Googling for the Juicy Stuff Feb 10 2004

Check out Google a Dream come true (otherwise known as WATCH WHAT YOU PUBLISH ON THE WORLD WIDE WEB!!!)

Got to the honey page that linked to the paper above via search:

intitle: "Index+of..etc" + passwd

from http://johnny.ihackstuff.com/index.php?module=prodreviews via Google search for:

googledorks

via MSNBC via Slashdot.

I’ve seen this before (Google does, after all, index everything it finds that isn’t blocked by a robots.txt file) but it appears that it has gotten rather extreme.

*************************************

SEARCH PATHS……. more to be added

*************************************

“Index of /admin”
“Index of /password”
“Index of /mail”
“Index of /” +passwd
“Index of /” +password.txt
“Index of /” +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto

administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index

allintitle: “index of/admin”
allintitle: “index of/root”
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

inurl:passwd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:”auth_user_file.txt”
inurl:”wwwroot/*.”

WARNING: It is NOT a good idea to just go downloading files that are out there (even though by publishing the files on webservers the files are being “published” to the public, although almost certainly unknowingly). Webservers keep logs of files accessed, the IP address of the person accessing the files, and it really wouldn’t be hard to correlate your IP with a visit and a download. So resist the urge to go downloading people’s [probably] sensitive files. An email to the site admin wouldn’t hurt, though! 😉

Leave a Reply



sell diamonds