Advanced Hacking Expressions - ed2go
[Pages:9]"Hack You Way To Security"
Advanced Hacking Expressions
Advanced Hacking Expressions
Table of Contents
Advanced Operators - General ......................................................................................................2 Confidential Material Finding (By type of material) .....................................................................3 Databases........................................................................................................................................ 5 E-mail Address Search...................................................................................................................6 Files and Documents......................................................................................................................7 Login Portals...................................................................................................................................7 Network-enabled Device Finding (By Device Manufacturer) .....................................................7 Network Reports Finding (By Program) ......................................................................................9 Server Operating System Specifics ..............................................................................................9
"Hack You Way To Security"
Advanced Hacking Expressions
Advanced Operators - General
Wildcard
intitle:index.of intitle:index.of.admin intitle:index.of.private intitle:"index of" "backup files" allintext: filetype:
. The period ( . ) is a wildcard in Google. It represents any singlecharacter or space. If you look at the examples below, I've replaced the space with the period and that allowed me to eliminate the doublequotes
Returns pages that have the term "index of" in their title. This is a way to search for directory listings. You can also try: intitle:"index.of "parent directory"
Returns pages that have the term "index of" in their title and the word admin anywhere on the page, in the URL, and in the text. (Also try: intitle:"index of" admin)
Returns pages that have the term "index of" in their title and the word private anywhere on the page, in the URL, and in the text. (Also try: intitle:"index of" private)
Returns pages that have the term "index of" in their title and the phrase backup files anywhere on the page, in the URL, and in the text.
Finds a string of text within a page. It does not look in the title, URL or links.
Active Server Pages asp
Adobe Acrobat Format
pdf
Adobe PostScript
ps
Cold Fusion
cfm
Common Gateway Interface cgi
Data
dat
Databases
db, mdb, mde
Executables
exe
FileMaker Pro
fp
Java
jsp
Information (various)
inf , dat
Lotus 1-2-3
wk1, wk2, wk3, wk4, wk5,
wki, sks, wku
Lotus WordPro
lwp
MacWrite
mw
Microsoft Access
mdb, mde
Microsoft Excel
xls
Microsoft PowerPoint
ppt
Microsoft Word
doc
Microsoft Works
wks, wps, wdb
Page 2
"Hack You Way To Security"
Advanced Hacking Expressions
filetype: (continued)
info: author:somename bphonebook: rphonebook: phonebook:
Microsoft Write Rich Text Format Shockwave Flash Text Web Address Book Web Pages (Hypertext)
(Python) Windows XP/2000
Back-up Files
wri rtf swf ans, txt wab html, htm php
filetype:bkf bkf
Shows Google's summary information for a URL.
Searches for any particular name in newsgroup posts.
Searches the business listings for phone book entries.
Searches the residential listing for phone book entries. Searches both business and residential listing for phone book entires.
Confidential Material Finding (By type of material)
Finding Credit Cards:
Finding Login Portals Finding Social Security Numbers
numrange:
filetype:afm filetype:ab4 filetype:tax filetype:mny filetype:mbf filetype:ptdb filetype:qbb filetype:qbw filetype:qdf
You need two numbers here; a high and low number, separated by a dash. A hacker will create a query that would look like this to search for VISA and MasterCard numbers: 4400-5500 Abassis Finance Manager Accounting & Business File Intuit Turbo Tax Microsoft Money Microsoft Money Back-up Files Peachtree Accounting Quickbooks Back-up Files Quickbooks Files Quicken
login | logon username | userid employee.id | "your user name is" admin | administrator password | passcode "your password is" user | password
inurl:edu "student ID" Inurl:edu ssn | "student ID" ssn | "student ID" ssn | benefit
Page 3
"Hack You Way To Security" AOL Instant Messenger Buddy Lists AIM and IRC Chat Log Files ColdFusion Passwords DCForum User Passwords Generic Passwords
Generic Usernames HTTP htpasswd Web Users
ICQ Chat logs Internet Relay Channels (IRC)
IRC: Usernames, Passwords mIRC: Nicknames, Passwords Locked User Files Microsoft Access User Profiles Microsoft Frontpage Web Credentials
Microsoft .net MSN Messenger Contacts MySQL Databases
Palm Pilot Hot Sync
Advanced Hacking Expressions
filetype:blt blt +intext:screenname Buddylist.blt
intext:"Sesssion Start * * * *:* *" filetype:log
filetype:cfm "cfapplication name" password
allinurl:auth_user_file.txt
filetype:dat "password.dat" inurl:password.log filetype:log filetype:log inurl:"password.log"
inurl:admin inurl:userlist Inurl:admin filteype:asp inurl:userlist
filetype:htpasswd htpasswd Intitle:"index of" ".htpasswd" "htgroup" Intitle:"index of" .htpasswd.bak http://*:*@www bob:bob (substitute bob for any name)
intitle:Index of" dbconvert.exe chats
"sets mode: +k" "Your password is * Remember this for later use" eggdrop filetype:user user filetype:ini inurl:perform.ini
"index of " lck
filetype:mdb inurl:profiles
filetype:ctl inurl:haccess.ctl basic filetype:pwd service intitle:index.of.administrators.pwd ext:pwd inurl:_vti_pvt inurl:(Service | authors | adminstrators) "# -FrontPage-" inurl:service.pwd
filetype:config config intext:appsettings "User ID"
filteype:ctt ctt messenger
intitle:"index of" intext:connect.inc filetype:cnf f ?cvs -example intitle:"index of" intext:globals.inc
filetype:pdb pdb backup (pilot | pluckerdb)
Page 4
"Hack You Way To Security"
Advanced Hacking Expressions
PHP
intitle:index.of config.php inurl:config.php dbuname dbpass inurl:nuke filetype:sql
Remote Desktop Connection
filetype:rdp rdp
SQL
filetype:sql "identified by" ?cvs filetype:sql password
Student Grades (and possible SSN)
site:edu admin grades
Trillion User Web Links
intitle:index.of mystuff.xml filetype:ini inurl:trillian.ini
Unix Passwords
filetype:bak inurl:"htaccess | passwd | shadow | htusers intitle:index.of master.psswd intitle:index.of etc shadow intitle: "index of" pwd.db intitle:"index of" passwd intitle:index.of passwd passwd.bak
Web Server Passwords (encrypted/unencrypted) "_SessionId" "data source="
Windows Passwords
filetype:pwl pwl
Windows Registry Usernames
filetype:reg reg hkey_current_user username
Windows XP/2000 Back-up Files
filetype:bkf bkf
Databases
FileMaker Pro IBM Websphere Lotus Messaging Microsoft Access User Profiles Microsoft FrontPage Dabases MySQL Databases Oracle
filetype:fp5 fp5 ?"cvs log" "Select a database to view" intitle:"filemaker pro"
"Welcome to YourCo Financial" "Welcome to Websphere" "(C) Copyrtight IBM"
intitle:messaging login" "? Copyright IBM"
filetype:mdb inurl:profiles
ext:mdb inurl:*mdb inurl:fpdb ext:mdb inurl:*mdb inurl:shop.mdb
intitle:"index of" intext:connect.inc intitle:"index of" intext:globals.inc
intitle:"Gateway Configuration Menu"
Page 5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.