Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 
Reply 

How to use google dorks for hacking

01-26-2013, 10:26 AM
Post: #1


How to Use Google Dorks For Hacking


Credits
I found a good tutorial out there so I thought I bring it attention and share it here.

Credits : This link is hidden from you. If you want to see it you have to register on this board.


What is Googledorks?

The term “googledork” was coined by Johnny Long (This link is hidden from you. If you want to see it you have to register on this board.) and
originally meant “An inept or foolish person as revealed by Google.” After a great deal of
media attention, the term came to describe those “who troll the Internet for confidential
goods.” Either term is fine, really. What matters is that the term googledork conveys the
concept that sensitive stuff is on the web, and Google can help you find it. The official
googledorks page (found at This link is hidden from you. If you want to see it you have to register on this board.) lists many different
examples of unbelievable things that have been dug up through Google by the
maintainer of the page, Johnny Long. Each listing shows the Google search required to
find the information along with a description of why the data found on each page is so
interesting.
Google serves almost 80 percent of all search queries on the Internet, proving itself as the most popular search engine. However Google makes it possible to reach not only the publicly available information resources, but also gives access to some of the most confidential information that should never have been revealed. In this post I will show how to use Google for exploiting security vulnerabilities within websites. The following are some of the hacks that can be accomplished using Google.


1. Hacking Security Cameras
There exists many security cameras used for monitoring places like parking lots, college campus, road traffic etc. which can be hacked using Google so that you can view the images captured by those cameras in real time. All you have to do is use the following search query in Google. Type in Google search box exactly as follows and hit enter
inurl:”viewerframe?mode=motion”
Click on any of the search results (Top 5 recommended) and you will gain access to the live camera which has full controls.
you now have access to the Live cameras which work in real-time. You can also move the cameras in all the four directions, perform actions such as zoom in and zoom out. This camera has really a less refresh rate. But there are other search queries through which you can gain access to other cameras which have faster refresh rates. So to access them just use the following search query.


intitle:”Live View / – AXIS”

inurl:/view.shtml

or

intitle:”Live View / – AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / – AXIS”
intitle:”Live View / – AXIS 206M”
intitle:”Live View / – AXIS 206W”
intitle:”Live View / – AXIS 210?
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1? intext:”Open Menu”
intext:”MOBOTIX M10? intext:”Open Menu”
intext:”MOBOTIX D10? intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1?
intitle:”sony network camera snc-m1?
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console – Web Monitor”


Click on any of the search results to access a different set of live cameras. Thus you have hacked Security Cameras using Google.


2. Hacking Personal and Confidential Documents
Using Google it is possible to gain access to an email repository containing CV of hundreds of people which were created when applying for their jobs. The documents containing their Address, Phone, DOB, Education, Work experience etc. can be found just in seconds.

intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”

You can gain access to a list of .xls (excel documents) which contain contact details including email addresses of large group of people. To do so type the following search query and hit enter.
filetype:xls inurl:”email.xls”
Also it’s possible to gain access to documents potentially containing information on bank accounts, financial summaries and credit card numbers using the following search query
intitle:index.of finances.xls


3. Hacking Google to gain access to Free Stuffs
Ever wondered how to hack Google for free music or ebooks. Well here is a way to do that. To download free music just enter the following query on google search box and hit enter.

“?intitle:index.of?mp3 avril“

Now you’ll gain access to the whole index of eminem album where in you can download the songs of your choice. Instead of eminem you can subtitute the name of your favorite album. To search for the ebooks all you have to do is replace “eminem” with your favorite book name. Also replace “mp3″ with “pdf” or “zip” or “rar”.



4. Finding various stuffs for free
For Example we can find:
Credit Card Numbers
Passwords
Software / MP3′s
…… (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.
Try a few of these searches:
intitle:”Index of” passwords modified
allinurl:authuserfile.txt
“access denied for user” “using password”
“A syntax error has occurred” filetype:ihtml
allinurl: admin mdb
“ORA-00921: unexpected end of SQL command”
inurl:passlist.txt
“Index of /backup”
“Chatologica MetaSearch” “stack tracking:”
Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999
“parent directory ” /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory “Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.


5.Search for Free MP3
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 avril lavigne



6.Finding Passwords and other stuffs
put this string in google search:
inurl:microsoft filetype:iso
You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…

“# -FrontPage-” inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!

