Monday 4 July 2011

Use Google for Hacking

Google serves almost 80 percent of all search queries on theInternet, proving itself as the most popular search engine. HoweverGoogle makes it possible to reach not only the publicly availableinformation resources, but also gives access to some of the mostconfidential information that should never have been revealed. Inthis post I will show how to use Google for exploiting securityvulnerabilities within websites. The following are some of thehacks that can be accomplished using Google.

1. Hacking Security Cameras

There exists many security cameras used for monitoring places likeparking lots, college campus, road traffic etc. which can behacked using Google so that you can view the images captured by thosecameras in real time. All you have to do is use the following searchquery in Google. Type in Google search box exactly as follows and hitenter
Click on any of the search results (Top 5 recommended) and you willgain access to the live camera which has full controls.
you now have access to the Live cameras which work in real-time.You can also move the cameras in all the four directions, performactions such as zoom in and zoom out. This camera has really a lessrefresh rate. But there are other search queries through which youcan gain access to other cameras which have faster refresh rates. Soto access them just use the following search query.
intitle:”Live View / – AXIS”
Click on any of the search results to access a different set oflive cameras. Thus you have hacked Security Cameras using Google.

2. Hacking Personal and Confidential Documents

Using Google it is possible to gain access to an email repositorycontaining CV of hundreds of people which were created when applyingfor their jobs. The documents containing their Address, Phone,DOB, Education, Work experience etc. can be found just in seconds.
intitle:”curriculum vitae” “phone * * *” “address*” “e-mail”
You can gain access to a list of .xls (excel documents) whichcontain contact details including email addresses of large group ofpeople. To do so type the following search query and hit enter.
filetype:xls inurl:”email.xls”
Also it’s possible to gain access to documents potentiallycontaining information on bank accounts, financial summaries andcredit card numbers using the following search query
intitle:index.of finances.xls

3. Hacking Google to gain access to Free Stuffs

Ever wondered how to hack Google for free music or ebooks. Wellhere is a way to do that. To download free music just enter thefollowing query on google search box and hit enter.
“?intitle:index.of?mp3 eminem“
Now you’ll gain access to the whole index of eminem album wherein you can download the songs of your choice. Instead of eminem youcan subtitute the name of your favorite album. To search for theebooks all you have to do is replace “eminem” with your favoritebook name. Also replace “mp3″ with “pdf” or “zip” or“rar”.

4. Using Google, and some finely crafted searcheswe can find a lot of interesting information.

For Example we can find:
Credit Card Numbers
Software/ MP3′s
…… (and on and on and on) Presented below is just asample of interesting searches that we can send to google to obtaininfo that some people might not want us having.. After you get ataste using some of these, try your own crafted searches to find infothat you would be interested in.
Try a few of these searches:
intitle:”Index of” passwordsmodified
“access deniedfor user” “using password”
“A syntax error has occurred”filetype:ihtml
allinurl: admin mdb
“ORA-00921: unexpected endof SQL command”
“Index of/backup”
“Chatologica MetaSearch” “stack tracking:”
Amex Numbers: 300000000000000..399999999999999
MC Numbers:5178000000000000..5178999999999999
“parent directory ” /appz/ -xxx -html -htm -php -shtml-opendivx -md5 -md5sums
“parent directory ” DVDRip -xxx -html-htm -php -shtml -opendivx -md5 -md5sums
“parent directory “Xvid-xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parentdirectory ” Gamez -xxx -html -htm -php -shtml -opendivx -md5-md5sums
“parent directory ” MP3 -xxx -html -htm -php -shtml-opendivx -md5 -md5sums
“parent directory ” Name of Singer oralbum -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Noticethat I am only changing the word after the parent directory, changeit to what you want and you will get a lot of stuff.


put this string in google search:
?intitle:index.of? mp3
Youonly need add the name of the song/artist/singer.
Example:?intitle:index.of? mp3 jackson


put this string in google search:
You can change the string to watever you want, to adobe, iso to zip etc…

“# -FrontPage-”inurl:service.pwd
Frontpage passwords.. very nice clean searchresults listing !!

“AutoCreate=TRUE password=
This searches thepassword for “Website Access Analyzer”, a Japanese software thatcreates webstatistics. For those who can read Japanese, check out theauthor’s site at: []

“http://:@www” domainname
This is a query toget inline passwords from search engines (not just Google), you musttype in the query followed with the the domain name without the .comor .net

“http://:@www” bangbus or “http://:*@www”bangbus
Another way is by just typing
“sets mode: +k”
This search reveals channel keys(passwords) on IRC as revealed from IRC chat logs.

allinurl:admin mdb
Not all of these pages are administrator’s accessdatabases containing usernames, passwords and other sensitiveinformation, but many are!
DCForum’s password file.This file gives a list of (crackable) passwords, usernames and emailaddresses for DCForum and for DCShop (a shopping cart program(!!!).Some lists are bigger than others, all are fun, and all belong togoogledorks. =)
intitle:”Index of” config.php
This search brings up siteswith “config.php” files. To skip the technical discussion, thisconfiguration file contains both a username and a password for an SQLdatabase. Most sites with forums run a PHP message base. This filegives you the keys to that forum, including FULL ADMIN access to thedatabase.
eggdrop filetype:user user These are eggdrop config files.Avoiding a full-blown descussion about eggdrops and IRC bots, sufficeit to say that this file contains usernames and passwords for IRCusers.
intitle:index.of.etc This search gets you access to the etcdirectory, where many many many types of password files can be found.This link is not as reliable, but crawling etc directories can bereally fun!
filetype:bak inurl:”htaccess|passwd|shadow|htusers” This willsearch for backup files (*.bak) created by some editors or even bythe administrator himself (before activating a new version). Everyattacker knows that changing the extenstion of a file on a webservercan have ugly consequences.
Let’s pretend you need a serial number for windows xp pro.
In the google search bar type in just like this – “Windows XPProfessional” 94FBR
the key is the 94FBR code.. it was included with many MS Officeregistration codes so this will help you dramatically reduce theamount of ‘fake’ porn sites that trick you.
or if you want to find the serial for winzip 8.1 – “Winzip8.1″ 94FBR
Credits and More Info
I have shown you this info to let you know that there is a realrisk putting your info online. If you do want to buy stuff onlinemake sure the site you are using is secure normally if a site issecure you will see a pop up saying you are now entering a securepart of the site or a symbal of a padlock at the bottom of yourbrowser or just use pay pal, pay pal is very safe to use. But most ofthe time just use common sense if a site looks cheap it normallyhasn’t got the protection to keep your info safe. I am not sayingdon’t buy stuff online because that is one of the best thing’sabout the internet i am just saying be aware of websites that wantyour bank details and there is no symbal of a padlock at the bottomof your browser

5.Crash a Computer using Flash and Google.

Open up a new flash document. Open up the Actions panel for thestage of the first frame. If it’s in Actionscript 2, write thefollowing:
onEnterFrame = function () {
getURL(“”, “_blank”);
Or if it’s actionscript 3 write the following:
function openGoogle(e:Event):void {
navigateToURL(“”, “_blank”);
stage.addEventListener(Event.ENTER_FRAME, openGoogle);
Press Control-Enter when you’re ready to crash your computer.What this does is repeatedly open up new tabs of Google. But it opensso many Google tabs every second that after maybe 20-30 seconds yourcomputer will barely be able to respond to you mouse clicks or evenmouse movements. Usually, any attempt to stop it will result inprocessing overload and cause the computer to freeze. The only realway to stop this is to force-quit BOTH flash.exe andiexplorer.exe. Some teachers may know enough to dothis, but might accidentally close explorer.exe