Wednesday, 11 April 2012

Monday, 9 April 2012

FIRST KNOWN COMPUTER AND LINUX OPERATING SYSTEM





good morning .... jatiwaringin time in the morning show at 3:27 ....I am not sleepy ... This morning I want to write my first time using Linux or learn linux ...My real name is probably a lot of my friends on his facebook because I do not know the name of the title track of my favorite bands are Guns n roses song NOVEMBER RAIN ... LOL .........

My real name Badrun yusuf   A.k.A  November rain or N R I was born in Ternate 22 february 1990 .....

First I use linux sometime in late 2010 ...I use traditional computer class time 2 vocational high schools beginning in 2007 when I went to the cafe just listen to his songs on youtube the song Guns n roses ...and at the operator's cafe makes me liveconnector website account that is used to communicate with his example mesengger yahooo ... and I also made my friendster account because at that time a lot of interest in his myspace anymore ... and from there I began to know her name computers and the internet .... I was hooked by the end of the internet because it was the two websites I know a lot of people especially women are familiar with ...... LOL hahahahfacebook in 2009 began to emerge and I do not want left behind to create a facebook account hehhee :)his problem I can not create account at the time hhahha facebook during school friend made me a facebook account facebook and you know that I use now is a facebook that made it by my friend LOL hahahahah


when I have a facebook, I'm still confused how to use his hahahhaa ....at that time on facebook there is a card game called poker texas holdem poker play me too, and my friend told me when we finished our hacker could break his facebook password, I do not know what the hacker was informed I was the school's automotive department hahahaha ...the hacker said that people who can hack a computer including a facebook account ...starting from that I was curious as to what exactly his way ... was the starting of my adventures in cyberspace ....first in my mind there's only my how  its way into the victim's computer or server computer cafe ..... let me be free to play cafe hahahha LOLand I search on google and I found the software the way that his name KAHT.exe that his words can be entered into the computer through port 139 if no one hahahhaa well as software that scans for port I forget its name, I was installing the software on the client mouseover cafe that I started I was doing my action but unlucky for me that I made the target server I even failed to enter me into the victim's computer, I try again it still failed, failed, failed and failing hahahha ... its end use traditional software that I gave up ..... LOL


The first way to fail is there another way that many roads lead to Roma hahhaha LOL ....now I will not go back to the server or client computer that my target now is how can I get my poker chips to play poker from the client that a lot of playing poker in the cafe's ...its end my search in google and I found his name keylogger software that once people do not know what a keylogger hahaha ... and for my second problem is how it so deepfraze deepfarze deactivated his search in google for 5 hours for your final hahaha i ny non-disabled, install keylogger on my computer at the client and there is a place to play poker on my install keylogger, how it so people who play poker or computers quickly moved back home hence the name I install it Netcut, his final one was returned to his home because his computer does not connect .... LOL hahahah alias end end its me and my friends to his poker chips ...but over time as well as the time it caught all of the computers in the cafe that's part can not be used because of my script that I can spread on the internet and I also install Trojan horses in all of his client at the end hahahaha reinstall all the computers in the cafe is the ...and according to my friend once again that I do like it then I will be in the report to the authorities right seraaamm hahaha LOL ...


I also never change login password in the cafe near my college, due to its user can not login because I change his password .. hahaha and at its end I found out also by its cafe operator hahahha ...when he asked me just say ... I just learned it ... hahaha LOL


start of it was I started learning computers are supported with a major in computer engineering college started I was studying computers, from top hacker known as Indonesia, beginning in 2010 I joined the forum in the forum jakarta hacker cemunity I learned a lot and I know a lot of turns hacking is not the only computer but also on the website, and the internet is vast, ranging is jatimcrew I joined the forum, link palembang hacker, cyber bekasi cemunity, and other forums its

I started a lot about networking mengetahuai about the internet, my friend was growing a lot .. hehehe .. but still it is stupid ... LOL hahahahaahI join the forum and Aceh cyber team in this forum is the beginning of her I know that his name Linux hehehehe ...





