googleDorks

googleDork (gOO gl'Drk) noun
1. Slang. An inept or foolish person as revealed by Google.


SQL data dumps
(award: fnal.gov)
SQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a target database.. What's that? Usernames and passwords you say? Patience, grasshopper.....

googleDork rating:


"Lookee what ah typed at mah cummand line..."
.bash_history
.sh_history
(award: McGraw Hill, micron.com, ISU.EDU)
Ok, this file contains what a user typed at a bash command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations...

googleDork rating:


"Look what I done to mah database..."
(award: I don't even want to say it...)
The .mysql_history file contains commands that were performed against a mysql database. A "history" of said commands. First, you shouldn't show this file to anyone, especially not a MAJOR SEARCH ENGINE! Secondly, I sure hope you wouldn't type anything sensitive while interacting with your databases, like oh say USERNAMES AND PASSWORDS...

googleDork rating:


Movable Type Server Misconfigurations
(award: ummasd.edu)
These folks had the technical prowess to unpack the movable type files, but couldn't manage to set up their web servers properly. Check the mt.cfg files for interesting stuffs...

googleDork rating:


Sites running Microsoft Personal Web Servers
This list shows off the googleDorks with "Welcome to Microsoft Personal Web Server" in the title of their pages, indicating that they are, or once were, running Microsoft Personal Web Server(MSPWS). MSPWS was not intended to be a productioon web server like IIS. It's intention seemed to be to provide a "poor man's" web server for testing pre-production code. The simple, idiot-proof design of MSPWS speaks volumes about the lack of knowledge required by administrators of these sites. If you can navigate in Windows, you can certainly run a MSPWS web server. If you can navigate in Internet Explorer, you can probably hack into a MSPWS server.

googleDork rating:



Sites running Windows 2000 Internet Services
At first glance, this search reveals even more examples of operating system users enabling the operating system default web server software. This is generally accepted to be a Bad Idea(TM) as mentioned in the previous example. However, the googleDork index on this particular category gets quite a boost from the fact that this particular screen should NEVER be seen by the general public. To quote the default index screen: "Any users attempting to connect to this site are currently receiving an 'Under Construction page'" THIS is not the 'Under Construction page.' I was only able to generate this screen while sitting at the console of the server. The fact that this screen is revealed to the general public may indicate a misconfiguration of a much more insidious nature...

googleDork rating:



Under Destruction
With a common phrase like 'Under Construction' this Google search would generally reveal a huge number of results. With the addition of 'does not currently have,' the search is narrowed to a much smaller group of site matches. In this particular case, the majority of the hits are sites with the above mentioned 'Under Construction page' posted by many Windows-based OS default web servers. Again, Bad Idea(TM). when considering that administrators who don't have time to post a main page on their servers certainly won't have time to patch their servers. Hackers, have fun.

googleDork rating:



Welcome to IIS 4.0
Moving from personal, lightweight web servers into more production-ready software, we find that even administrators of Microsoft's Internet Information Server (IIS) sometimes don't have a clue what they're doing. By searching on web pages with titles of "Welcome to IIS 4.0" we find that even if they've taken the time to change their main page, some dorks forget to change the titles of their default-installed web pages. This is an indicator that their web server is most likely running, or was upgraded from, the now considered OLD IIS 4.0 and that at least portions of their main pages are still exactly the same as they were out of the box. Conclusion? The rest of the factory-installed stuff is most likely lingering around on these servers as well.

Old code: FREE with operating system.
Poor content management: an average of $40/hour.
Factory-installed default scripts: FREE with operating system.

Getting hacked by a script kiddie that found you on Google: PRICELESS.

For all the things money can't buy, there's a googleDork award.

googleDork rating:



Look in my backup directories! Please?
(award: BSP.GSA.GOV)
Backup directories are often very interesting places to explore. More than one server has been compromised by a hacker's discovery of sensitive information contained in backup files or directories. Some of the sites in this search meant to reveal the contents of their backup directories, others did not. Think about it. What.s in YOUR backup directories? Would you care to share the contents with the whole of the online world? Probably not. Whether intentional or not, bsp.gsa.gov reveals backup directory through Google. Is this simply yet another misconfigured .gov site? You decide. BSP stands for "best security practices," winning this site the Top GoogleDork award for this category.

googleDork rating:



