This tutorial shows you security issues with Google that can allow you to hack other people's sites. PAGES THAT CAN'T BE SEARCHED"robots.txt" "disallow:" filetype:txtFTP PASSWORD HASHESintitle:index of ws_ftp.iniintitle:"index of" passwd passwd.bakFRONT PAGE HACKinurl:_vti_pvt "service.pwd"PHP PHOTO ALBUMSinurl:"phphotoalbum/upload"VNC HACK"vnc desktop" inurl:5800 ....all the way up to 5806PRINTER CONTROL PANELSintext"UAA(MSB)" Lexmark -ext:pdfinurl:"port_255" -htmPHP ADMINSintitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
inurl:”ViewerFrame?Mode=
intitle:Axis 2400 video server
inurl:/view.shtml
intitle:”Live View / - AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed” intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M” intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″ inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion” intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page” intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu” intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:snc-z20 inurl:home/ intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/ intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″ site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login intitle:”netcam live image”
intitle:”i-Catcher Console - Web Monitor”
wow i am on live search too the top two and my webcam too http://search.msn.com/results.aspx?srch=105&FORM=IE7RE&q=wulfenterprises
GOOGLE H33T SEARCHING
In this artile I will cover different fun and useful examples of how these syntaxes covered in the above article can be used. First we will start out with a fun trick to gain access to certain webcams that have online control panels. Some of these you can even control the pan, tilt, zoom, and focus on. Most of these webcams are used as security cameras. They are the Axis series webcams. To access these we will be using the 'inurl'command as follows:
inurl:view/index:shtml
Just by typing in this simple statement you will have access to all of these webcams. I usually pull up over 10,000 of these webcams with this search.
Now we all know how much limewire and other pvp downloading tools are just inefficent and usually result in too much spyware and viruses. Torrents are great if you want everything by an artist or an entire album. If you want 1 song, there's a google goodie for that too. This can be used for all sorts of media, including videos and movies. This is done by using the 'intitle' command while search for 'index.of' which is a common trick with google.
intitle:"index.of" (mp3|mp4|avi) SEARCH.FOR.THIS -html -htm -php -asp -cf -jsp
All you have to do is replace SEARCH.FOR.THIS with what you want to find. The reason for the periods is because it stands for a space, underscore, backslash, ect., in google searches. The reason for the | between the mp3, mp4, and avi is because it is the symbol for OR on google. This will make it search for mp3, mp4, or avi. The -html -htm -php -asp -cf -jsp is to rule out any other type of media from being found in the search.
Another good 'intitle' 'index.of' trick is to find some cookies, and everyone loves cookies.
intitle:"index.of" cookies.txt
Another commonly seen google goodie is the 'inurl' command to find vulnerable websites. There is a file called service.pwd found in the _vti_pvt file on websites made with microsoft frontpage.
inurl:_vti_pvt "service.pwd"
Although this is a common vulnerablity, the password located in this file is encrypted. The encryption is in DES, and I will not be discussing this in this article. However, I will be writing a seperate article on DES cracking through brute forcing.
Another good 'inurl' trick is used to access PHPhotoalbum control panels. Which can be quite fun if you want to tag your logo into other peoples photo albums.
inurl:"phphotoalbum/upload"
There are pages that websites disallow from being pulled up by a search engine. Fortunately a list of these sites can be found by google. Using the following:
"robots.txt" "disallow:" filetype:txt
robots.txt contains a list of the pages that the domain disallows search engines from pulling up.
Some printer control panels can be accessed online through google using the following:
lexmark "intext:uaa msb " -ext:pdf -hacks -html -htm
Here is another way to find webcams using Google. You can use the search term below to Google it out. Just copy the whole words in the quote and paste it in Google and click Search.
“powered by webcamXP” Pro|Broadcast
In case you’re getting too many results which offering the same tutorial, you can use this terms. But I should warn you it might give less result but at least it’s the links to the cameras and not to other tutorials.
“powered by webcamXP” Pro|Broadcast online gallery
“powered by webcamXP” Pro|Broadcast source
“powered by webcamXP” Pro|Broadcast gallery image
Another way to search online web cams is by using the search term as below:
inurl:”ViewerFrame?Mode=”
but as usual, you might get a lot of result to other tutorials. You can narrow it down by using these keywords:
inurl:”ViewerFrame?Mode=” pan
inurl:”ViewerFrame?Mode=” tilt
But I have to warn you, by adding the word “pan” and “tilt” at the back might give you results only in English. In other term, you will lose other search results from webpages that is using other characters than English such as Japan and Korea where the use of these types of camera are widely used there.
Hopefully this gives you a little bit better understanding of how the google advanced syntax works. Have fun.