I know its my forum admin team that is bang cyber aceh pase ocean and I am also familiar with Renda Alip kediri those who know me do linux, even more bang pase oceanThe first time he's suggested I learn linux, then my knowledge of linux is EMPTY, but I say to the ocean pase bang, bang yes if I've got leptop I use linux, so impatient was I wanted to use linux all the way down a dream , and by the time I have leptop, I still use windows hahaha 


...and its my final R1 dwonlaods Linux backtrack in the cafe during the 8 hours 25 thousand to pay the cafe, this time in my brain is not about his pay its expensive but want to quickly install linux hahahaha ... well at the moment is finished downlaods, I wanted to install it gmna want install problem I did not know his way hahahaha ... I was late to the cafe with a leptop, life's computer, open facebook chat directly with a bang ocean pase its end how do I install it install linux backtrack kakakakaka via facebook chat .. LOLand turns his bad luck at the division I do not partition the hard drive partition for linux, if you want the information it had windows install its victims, its the end of it I shut my intention to install linux on a partition because it has not ....


two days later I went to my brother to re-install my windows partition at the same time made a lot, c.d.f.g.h hahahhaa, and had his   install windows end I ventured backtrack install, install it to use via USB because I do not have CD leptop his room hhhee ... and install it successfully, at the time it would connect the LAN cable to connect internet leptop was not his .. it was a problem, I do use linux with reckless capital hahaha .. but after its final solution in search of his work, and I can go to facebook and the other .... :)

After a long tired of also using linux backtrack its end I installed ubuntu linux at 10:10 in windows using wubi, then I use 3 OS windows, backtrack and ubuntu 10:10 LOL hahahha 

....and so on I was getting used to using linux its the end I decided not to use windows, and I only use ubuntu reinstall everything from linux is the one I know at your garden in the world of open source and linux is because I can log onto the computer the first cafe server could not be used Metasploit sekarng hahaha ...


and because they are familiar with Linux is my son IDC (coder INDONESIAN TEAM) and tap I was familiar with linux Rajib or YUR4K4 mas that I with Metasploit hacking, DNS spoofing, he was my teacher, I am also familiar with, another IDC his son as N4cko ,  El-farhats, arya , mboys and much more ....


Make all of you who have taught me and the other linux I thank you very much, ............:)



Tuesday at 5:17 am jatiwaringin jakarta

How to secure your Linux system




Are you running Linux just because you think it's safer than Windows? Think again. Sure, security is a built-in (and not a bolt-on) feature and extends right from the Linux kernel to the desktop, but it still leaves enough room to let someone muck about with your /home folder.
Linux might be impervious to viruses and worms written for Windows, but that's just a small subset of the larger issue. Attackers have various tricks up their sleeves to get to those precious bits and bytes that make up everything from your mugshot to your credit card details.
Computers that connect to the internet are the ones most exposed to attackers, although computers that never get to see online action are just as vulnerable. Think of that ageing laptop or that old hard disk you just chucked away without a second thought. Bad move.
With the kind of data recovery tools available today (many as a free download) it doesn't matter what OS was installed on the disk. If it holds data – corrupted or otherwise – it can be retrieved, bank accounts recreated, chat transcripts reconstructed, images restitched. But don't be scared. Don't stop using the computer.
While it's virtually impossible to make a machine connected to the internet impenetrable to attacks, you can make an attacker's task difficult and also ensure they have nothing to learn from a compromised system. Best of all, with Linux, and some pieces of open source software, it doesn't take much effort to secure your Linux installation.
There is no golden rule for security that applies in every single case, and even if there were it would have been cracked already. Security is something that needs to be worked upon, and personalised. Follow the tips and tools in this tutorial as we show you how to adapt them to your very own Linux installation.
Follow these six tips to get a safer computer the easy way

1. Keep up with security updates 




All mainstream Linux desktop distros (such as Debian, Ubuntu, Fedora, etc) have security teams that work with the package teams to make sure you stay on top of any security vulnerabilities. Generally these teams work with each other to make sure that security patches are available as soon as a vulnerability is discovered.
Your distro will have a repository solely dedicated to security updates. All you have to do is make sure the security specific repository is enabled (chances are it will be, by default), and choose whether you'd like to install the updates automatically or manually at the press of a button.
For example, under Ubuntu, head over to System > Administration > Software Sources. Here, under the Updates tab, specify how frequently the distro should ping the security repository for updates, and whether you'd like to install them without confirmation, or just be notified about the updates.
The latter is a better option, because it lets you review the updates before installing them. But chances are they'll be fine, and you can save yourself some time by having your distro install them automatically.
In addition to the updates, distros also have a security mailing list to announce vulnerabilities, and also share packages to fix them. It's generally a good idea to keep an eye on the security list for your distro, and look out for any security updates to packages that are critical to you.
There's a small lag between the announcement and the package being pushed to the repository; the security mailing lists guide the impatient on how to grab and install the updates manually.

