Google Hacking involves using advance operators in the Google search engine to locate specific
strings of text within search results. Some of the more popular examples are finding specific ver-
sions of vulnerable Web applications. The following search query would locate all web pages that
have that particular text contained within them. It is normal for default installations of applications to
include their running version in every page they serve, e.g., "Powered by XOOPS 2.2.3 Final".
The following search query will locate all websites that have the words "admbook" and "version" in
the title of the website. It also checks to ensure that the web page being accessed is a PHP file:
intitle:admbook intitle:version filetype:php
Another technique is searching for insecure coding practices in the public code indexed by Google
Code Search or other source code search engines. One can even retrieve the username and pass-
word list from Microsoft FrontPage servers by inputting the given microscript in Google search field:
"#-Frontpage-" inurl:administrators.pwd
Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode
=" will find public web cameras.
Footholds
Examples of queries that can help a hacker gain a foothold into a web server
(intitle:"SHOUTcast Administrator")|(intext:"U SHOUTcast D.N.A.S. Status")
(intitle:"WordPress › Setup Configuration File")|(inurl:"setup-config.php?step=")
"index of /" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl )
"Please re-enter your password It must match exactly"
inurl:"tmtrack.dll?"
inurl:polly/CP
intitle:"net2ftp" "powered by net2ftp" inurl:ftp OR intext:login OR inurl:login
intitle:MyShell 1.1.0 build 20010923
intitle:"YALA: Yet Another LDAP Administrator"
intitle:"ERROR: The requested URL could not be retrieved" "While trying to retrieve the URL" "The
following error was encountered:"
inurl:"phpOracleAdmin/php" -download -cvs
PHPKonsole PHPShell filetype:php -echo
filetype:php HAXPLORER "Server Files Browser"
inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx
(inurl:81/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")
intitle:"Web Data Administrator - Login"
"adding new user" inurl:addnewuser -"there are no domains"
PHP Shell (unprotected)
Public PHP FileManagers
+htpasswd +WS_FTP.LOG filetype:log
intitle:admin intitle:login
Files containing usernames
These files contain usernames, but no passwords... Still, google finding usernames on a web site...
site:extremetracking.com inurl:"login="
intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user"
OWA Public folders & Address book
filetype:conf inurl:proftpd.conf -sample
filetype:log username putty
filetype:reg reg +intext:"internet account manager"
filetype:reg reg HKEY_CURRENT_USER username
+intext:"webalizer" +intext:"Total Usernames" +intext:"Usage Statistics for"
inurl:php inurl:hlstats intext:"Server Username"
index.of perform.ini
"index of" / lck
inurl:admin filetype:asp inurl:userlist
inurl:admin inurl:userlist
sh_history files
bash_history files
Sensitive Directories
Google's collection of web sites sharing sensitive directories. The files contained in here will vary
from sesitive to uber-secret!
allintext:"WebServerX Server at"
intitle:index.of ios -site:cisco.com
intitle:index.of cisco asa -site:cisco.com
intitle:index.of.config
allintitle:"FirstClass Login"
inurl:install.pl intext:"Reading path paramaters" -edu
"Warning: Installation directory exists at" "Powered by Zen Cart" -demo
"Welcome to the directory listing of" "NetworkActiv-Web-Server"
log inurl:linklint filetype:txt -"checking"
"Directory Listing for" "Hosted by Xerver"
intitle:"pictures thumbnails" site:pictures.sprintpcs.com
intitle:"Folder Listing" "Folder Listing" Name Size Date/Time File Folder
intitle:"Backup-Management (phpMyBackup v.0.4 beta * )" -johnny.ihackstuff
intitle:index.of WEB-INF
intitle:index.of /maildir/new/
filetype:ini Desktop.ini intext:mydocs.dll
filetype:torrent torrent
"Index of" rar r01 nfo Modified 2004
"Web File Browser" "Use regular expression"
intitle:"HFS /" +"HttpFileServer"
intitle:upload inurl:upload intext:upload -forum -shop -support -w3c
intitle:"index of" inurl:ftp (pub | incoming)
allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/"
intitle:index.of abyss.conf
intitle:"Index of /CFIDE/" administrator
"Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" )
intitle:"index of" "parent directory" "desktop.ini" site:dyndns.org
intext:"Powered By: TotalIndex" intitle:"TotalIndex"
"intitle:Index.Of /" stats merchant cgi-* etc
intitle:"index of" intext:"content.ie5"
intitle:"index of" -inurl:htm -inurl:html mp3
index.of.dcim
intitle:"Directory Listing For" intext:Tomcat -int
intitle:"webadmin - /*" filetype:php directory filename permission
intitle:index.of (inurl:fileadmin | intitle:fileadmin)
intitle:"Index of *" inurl:"my shared folder" size modified
intitle:index.of /AlbumArt_
intext:"d.aspx?id" || inurl:"d.aspx?id"
intitle:index.of (inurl:fileadmin | intitle:fileadmin)
"index of" / picasa.ini
index.of.password
