How To Find Vulnerable Web Apps With Google

Search engines index a huge number of web pages and other resources. Hackers can use these engines to make anonymous attacks, find easy victims, and gain the knowledge necessary to mount a powerful attack against a network. Search engines are dangerous largely because users are careless. Further, search engines can help hackers avoid identification. Search engines make discovering candidate machines almost effortless. Listed here are a few common hacks performed with http://www.google.com/ (which is our favorite search engine, but you can use one of your own choosing if you'd like, assuming it supports all the same features as Google).

To find unprotected /admin, /password, /mail directories and their content, search for the following keywords inhttp://www.google.com/:

• "Index of /admin"
• "Index of /password"
• "Index of /mail"
• "Index of /" +banques +filetype:xls (for France)
• "Index of /" +passwd
• "Index of /" password.txt

To find password hint applications that are set up poorly, type the following in http://www.google.com/ (many of these enumerate users, give hints for passwords, or mail account passwords to an e-mail address you specify!):

• password hint
• password hint -email
• show password hint -email
• filetype:htaccess user

To find IIS/Apache web servers with FrontPage installed, type the following in http://www.google.com/ (run the encrypted password files through a password cracker and get access in minutes!):

• administrators.pwd index
• authors.pwd index
• service.pwd index
• allinurl:_vti_bin shtml.exe

To find the MRTG traffic analysis page for websites, type the following in http://www.google.com/:

• inurl:mrtg

To get access to unprotected global.asa(x) files or to get juicy .NET information, type the following inhttp://www.google.com/:

• filetype:config web (finds web.config)
• global.asax index (finds global.asax or global.asa)

To find improperly configured Outlook Web Access (OWA) servers, type the following in http://www.google.com/:

• inurl:exchange inurl:finduser inurl:root

Be creative, the possibilities are endless. Enjoy hacking.