2. Disable unnecessary services





A Linux desktop distro starts a number of services to be of use to as many people as possible. But one really doesn't need all these services.
For example, do you really need Samba for sharing files over the network on your secure server, or the Bluetooth service to connect to Bluetooth devices on a computer that doesn't have a Bluetooth adapter?
All distros let you control the services that run on your Linux installation, and you should make full use of this customisation feature.
Under Ubuntu, head to System > Preferences > Startup Applications. Here you can remove check marks next to the services you wish to disable. But be careful when turning off services. Some applications might stop functioning because you decided to disable a service on which they rely.
For example, many server applications rely on databases, so before you turn off MySQL or PostgreSQL you should make sure you aren't running any applications that rely on them.


 3. Restrict root access




Most distros these days don't allow you to login as root at boot time, which is good. When you have to execute a task that requires super user privileges you'll be prompted for a password. It might be a little irritating but it goes a long way to making sure that admin tasks are isolated from the user.
You can restrict access privileges for a user from under System > Administration > Users and Groups. Here you can broadly categorise a user as a desktop user or a system administrator or customise access privileges manually. By default, users are created as with 'Desktop user' permissions and can't install software or change settings that affect other users.
On the command line, the su command (on Fedora, and the like) lets normal users switch to the root account, while the sudo command (on Debian, Ubuntu, etc) grants more privileges to the user. The usage of these commands can be limited to a particular group, which prevents any user from administering the system. sudo is also the more secure of the two, and it keeps an access log under /var/log/auth.log.
Make a habit of regularly scanning the log for failed and successful sudo attempts.

Don't auto-mount devices



 If you're really concerned about security, you need to lean on the customisation feature of the Users And Groups settings. One of the areas to look at is auto-mounting devices.
Most distros auto-mount USB drives and CDs as soon as they are inserted. It's convenient, but allows anybody to just walk up to your machine, plug in a USB disk and copy all your data. To avoid such a situation, go to to System > Administration > Users and Groups, select your user and head to the Advanced Settings > User Privileges tab.
Make sure you uncheck the boxes corresponding to the Access External Storage Devices Automatically option, the Mount Userspace Filesystems, and Use CD-ROM Drives option. When unchecked, these options will prompt the user for a password before giving them access to these devices.
You might also want to disable sharing files on the network, as well as require the user to enter a password before connecting to the Ethernet and wireless devices. By disabling access to configure printers you prevent important data from being printed.

5. Don't stay on the bleeding edge




Packages included in a desktop Linux distribution are updated regularly. Besides the official repositories, there are custom repositories for third-party software. While developers do take care to scan the packages for vulnerabilities before pushing them on to the repository, it's almost inevitable that some updates with defects do get through.
While it's good to keep the system updated, from a security point of view, not all updates are good for the system. Some updates conflict with existing installed package or may even pull in new dependencies that may make the system more prone to attack. All this is why you should only update packages if you have to.
Scan the updates and look for updates to packages that are critical to you. Most package managers also make it possible to check an update and display its changelog and a brief description of the changes. UI changes can safely be ignored or delayed until a package has been thoroughly tested. Instead, look out for and grab updates that offer a fix to existing issues with packages.

 Don't upgrade every six months








How to secure your Linux system
Make sure your browser is routing traffic via Privoxy to stop people snooping on your browsing

Are you running Linux just because you think it's safer than Windows? Think again. Sure, security is a built-in (and not a bolt-on) feature and extends right from the Linux kernel to the desktop, but it still leaves enough room to let someone muck about with your /home folder.
Linux might be impervious to viruses and worms written for Windows, but that's just a small subset of the larger issue. Attackers have various tricks up their sleeves to get to those precious bits and bytes that make up everything from your mugshot to your credit card details.
Computers that connect to the internet are the ones most exposed to attackers, although computers that never get to see online action are just as vulnerable. Think of that ageing laptop or that old hard disk you just chucked away without a second thought. Bad move.
With the kind of data recovery tools available today (many as a free download) it doesn't matter what OS was installed on the disk. If it holds data – corrupted or otherwise – it can be retrieved, bank accounts recreated, chat transcripts reconstructed, images restitched. But don't be scared. Don't stop using the computer.
While it's virtually impossible to make a machine connected to the internet impenetrable to attacks, you can make an attacker's task difficult and also ensure they have nothing to learn from a compromised system. Best of all, with Linux, and some pieces of open source software, it doesn't take much effort to secure your Linux installation.
There is no golden rule for security that applies in every single case, and even if there were it would have been cracked already. Security is something that needs to be worked upon, and personalised. Follow the tips and tools in this tutorial as we show you how to adapt them to your very own Linux installation.
Follow these six tips to get a safer computer the easy way

