Google Tricks

There is a technique in which we make complex queries in Google in order to extract the information that we can use to hack website and many more stuff. Google hacking technique don't hack a website, but it provides information that assisst in hacking. This information is not available by making simple query in google.

Many people have misconsideration that in this technique we hack google.com, this is incorrect we don't hack google.com, 



no one does (after all it is a great search engine ;-) )

Before trying ur hand on google hacking i would like u to take care of some tips.

1. Don't use Google chrome for google hacking.

2. Open google.com now if u see ur email id on top right corner of ur browser then sign out first before performing google hacking.

3. Every website is not vulnerable to google hacking.

4. "|" used in google hacking means OR.

So now how to make complex queries. Complex queries are made by using google operators and ur innovation. There are several operators each have different function and give different result when used in google search query.

But it depends upon ur thinking power that how u make a query to find specific results. You can also use more than one operator at a time.Lets start with all operators 1 by 1.

1. Site operator:

This operator is basically used for searching basic information about a target website.

type in google the following:

site:website address

Following is example to how to use it:

type site:yahoo.com in google and see the results. You can now see all the other domains of yahoo.com. you can use any site instead of yahoo.com

Howover u may be thinking this information is very common. But hackers uasually use this information to learn all the links of a site.

A long time before i tried site:hotmail.com in google query and i got so only 2 links in result.

Google hacking is a technique in which we make complex queries in Google in order to extract the information that we can use to hack website and many more stuff. Google hacking technique don't hack a website, but it provides information that assisst in hacking. This information is not available by making simple query in google.

Many people have misconsideration that in this technique we hack google.com, this is incorrect we don't hack google.com,

no one does (after all it is a great search engine ;-) )

Before trying ur hand on google hacking i would like u to take care of some tips.

1. Don't use Google chrome for google hacking.

2. Open google.com now if u see ur email id on top right corner of ur browser then sign out first before performing google hacking.

3. Every website is not vulnerable to google hacking.

4. "|" used in google hacking means OR.

So now how to make complex queries. Complex queries are made by using google operators and ur innovation. There are several operators each have different function and give different result when used in google search query.

But it depends upon ur thinking power that how u make a query to find specific results. You can also use more than one operator at a time.Lets start with all operators 1 by 1.

1. Site operator:

This operator is basically used for searching basic information about a target website.

type in google the following:

site:website address

Following is example to how to use it:

type site:yahoo.com in google and see the results. You can now see all the other domains of yahoo.com. you can use any site instead of yahoo.com

Howover u may be thinking this information is very common. But hackers uasually use this information to learn all the links of a site.

A long time before i tried site:hotmail.com in google query and i got so only 2 links in result.

5. Username|Userid|employe.id|your username is

This operator can be used to obtain username from target. You sholud use "your username is" string with

intext operator. like intext:"your uesrname is"

Enter the follwoing code in Google:

username|userid|employee.id|your username is

if u get username then u can try to get the password of that site.

for example enter the following code to see in results ucan get username of some persons:

site:myspace.com username|userid|employee.id|your username is

or

site:myspace.com intext:username|userid|employee.id|your username is6. password|passcode|passkey|key|pwd|your password is

This operator can be used to reveal password from a website. It could also reveal the login authentication procedure. This query must used with site operator for specific results. Enter the follwoing in google:

password|passcode|key|pwd|your password is7. admin|administrator

This operator can get information about admin of website. However this operator give many irrevelant results too. Many times when error occurs we are provided with message to contact your administrator. So this query can also lead u too such results.

type following in google:

admin|administrator8. admin logon

This operator can reveal the admin login pages that is the page where admin logins a website.However this operator needs to be used along with inurl operator for better results. like

inurl:admin logon

If u get password of admin then u can own a site.

9. -ext or filetype:

This operator is similar to operator filetype: Both operators can be used to get file os particular formats.

