Thursday, November 29, 2007
The power of google
This post is being written after a long time since the previous one. Because of lack of time and mood. But this one is definitely one of the most important.
The most powerful search engine of the world- Google.com is indeed powerful. But, like every power, Google is also a double edged sword.
The search engine can be used to reveal password files of various sites, most of which are encrypted by the DES algorithm, and can be cracked right away. This will give access to various ftp servers, and who knows? may be even many telnet servers, or proxy servers of the corresponding sites.
In this post, I'll tell about the various search techniques in Google, which also work in many other search engines.
inurl (also allinurl) - This keyword is used to search for a specific string in the url(Uniform Resource Locator) of the sites being searched. Those with a positive match are listed in the search results.
will list all results, which have google.com in the url.
site - This keyword is used to search for a specific kind of site. Type of site is specified by the extension of the site. It may be .edu(Educational institution), .com(Commercial organization), .org(non profit organization), .gov(Governmental organization), .net(Network), .mil(Millitary network) and the others are normally country abbreviations(e.g. .jp for Japan, .in for India, .br for Britain etc.)
will list all sites, with mil extension. This one is actually a U.S. millitary network.
filetype - This keyword is used to access certain file extensions in sites. This one is particularly useful for accessing password files. The password files are normally in the pwd, pw, mdb, xls extensions. The pwd files will store maintenance or service passwords.
will search for mpeg video files in the sites being searched. Other extensions can be searched in this way.
index of - This keyword is used to search for directory listings. It is also useful for searching certain types of files. It is particularly useful, if it is known, which directory, a certain type of file is stored in a web server. For example, the _vti_pvt folder will store service.pwd, which happens to store the service passwords.
index of /
will search for the directory listing of vulnerable sites.
OR - An uppercase OR acts as logical OR
intitle (also allintitle) - The intitle keyword is used to search for pages, which have the specified string in the title tags.
link - This keyword will search for the sites, which have link to the specified site.
will search for sites, which have a link to the site www.google.com
related - This keyword will list all pages, which are similar to the specified web page.
info - This keyword will show information, that Google has about the specified website.
Well, that's all folks, I have included enough information in this post, that will be enough to search for password files, and break into servers, but always remember - Intelligence is a double edged sword. Which edge you end up using, is on to you.