TRICK USING GOOGLE ENGINE MACHINE OF SEARCHER
At this opportunity of usage of machine searcher of information of Google, to get hidden information and of vital importance’s where the information do not seen to pass/through method seeking of habit. This article pursuant at FAQ and discussion at computer network security mails sites of http://bugtraq.org and of http://insecure.org about method gathering of information relate to web hacking activities.
Tendency of usage of this technique [is] initially used to get information counted to the number of to machine goals and or get rights access factious. Seeking of information in accurate figure, quickly and [is] precisely constituted by is assorted [of] target and motif, just hopefully this presentation [is] used [by] for the purpose of searching information with a purpose to which is not destructive, but [is] to assist seeking of correct information, quickly and accurate for the purpose of useful and good.
Under this will be explained [by] about special command [at] Google, and will be explained [by] usage and congeniality of each – every command to get information hidden and of vital importance.
“Intitle:" [is] syntax govern to limit seeking which only yielding pregnant title [of] information [at] this topic of such. For example [at] seeking, “intitle:
Password of admin (without quotation mark). Seeking will look for pregnant page [of] word “password “as its title with especial priority “admin.
If [at] seeking there are two especial seeking queries, used by allintitle syntax: for seeking completely. For example [at] seeking “mdb allintitle:admin”. Hence seeking will limit [at] two especial subject [of] title that is “admin” and “mdb”.
“Inurl:” [is] syntax govern to limit seeking which only yielding all URL which only containing meant information keyword. For example seeking in,”inurl : database of mdb”. Seeking will yield all URL which only containing information about “database of mdb “.
Same thing also go into effect [at] this syntax, if there are two especial seeking query, used [by] [of] syntax “ allinurl:” to get url list.
For example seeking “ allinurl: etc / passwd , seeking will yield pregnant URL [of] information about “ etc” and “ passwd”. Slash sign of slash (“/”) among two words of etc and of password will be disregarded by machine searcher of Google.
: “site:” [is] syntax govern to limit seeking a[n information query pursuant to at one particular or sites of domain certain. For example [at] seeking of information: “site: itb.ac.id waveguide” (without quotation mark). Seeking will look for topic about waveguide at all of available page; yard [at] itb.ac.id domain.
: “cache:” will show list of web which have entered into database index of Google. For example:
: “cache: deffcon.org”, seeking will show list kept [at] Google for the page of deffcon.org.
: “ filetype:” [is] syntax govern [at] Google for the seeking of data [at] internet with certain ekstensi ( i.e. doc, etc ppt or pdf). For example [at] seeking: “confidental site:go.id filetype:doc ( without quotation mark). Seeking will yield data file with ekstensi “. doc” at all of containing go.id domain [of] information “ confidential”.
: “link:” [is] syntax governs [at] Google to show list of list webpage’s owning link [at] special webpage. As sample: “link: www.securityfocus.com” of showed enlist webpage owning link point [at] Security focus page.
: “related:” this syntax will give list of web pages which similar to page web which [in] indication.
For example: “related: www.securityfocus.com”, seeking will give list of web page which similar to Securityfocus homepage.
: “intext:” syntax govern this will look for word word [at] certain website. This command disregard or link of URL and page; yard title. For example:
: “intext:admin” ( without sign pluck), seeking will yield link [at] page web owning keyword owning admin keyword.
Some syntax query above wills very assisting in seeking of information and data more detail.
Google can become searcher machine to dig certain information and secret, information which [do] not be estimated able to advise weak side a[n system. [The] mentioned exploited by some of individual to [do/conduct] penetration a[n information system or server .
Syntax “Index of” can be used to get sites presenting index of browsing directory.
Web server with index of browsing able to be accessed, meaning whosoever can access [at] directory of web server, like within reason can be [done/conducted] [at] is local [of] directory in general.
[At] this opportunity to describe how usage of syntax “index of” to get [relation/link] [at] web server with directory make an index to browsing able to be accessed.. [The] mentioned represent the source of simple information can be obtained, however content of information oftentimes represent very important information. Just The information can be in the form of password access or transaction data of online very other important matter and.