-ext is synonym of filetype: operator. -ext is -ve operator that means it wont give any result if used alone. So use it with site: operator like: site:website name -ext:pdf

In case of filetype operator. For eg. if u want to get file of pdf format then type following in google:

filetype:pdf



It will give u all pdf files. but if u want a specific pdf file like crypto.pdf then try following

code in google:



intext:crypto filetype:pdf



This operator is very important if u are looking for some specfic file on internet. Suppose u want a file named crypto.mp3 from a specific website eg. so in order to find such file type u shall type following code



intext:crypto filetype:mp3



This operator can be used to search books, software, songs, videos, games etc.

for eg. try this :

filetype:pdf intext:Hacking



The filetype: operator can aslo be used to get passwords. For example we can search specific registry files that can contain password. The password is usually in encrypted form or in hexadecimal.

type following in google:



filetype:reg intext:"internet account manager"



similarily u can extract passwords from a .mdb, .pwd and other database extension files.



filetype:pwd intext:"password is"|"passcode"



try this:



filetype:pwd inurl:_vti_pvt inurl:authors|administrators10. inurl:temp|inurl:tmp|inurl:backup|inurl:bak

This operator basically searches for backup files on internet. This operator must be used with site: operator in order to find temperory or backup files of the target website. The temperory files and backup files can contain sensitive information.

The above query can also be written as inurl:temp|temperory|bak|backup

but remember when we use lots of OR's that is "|" in our query then we don't get much good results.

11. inurl:

This operator is also very useful one. Suppose u want to get the names of websites that contain a specific word. Then use this operator to assisst u. just type follwoing in google:

inurl:keyword

here keyword is the word that u want in url or web address.for eg. if I want to know ebsites that ontain crypto36 in their URLs I enter following in google:

inurl:crypto36

you can see it gives URLs that belong to my blogspot...!!!

Remember:

1. Avoid using lot of "|" in query.

2. The google hacking depends on ur thinking power & innovation. you can create ur own queries by using different operators.

3. Every website is not vulnerable to google hacking. Besause of awareness of google hacking many websites have started avoiding their specific pages to be displayed in google's result.

For example as i told u before the case of site:hotmail.com , now u wont find that result that i saw year ago.

inurls to hack security cameras

This trick is famous amongst kiddies

____________________________________________________________________

unless the owners purposely let Google crawl the link.

inurl: ViewerFrame?Mode=

inurl: ViewerFrame?Mode=Refresh

inurl: axis-cgi/jpg

inurl: axis-cgi/mjpg (motion-JPEG)

inurl: view/indexFrame.shtml

inurl: view/index.shtml

inurl: view/view.shtml

intitle:”live view” intitle:axis

intitle: liveapplet

allintitle:”Network Camera NetworkCamera”

intitle:axis intitle:”video server”

intitle: liveapplet inurl:LvAppl

intitle:”EvoCam” inurl:”webcam.html”

intitle:”Live NetSnap Cam-Server feed”

intitle:”Live View / – AXIS”

intitle:”Live View / – AXIS 206M”

intitle:”Live View / – AXIS 206W”

intitle:”Live View / – AXIS 210″

inurl:indexFrame.shtml Axis

inurl:”MultiCameraFrame?Mode=Motion”

intitle:start inurl:cgistart

intitle:”WJ-NT104 Main Page”

intext:”MOBOTIX M1″ intext:”Open Menu”

intext:”MOBOTIX M10″ intext:”Open Menu”

intext:”MOBOTIX D10″ intext:”Open Menu”

intitle:snc-z20 inurl:home/

intitle:snc-cs3 inurl:home/

intitle:snc-rz30 inurl:home/

intitle:”sony network camera snc-p1″

intitle:”sony network camera snc-m1″

site:.viewnetcam.com -www.viewnetcam.com

intitle:”Toshiba Network Camera” user login

intitle:”netcam live image”

intitle:”i-Catcher Console – Web Monitor”

inurls for xss and sqli

These are some common inurls that I used for finding sqli and xss through google

______________________________________________________________________



inurl: .com/php?id=



inurl: .com/search.htm



inurl: .com/search.php



inurl: .com/search.asp

Try to remain anonymous when u try to break in any system.

the simplicity of google hacking is like as below. type the following in google and hit enter:



"Confidential Not for distribution" site:com



"Confidential Not for distribution" site:edu



"Confidential Not for distribution" site:mil



"Confidential Not for distribution" site:gov



"Confidential Top Secret" site:gov



"Confidential Top secret" site:mil ;-)



You can see that by simply typing words like confidential you get that results that are some how not available in public.

try this too:



inurl:"htusers|htaccess|shadow|password" filetype:bak



inurl:"htusers|htaccess|shadow|password" filetype:log



intitle:"Welcome to IIS 4.0"



"VNC Desktop" inurl:5800

Posted in: web hackings