Search engines index a huge number of web pages and other resources. Hackers can use these engines to make anonymous attacks, find easy victims, and gain the knowledge necessary to mount a powerful attack against a network. Search engines are dangerous largely because users are careless. Further, search engines can help hackers avoid identification. Search engines make discovering candidate machines almost effortless. Listed here are a few common hacks performed with http://www.google.com (which is our favorite search engine, but you can use one of your own choosing if you'd like, assuming it supports all the same features as Google).
To find unprotected /admin, /password, /mail directories and their content, search for the following keywords in http://www.google.com:
- "Index of /admin"
- "Index of /password"
- "Index of /mail"
- "Index of /" +banques +filetype:xls (for France)
- "Index of /" +passwd
- "Index of /" password.txt
To find password hint applications that are set up poorly, type the following in http://www.google.com (many of these enumerate users, give hints for passwords, or mail account passwords to an e-mail address you specify!):
- password hint
- password hint -email
- show password hint -email
- filetype:htaccess user
To find IIS/Apache web servers with FrontPage installed, type the following in http://www.google.com (run the encrypted password files through a password cracker and get access in minutes!):
administrators.pwd index
authors.pwd index
service.pwd index
allinurl:_vti_bin shtml.exe
inurl:mrtg
To get access to unprotected global.asa(x) files or to get juicy .NET information, type the following in http://www.google.com:
- filetype:config web (finds web.config)
- global.asax index (finds global.asax or global.asa)
To find improperly configured Outlook Web Access (OWA) servers, type the following in http://www.google.com:
- inurl:exchange inurl:finduser inurl:root