Under this represent some example [of] usage of syntax “make an index to of” to get important information and sensitive in character.
ex:
Index of/ admin.
Index of/ passwd.
Index of/ password.
index of/ mail.
: " index of/" + passwd.
: " index of/" + password.txt.
: " index of/" +. htaccess.
: “index of/ secret"
: "index of/ confidential"
: “index of/ root"
: “index of/ cgi-bin"
: “index of/ credit-card"
: “index of / logs"
: “index of/ config"
: “index of of/Admin.Asp.
: “index of of/Login.Asp.
“allinurl:” or “inurl:” syntax using vulnerable yang [is] server atau sistem Mencari
1. Using syntax “ allinurl:winnt / system32/” ( with sign pluck ) will present list all link [at] server giving to access [at] forbidden directory like “ system32”. Sometimes will be got to access [at] cmd.exe [at] directory “system32” conducive [of] someone to take over to conduct system [at] server.
2. Using “allinurl: wwwboard/passwd.txt (with sign pluck) will present list all link [at] server owning weakness [at] “Password wwwboard”. Furthermore Solution about vulnerability “Password www.board” can be seen [at] network security site like or http://www.securityfocus.com of http://www.securitytracker.com.
3. Using syntax “inurl: history bash” (with sign pluck) will present list of link [at] server giving to access [at] file “ history bash” passing web. The file represents pregnant file history command [of] command list executed by administrator, what sometimes concerning information of sensitive like system password. Oftentimes password [at] system has encrypted, to get [his/its] original password [of] form which [is] this encrypted having to decrypted use program of password cracker. Time depth to get result of decrypted depended from program reliability and to the number of character which [is] encrypted
4. Using “inurl: config.txt” (with sign pluck) will present list all link [at] server giving to access [at] file “config.txt. This file contains important information [is] including value hash of administrator password and process of authentication from a database.
Syntax “inurl:” or “allinurl:” can be combined with the other syntax like [at] list here under:
Inurl: / cgi-bin/cart32.exe.
filetype:txt inurl:admin.
filetype:db inurl:admin.
filetype:cfg inurl:admin.
filetype:cfg inurl:mysql.
filetype:txt inurl:passwd.
inurl:iisadmin.
Inurl: auth_user_file.txt.
Inurl: orders.txt.
inurl:"wwwroot/*."
Inurl: adpassword.txt.
inurl:webeditor.php.
inurl:file_upload.php.
filetype:xls inurl:gov " restricted"
Index of ftp +. allinurl: mdb / cgi-bin/ + allinurl: allinurl:/CuteNews/show_archives.php allinurl:/scripts/cart32.exe mailto / phpinfo.php.
allinurl:/privmsg.php.
allinurl:/privmsg.php.
inurl:cgi-bin/go.cgi?go=*
allinurl:.cgi?page=.
allinurul:/modules/My_eGallery.
Searching a[n or system of server owning weakness with syntax “ intitle:” or “ allintitle:”
1. Using allintitle: “index of / root (without quotation mark) will present List of link [at] web server giving to access [at] forbidden directory like directory of root.
2. Using allintitle: " index of / admin ( without quotation mark ) will present link [at] site owning index of browsing able to be accessed for forbidden directory like directory “ admin”.
Usage of is differ from syntax “intitle:” or “allintitle:” combined with other syntax for example:
Of intitle:"Index”. sh_history.
of intitle:"Index" . bash_history.
of intitle:"index" passwd.
of intitle:"index" people.lst.
of intitle:"index" pwd.db.
of intitle:"index" etc/shadow.
of intitle:"index" spwd.
of intitle:"index" master.passwd.
of intitle:"index" htpasswd.
of intitle:"index" OR accounts members.
of intitle:"index" OR user_cart user_carts.
allintitle: filetype:doc sensitive.
allintitle: filetype restricted : mail.
allintitle: site:gov filetype:doc restricted.
allintitle:=*
allintitle:=*
allintitle:=*
Usage and combination [at] syntax [do] not only limit to presentation example [of] above. Still many again combination of syntax with various keyword able to be used. The mentioned base on willingness and creativity to try. It is better usage of discourse which have this describe is used by for the sake of which do not generate damage or loss.
