Previous Thread
Next Thread
Print Thread
Rate Thread
#1545 03/11/04 12:05 AM
Joined: Sep 2002
Posts: 553
UGN Super Poster
OP Offline
UGN Super Poster
Joined: Sep 2002
Posts: 553
There was a very interesting article written in The Register today (you can find it here ). The article points out that while Google is a great search engine that can be used for good, it can also be used by evil individuals to find out vulnerabilities or discover passwords, etc.

This is done by using the advanced search operators like site: intitle: inurl: (check out the complete list of Google Advance Search Operators here ) and combining them with the usual error messages.

For example searching in Google for something like intitle:"Index of..etc" passwd will return about 190 sites where you can access the passwd file. From there it's just a matter of time while JTR does the rest of the work for you.

Combine the above search with site:www.enter_site_here.com and google for something like : site:www.enter_site_here.com intitle:"Index of..etc" passwd and you'll be able to find out if you can access the passwd file of the site you are looking for.

There is more to this than just passwd files. Googleing for stuff like mysql or php error messages can reveal a lot of stuff as well. I guess it depends of how creative you get. Of course you can use a robots.txt file to specify the paths of the folders/files you don't want google to list, but someone could allways look for the robots.txt file and find out what you are trying to hide. wink

This reminds me of that post about the interesting stuff you can find using the right words in Kazaa. smile

#1546 03/11/04 12:17 AM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
.eml baybee!


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#1547 03/11/04 05:07 AM
Joined: Jun 2002
Posts: 207
Member
Offline
Member
Joined: Jun 2002
Posts: 207
yeah, but just watch out. it's not to hard for a web admin to forge that stuff. and create false logins to sit there and watch you.//


Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me
#1548 03/11/04 06:55 AM
Joined: Sep 2002
Posts: 553
UGN Super Poster
OP Offline
UGN Super Poster
Joined: Sep 2002
Posts: 553
Yeah, as a matter of fact I have seen one such "honney pot" right here .

But I'm quite sure they can't arrest me for searching "passwd" on Google, and entering their site.

More info on this subject can be found here , in case anyone wants to see what else can be done.

#1549 03/11/04 10:09 AM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Quote:
Originally posted by Digital Geek:
Yeah, as a matter of fact I have seen one such "honney pot" right here .

But I'm quite sure they can't arrest me for searching "passwd" on Google, and entering their site.

More info on this subject can be found here , in case anyone wants to see what else can be done.
I just marked that page in my favorites. Thanks for the link...

#1550 03/12/04 04:04 AM
Joined: Oct 2002
Posts: 955
UGN Super Poster
Offline
UGN Super Poster
Joined: Oct 2002
Posts: 955
Yes, I wouldn't limit it to google as you said. About any search engine would work. People have to realize what they are opening up to the public. Check configurations atleast twice, regardless of a webserver, a P2P client/server, or a vanilla installation of windows.

I tend to run anti-virus, adware, spyware, trojan, web exploits, port scanners, etc on myself. Better finding these things yourself than someone else doing it for you smile

#1551 03/12/04 09:20 AM
Joined: Feb 2004
Posts: 74
J
UGN Dumbass 2003/04
Offline
UGN Dumbass 2003/04
J
Joined: Feb 2004
Posts: 74
how I do love Google


You know that when I hate you, it is because I love you to a point of passion that unhinges my soul.
~Julie De Lespinasse~
#1552 03/13/04 03:28 AM
Joined: Oct 2002
Posts: 616
UGN Super Poster
Offline
UGN Super Poster
Joined: Oct 2002
Posts: 616
Dood it's not just google, google is liek the word "hacker" right now, it's becoming annoyingly [censored] stupid. How about I eat muh brefas bacon, and [censored] slap the [censored] that's keeping this google fad going. People don't realize until they actually look until the surface that google has internal boolean modifiers, you can mold the search options to search for VERY specific file info. Images, text, exploitage, cacheing. Hell I just translated a cache of a dead site for my lostcity stargate community. then the site came active again, and through the translation cache url it refreshed to take on the uppage in liek seconds. Yea that is html, but it's advanced stuff for a searcher. Then think about calculations, conversions, all kinds of [censored] google does, and then matches to a search. Liek I'm 203 centimeters if I make it centimeters, if I do liek 80in to cm I get to see what knowledge is out there on 6'8 converted to cm things that are 23 centi meter's long such..heh I just woke at 7 watching part 1 to 2 part stargate sg-1 season 7 end to season 8, and atlantis switch over. yar...google is elite, but ppl are lame about it, it always seems. But I do disliek ignorance, and liek stubborness to be ignorant...so...


"Beware the Jabberwock, my son!
The jaws that bite, the claws that catch!
Beware the Jubjub bird, and shun
The frumious Bandersnatch!"
#1553 03/13/04 12:55 PM
Joined: Feb 2004
Posts: 74
J
UGN Dumbass 2003/04
Offline
UGN Dumbass 2003/04
J
Joined: Feb 2004
Posts: 74
weeve, that thing with the inches and centimeters
I have a feeling I have heard that somewhere before.
wink smile


You know that when I hate you, it is because I love you to a point of passion that unhinges my soul.
~Julie De Lespinasse~

Link Copied to Clipboard
Member Spotlight
Posts: 30
Joined: June 2002
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Crime 1
Ice 1
Dartur 1
Cyrez 1
Powered by UBB.threads™ PHP Forum Software 7.7.5