Google Hacking

Google is a really good search engine. It crawls your website very effeciently, so efficiently that it reads each and every page of your site except you block that!!! so there is a good chance that it will also read some files which are confidential like passwords files. But even then there ways to find them but we will concentrate here on finding those files via Google. The basic rule is find some common names which a web administrator could keep of these confidential files. Over past, I have found some good file names which can be searched on Google. Obviously you need to know some of the basic web programming to understand the code in these files( and some time encryption too :) ). But the bottom line is you can access these files very easily. Below are some queries which were working till now( but you can never be sure!!!) although web administrators are really clever they too know about these queries and block them as soon as possible. So some of these queries may not give you good results.

Here they go( search on Google for the following)

1) ext:ini eudora.ini
2)ext:inc “pwd=” “UID=”
3)ext:asa | ext:bak intext:uid intext:pwd -”uid..pwd” database | server | dsn ( This one sucks now!!!!)
4)index.of.etc ( a very good for finding /etc/pwd on linux
5)enable password | secret “current configuration” -intext:the ( give configration file for CISCO very useful in finding the network structure)
6)eggdrop filetype:user user ( useful for IRC usenames and passwords)
7) intitle:index.of config.php ( a really good one for database access)

this was all folks watch out for more.... thanks you are free to comment

* disclaimer: use at your own risk.