“AutoCreate=TRUE password=”


“http://:@www” domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
“http://:@www” bangbus or “http://:*@www”bangbus
Another way is by just typing
“http://bob:bob@www”
“sets mode: +k”
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
allinurl: admin mdb
Not all of these pages are administrator’s access databases containing usernames, passwords and other sensitive information, but many are!
allinurl:authuserfile.txt
DCForum’s password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)
intitle:”Index of” config.php
This search brings up sites with “config.php” files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.
eggdrop filetype:user user These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.
intitle:index.of.etc This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!
filetype:bak inurl:”htaccess|passwd|shadow|htusers” This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.
Let’s pretend you need a serial number for windows xp pro.
In the google search bar type in just like this – “Windows XP Professional” 94FBR
the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of ‘fake’ porn sites that trick you.
or if you want to find the serial for winzip 8.1 – “Winzip 8.1″ 94FBR


I have shown you this info to let you know that there is a real risk putting your info online. If you do want to buy stuff online make sure the site you are using is secure normally if a site is secure you will see a pop up saying you are now entering a secure part of the site or a symbal of a padlock at the bottom of your browser or just use pay pal, pay pal is very safe to use. But most of the time just use common sense if a site looks cheap it normally hasn’t got the protection to keep your info safe.

7.Crash a Computer using Flash and Google
Open up a new flash document. Open up the Actions panel for the stage of the first frame. If it’s in Actionscript 2, write the following:


onEnterFrame = function () {
getURL(“http://www.google.com”, “_blank”);
}
Or if it’s actionscript 3 write the following:


function openGoogle(e:Event):void {
navigateToURL(“http://www.google.com”, “_blank”);
}
stage.addEventListener(Event.ENTER_FRAME, openGoogle);
Press Control-Enter when you’re ready to crash your computer. What this does is repeatedly open up new tabs of Google. But it opens so many Google tabs every second that after maybe 20-30 seconds your computer will barely be able to respond to you mouse clicks or even mouse movements. Usually, any attempt to stop it will result in processing overload and cause the computer to freeze. The only real way to stop this is to force-quit BOTH flash.exe and iexplorer.exe. Some teachers may know enough to do this, but might accidentally close explorer.exe credit goes to Johnny Long...thnx to Mr. Long

If you are having a problem with another member, if you deserve an achievement, or for any other issue please use the This link is hidden from you. If you want to see it you have to register on this board. forum. There you will get help from the staff about forum related problems.

Reply

DigitalOcean

01-27-2013, 01:40 PM
Post: #2


Bump. Bumping this thread so people can see it and maybe learn something new Smile

If you are having a problem with another member, if you deserve an achievement, or for any other issue please use the This link is hidden from you. If you want to see it you have to register on this board. forum. There you will get help from the staff about forum related problems.

Reply
01-27-2013, 02:13 PM
Post: #3
Informative post. Thank you. But my browser doesn't load up webpages using the webcam dork
Reply
01-27-2013, 02:21 PM
Post: #4


Try using auto refresher addon for firefox and it might work.

If you are having a problem with another member, if you deserve an achievement, or for any other issue please use the This link is hidden from you. If you want to see it you have to register on this board. forum. There you will get help from the staff about forum related problems.

Reply
01-29-2013, 04:11 AM
Post: #5
Well form a point to another we are all in love with google Big Grin
Reply
02-17-2013, 11:24 AM
Post: #6


Awesome and helpful tut, thanks for the post. I'll try this now!

[Image: 79a.gif]

Reply
02-27-2013, 06:16 PM
Post: #7


nice post!

Will be using much more often.
Reply
02-27-2013, 06:18 PM
Post: #8


Very nice share! Should pose as very helpful to many =]

This link is hidden from you. If you want to see it you have to register on this board.
ليس هناك ما هو صحيح، فكل شيء مباح

Reply
03-13-2013, 06:37 PM
Post: #9


Insider: this is a really - really - great post.

My love for Dorks is almost unconditional Big Grin This tutorial will hopefully lead many others into embracing the Dork, and all the lovely secret things they can reveal.

[Image: lamb_sig.jpg]


"Everyone's a specialist nowadays; we're getting better and better at doing less and less. One day, someone's going to be superb at doing absolutely nothing."
Kenneth Williams

Reply
03-17-2013, 12:37 PM
Post: #10


(03-13-2013 06:37 PM)TheCongregation Wrote: This link is hidden from you. If you want to see it you have to register on this board.Insider: this is a really - really - great post.

My love for Dorks is almost unconditional Big Grin This tutorial will hopefully lead many others into embracing the Dork, and all the lovely secret things they can reveal.

I strongly agree. I always use dorks when blueprinting and doxing. Will give you lots of good info Smile

If you are having a problem with another member, if you deserve an achievement, or for any other issue please use the This link is hidden from you. If you want to see it you have to register on this board. forum. There you will get help from the staff about forum related problems.

Reply

Reply 


Thread Options


User(s) browsing this thread: 1 Guest(s)

Hide My Ass

Proudly run by MyBB, © 2002-2014 MyBB Group