Google Hacks

Published 7.26.2005 by jm | E-mail this post

Here are my favorite google hacks. As I find better ones, I will post them. Google has a very good webcrawling program, which manages to find anything if it is attached to the internet. Hiding somewhere in Google's database is nude pictures of that next door neighbor, and passwords to your boss's computer. These are a few of my favorite searches that I have used to (er, potentially!) gain access to universities, webcams, and offices.

filetype:htpasswd htpasswd

"index of/" "ws_ftp.ini" "parent directory"

intitle:index.of config.php

filetype:log inurl:"password.log"

"intitle:Cisco Systems, Inc. VPN 3000 Concentrator"

intitle:"active webcam page"

intitle:"Java Applet Page" inurl:ml

inurl:/etc/ filetype:OLD

inurl:passlist.txt

The following list was compiled at johnny.ihackstuff.com. It's too good of a list for me to take credit for it.

The Master List:

_vti_inf.html (694 hits)
service.pwd (11,800 hits)
users.pwd (23 hits)
authors.pwd (22 hits)
administrators.pwd (22 hits)
shtml.dll (780 hits)
shtml.exe (761 hits)
fpcount.exe (1,370 hits)
default.asp (2,170 hits)
showcode.asp (4 hits)
sendmail.cfm (5 hits)
getFile.cfm (7 hits)
imagemap.exe (510 hits)
test.bat (353 hits)
msadcs.dll (8 hits)
htimage.exe (513 hits)
counter.exe (164 hits)
browser.inc (11 hits)
hello.bat (18 hits)
default.asp\\ (2,170 hits)
dvwssr.dll (571 hits)
dvwssr.dll (571 hits)
dvwssr.dll (571 hits)
cart32.exe (9 hits)
add.exe (38 hits)
index.JSP (998 hits)
index.jsp (998 hits)
SessionServlet (46 hits)
shtml.dll (780 hits)
index.cfm (473 hits)
page.cfm (5 hits)
shtml.exe (761 hits)
web_store.cgi (16 hits)
shop.cgi (63 hits)
upload.asp (27 hits)
default.asp (2,170 hits)
pbserver.dll (6 hits)
phf (370 hits)
test-cgi (1,560 hits)
finger (23,900 hits)
Count.cgi (8,710 hits)
jj (5,600 hits)
php.cgi (170 hits)
php (48,000 hits)
nph-test-cgi (132 hits)
handler (9,220 hits)
webdist.cgi (35 hits)
webgais (37 hits)
websendmail (12 hits)
faxsurvey (27 hits)
htmlscript (50 hits)
perl.exe (340 hits)
wwwboard.pl (455 hits)
www-sql (26,500 hits)
view-source (641 hits)
campas (94 hits)
aglimpse (12 hits)
glimpse (4,530 hits)
man.sh (127 hits)
AT-admin.cgi (789 hits)
AT-generate.cgi (14 hits)
filemail.pl (5 hits)
maillist.pl (16 hits)
info2www (737 hits)
files.pl (267 hits)
bnbform.cgi (91 hits)
survey.cgi (93 hits)
classifieds.cgi (25 hits)
wrap (14,000 hits)
cgiwrap (1,270 hits)
edit.pl (114 hits)
perl (80,700 hits)
names.nsf (12 hits)
webgais (37 hits)
dumpenv.pl (7 hits)
test.cgi (1,560 hits)
submit.cgi (79 hits)
submit.cgi (79 hits)
guestbook.cgi (528 hits)
guestbook.pl (451 hits)
cachemgr.cgi (25 hits)
responder.cgi (4 hits)
perlshop.cgi (30 hits)
query (15,500 hits)
w3-msql (877 hits)
plusmail (12 hits)
htsearch (177 hits)
infosrch.cgi (19 hits)
publisher (2,610 hits)
ultraboard.cgi (24 hits)
db.cgi (96 hits)
formmail.cgi (420 hits)
allmanage.pl (5 hits)
ssi (9,550 hits)
adpassword.txt (39 hits)
redirect.cgi (60 hits)
f (124,000 hits)
cvsweb.cgi (78 hits)
login.jsp (241 hits)
login.jsp (241 hits)
dbconnect.inc (18 hits)
admin (57,000 hits)
htgrep (30 hits)
wais.pl (133 hits)
amadmin.pl (14 hits)
subscribe.pl (65 hits)
news.cgi (387 hits)
auctionweaver.pl (2 hits)
.htpasswd (2,390 hits)
acid_main.php (3 hits)
access_log (1,250 hits)
access-log (618 hits)
access.log (618 hits)
log.htm (386 hits)
log.html (1,310 hits)
log.txt (987 hits)
logfile (23,200 hits)
logfile.htm (76 hits)
logfile.html (671 hits)
logfile.txt (701 hits)
logger.html (37 hits)
stat.htm (398 hits)
stats.htm (687 hits)
stats.html (1,840 hits)
stats.txt (342 hits)
webaccess.htm (11 hits)
wwwstats.html (80 hits)
source.asp (11 hits)
perl (80,700 hits)
mailto.cgi (46 hits)
YaBB.pl (35 hits)
mailform.pl (670 hits)
cached_feed.cgi (6 hits)
cr (27,500 hits)
global.cgi (14 hits)
Search.pl (548 hits)
build.cgi (74 hits)
common.php (184 hits)
common.php (184 hits)
show (33,500 hits)
global.inc (114 hits)
ad.cgi (21 hits)
WSFTP.LOG (11 hits)
index.html~ (81,100 hits)
index.php~ (6,740 hits)
index.html.bak (690 hits)
index.php.bak (69 hits)
print.cgi (61 hits)
register.cgi (172 hits)
webdriver (35 hits)
bbs_forum.cgi (45 hits)
mysql.class (21 hits)
sendmail.inc (97 hits)
CrazyWWWBoard.cgi (68 hits)
search.pl (548 hits)
way-board.cgi (44 hits)
webpage.cgi (89 hits)
pwd.dat (22 hits)
adcycle (12 hits)
post-query (240 hits)
help.cgi (69 hits)

If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .

Previous hacks

Previous Hacks

This link kills spam

spam IP addresses

Cost of the War in Iraq

(JavaScript Error)

Two very recommended books:

. . The only hacking forum I have found worth mentioning here