Noobs,don't go crazy messing up people sites,this is to make awareness of how negligent can an administrator be. 1- Why deface when you can own it? Go to Google and type this: intitle:PhpMyAdmin "Welcome to phpMyAdmin***" running on * as root@*" This will give you tons of no passworded phpMyAdmin,means you'll have access to all files,can make changes ect. ====================================== To find websites Admin Password type the following in the Google bar: inurl:vti_pvt "service.pwd" (password will be encrypted) "convert encrypted password to md5 hash then use milw0rm Also You can You use this codes when you have free time..enjoy Google Search strings ------------------------- inurl:/db/main.mdb |ASP-Nuke passwords filetype:cfm "cfapplication |ColdFusion source with potential passwords name" password filetype:pass |dbman credentials pass intext:userid allinurl:auth_user_file.txt |DCForum user passwords eggdrop filetype:user user |Eggdrop IRC user credentials filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials filetype:url +inurl:"ftp://" |FTP bookmarks cleartext passwords +inurl:"@" inurl:zebra.conf intext: |GNU Zebra passwords password -sample -test -tutorial –download filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials "htgroup" -intitle:"dist" -apache -htpasswd.c intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials htpasswd.bak "http://*:*@www" bob:bob |HTTP passwords (bob is a sample username) "sets mode: +k" |IRC channel keys (passwords) "Your password is * |Remember IRC NickServ registration passwords this for later use" signin filetype:url |JavaScript authentication credentials LeapFTP intitle:"index.of./" |LeapFTP client login credentials sites.ini modified inurl:lilo.conf filetype:conf |LILO passwords password -tatercounter2000 -bootpwd –man filetype:config config intext: |Mcft .NET application credentials appSettings "User ID" filetype:pwd service |Mcft FrontPage Service Web passwords intitle:index.of |Mcft FrontPage Web credentials administrators.pwd "# -FrontPage-" |Mcft FrontPage Web passwords inurl:service.pwd ext:pwd inurl:_vti_pvt inurl: |Mcft FrontPage Web passwords (Service | authors | administrators) inurl:perform filetype:ini |mIRC nickserv credentials intitle:"index of" intext: |mySQL database credentials connect.inc intitle:"index of" intext: |mySQL database credentials globals.inc filetype:conf oekakibbs |Oekakibss user passwords filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials inurlspfd.conf intext: |OSPF Daemon Passwords password -sample -test -tutorial –download index.of passlist |Passlist user credentials inurl:passlist.txt |passlist.txt file user credentials filetype:dat "password.dat" |password.dat files inurl:password.log filetype:log |password.log file reveals usernames, |passwords,and hostnames filetype:log inurl:"password.log" |password.log files cleartext |passwords inurl:people.lst filetype:lst |People.lst generic password file intitle:index.of config.php |PHP Configuration File database |credentials inurl:config.php dbuname dbpass |PHP Configuration File database |credentials inurl:nuke filetype:sql |PHP-Nuke credentials filetype:conf inurl:psybnc.conf |psyBNC IRC user credentials "USER.PASS=" filetype:ini ServUDaemon |servU FTP Daemon credentials filetype:conf slapd.conf |slapd configuration files root password inurl:"slapd.conf" intext: |slapd LDAP credentials "credentials" -manpage -"Manual Page" -man: -sample inurl:"slapd.conf" intext: |slapd LDAP root password "rootpw" -manpage -"Manual Page" -man: -sample filetype:sql "IDENTIFIED BY" –cvs |SQL passwords filetype:sql password |SQL passwords filetype:ini wcx_ftp |Total Commander FTP passwords filetype:netrc password |UNIX .netrc user credentials index.of.etc |UNIX /etc directories contain |various credential files intitle:"Index of..etc" passwd |UNIX /etc/passwd user credentials intitle:index.of passwd |UNIX /etc/passwd user credentials passwd.bak intitle:"Index of" pwd.db |UNIX /etc/pwd.db credentials intitle:Index.of etc shadow |UNIX /etc/shadow user credentials intitle:index.of master.passwd |UNIX master.passwd user credentials intitle:"Index of" spwd.db |UNIX spwd.db credentials passwd -pam.conf filetype:bak inurl:"htaccess| |UNIX various password file backups passwd|shadow|htusers filetype:inc dbconn |Various database credentials filetype:inc intext:mysql_ |Various database credentials, server names connect filetype:properties inurl:db |Various database credentials, server names intext:password inurl:vtund.conf intext:pass –cvs |Virtual Tunnel Daemon passwords inurl:"wvdial.conf" intext: |wdial dialup user credentials "password" filetype:mdb wwforum |Web Wiz Forums Web credentials "AutoCreate=TRUE password=*" |Website Access Analyzer user passwords filetype:pwl pwl |Windows Password List user credentials filetype:reg reg +intext: |Windows Registry Keys containing user "defaultusername" intext: |credentials "defaultpassword" filetype:reg reg +intext: |Windows Registry Keys containing user "internet account manager" |credentials "index of/" "ws_ftp.ini" |WS_FTP FTP credentials "parent directory" filetype:ini ws_ftp pwd |WS_FTP FTP user credentials inurl:admin filetype: |asp Generic userlist files inurl:userlist | inurl:php inurl: |Half-life statistics file, lists username and hlstats intext: |other information Server Username | filetype:ctl | inurl:haccess. |Mcft FrontPage equivalent of htaccess ctl Basic |shows Web user credentials filetype:reg | reg intext: |Mcft Internet Account Manager can "internet account manager" |reveal usernames and more filetype:wab wab |Mcft Outlook Express Mail address |books filetype:mdb inurl:profiles |Mcft Access databases containing |profiles. index.of perform.ini |mIRC IRC ini file can list IRC usernames and |other information inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be |used to discover usernames filetype:conf inurl:proftpd. |PROFTP FTP server configuration file conf –sample |reveals |username and server information filetype:log username putty |PUTTY SSH client logs can reveal |usernames |and server information filetype:rdp rdp |Remote Desktop Connection files reveal user |credentials intitle:index.of |UNIX bash shell history reveals commands .bash_history |typed at a bash command prompt; usernames |are often typed as argument strings intitle:index.of |UNIX shell history reveals commands typed at .sh_history |a shell command prompt; usernames are |often typed as argument strings "index of " lck |Various lock files list the user currently using |a file +intext:webalizer +intext: |Webalizer Web statistics page lists Web user- Total Usernames +intext: |names and statistical information "Usage Statistics for" filetype:reg reg HKEY_ |Windows Registry exports can reveal CURRENT_USER |username usernames and other information Note: Special Thanks to Shabbir for reviewing and allowing this post.
My pleasure and the only reason to allow this is for people like me can be careful and know what can be found using Google.
hahahah lol gotta love it i did that once except i set mine up to be like that and they attacker would go through ONLY frontpage to access my files BUT what they didnt know is is that i had 2 sets of the files one is the bad file for the victam and 1 for me the one for me is set up on another server as the bad one is hosted on my pc so when he connects to my pc and goes to my www folder and opens up some files a trojan remotly gets installed on his pc as well as other stuff and a alert msg poping up ever 10 minutes saying DONT GO THROUGH MY SHIT ASSWHOLE so yea i love it when ppl use those commands its funny becuase U NEVER KNOW WHO UR MESSING WITH ON THE INTERNET
All the Request code are available in below http://code.google.com/p/googlehacks/downloads/list It's official Google Hack Site, own made by google's
i dont know why google when put that site up its a security risk that there making but hey its not hurting me nay lol