate very specific

    types of files. It is also possible to perform queries for inline

    passwords from various search engines by performing a query similar

    to "http://*:*@www".
    Interesting stuff indeed.

    The Google Search Engine is a powerful tool that can be used

    by people with ill intentions just as it can be used for basic

    web searching.
    How safe and smart would it be to do this? I personally wouldn't. One

    I'm not that type of person to try to obtain password files and such

    and second, google 'records'/'logs' what you type. For instance, the

    dude that killed his wife, he went to google and typed broken neck,

    snap neck, 1001 ways to break a neck etc... remember what happened to

    him right? Anyways whats your take on the subject?

  3. #3
    Senior Member
    Join Date
    Feb 2005
    Posts
    188
    Hi

    Its no doubt that google can be powerful at such searches. Moreover the information is not even known to few. It is clearly given on the page of google itself. Plus there are a no. of other ways for better and effective search. Its a pity though few are aware of it.

    http://www.google.co.in/intl/en/help/features.html

    Such features can help in tremendous and highly accurate results considerably saving time. Though this also makes google a potential hacking tool. But i guess each coin has two sides, it is up to the user to select what he wants to do with it.

    Withdrawing such services wont be a solution for their usage as people using them for good purposes will be affected too.
    \"The Smilie Wars\" ... just arrived after the great crusades

    .... computers come to the rescue .... ah technology at last has some use.

  4. #4
    Senior Member
    Join Date
    Feb 2005
    Posts
    188
    Hi

    Its no doubt that google can be powerful at such searches. Moreover the information is not even known to few. It is clearly given on the page of google itself. Plus there are a no. of other ways for better and effective search. Its a pity though few are aware of it.

    http://www.google.co.in/intl/en/help/features.html

    Such features can help in tremendous and highly accurate results considerably saving time. Though this also makes google a potential hacking tool. But i guess each coin has two sides, it is up to the user to select what he wants to do with it.

    Withdrawing such services wont be a solution for their usage as people using them for good purposes will be affected too.
    \"The Smilie Wars\" ... just arrived after the great crusades

    .... computers come to the rescue .... ah technology at last has some use.

  5. #5
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    I'd also like to add that using google in such a way is a nice start for auditting a site..

    The first thing I do is google "site:domain.tld"

    That atleast gives a good index of publically known 'pages'..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    I'd also like to add that using google in such a way is a nice start for auditting a site..

    The first thing I do is google "site:domain.tld"

    That atleast gives a good index of publically known 'pages'..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Originally posted here by the_JinX
    I'd also like to add that using google in such a way is a nice start for auditting a site..

    The first thing I do is google "site:domain.tld"
    I do the exact same thing, however I automate it with tools such as Foundstone's SiteDigger and SensePost's Wikto tool. (I prefer the SiteDigger tool, as it is much easier to use.)

    The whole process is described very well at http://johnny.ihackstuff.com/.

    I have found some very interesting items on Google in my audits thanks to that kind of hacking.

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  8. #8
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Originally posted here by the_JinX
    I'd also like to add that using google in such a way is a nice start for auditting a site..

    The first thing I do is google "site:domain.tld"
    I do the exact same thing, however I automate it with tools such as Foundstone's SiteDigger and SensePost's Wikto tool. (I prefer the SiteDigger tool, as it is much easier to use.)

    The whole process is described very well at http://johnny.ihackstuff.com/.

    I have found some very interesting items on Google in my audits thanks to that kind of hacking.

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  9. #9
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    You know, that should set some administrator's red alarms off (at least if they ever checked their logs). Any search engine bot coming across your *.pwl or *.pwd says something is very wrong. I guess that is just another example of why you should check the logs.
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  10. #10
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    You know, that should set some administrator's red alarms off (at least if they ever checked their logs). Any search engine bot coming across your *.pwl or *.pwd says something is very wrong. I guess that is just another example of why you should check the logs.
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •