UGN Security Forums UGN Security: Underground General Google is your friend.

There was a very interesting article written in The Register today (you can find it here ). The article points out that while Google is a great search engine that can be used for good, it can also be used by evil individuals to find out vulnerabilities or discover passwords, etc.

This is done by using the advanced search operators like site: intitle: inurl: (check out the complete list of Google Advance Search Operators here ) and combining them with the usual error messages.

For example searching in Google for something like intitle:"Index of..etc" passwd will return about 190 sites where you can access the passwd file. From there it's just a matter of time while JTR does the rest of the work for you.

Combine the above search with site:www.enter_site_here.com and google for something like : site:www.enter_site_here.com intitle:"Index of..etc" passwd and you'll be able to find out if you can access the passwd file of the site you are looking for.

There is more to this than just passwd files. Googleing for stuff like mysql or php error messages can reveal a lot of stuff as well. I guess it depends of how creative you get. Of course you can use a robots.txt file to specify the paths of the folders/files you don't want google to list, but someone could allways look for the robots.txt file and find out what you are trying to hide.

This reminds me of that post about the interesting stuff you can find using the right words in Kazaa.

.eml baybee!

yeah, but just watch out. it's not to hard for a web admin to forge that stuff. and create false logins to sit there and watch you.//

Yeah, as a matter of fact I have seen one such "honney pot" right here .

But I'm quite sure they can't arrest me for searching "passwd" on Google, and entering their site.

More info on this subject can be found here , in case anyone wants to see what else can be done.

I just marked that page in my favorites. Thanks for the link...

Yes, I wouldn't limit it to google as you said. About any search engine would work. People have to realize what they are opening up to the public. Check configurations atleast twice, regardless of a webserver, a P2P client/server, or a vanilla installation of windows.

I tend to run anti-virus, adware, spyware, trojan, web exploits, port scanners, etc on myself. Better finding these things yourself than someone else doing it for you

how I do love Google

Dood it's not just google, google is liek the word "hacker" right now, it's becoming annoyingly [censored] stupid. How about I eat muh brefas bacon, and [censored] slap the [censored] that's keeping this google fad going. People don't realize until they actually look until the surface that google has internal boolean modifiers, you can mold the search options to search for VERY specific file info. Images, text, exploitage, cacheing. Hell I just translated a cache of a dead site for my lostcity stargate community. then the site came active again, and through the translation cache url it refreshed to take on the uppage in liek seconds. Yea that is html, but it's advanced stuff for a searcher. Then think about calculations, conversions, all kinds of [censored] google does, and then matches to a search. Liek I'm 203 centimeters if I make it centimeters, if I do liek 80in to cm I get to see what knowledge is out there on 6'8 converted to cm things that are 23 centi meter's long such..heh I just woke at 7 watching part 1 to 2 part stargate sg-1 season 7 end to season 8, and atlantis switch over. yar...google is elite, but ppl are lame about it, it always seems. But I do disliek ignorance, and liek stubborness to be ignorant...so...

weeve, that thing with the inches and centimeters
I have a feeling I have heard that somewhere before.