Google hack tips-get passwords without violence

Source: Internet
Author: User

Introduction

Google is one of the most valuable tools for obtaining information. In particular, Google search engines can be used to obtain user name and password data stored on the server. If some users do not store important data completely in a folder with a witness mechanism, then this data may be caught by Google's search engine.

Google search crawl password syntax
  • 1 "Login:" " password =" Filetype:xls (search for data stored in an Excel file that contains password).
  • 2 Allinurl:auth_user_file.txt (search for auth_user_file.txt files included on the server).
  • 3 Filetype:xls inurl: "Password.xls" (Find user name and password in Excel format) This command can be changed to "Admin.xls".
  • 4 intitle:login password (get the login page connection, login keyword in the title. )
  • 5 intitle: "Index of" master.passwd (Password page index)
  • 6 Index Of/backup (search for backup files on server)
  • 7 intitle:index.of people.lst (page with people.list)
  • 8 intitle:index.of passwd.bak (password backup file)
  • 9 intitle: "Index of" pwd.db (search database password file).
  • Ten intitle: "Index of". Etc "passwd (install password to establish page index).
  • Index.of Passlist.txt (The page containing the passlist.txt is loaded as plain text).
  • Index.of.secret (except for websites that contain confidential documents,. gov type) can also be used: index.of.private
  • Filetype:xls username Password Email (find the XLS file containing the columns of username and password in the table).
  • "# PhpMyAdmin Mysql-dump" filetype:txt (lists PHP-based pages that contain sensitive data)

  • Inurl:ipsec.secrets-history-bugs (contains sensitive data only for super users). There is also an old usage inurl:ipsec.secrets "holds shared secrets"

  • Inurl:ipsec.conf-intitle:manpage

  • Inurl: "wvdial.conf" Intext: "Password" (displays the connection with the phone number, user name and password. )

  • 18inurl: "User.xls" Intext: "Password" (displays the user name and password stored in the XLS link. )

*19 filetype:ldb Admin (Web server lookup stored in the database does not have the Googledork deleted password. )

    • 20inurl:search/admin.php (Find admin landing php page). If you're lucky, you can also find an administrator configuration interface to create a new user.

*21 Inurl:password.log filetype:log (Find a log file for a specific link.) )

*22 filetype:reg HKEY_CURRENT_USER Username (Find the registry file (HCU) in the HKEY_CURRENT_USER (Registyry) path. )

In fact, there are many commands that can be used to crawl passwords or search for confidential information.

"Http://username:password @ www ..." filetype:bak inurl: "htaccess | passwd | Shadow | HT users "
(This command can find the user name and password in the backup file.) )
Filetype:ini ws_ftp pwd (find Admin user's password via Ws_ftp.ini file)

intitle: "Index of" pwd.db (find encrypted user name and password)

Inurl:admin inurl:backup intitle:index.of (Find keywords that contain admin and backup directories.) )

"Index of/" "Parent Directory" "ws _ Ftp.ini" Filetype:ini ws _ FTP PWD (ws_ftp configuration file, can get access to FTP server)

Ext:pwd inurl: (service|authors|administrators|users) "#-frontpage-"

Filetype:sql ("passwd values *" | "Password values *" | "Pass values ") finds the SQL code and password stored in the database. )

Summary

Google search engine if the use of appropriate words, in fact, will bring us the results of the intention. Come on, guys, get moving, uh, uh, but now I'm afraid to use Google search engine to think of something!!!

Google hack tips-get passwords without violence

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.