Hacking Google Tips
Google is a treasure trove full of important information, especially for the underground world. This Potential fact can also be utilized in the data for the username and password stored on a server.
If the administrator save important data not in the complete system authentifikasi folder, then most likely be reached by the google search engine. If data is successfully steal in by the unauthorized person, then the will be in misuse.
Here, some google search syntax to crawl the password:
1. "Login: *" "password =*" filetype: xls (searching data command to the system files that are stored in Microsoft Excel)
2. allinurl: auth_user_file.txt (to find files auth_user_file.txt containing password on server).
3. filetype: xls inurl: "password.xls" (looking for username and password in ms excel format). This command can change with admin.xls)
4. intitle: login password (get link to the login page with the login words on the title and password words anywhere. If you want to the query index more pages, type allintitle)
5. intitle: "Index of" master.passwd (index the master password page)
6. index of / backup (will search the index backup file on server)
7. intitle: index.of people.lst (will find web pages that contain user list).
8. intitle: index.of passwd.bak ( will search the index backup password files)
9. intitle: "Index of" pwd.db (searching database password files).
10. intitle: "Index of .. etc" passwd (this command will index the password sequence page).
11. index.of passlist.txt (will load the page containing password list in the clear text format).
12. index.of.secret (google will bring on the page contains confidential document). This syntax also changed with government query site: gov to search for government secret files, including password data) or use syntax: index.of.private
13. filetype: xls username password email (will find spreadsheets filese containing a list of username and password).
14. "# PhpMyAdmin MySQL-Dump" filetype: txt (will index the page containing sensitive data administration that build with php)
15. inurl: ipsec.secrets-history-bugs (contains confidential data that have only by the super user). or order with inurl: ipsec.secrets "holds shared secrets"
16. inurl: ipsec.conf-intitle: manpage (useful to find files containing important data for hacking)
17. inurl: "wvdial.conf" intext: "password" (display the dialup connection that contain phone number, username and password)
18. inurl: "user.xls" intext: "password" (showing url that save username and passwords in spread sheet files)
19. filetype: ldb admin (web server will look for the store password in a database that dos not delete by googledork)
20.inurl: search / admin.php (will look for php web page for admin login). If you are lucky, you will find admin configuration page to create a new user.
21. inurl: password.log filetype:log (this keyword is to search for log files in a specific url)
22. filetype: reg HKEY_CURRENT_USER username (this keyword used to look for reg files (registyry) to the path HCU (Hkey_Current_User))
In fact, there are many more commands that google can crawl in use in the password. One who has the ability google reveals in this case is http://johnny.ihackstuff.com. For that, visit the web to add insight about the google ability.
Here, some of the other syntax google that we need to look for confidential data :
"Http://username: password @ www ..." filetype: bak inurl: "htaccess | passwd | shadow | ht users"
(this command is to take the user names and passwords for backup files)
filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdb files (this command is to take the password information)
filetype:ini ws_ftp pwd (searching admin password with ws_ftp.ini file)
intitle: "Index of" pwd.db (searching the encrypted usernames and passwords)
inurl:admin inurl:backup intitle:index.of (searching directories whose names contain the words admin and backup)
“Index of/” “Parent Directory” “WS _ FTP.ini” filetype:ini WS _ FTP PWD (WS_FTP configuration files is to take FTP server access passwords)
ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-” (there is Microsoft FrontPage passwords)
filetype: sql ( "passwd values ****" |" password values ****" | "pass values ****")searching a SQL code and passwords stored in the database)
intitle:index.of trillian.ini (configuration files for the Trillian IM)
eggdrop filetype:user (user configuration files for the Eggdrop ircbot)
filetype:conf slapd.conf (configuration files for OpenLDAP)
inurl:”wvdial.conf” intext:”password” (configuration files for WV Dial)
ext:ini eudora.ini (configuration files for the Eudora mail client)
filetype: mdb inurl: users.mdb (potentially to take user account information with Microsoft Access files)
intext:”powered by Web Wiz Journal” (websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file – just enter http:///journal/journal.mdb instead of the default http:///journal/)
intitle:dupics inurl:(add.asp | default.asp |view.asp | voting.asp) -site:duware.com(websites that use DUclassified, DUcalendar, DUdirectory, DUclassmate, DUdownload, DUpaypal, DUforum or DUpics applications, by default allows us to retrieve passwords file)
To DUclassified, just visit http:///duClassified/ _private / duclassified.mdb
or http:///duClassified/ or http:///duClassified/
intext: "BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board" (Bitboard2 use the website bulletin board, the default settings make it possible to retrieve the passwords files to be obtained with the ways http:///forum/admin/data _ passwd.dat
or http:///forum/forum.php) or http:///forum/forum.php)
Searching for specific documents :
filetype: xls inurl: "email.xls" (potentially to take the information contact)
“phone * * *” “address *” “e-mail” intitle:”curriculum vitae”
CVs "not for distribution" (confidential documents containing the confidential clause
AIM contacts list AIM contacts list
intitle:index.of mystuff.xml intitle: index.of mystuff.xml
Trillian IM contacts list Trillian IM contacts list
filetype:ctt “msn” filetype: Note "msn"
MSN contacts list MSN contacts list
filetype:QDF (QDF database files for the Quicken financial application)
intitle: index.of finances.xls (finances.xls files, potentially to take information on bank accounts, financial Summaries and credit card numbers)
intitle: "Index Of"-inurl: maillog (potentially to retrieve e-mail account)
Hacking Windows Tricks
Logging into winxp without password :
1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed that your XP CD is bootable – as it should be - and that you have your bios set to boot from CD)
2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”
3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.
4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now
5. The Licensing Agreement comes next - Press F8 to accept it.
6. The next screen is the Setup screen which gives you the option to do a Repair. It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it” Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.
7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.
9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted.
10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.
11. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.
12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).
13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact TESTED ON SP1