Look in my /test directories, please?
(award: CI.AUSTIN.TX.US)
OK, so you're a "webmaster" and you need to try out some new code, get some new tech working, whatever. Where's the first place you'd think to put the code? A "test" directory, of course. Logical. Human. Stupid. Now, pretend you're a hacker. You know buggy, untested code is one guaranteed way to absolutely RAPE a web server. Where are you gonna look for this kind of code? If you answered "a test directory," congratulations! You win the grand prize! What do you win? How about a list of over 2,000 sites with "/test" directories? Thanks, googleDorks!

googleDork rating:



OpenBSD/Apache - Rock SOLID, almost...
I like the OpenBSD operating system. I really do. And I like the Apache web server software. Honestly. I admire the mettle of administrators who take the time to run quality, secure software. The problem is that you never know when security problems will pop up. A BIG security problem popped up within the OpenBSD/Apache combo. Now, every administrator that advertised this particular combo with cute little banners has a problem. Hackers can find them with Google. I go easy on these folks since the odds are they.ve patched their sites already. Then again, they may just show up on zone-h..

googleDork rating:



Smart enough to encrypt...
(award: MIT.EDU)
PGP is a great encryption technology. It keeps secrets safe. Everyone from drug lords to the head of the DEA can download PGP to encrypt their sensitive documents. Everyone, that is except googleDorks. GoogleDorks, it seems, don't understand that anyone in possession of your private keyring (secring) can get to your secret stuff. It should noever be given out, and should certainly not be posted on the Internet. The highest ranking is awarded for this surprising level of ineptitude.

googleDork rating:



Look at my passwords!!!!
1. people.lst (award: NCAT.EDU)
2. passwd (award: COLUMBIA.EDU)
3. master.passwd (award: MIT.EDU)
4. pwd.db
5. htpasswd (award: HARVARD.EDU, MIT.EDU!)
6. spwd (award: THEDMGROUP.COM)
7. etc passwd (award: MIT.EDU again!) There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the word to see. Truly the epitome of a googleDork. The his in this search show "people.lst" files which contain encrypted passwords which may look like this: "guest MMCHhvZ6ODgFo" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!

googleDork rating:



One degree of separation
1. buddylist.blt
2. buddy.blt
3. buddies.blt
These searches bring up common names for AOL Instant Messenger "buddylists". These lists contain screen names of your "online buddies" in Instant Messenger. Not that's not too terribly exciting or stupid unless you want to mess with someone's mind, and besides, some people make these public on purpose. The thing that's interesting are the files that get stored ALONG WITH buddylists. Often this stuff includes downloaded pictures, resumes, all sorts of things. This is really for the peepers out there, and it' possible to spend countless hours rifling through people's personal crap. Mild googleDork rating.

googleDork rating:



Database password, please...
(award: ACM.ORG, JLTP.UIUC.EDU)
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. Way to go, googleDorks!!

googleDork rating:



phpinfo.php
(award: ucdavis, columbia, UCSB, EKU)
This search (submitted by "average joe", bsdirqconflict@yahoo.com) brings up sites with "phpinfo.php" files. There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apache env vars, *sigh* the list goes on and on! Thanks "joe!" =)

googleDork rating:



MYSQL error message: supplied argument....
(award: MDBA.GOV, OIG.DOT.GOV)
One of many potential error messages that spew interesting information. The results of this message give you real path names inside the webserver as well as more php scripts for potential "crawling" activities.

googleDork rating:



