Google is a powerful suite of internet dominance. From complex search algorithms to cloud computing apps, it’s safe to assume that the company significantly owns the internet as we know it. But that has its perks too. In this guide, I’m going to show you how to leverage Google search to “hack” passwords and credit card numbers using simple search operators.
Quick disclaimer: Let’s pretend you really want to learn. This information is purely meant to be used for educational purposes only. We are not responsible for any injury, damage, or bruising of egos that occurs by attempting to re-create any of the content contained herein. Use good judgment and play nice.
If this disclaimer doesn’t sit well with you, here is a video of a cat twerking so you don’t feel like your click was wasted.
Otherwise, read on…
Understanding Google Hacking
Google uses bots to crawl and index websites. Basically, the bots follow the source pages of your website and try to understand its structure. Anything that is not marked with a no-index tag is ideally crawled and indexed, making it eligible to appear on Google search.
But here’s the problem. Even in today’s advanced age of encryption, there are still many poorly coded websites with sensitive information available in plain text. Aha! so here’s the trick. We can leverage Google Search to find any sensitive information googlebots may have found while crawling these sites.
How to “hack” using Google
You might be wondering – why is this guy using “hack” in quotes? Well, we are not really hacking anything. At least not in the Snowden sense. I’d say this is more of exploiting Google to perform an advanced search for us. But, po-ta-toe po-tah-toh
Below I’ve prepared a bunch of interesting searches you can perform on Google to find sensitive information such as premium digital downloads, credit card numbers, passwords, and the list goes on.
You May Like: How to Survive Google Panda Updates in 2020
To get started, try any of these searches:
Passwords and Backups
- intitle:”Index of” passwords modified
- allinurl:auth_user_file.txt
- “access denied for user” “using password”
- “A syntax error has occurred” filetype:ihtml
- allinurl: admin mdb
- “ORA-00921: unexpected end of SQL command”
- inurl:passlist.txt
- “Index of /backup”
- “Chatologica MetaSearch” “stack tracking:”
Credit Card Numbers
- Amex Numbers: 300000000000000..399999999999999
- MC Numbers: 5178000000000000..5178999999999999
- visa 4356000000000000..4356999999999999
Apps and Music
- “parent directory ” /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory ” DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory “Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory ” Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory ” MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory ” Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
*Notice that I am only changing the word after the parent directory. Change it to whatever you want and you will get a lot of stuff.
WordPress Premium Themes
- Index of /wp-content/themes/
*Enter the name of the theme you want after the last /
Premium Software e.g Windows, Adobe, etc
- inurl:microsoft filetype:iso
You can change the search string to whatever you want to get more iso files. For instance, you can change the string microsoft to adobe.
FrontPage Passwords
- “# -FrontPage-” inurl:service.pwd
FrontPage is a HTML editor for Windows which was part of the Microsoft Suite. Running the string above will yield encrypted passwords for websites made using the FrontPage editor. To decrypt the passwords, simply download John the Ripper and voila!
Website Access Analyzer Passwords
- “AutoCreate=TRUE password=*”
Website Access Analyzer is a Japanese program that collects web statistics for websites globally. Read more about the software here
Fetch inline passwords from Search Engines
- “http://*:*@www” domainname
Replace the string ‘domainname’ with your own domain name without .com or .net. For this, you can also search for “http://*:*@www” bangbus or “http://bob:bob@www”
Hack IRC Passwords
- “sets mode: +k”
This string reveals channel keys aka passwords retrieved from the IRC chat logs.
Database Passwords
- allinurl: admin mdb
This search yields a list of admin databases that contain usernames and passwords of the individual websites along with more sensitive info
DCForum Passwords
- allinurl:auth_user_file.txt
This is a downloadable text file that contains crackable passwords, usernames and email addresses for DCForum users.
Grab Passwords from Config Files
- intitle:”Index of” config.php
Config.php files ideally contain usernames and passwords for SQL databases. WordPress is a good example of a system that uses config.php files. Gaining access to this file gives you full access to the database itself along with its secret keys 🙂
Accessing Backups
- filetype:bak inurl:”htaccess|passwd|shadow|htusers”
This will search for backup files (*.bak) created by website admins before updating to newer systems. If you want to retrieve some hidden information from the backup file, you can download and save it locally. If you want to mess up their backup. Simply change the file extension.
Final Words
Google Hacking (also known as Google Dorking) is technically not illegal. The advanced search operators were actually introduced by the company itself. Just be careful when trying to siphon data. Remember, hackers may plant malware intentionally for you find and “steal”.
Joke’s on you.
Tasty Treat: Here is the framework for the Nakuru County Government website