Weakness at one particular or system of server knew [is] it is better [done/conducted] [by] sharing with pertinent system administrator so that can be of benefit to all [party/ side]. Because of big possibility result of from seeking of information can give information which [is] sensitive, what oftentimes concerning security facet or system of server.
Discourse about syntax which [is] very assisting in seeking of the information finally depends on target and intention in seeking of data. Do really [is] really [done/conducted] for the requirement of seeking of data, collecting information from a[n penetrating goals machine. Its final purpose bases on pertinent individual intention so that irresponsible writer to abuse of information which has describe. Like the saying of old aphorism “risk accounted on passenger
Google have sophisticated in such a way in seeking of data so that all information [in] internets earn searching us easily. Constructively operator seeking of Google, we earn easily look for or some file of MP3 [in] internet.
In principle, we will look for specific string like mp3, “index of of”,”last of modified”,”parent” etcetera. The String represent ordinary string [of] us meets [at] a Directory Listing [in] server web. Directory Listing [is] feature of server web able to present content a directory. The example as here. Become in fact we will look for Directory Listing which comprising file of MP3.
In fact there are some way of to look for file of MP3 , but we will try to comment the way of seeking use Directory Listing trick because representing the way of [is] most commonly used in this time and its fair to middling result .<-- more-> 3 [common/ public] format which commonly use in seeking:
Type 1 : [ Directory String + ( type inurl:)[file + [ name mp3] Type 2 : [ Directory String + ( type intitle:)[file + [ name mp3] Type 3 : [ Directory String + [ file of type + [ name mp3 + [ limiters]
: [Directory String] representing ordinary specific string [of] us meet [in] early list. There are some which can be used like: “index of of”,”last of modified”,”parent .
: ( inurl) ( intitle) : seeking operator [in] Google .
: [file of type] [is] file type we to look for. Representation in format extension of file. For Example: MP3, WMA, OGG etc [name mp3] [is] the name of file we to look for. No need complete. Enough just certain string estimating predicts unique and there are in name of file we to look for. Become can in the form of cutting of name of its artist name or song. For example: “Radiohead, “Kokoro No tomo”, etc [limiters] used to filter result which we wish from page which [do] not be expected. Because usually this listing directory [is] a directory alias [there] no extension hence we have to filter result owning [common/ public] extension like html , php , htm , asp etcetera .
For example we will try to look for file of MP3 of Minor Fort. It’s String Seeking [is]:
: “ index of of + “ mp3 + “ minor fort” - html - htm - php.
Then how if us wish to get corps of MP3 from a just artist, for example Fatboy Slim. Easy! justly use [of] operator of inurl , for example inurl:”fatboy” will give result where URL-NYA there are string “ fatboy” like url following : http://www.mp3ster.ru/mp3/mp3_1/F/Fatboy%2520Slim . Query wholy [is] :
: “index of of + “mp3 + inurl:”Fatboy” - html - htm - php.
Some result of seeking possible have invalid so that cannot can be accessed again. How interrogating [him/ it]?? Easy! Each; every file [in] directory have timestamp showing last when file of diupload . Remain we justly enhance [of] timestamp string to improve; repair result of seeking. [In] case seeking of Fatboy , in fact I also experience of constraint get result of valid [of] krn mostly have invalid . But after trik “timestamp” this is enhanced..... Got some special directory for the menyimpan of MP3 of Fatboy Slim. Its its[his] like this “ index of of + “ mp3 + “ 2005 + inurl:”Fatboy” - html - htm - Visible php [of] me enhance number 2005 as indicator that I wish newest result that is file owning year timestamp 2005 . Date of and month can also used to come its format soybean cake us .
After comprehending concept seeking of file of MP3 with Google it is of course will not be difficult if we like to look for other file like e-book, pictures jpeg, movies, and camera.
Copied from TRIK MENGGUNAKAN MESIN PENCARI GOOGLE By: Jigong Ceuhil 
www.jasakom.com