1. Keep up with security updates

Tip 1

All mainstream Linux desktop distros (such as Debian, Ubuntu, Fedora, etc) have security teams that work with the package teams to make sure you stay on top of any security vulnerabilities. Generally these teams work with each other to make sure that security patches are available as soon as a vulnerability is discovered.
Your distro will have a repository solely dedicated to security updates. All you have to do is make sure the security specific repository is enabled (chances are it will be, by default), and choose whether you'd like to install the updates automatically or manually at the press of a button.
For example, under Ubuntu, head over to System > Administration > Software Sources. Here, under the Updates tab, specify how frequently the distro should ping the security repository for updates, and whether you'd like to install them without confirmation, or just be notified about the updates.
The latter is a better option, because it lets you review the updates before installing them. But chances are they'll be fine, and you can save yourself some time by having your distro install them automatically.
In addition to the updates, distros also have a security mailing list to announce vulnerabilities, and also share packages to fix them. It's generally a good idea to keep an eye on the security list for your distro, and look out for any security updates to packages that are critical to you.
There's a small lag between the announcement and the package being pushed to the repository; the security mailing lists guide the impatient on how to grab and install the updates manually.

2. Disable unnecessary services

tip 2

A Linux desktop distro starts a number of services to be of use to as many people as possible. But one really doesn't need all these services.
For example, do you really need Samba for sharing files over the network on your secure server, or the Bluetooth service to connect to Bluetooth devices on a computer that doesn't have a Bluetooth adapter?
All distros let you control the services that run on your Linux installation, and you should make full use of this customisation feature.
Under Ubuntu, head to System > Preferences > Startup Applications. Here you can remove check marks next to the services you wish to disable. But be careful when turning off services. Some applications might stop functioning because you decided to disable a service on which they rely.
For example, many server applications rely on databases, so before you turn off MySQL or PostgreSQL you should make sure you aren't running any applications that rely on them.

3. Restrict root access 

tip 3

Most distros these days don't allow you to login as root at boot time, which is good. When you have to execute a task that requires super user privileges you'll be prompted for a password. It might be a little irritating but it goes a long way to making sure that admin tasks are isolated from the user.
You can restrict access privileges for a user from under System > Administration > Users and Groups. Here you can broadly categorise a user as a desktop user or a system administrator or customise access privileges manually. By default, users are created as with 'Desktop user' permissions and can't install software or change settings that affect other users.
On the command line, the su command (on Fedora, and the like) lets normal users switch to the root account, while the sudo command (on Debian, Ubuntu, etc) grants more privileges to the user. The usage of these commands can be limited to a particular group, which prevents any user from administering the system. sudo is also the more secure of the two, and it keeps an access log under /var/log/auth.log.
Make a habit of regularly scanning the log for failed and successful sudo attempts.

4. Don't auto-mount devices

tip 4

If you're really concerned about security, you need to lean on the customisation feature of the Users And Groups settings. One of the areas to look at is auto-mounting devices.
Most distros auto-mount USB drives and CDs as soon as they are inserted. It's convenient, but allows anybody to just walk up to your machine, plug in a USB disk and copy all your data. To avoid such a situation, go to to System > Administration > Users and Groups, select your user and head to the Advanced Settings > User Privileges tab.
Make sure you uncheck the boxes corresponding to the Access External Storage Devices Automatically option, the Mount Userspace Filesystems, and Use CD-ROM Drives option. When unchecked, these options will prompt the user for a password before giving them access to these devices.
You might also want to disable sharing files on the network, as well as require the user to enter a password before connecting to the Ethernet and wireless devices. By disabling access to configure printers you prevent important data from being printed.

