There’s a sport called “Google Hacking” which is all about searching for seemingly private websites using Google. In fact, you can only find public websites using Google, because private (password-protected) pages can’t be found by Google – so it’s no real hacking (let alone “cracking,” which would consist of deleting, changing or abusing the found data). But it’s fun nevertheless, and often enables people to discover pages someone was hoping for to stay private. This happens when the site is misconfigured, i.e. when the webmaster doesn’t know enough about how to set up a website. Here are some of the most popular and powerful “Google hack” search queries. Enter them at your own risk, and know that every once in a while you step onto a so-called honeypot (a fake website set up to lure hackers into it, with the goal of finding out more about them and their tactics). Finding Error Messages Search for: “A syntax error has occurred” filetype:ihtml You’ll find: Pages which caused errors the last time Google checked them. This may hint at vulnerabilities or other unwanted side-effects. How this works: The first phrase simply looks for an error the target server itself did once output. The “filetype” operator on the other hand restricts the result pages to only those which have the “ihtml” extension (which are sites using Informix). A related search is “Warning: mysql_query()”. Finding Seemingly Private Files Search for: (password | passcode) (username | userid | user) filetype:csv You’ll find: Files containing user names and similar. How this works: The “filetype” operator makes sure only “Comma Separated Values” files will be returned. Those are not typical web pages, but data files. “(password | passcode)” tells Google the file must contain either the text “password” or “passcode,” or both (the “|” character means “or”). Also, result pages are restricted to those containing either of the words “username,” “userid” or “user.” Finding File Listings Search for: intitle:index-of last-modified private You’ll find: Pages which list files found on the server. How this works: The “intitle” operator used above will ensure that the target page contains the words “Index of” in the title. This is typical for those open directories which list files (they will have a title like “Index of /private/foo/bar”). “Last modified” on the other hand is a column header often used on those pages. And the word “private” makes sure we’ll find something of interest. A related search query which finds FTP (File Transfer Protocol) information is intitle:index.of ws_ftp.ini Finding Webcams Search for: “powered by webcamXP” “Pro|Broadcast” You’ll find: Public webcams set up by people to film a location, or themselves. How this works: “Powered by WebcamXP” is a text found on specific kinds of webcam pages. A related search query to find cameras is inurl:“ViewerFrame?Mode=”. Finding Weak Servers Search for: intitle:“the page cannot be found” inetmgr You’ll find: Potentially weak (IIS4) servers. How this works: An old Microsoft Internet Information server may hint at security issues. This is one of many approaches that can be used to find such a weak server. Finding Chat Logs Search for: something “has quit” “has joined” filetype:txt You’ll find: Chat log files showing what people talked about in a chat room. How this works: Though the files found are all public, not everyone chatting on IRC (the Internet Relay Chat) is aware of potential logging mechanisms. The “filetype” operator makes sure only text files are found, and “has quit”/ “has joined” are automated messages appearing in chat rooms. This search is your chance to tune into people’s chatter. Note you should replace “something” with the thing you are looking for.
