display | more...

Hacking with google (or google hacking) is one way for a bored hacker to spend time. The basic idea of google hacking is that there are built in commands for google that will allow you to view sensitive data on other websites.

The first way is using "index.of" before a word. For example, typing "index.of.cheese" into google will produce the index of any site who's main topic is cheese, assuming the index is unguarded.

The second command is "filetype:" this is useful if you know what to look for. For example, I could look for a config file by typing "filetype:cfg" into google.

The third basic command (and the last one I'll go over) is "inurl:" this can be combined with the previous command for a nice search string such as "inurl:passwords filetype:xsl" or something to that effect. Good look.

Neither the author nor Everything2.com assume responsibility for the use of this information in any unlawful manner.

Added: 12/23/03: It seems that the "filetype:" no longer works, at least for me. So let me add this:

Another option is "site:" for example, "site:mil" will show you millitary sites. one can then look for "site:gov inurl:admin" or something along those lines.

Another usefull tip: Microsoft frontpage is accesible on a lot of sites, just by looking for "inurl:fpadmin" you can find these files and edit a webpage.

Log in or register to write something here or to contact authors.