5. Don't stay on the bleeding edge

tip 5

Packages included in a desktop Linux distribution are updated regularly. Besides the official repositories, there are custom repositories for third-party software. While developers do take care to scan the packages for vulnerabilities before pushing them on to the repository, it's almost inevitable that some updates with defects do get through.
While it's good to keep the system updated, from a security point of view, not all updates are good for the system. Some updates conflict with existing installed package or may even pull in new dependencies that may make the system more prone to attack. All this is why you should only update packages if you have to.
Scan the updates and look for updates to packages that are critical to you. Most package managers also make it possible to check an update and display its changelog and a brief description of the changes. UI changes can safely be ignored or delayed until a package has been thoroughly tested. Instead, look out for and grab updates that offer a fix to existing issues with packages.

6. Don't upgrade every six months

tip 6

Most major desktop Linux distributions make a new release every six months, but you don't have to install every last upgrade just because it's there. Debian, for example, offers three distributions to choose from based on the extent of the stability of the software available in it. After Debian 6.0, stable releases will be made every two years.
Other distros take a different approach to guarantee secure releases. Ubuntu marks certain releases as LTS (or Long Term Support). A desktop release of the LTS version is supported for three years, and a server release is supported for five years, which is a lot longer than the 18 months for a standard Ubuntu release.
Although not up to date, these releases are much more secure from a security point of view, with packages that are a lot more stable and more thoroughly tested than their latest versions. If running a secure system is your goal, you should think of sticking to one of these long-term stable releases and avoid the temptation to upgrade as soon as the latest version of your becomes available.



Source# http://www.techradar.com/news/software/operating-systems/how-to-secure-your-linux-system-915651



Sunday, 8 April 2012

How to use Google Search for Hacking







Google search engine can be used to hack into remote servers or gather confidential or sensitive information which are not visible through common searches.
Google is the world’s most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results.
Google’s Advanced Search Query Syntax
Discussed below are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for getting confidential data.



[ intitle: ]
The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title.
intitle: login password
will return links to those pages that has the word “login” in their title, and the word “password” anywhere in the page.
Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title.
intitle: login intitle: password
is same as
allintitle: login password
[ inurl: ]
The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have “passwd” in the URL.
Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it.
allinurl: etc/passwd
will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.
[ site: ]
The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.
exploits site:hong.web.id
will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.
[ filetype: ]
This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
filetype:doc site:gov confidential
will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.
[ link: ]
“link:” syntax will list down webpages that have links to the specified webpage.
link:www.expertsforge.com
will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the “link:” and the web page url.
[ related: ]
The “related:” will list web pages that are “similar” to a specified
web page.
related:www.facebook.com
will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the “related:” and the web page url.
[ cache: ]
The query “cache:” will show the version of the web page that Google
has in its cache.
cache:www.hackingspirits.com
will show Google’s cache of the Google homepage. Note there can be no space between the “cache:” and the web page url.
If you include other words in the query, Google will highlight those words within the cached document.
cache:www.facebook.com guest
will show the cached content with the word “guest” highlighted.
[ intext: ]
The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles.
intext:exploits
will return only links to those web pages that has the search keyword “exploits” in its webpage.
[ phonebook: ]
“phonebook” searches for U.S. street address and phone number information.
phonebook:Lisa+CA
will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.
Google Hacks
Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.
Now Google being so intelligent search engine, hackers don’t mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.
Index Of
Using “Index of ” syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of “index of” syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
“Index of /” +passwd
“Index of /” +password.txt
“Index of /” +.htaccess
“Index of /secret”
“Index of /confidential”
“Index of /root”
“Index of /cgi-bin”
“Index of /credit-card”
“Index of /logs”
“Index of /config”
Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and is able to execute it.
b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:
http://www.securiteam.com/exploits/2BUQ4S0SAW.html
c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.
d. Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.
For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html
Other similar search using “inurl:” or “allinurl:” combined with other syntax
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:”wwwroot/*.”
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls “restricted”
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:
a. Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
b. Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntax
intitle:”Index of” .sh_history
intitle:”Index of” .bash_history
intitle:”index of” passwd
intitle:”index of” people.lst
intitle:”index of” pwd.db
intitle:”index of” etc/shadow
intitle:”index of” spwd
intitle:”index of” master.passwd
intitle:”index of” htpasswd
intitle:”index of” members OR accounts
intitle:”index of” user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
• To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php