Thursday, November 29, 2007

The power of google


This post is being written after a long time since the previous one. Because of lack of time and mood. But this one is definitely one of the most important.

The most powerful search engine of the world- Google.com is indeed powerful. But, like every power, Google is also a double edged sword.

The search engine can be used to reveal password files of various sites, most of which are encrypted by the DES algorithm, and can be cracked right away. This will give access to various ftp servers, and who knows? may be even many telnet servers, or proxy servers of the corresponding sites.

In this post, I'll tell about the various search techniques in Google, which also work in many other search engines.

inurl (also allinurl) - This keyword is used to search for a specific string in the url(Uniform Resource Locator) of the sites being searched. Those with a positive match are listed in the search results.
for example,

inurl:google.com

will list all results, which have google.com in the url.

site - This keyword is used to search for a specific kind of site. Type of site is specified by the extension of the site. It may be .edu(Educational institution), .com(Commercial organization), .org(non profit organization), .gov(Governmental organization), .net(Network), .mil(Millitary network) and the others are normally country abbreviations(e.g. .jp for Japan, .in for India, .br for Britain etc.)
for example,

site:mil

will list all sites, with mil extension. This one is actually a U.S. millitary network.

filetype - This keyword is used to access certain file extensions in sites. This one is particularly useful for accessing password files. The password files are normally in the pwd, pw, mdb, xls extensions. The pwd files will store maintenance or service passwords.
for example,

filetype:mpg

will search for mpeg video files in the sites being searched. Other extensions can be searched in this way.

index of - This keyword is used to search for directory listings. It is also useful for searching certain types of files. It is particularly useful, if it is known, which directory, a certain type of file is stored in a web server. For example, the _vti_pvt folder will store service.pwd, which happens to store the service passwords.
for example,

index of /

will search for the directory listing of vulnerable sites.

OR - An uppercase OR acts as logical OR
intitle (also allintitle) - The intitle keyword is used to search for pages, which have the specified string in the title tags.

link - This keyword will search for the sites, which have link to the specified site.
for example,

link:www.google.com

will search for sites, which have a link to the site www.google.com

related - This keyword will list all pages, which are similar to the specified web page.

info - This keyword will show information, that Google has about the specified website.

Well, that's all folks, I have included enough information in this post, that will be enough to search for password files, and break into servers, but always remember - Intelligence is a double edged sword. Which edge you end up using, is on to you.

3 comments:

raju said...

the ip number give hear is not working and some times its working.

but its asking for authentication
How do I overcome this problem

do U have any solution for it

raju said...

hello frnd

the IP no.U've gven is not working and some times its working....

but its asing for authentication and now how to overcome it..

if we cant do that why did U give that article in the blog...

I request U to send me the answer

Sudipto Sarkar (Xtreme) said...

Well raju, as far as I remember, there is no IP address specified in the post you have mentioned. I think you have specified the wrong post here... :)
May be it's not "the power of Google" that you want to talk about...
:)