How To Find Vulnerable Web Apps With Google


Search engines index a huge number of web pages and other resources. Hackers can use these engines to make anonymous attacks, find easy victims, and gain the knowledge necessary to mount a powerful attack against a network. Search engines are dangerous largely because users are careless. Further, search engines can help hackers avoid identification. Search engines make discovering candidate machines almost effortless. Listed here are a few common hacks performed with http://www.google.com (which is our favorite search engine, but you can use one of your own choosing if you'd like, assuming it supports all the same features as Google).

To find unprotected /admin, /password, /mail directories and their content, search for the following keywords inhttp://www.google.com:
  • "Index of /admin"
  • "Index of /password"
  • "Index of /mail"
  • "Index of /" +banques +filetype:xls (for France)
  • "Index of /" +passwd
  • "Index of /" password.txt
To find password hint applications that are set up poorly, type the following in http://www.google.com (many of these enumerate users, give hints for passwords, or mail account passwords to an e-mail address you specify!):
  • password hint
  • password hint -email
  • show password hint -email
  • filetype:htaccess user
To find IIS/Apache web servers with FrontPage installed, type the following in http://www.google.com (run the encrypted password files through a password cracker and get access in minutes!):
  • administrators.pwd index
  • authors.pwd index
  • service.pwd index
  • allinurl:_vti_bin shtml.exe
To find the MRTG traffic analysis page for websites, type the following in http://www.google.com:
  • inurl:mrtg
To get access to unprotected global.asa(x) files or to get juicy .NET information, type the following inhttp://www.google.com:
  • filetype:config web (finds web.config)
  • global.asax index (finds global.asax or global.asa)
To find improperly configured Outlook Web Access (OWA) servers, type the following in http://www.google.com:
  • inurl:exchange inurl:finduser inurl:root
Be creative, the possibilities are endless. Enjoy hacking

3 comments:

HappyChappy - The Blog said...

Dude I LIKE UR blOG. lOVE TO HACK...

jane holly said...

This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change

Email: onlineghosthacker247@ gmail .com

Amalia Eva said...

I Want to use this medium in appreciating hacking setting, after being ripped off my money,he helped me find my cheating lover whom i trusted alot and he helped me hack his WHATSAPP, GMAIL and kik and all other platforms and i got to know that he has being cheating on me, in less than 24 hours he helped me out with everything, hacking setting is trust worthy and affordable contact him on: hackingsetting50 at gmail dot com

Post a Comment

STEALTH HACKER

Sponsers