Password Hacking Using Google
Google is your best friend when it comes to piracy. The search engine giant pulled a lot of data that was intended to be protected by webmasters, hackers password via Google butAdvanced - easy to learn, quick to deploy. Today I will discuss some practical dorks will help you obtain the passwords, databases and directories vulnerable. The basic methodology remains the same query using Google dorks specialized with specific parameters and you're good to go. I guess you have basic working knowledge Google dorks.
We begin,
FTP passwords
WS_FTP.ini is the configuration file for a popular win32 FTP client that stores user names and (weakly) encoded passwords, sites and directories that the user can store for later use.
intitle: index.of WS_FTP.ini
You can also use this dork a "Parent Directory" to avoid results like directory listings
filetype: pwd WS_FTP INI
Or
"Index of /" "WS_FTP.ini" "parent directory"
Although the location or the file has been offlline, you can always find the content in the Google cache by using the following dork
"Cache: www.abc.com / WS_FTP.ini"
where
www.abc.com is a site that you want to check dork.
WS_FTP password encryption algorithm uses very low, so that once the password, you can break the decoder always here or here.
Hacking PHP
Sites is a PHP file called "config.php", which stores settings and a user name and password for the SQL database, the hosts of the site. This requires a password only once for each transaction (for example, when ever admin login, or trade is linked to the system administrator), and then define the parameter "require_once" config to a file or index file.
intitle: index.of config.php
To view the contents of php file
intitle: "Index of" phpinfo.php
You can also try the directory traversal attack in php with the following dork
inurl: download.php = filename
if you're lucky, to replace the name 'index.php', download, read and get the password (hint: if you are unable to find, try searching globals.php).
Since most websites today deny this trick, but you might get lucky few:) You might also want to look at the Hacking PHP 4.4 Sites in 20 seconds
SQL Dump
Let's hunt for the password stored in dumps the database SQL message here: SQL specifies the type of dump passes e10adc3949ba59abbe56e057f20f883e MD5 hash is 123,456, one of the most common passwords .. and maintain intext idiot can use to search within the landfill.
ext: SQL intext: intext@gmail.com: e10adc3949ba59abbe56e057f20f883e
ext: SQL intext: "INSERT INTO" intext: intext@somemail.com: password
Remember kids
1. Use a different email services, alternate gmail / yahoo mail instead of some mail, or try a custom domain email services.
2nd Use different file extensions.
Using a third different type of hash, some older must use MD4 and others may use other encryption algorithms first.
4. mix everything and try different combinations:)
It is not over.
Queries can be hunted WS_FTP.log very flexible, which in turn can reveal valuable information to the server.
+ + Htpasswd WS_FTP.LOG filetype: log
You can substitute "+ htpasswd" for "File +" and you can get different results are not mentioned before using the normal search. In addition, you can explore the file names using keywords like
phpinfo, admin, MySQL, password, htdocs, root, Cisco, Oracle, IIS, resume, Inc., sql, users, mdb, FrontPage, CMS, backend, https, editor, intranet
The list goes on .. You cam also try this information on my dork uploader
"Allinurl:" some.host.com "WS_FTP.LOG filetype: log"
that tells you more about that download files to a specific site, quite handy for some passive recognition.