_vti_inf.html (694 hits)
service.pwd (11,800 hits)
users.pwd (23 hits)
authors.pwd (22 hits)
administrators.pwd (22 hits)
shtml.dll (780 hits)
shtml.exe (761 hits)
fpcount.exe (1,370 hits)
default.asp (2,170 hits)
showcode.asp (4 hits)
sendmail.cfm (5 hits)
getFile.cfm (7 hits)
imagemap.exe (510 hits)
test.bat (353 hits)
msadcs.dll (8 hits)
htimage.exe (513 hits)
counter.exe (164 hits)
browser.inc (11 hits)
hello.bat (18 hits)
default.asp\\ (2,170 hits)
dvwssr.dll (571 hits)
dvwssr.dll (571 hits)
dvwssr.dll (571 hits)
cart32.exe (9 hits)
add.exe (38 hits)
index.JSP (998 hits)
index.jsp (998 hits)
SessionServlet (46 hits)
shtml.dll (780 hits)
index.cfm (473 hits)
page.cfm (5 hits)
shtml.exe (761 hits)
web_store.cgi (16 hits)
shop.cgi (63 hits)
upload.asp (27 hits)
default.asp (2,170 hits)
pbserver.dll (6 hits)
phf (370 hits)
test-cgi (1,560 hits)
finger (23,900 hits)
Count.cgi (8,710 hits)
jj (5,600 hits)
php.cgi (170 hits)
php (48,000 hits)
nph-test-cgi (132 hits)
handler (9,220 hits)
webdist.cgi (35 hits)
webgais (37 hits)
websendmail (12 hits)
faxsurvey (27 hits)
htmlscript (50 hits)
perl.exe (340 hits)
wwwboard.pl (455 hits)
www-sql (26,500 hits)
view-source (641 hits)
campas (94 hits)
aglimpse (12 hits)
glimpse (4,530 hits)
man.sh (127 hits)
AT-admin.cgi (789 hits)
AT-generate.cgi (14 hits)
filemail.pl (5 hits)
maillist.pl (16 hits)
info2www (737 hits)
files.pl (267 hits)
bnbform.cgi (91 hits)
survey.cgi (93 hits)
classifieds.cgi (25 hits)
wrap (14,000 hits)
cgiwrap (1,270 hits)
edit.pl (114 hits)
perl (80,700 hits)
names.nsf (12 hits)
webgais (37 hits)
dumpenv.pl (7 hits)
test.cgi (1,560 hits)
submit.cgi (79 hits)
submit.cgi (79 hits)
guestbook.cgi (528 hits)
guestbook.pl (451 hits)
cachemgr.cgi (25 hits)
responder.cgi (4 hits)
perlshop.cgi (30 hits)
query (15,500 hits)
w3-msql (877 hits)
plusmail (12 hits)
htsearch (177 hits)
infosrch.cgi (19 hits)
publisher (2,610 hits)
ultraboard.cgi (24 hits)
db.cgi (96 hits)
formmail.cgi (420 hits)
allmanage.pl (5 hits)
ssi (9,550 hits)
adpassword.txt (39 hits)
redirect.cgi (60 hits)
f (124,000 hits)
cvsweb.cgi (78 hits)
login.jsp (241 hits)
login.jsp (241 hits)
dbconnect.inc (18 hits)
admin (57,000 hits)
htgrep (30 hits)
wais.pl (133 hits)
amadmin.pl (14 hits)
subscribe.pl (65 hits)
news.cgi (387 hits)
auctionweaver.pl (2 hits)
.htpasswd (2,390 hits)
acid_main.php (3 hits)
access_log (1,250 hits)
access-log (618 hits)
access.log (618 hits)
log.htm (386 hits)
log.html (1,310 hits)
log.txt (987 hits)
logfile (23,200 hits)
logfile.htm (76 hits)
logfile.html (671 hits)
logfile.txt (701 hits)
logger.html (37 hits)
stat.htm (398 hits)
stats.htm (687 hits)
stats.html (1,840 hits)
stats.txt (342 hits)
webaccess.htm (11 hits)
wwwstats.html (80 hits)
source.asp (11 hits)
perl (80,700 hits)
mailto.cgi (46 hits)
YaBB.pl (35 hits)
mailform.pl (670 hits)
cached_feed.cgi (6 hits)
cr (27,500 hits)
global.cgi (14 hits)
Search.pl (548 hits)
build.cgi (74 hits)
common.php (184 hits)
common.php (184 hits)
show (33,500 hits)
global.inc (114 hits)
ad.cgi (21 hits)
WSFTP.LOG (11 hits)
index.html~ (81,100 hits)
index.php~ (6,740 hits)
index.html.bak (690 hits)
index.php.bak (69 hits)
print.cgi (61 hits)
register.cgi (172 hits)
webdriver (35 hits)
bbs_forum.cgi (45 hits)
mysql.class (21 hits)
sendmail.inc (97 hits)
CrazyWWWBoard.cgi (68 hits)
search.pl (548 hits)
way-board.cgi (44 hits)
webpage.cgi (89 hits)
pwd.dat (22 hits)
adcycle (12 hits)
post-query (240 hits)
help.cgi (69 hits)