Google L33T Browsing Part 2

This article is a continuation of Google-ing the Wikipedia, Uber 1337 Browsing Steeze, Which can be found at the following:

http://ren3g4de.blogspot.com/2007/03/google-ing-wikipedia-uber-1337-browing.html

In this artile I will cover different fun and useful examples of how these syntaxes covered in the above article can be used. First we will start out with a fun trick to gain access to certain webcams that have online control panels. Some of these you can even control the pan, tilt, zoom, and focus on. Most of these webcams are used as security cameras. They are the Axis series webcams. To access these we will be using the 'inurl'command as follows:

inurl:view/index:shtml

Just by typing in this simple statement you will have access to all of these webcams. I usually pull up over 10,000 of these webcams with this search.



Now we all know how much limewire and other pvp downloading tools are just inefficent and usually result in too much spyware and viruses. Torrents are great if you want everything by an artist or an entire album. If you want 1 song, there's a google goodie for that too. This can be used for all sorts of media, including videos and movies. This is done by using the 'intitle' command while search for 'index.of' which is a common trick with google.

intitle:"index.of" (mp3|mp4|avi) SEARCH.FOR.THIS -html -htm -php -asp -cf -jsp

All you have to do is replace SEARCH.FOR.THIS with what you want to find. The reason for the periods is because it stands for a space, underscore, backslash, ect., in google searches. The reason for the | between the mp3, mp4, and avi is because it is the symbol for OR on google. This will make it search for mp3, mp4, or avi. The -html -htm -php -asp -cf -jsp is to rule out any other type of media from being found in the search.



Another good 'intitle' 'index.of' trick is to find some cookies, and everyone loves cookies.

intitle:"index.of" cookies.txt


Another commonly seen google goodie is the 'inurl' command to find vulnerable websites. There is a file called service.pwd found in the _vti_pvt file on websites made with microsoft frontpage.

inurl:_vti_pvt "service.pwd"

Although this is a common vulnerablity, the password located in this file is encrypted. The encryption is in DES, and I will not be discussing this in this article. However, I will be writing a seperate article on DES cracking through brute forcing.


Another good 'inurl' trick is used to access PHPhotoalbum control panels. Which can be quite fun if you want to tag your logo into other peoples photo albums.

inurl:"phphotoalbum/upload"


There are pages that websites disallow from being pulled up by a search engine. Fortunately a list of these sites can be found by google. Using the following:

"robots.txt" "disallow:" filetype:txt

robots.txt contains a list of the pages that the domain disallows search engines from pulling up.


Some printer control panels can be accessed online through google using the following:

intext:"UAA (MSB)" Lexmark -ext:pdf


Hopefully this gives you a little bit better understanding of how the google advanced syntax works. Have fun.

REN3G4DE