More Evil Things to Type into Google

Posted by: Rea Maor In: Security and Prevention - Wednesday, September 12th, 2007

Part one is Available here: Evil Things to type into Google

More searches which Mother Nature never intended! Most of these are handy for finding security exploits on your own site; simply add a string from your own domain’s URL to check. But really, why limit ourselves? If it has an evil purpose, I’m including it. By the way, there is nothing illegal about typing in a search string; it is up to the website to secure this data. It’s what you DO with this information that you find which makes all of the difference.

signin filetype:url – OK, class, this is how we do NOT use Javascript to manage our passwords. Any questions?

Javascript password block

“index of /” ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl ) – A great way to find file upload pages on websites. Most of these will be password protected; every now and then you find one that isn’t! Like this German Spanish site…

image upload

I guess some civic-minded folk want to provide you with free file storage…

(intitle:”WordPress › Setup Configuration File”)|(inurl:”setup-config.php?step=1″) – WordPress has become one of the leading blog systems out there. So you should be aware that if you run WordPress, there are black-hat hackers out there working around the clock to find a vulnerability on your site. Some of the hits returned from this search will be people who never configured it after they installed it, so it’s waiting for anyone to find it and take over.

Now that we’re done plowing through all of the boring security research stuff, here’s a couple of cute tricks. In these last two cases, these may not be security violations at all; they might be intentionally giving the stuff away and the worst you’re doing is bypassing an ad or two.

DSC00001.JPG – This was in a lot of bookmark sites lately. What you do is search Google images for this string… and if nobody else is looking, turn “safe search” off! What this is is the default naming scheme for image files taken on Sony digital cameras. People post the picture without renaming it. And don’t forget DSC00002.JPG, DSC00003.JPG, and so on.

Judging by my browsing so far, the first thing most people photograph is their girlfriend.

intitle:”index of” ”last modified” ”parent directory” (wmv|mp3) – At last the one everybody was waiting for: finding free media! Now, this example gives you directories with movie files in either MWV (Windows Media Viewer) or MP3. To find files on a particular subject, just enter the name of that subject. I’ll not speculate on what kind of movies you might be looking for – but I’m sure you’ll think of something!

To change that to some other media file, you can try replacing wmv with jpg for images, wav for sounds, etc. The trouble is, this hack is so old that a number of adult porn sites have deliberately set up their web pages to mimic this result, where, of course, you end up with a pop-up demanding credit card data or getting link-jacked to a malware site.

Have fun, and remember that I gave you all this handy info in the good faith that you’ll only use it responsibly.

Popularity: 43% [?]


Related Posts:

12 Responses to “More Evil Things to Type into Google”

  1. Evil Things to Type into Google - part 1 | Geeks and Technology - Linux Windows Unix system and Making money online Says:
    September 12th, 2007 at 15:23

    [...] Carry on to Part two: More evil things to type into google [...]

  2. Foolbag Says:
    September 26th, 2007 at 13:28

    Too bad the “German” site is actually Spanish.

  3. Rea Maor Says:
    September 26th, 2007 at 14:04

    Oh bugger, you’re right… :oops:

  4. Drake Mallard Says:
    September 27th, 2007 at 5:58

    There are some cameras that name the pictures “img00001.jpg”, “img00002.jpg” and so on. Also there are “pic00001.jpg”…

    So, something like:

    (pic00001.jpg | img00001.jpg | dsc00001.jpg) (intitle:”index of” | intitle:”listado de directorio” | intitle:”directory listing”) (:”index of” | “listado de directorio” | “directory listing”) (nombre | name) (tamaño | size) (“parent directory” | “up * level”)

    may lead to interesting results.

    Of course, there’s a lot more, but nothing is more fun than research and discover by yourself. (Actually, playing football at the beach is more fan but it’s still to cold here :grin: )

    DM

  5. moonbuggy Says:
    September 29th, 2007 at 20:50

    More Evil Things to Type into Google…

    ‘More searches which Mother Nature never intended! Most of these are handy for finding security exploits on your own site; simply add a string from your own domain’s URL to check. But really, why limit ourselves? If it has an evil purpose, I’…

  6. Ric Says:
    September 30th, 2007 at 10:13

    That DSC00001.JPG trick is really funny! Nice job.

  7. BlkDragon69 Says:
    October 3rd, 2007 at 21:23

    Along the same lines as DSC00001.JPG is “1.jpg teens” where 1 can be substituted for any number and teens can be substituted for any pornographic-related keyword.

  8. Silex Says:
    October 30th, 2007 at 22:21

    I hate to be the bearer of bad news, but accessing information through the form of what you type into a search bar can be illegal under current computer law. It is illegal to access anything you’re not intended to access. They do not have to make it secure, and it doesn’t matter if you do nothing with this data. Look more into DMCA.

  9. Mr. Splerkus Says:
    March 14th, 2008 at 20:27

    This is a cool one.

    I think it is better than the media one up there.

    intitle:”index.of” (wma|wmv|mp3|mp4|mov|mpeg|mpg|avi) 2.pac -htm -html -php -asp -cf -php -jsp

    Ok in the Parenthesis is the type of file you want to look for, spaced with brackets. (Make sure you do exactly what I typed for spaces or this method of maddness does not work.)

    Next, after the Parenthesis is the file you want to find. Make sure you divid the letter with a period. For example: if you want to find elton john type elton.john.

    The last part of the actual spill is the sites you don’t want to look at. those are sites with cookies and other crap you do not need.

    I hope everyone likes this method and have loads of fun scamming the internet for new ways of getting stuff from it for free!

  10. Boo Bahh Says:
    December 11th, 2009 at 12:06

    Boo!

    Haha

    You Should Get Learning Some
    Code, Then You Can Find Out
    Some More Interesting Things
    Than You Would With These..

  11. Antoine doesnt understand Says:
    November 29th, 2010 at 5:26

    i dnt get it.. the thing where u type the file u want and then u add all that other stuff in the brackets and the stuff after it too, when i type something in, it shows me sites where i have to pay to download files, so whats the point???

  12. nerd Says:
    June 11th, 2011 at 2:29

    this shit looks like nerd talk to me.

    Ya’ll nerds.

    Ya’ll on watch.

    0 0

    Those my eyes.

Leave a Reply