Skip to main content

Google Hacking DataBase (GHDB)

Google Hacking involves using advance operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific ver- sions of vulnerable Web applications. The following search query would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, e.g., "Powered by XOOPS 2.2.3 Final".
The following search query will locate all websites that have the words "admbook" and "version" in the title of the website. It also checks to ensure that the web page being accessed is a PHP file:d
mbook intitle:admbook intitle:version filetype:php
Another technique is searching for insecure coding practices in the public code indexed by Google Code Search or other source code search engines. One can even retrieve the username and pass- word list from Microsoft FrontPage servers by inputting the given microscript in Google search field:
"#-Frontpage-" inurl:administrators.pwd
Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode =" will find public web cameras.


Examples of queries that can help a hacker gain a foothold into a web server

(intitle:"SHOUTcast Administrator")|(intext:"U SHOUTcast D.N.A.S. Status")
(intitle:"WordPress › Setup Configuration File")|(inurl:"setup-config.php?step=")
"index of /" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | )
"Please re-enter your password It must match exactly"
intitle:"net2ftp" "powered by net2ftp" inurl:ftp OR intext:login OR inurl:login
intitle:MyShell 1.1.0 build 20010923
intitle:"YALA: Yet Another LDAP Administrator"
intitle:"ERROR: The requested URL could not be retrieved" "While trying to retrieve the URL" "The following error was encountered:"
inurl:"phpOracleAdmin/php" -download -cvs
PHPKonsole PHPShell filetype:php -echo
filetype:php HAXPLORER "Server Files Browser"
inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx
(inurl:81/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")
intitle:"Web Data Administrator - Login"
"adding new user" inurl:addnewuser -"there are no domains"
PHP Shell (unprotected)
Public PHP FileManagers
+htpasswd +WS_FTP.LOG filetype:log
intitle:admin intitle:login

Files containing usernames

These files contain usernames, but no passwords... Still, google finding usernames on a web site... inurl:"login="
intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user"
OWA Public folders & Address book
filetype:conf inurl:proftpd.conf -sample
filetype:log username putty
filetype:reg reg +intext:"internet account manager"
filetype:reg reg HKEY_CURRENT_USER username
+intext:"webalizer" +intext:"Total Usernames" +intext:"Usage Statistics for"
inurl:php inurl:hlstats intext:"Server Username"
index.of perform.ini
"index of" / lck
inurl:admin filetype:asp inurl:userlist
inurl:admin inurl:userlist
sh_history files
bash_history files

Sensitive Directories

Google's collection of web sites sharing sensitive directories. The files contained in here will vary from sesitive to uber-secret!

allintext:"WebServerX Server at"
intitle:index.of ios
intitle:index.of cisco asa
allintitle:"FirstClass Login" intext:"Reading path paramaters" -edu
"Warning: Installation directory exists at" "Powered by Zen Cart" -demo
"Welcome to the directory listing of" "NetworkActiv-Web-Server"
log inurl:linklint filetype:txt -"checking"
"Directory Listing for" "Hosted by Xerver"
intitle:"pictures thumbnails"
intitle:"Folder Listing" "Folder Listing" Name Size Date/Time File Folder
intitle:"Backup-Management (phpMyBackup v.0.4 beta * )" -johnny.ihackstuff
intitle:index.of WEB-INF
intitle:index.of /maildir/new/
filetype:ini Desktop.ini intext:mydocs.dll
filetype:torrent torrent
"Index of" rar r01 nfo Modified 2004
"Web File Browser" "Use regular expression"
intitle:"HFS /" +"HttpFileServer"
intitle:upload inurl:upload intext:upload -forum -shop -support -w3c
intitle:"index of" inurl:ftp (pub | incoming)
allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/"
intitle:index.of abyss.conf
intitle:"Index of /CFIDE/" administrator
"Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" )
intitle:"index of" "parent directory" "desktop.ini"
intext:"Powered By: TotalIndex" intitle:"TotalIndex"
"intitle:Index.Of /" stats merchant cgi-* etc
intitle:"index of" intext:"content.ie5"
intitle:"index of" -inurl:htm -inurl:html mp3
intitle:"Directory Listing For" intext:Tomcat -int
intitle:"webadmin - /*" filetype:php directory filename permission
intitle:index.of (inurl:fileadmin | intitle:fileadmin)
intitle:"Index of *" inurl:"my shared folder" size modified
intitle:index.of /AlbumArt_
intext:"d.aspx?id" || inurl:"d.aspx?id"
intitle:index.of (inurl:fileadmin | intitle:fileadmin)
"index of" / picasa.ini

Share this with your friends