There was a very interesting article written in The Register today (you can find it here
). The article points out that while Google is a great search engine that can be used for good, it can also be used by evil individuals to find out vulnerabilities or discover passwords, etc.
This is done by using the advanced search operators like site: intitle: inurl:
(check out the complete list of Google Advance Search Operators here
) and combining them with the usual error messages.
For example searching in Google for something like intitle:"Index of..etc" passwd
will return about 190 sites where you can access the passwd file. From there it's just a matter of time while JTR does the rest of the work for you.
Combine the above search with site:www.enter_site_here.com
and google for something like : site:www.enter_site_here.com intitle:"Index of..etc" passwd
and you'll be able to find out if you can access the passwd file of the site you are looking for.
There is more to this than just passwd files. Googleing for stuff like mysql or php error messages can reveal a lot of stuff as well. I guess it depends of how creative you get. Of course you can use a robots.txt file to specify the paths of the folders/files you don't want google to list, but someone could allways look for the robots.txt file and find out what you are trying to hide.
This reminds me of that post about the interesting stuff you can find using the right words in Kazaa.