This post is about "how to use google or other search engines to uncover unprotected information", which is also called "Google Reconnaissance". The steps are shown below.
Step:1|| Open your web browser and the URL www.google.com
Step:2|| Click on advance search to display the advance search screen.
Step:3|| In the text box that says, "Find web pages that has all these words:" enter "login:*" "password=*".
Step:4|| Under the file type select Microsoft Excel (.xls). The page should look like this:
step:5|| Click on Advanced search, the pages with result will be displayed.
Open selected documents and view their contents.
Step:6|| This time we will look for a list of password in clear text. In the text box that says, "Find web pages that has all these words:" erase any content and replace with "index.of passlist". And change the format type to any format. The page should look like this:
Step:7|| click on advanced search. the pages of result will be displayed.
After opening some documents and view their contents, I've found out that most of the results are rubbish, but this page was really interesting as google didn't allow me to access it. It seems that google is now aware of these hackers trying to hack using google and trying to stop them from doing so.
however, i tried a different search quote which has bring me some result. I typed inurl:passlist.txt searched for it. the result page shown like this:
after going through several pages I've finally found out something interesting. here it is, have a look.
References:
1. Security+ guide to Network Security Fundamentals, Third edition, by Mark Ciampa. page: 31-33.
No comments:
Post a Comment