Home

Hacking

Searching for

Search list

Copyright © 2009 Amund Østvoll

Google - The Hackers Dog

A dog is a mans best friend, Google might be a hackers best friend. You would not believe what kind of information you will get just by searching on Google. The only problem with this now, is that too many pages are posting this information, and you will have to look arround for the pages with these kind of files. Thats why I post myself now also, because it's gotten to be a bit too much work to search on Google with the known keywords. Just think how you would make a page, and what you would name the configuration file. Search for it. Someone else have thought about it before you.

My favorite searches

inurl: login.inc

People don't really understand this bit. If you have a login.inc file on your page, that will check if the user posted a valid login, the file is public. The .inc file is often PHP coding, in a text file. You will be able to read all the content in this file, and you will easily find how you can get past it. Sometimes in these files, you have all the database connection information, so you can just make your own page, and get all the information you will ever need on this page. That is why you should allways store files like this as something.inc.php. If you store them as PHP files, the server won't give out the actual code. A little security check is nessesary on the pages having this.

inurl: config.inc

It's just sloppy to have this one open, but you wouldn't believe how many pages got this file. Here you mostly find the page database passwords and the connection information. This is something any script kiddie would exploit, so do NOT have this file on your page.

inurl: cgi.bin/pass.txt

Now this is just stupid. Never store your password on a file, on your web-server. Why would anyone even do this? Do you forget a password that easily? In the first file i got when doing this search i got both the username and the password. The password was difficult to guess, but when written in a file on the page, it won't help you much. Ohh yeah... the page was a web-hosting company and the password was a FTP username/password.

By reading this fine print your soul is now the exclusive property of www.slackhax.com. Unauthorized use of www.slackhax.coms characters, images, materials, souls, odors, and oxygen is strongly discouraged. We know where you sleep.