Password Hacking Using Google

12/07/2011 23:00

Google is your best friend when it comes to piracy. The search engine giant pulled a lot of data that was intended to be protected by webmasters, hackers password via Google butAdvanced - easy to learn, quick to deploy. Today I will discuss some practical dorks will help you obtain the passwords, databases and directories vulnerable. The basic methodology remains the same query using Google dorks specialized with specific parameters and you're good to go. I guess you have basic working knowledge Google dorks.

We begin,

FTP passwords

WS_FTP.ini is the configuration file for a popular win32 FTP client that stores user names and (weakly) encoded passwords, sites and directories that the user can store for later use.

intitle: index.of WS_FTP.ini

You can also use this dork a "Parent Directory" to avoid results like directory listings

filetype: pwd WS_FTP INI


"Index of /" "WS_FTP.ini" "parent directory"

Although the location or the file has been offlline, you can always find the content in the Google cache by using the following dork

"Cache: / WS_FTP.ini"

where is a site that you want to check dork.

WS_FTP password encryption algorithm uses very low, so that once the password, you can break the decoder always here or here.

Hacking PHP

Sites is a PHP file called "config.php", which stores settings and a user name and password for the SQL database, the hosts of the site. This requires a password only once for each transaction (for example, when ever admin login, or trade is linked to the system administrator), and then define the parameter "require_once" config to a file or index file.

intitle: index.of config.php

To view the contents of php file

intitle: "Index of" phpinfo.php

You can also try the directory traversal attack in php with the following dork

inurl: download.php = filename

if you're lucky, to replace the name 'index.php', download, read and get the password (hint: if you are unable to find, try searching globals.php).

Since most websites today deny this trick, but you might get lucky few:) You might also want to look at the Hacking PHP 4.4 Sites in 20 seconds

SQL Dump

Let's hunt for the password stored in dumps the database SQL message here: SQL specifies the type of dump passes e10adc3949ba59abbe56e057f20f883e MD5 hash is 123,456, one of the most common passwords .. and maintain intext idiot can use to search within the landfill.

ext: SQL intext: e10adc3949ba59abbe56e057f20f883e

ext: SQL intext: "INSERT INTO" intext: password

Remember kids

1. Use a different email services, alternate gmail / yahoo mail instead of some mail, or try a custom domain email services.

2nd Use different file extensions.

Using a third different type of hash, some older must use MD4 and others may use other encryption algorithms first.

4. mix everything and try different combinations:)
It is not over.

Queries can be hunted WS_FTP.log very flexible, which in turn can reveal valuable information to the server.

+ + Htpasswd WS_FTP.LOG filetype: log

You can substitute "+ htpasswd" for "File +" and you can get different results are not mentioned before using the normal search. In addition, you can explore the file names using keywords like

phpinfo, admin, MySQL, password, htdocs, root, Cisco, Oracle, IIS, resume, Inc., sql, users, mdb, FrontPage, CMS, backend, https, editor, intranet

The list goes on .. You cam also try this information on my dork uploader

"Allinurl:" "WS_FTP.LOG filetype: log"

that tells you more about that download files to a specific site, quite handy for some passive recognition.