Hacking with Google!

As the title states, I found this article last night while surfing

the net. Posted on January 14, 2006 so fairly new. Full story can be found

here

http://castlecops.com/article-6466-nested-0-0.html

Quote:

---

One of the most common remote web authoring tools is

Microsoft's Front Page. Front page extensions and WebDav, the

services on the web server that allow you to remotely connect and

author web pages, can be configured with a certain degree of

security. However, in certain configurations, the userID and password

are stored in local files on the server. Using a Google query, you

can easily locate thousands of these files and dump the contents.

The query form is quite simple: "inurl:(filename).pwd", where

(filename) is the name of the .pwd file. This query can be expanded

to be very specific and target a specific site by using a command to

search for a specific site or domain. The results of a specific

search like this would list hundreds if not thousands of these files

that would contain something like "# -FrontPage-

dmiller:I1KEaH1TZqxEw". Basically dumping the userID and password.

This type of basic query can be used to find all kinds of interesting

information such as using the "intitle:"index of" (name of directory

you want to locate)" which not only reveals many web directory

structures of "index of/", it also reveals how many web servers on

the Internet do not have even the most basic forms of permissions and

directory security. You will find that once you access a particular

directory, that you can then move up the directory tree and you never

know what you may find.

---

A lot of 'Free' webspace providers and ISP's with their 'free' 10mb

of webspace doesn't support front page extensions, for security

reasons.

Quote:

---

The Google Search Engine supports very complex query types.

For instance, if you were to construct a query like ""parent

directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5

-md5sums", the query would result in lists upon list of systems that

have a /Gamez directory off the root of the "parent directory" of the

web server. Or, to locate music files of type mp3 you could issue a

query like "intitle:index.of mp3 (name of band/song)".

The bottom line here is that it is possible to locate very specific

types of files. It is also possible to perform queries for inline

passwords from various search engines by performing a query similar

to "http://*:*@www".

---

Interesting stuff indeed.

Quote:

---

The Google Search Engine is a powerful tool that can be used

by people with ill intentions just as it can be used for basic

web searching.

---

How safe and smart would it be to do this? I personally wouldn't. One

I'm not that type of person to try to obtain password files and such

and second, google 'records'/'logs' what you type. For instance, the

dude that killed his wife, he went to google and typed broken neck,

snap neck, 1001 ways to break a neck etc... remember what happened to

him right? Anyways whats your take on the subject?

As the title states, I found this article last night while surfing

the net. Posted on January 14, 2006 so fairly new. Full story can be found

here

http://castlecops.com/article-6466-nested-0-0.html

Quote:

---

One of the most common remote web authoring tools is

Microsoft's Front Page. Front page extensions and WebDav, the

services on the web server that allow you to remotely connect and

author web pages, can be configured with a certain degree of

security. However, in certain configurations, the userID and password

are stored in local files on the server. Using a Google query, you

can easily locate thousands of these files and dump the contents.

The query form is quite simple: "inurl:(filename).pwd", where

(filename) is the name of the .pwd file. This query can be expanded

to be very specific and target a specific site by using a command to

search for a specific site or domain. The results of a specific

search like this would list hundreds if not thousands of these files

that would contain something like "# -FrontPage-

dmiller:I1KEaH1TZqxEw". Basically dumping the userID and password.

This type of basic query can be used to find all kinds of interesting

information such as using the "intitle:"index of" (name of directory

you want to locate)" which not only reveals many web directory

structures of "index of/", it also reveals how many web servers on

the Internet do not have even the most basic forms of permissions and

directory security. You will find that once you access a particular

directory, that you can then move up the directory tree and you never

know what you may find.

---

A lot of 'Free' webspace providers and ISP's with their 'free' 10mb

of webspace doesn't support front page extensions, for security

reasons.

Quote:

---

The Google Search Engine supports very complex query types.

For instance, if you were to construct a query like ""parent

directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5

-md5sums", the query would result in lists upon list of systems that

have a /Gamez directory off the root of the "parent directory" of the

web server. Or, to locate music files of type mp3 you could issue a

query like "intitle:index.of mp3 (name of band/song)".

The bottom line here is that it is possible to locate very specific

types of files. It is also possible to perform queries for inline

passwords from various search engines by performing a query similar

to "http://*:*@www".

---

Interesting stuff indeed.

Quote:

---

The Google Search Engine is a powerful tool that can be used

by people with ill intentions just as it can be used for basic

web searching.

---

How safe and smart would it be to do this? I personally wouldn't. One

I'm not that type of person to try to obtain password files and such

and second, google 'records'/'logs' what you type. For instance, the

dude that killed his wife, he went to google and typed broken neck,

snap neck, 1001 ways to break a neck etc... remember what happened to

him right? Anyways whats your take on the subject?

Hi

Its no doubt that google can be powerful at such searches. Moreover the information is not even known to few. It is clearly given on the page of google itself. Plus there are a no. of other ways for better and effective search. Its a pity though few are aware of it.

http://www.google.co.in/intl/en/help/features.html

Such features can help in tremendous and highly accurate results considerably saving time. Though this also makes google a potential hacking tool. But i guess each coin has two sides, it is up to the user to select what he wants to do with it.

Withdrawing such services wont be a solution for their usage as people using them for good purposes will be affected too.

Hi

Its no doubt that google can be powerful at such searches. Moreover the information is not even known to few. It is clearly given on the page of google itself. Plus there are a no. of other ways for better and effective search. Its a pity though few are aware of it.

http://www.google.co.in/intl/en/help/features.html

Such features can help in tremendous and highly accurate results considerably saving time. Though this also makes google a potential hacking tool. But i guess each coin has two sides, it is up to the user to select what he wants to do with it.

Withdrawing such services wont be a solution for their usage as people using them for good purposes will be affected too.

I'd also like to add that using google in such a way is a nice start for auditting a site..

The first thing I do is google "site:domain.tld"

That atleast gives a good index of publically known 'pages'..

I'd also like to add that using google in such a way is a nice start for auditting a site..

The first thing I do is google "site:domain.tld"

That atleast gives a good index of publically known 'pages'..

Quote:

---

Originally posted here by the_JinX
I'd also like to add that using google in such a way is a nice start for auditting a site..

The first thing I do is google "site:domain.tld"

---

I do the exact same thing, however I automate it with tools such as Foundstone's SiteDigger and SensePost's Wikto tool. (I prefer the SiteDigger tool, as it is much easier to use.)

The whole process is described very well at http://johnny.ihackstuff.com/.

I have found some very interesting items on Google in my audits thanks to that kind of hacking.

-Deeboe

Quote:

---

Originally posted here by the_JinX
I'd also like to add that using google in such a way is a nice start for auditting a site..

The first thing I do is google "site:domain.tld"

---

I do the exact same thing, however I automate it with tools such as Foundstone's SiteDigger and SensePost's Wikto tool. (I prefer the SiteDigger tool, as it is much easier to use.)

The whole process is described very well at http://johnny.ihackstuff.com/.

I have found some very interesting items on Google in my audits thanks to that kind of hacking.

-Deeboe

You know, that should set some administrator's red alarms off (at least if they ever checked their logs). Any search engine bot coming across your *.pwl or *.pwd says something is very wrong. I guess that is just another example of why you should check the logs.

You know, that should set some administrator's red alarms off (at least if they ever checked their logs). Any search engine bot coming across your *.pwl or *.pwd says something is very wrong. I guess that is just another example of why you should check the logs.