How To Find Vulnerable Web Apps With Google

Search engines index a huge number of web pages and other resources. Hackers can use these engines to make anonymous attacks, find easy victims, and gain the knowledge necessary to mount a powerful attack against a network. Search engines are dangerous largely because users are careless. Further, search engines can help hackers avoid identification. Search engines make discovering candidate machines almost effortless. Listed here are a few common hacks performed with (which is our favorite search engine, but you can use one of your own choosing if you'd like, assuming it supports all the same features as Google).

To find unprotected /admin, /password, /mail directories and their content, search for the following keywords in
  • "Index of /admin"
  • "Index of /password"
  • "Index of /mail"
  • "Index of /" +banques +filetype:xls (for France)
  • "Index of /" +passwd
  • "Index of /" password.txt
To find password hint applications that are set up poorly, type the following in (many of these enumerate users, give hints for passwords, or mail account passwords to an e-mail address you specify!):
  • password hint
  • password hint -email
  • show password hint -email
  • filetype:htaccess user
To find IIS/Apache web servers with FrontPage installed, type the following in (run the encrypted password files through a password cracker and get access in minutes!):
  • administrators.pwd index
  • authors.pwd index
  • service.pwd index
  • allinurl:_vti_bin shtml.exe
To find the MRTG traffic analysis page for websites, type the following in
  • inurl:mrtg
To get access to unprotected global.asa(x) files or to get juicy .NET information, type the following in
  • filetype:config web (finds web.config)
  • global.asax index (finds global.asax or global.asa)
To find improperly configured Outlook Web Access (OWA) servers, type the following in
  • inurl:exchange inurl:finduser inurl:root
Be creative, the possibilities are endless. Enjoy hacking


Devesh said...


Post a Comment