Inurl privat bild php name stunted. We use little-known Google features to find hidden things. Searching for words using additional operators

Inheritance is an object-oriented programming mechanism that allows you to describe new class based on an existing one (parent).

A class that is obtained by inheriting from another is called a subclass. This relationship is usually described using the terms "parent" and "child". A child class is derived from the parent and inherits its characteristics: properties and methods. Typically, a subclass adds new functionality to the functionality of the parent class (also called a superclass).

To create a subclass, you must use the extends keyword in the class declaration, followed by the name of the class from which you are inheriting:

age = $age; ) function add_age () ( $this->age++; ) ) // declare an inherited class class my_Cat extends Cat ( // define our own subclass method function sleep() ( echo "
Zzzzz..."; ) ) $kitty = new my_Cat(10); // call the inherited method $kitty->add_age(); // read the value of the inherited property echo $kitty->age; // call the subclass's own method $ kitty->sleep();

The subclass inherits access to all methods and properties of the parent class, since they are of type public . This means that for instances of the my_Cat class, we can call the add_age() method and access the $age property, even though they are defined in the cat class. Also in the example above, the subclass does not have its own constructor. If the subclass does not declare its own constructor, then when creating instances of the subclass, the superclass constructor will be automatically called.

Please note that subclasses can override properties and methods. By defining a subclass, we ensure that its instance is defined by the characteristics of first the child and then the parent class. To understand this better, consider an example:

age"; ) ) class my_Cat extends Cat ( public $age = 10; ) $kitty = new my_Cat; $kitty->foo(); ?>

When calling $kitty->foo(), the PHP interpreter cannot find such a method in the my_Cat class, so the implementation of this method defined in the Cat class is used. However, the subclass defines its own $age property, so when it is accessed in the $kitty->foo() method, the PHP interpreter finds that property in the my_Cat class and uses it.

Since we have already covered the topic of specifying the type of arguments, it remains to be said that if the parent class is specified as the type, then all descendants for the method will also be available for use, look at the following example:

foo(new my_Cat); ?>

We can treat an instance of the class my_Cat as if it were an object of type Cat, i.e. we can pass an object of type my_Cat to the foo() method of the Cat class, and everything will work as expected.

parent operator

In practice, subclasses may need to extend the functionality of parent class methods. By extending functionality by overriding superclass methods, in subclasses you retain the ability to first execute program code parent class and then add code that implements additional functionality. Let's look at how this can be done.

To call the desired method from a parent class, you will need to access this class itself through a descriptor. PHP provides the parent keyword for this purpose. The parent operator allows subclasses to access the methods (and constructors) of the parent class and add to their existing functionality. To refer to a method in the context of a class, use the symbols "::" (two colons). The parent operator syntax is:

Parent::parent_class method

This construct will call a method defined in the superclass. Following such a call, you can place your program code, which will add new functionality:

title = $title; $this->price = $price; ) ) class new_book extends book ( public $pages; function __construct($title, $price, $pages) ( // call the constructor method of the parent class parent::__construct($title, $price); // initialize the property defined in subclass $this->pages = $pages; ) ) $obj = new new_book("alphabet", 35, 500); echo "Book: $obj->title
Price: $obj->price
Pages: $obj->pages"; ?>

When a child class defines its own constructor, PHP does not automatically call the parent class's constructor. This must be done manually in the subclass constructor. The subclass first calls the constructor of its parent class in its constructor, passing the necessary arguments for initialization, executes it, and then executes the code that implements additional functionality, in this case initializing a property of the subclass.

The parent keyword can be used not only in constructors, but also in any other method whose functionality you want to extend, this can be achieved by calling a method of the parent class:

name)."; return $str; ) ) class my_Cat extends Cat ( public $age = 5; function getstr() ( $str = parent::getstr(); $str .= "
Age: ($this->age) years."; return $str; ) ) $obj = new my_Cat; echo $obj->getstr(); ?>

Here, the getstr() method from the superclass is first called, the value of which is assigned to a variable, and after that the rest of the code defined in the subclass method is executed.

Now that we've covered the basics of inheritance, we can finally look at the issue of visibility of properties and methods.

public, protected and private: access control

Up to this point, we have explicitly declared all properties as public. And this type of access is set by default for all methods.

Members of a class can be declared as public, protected, or private. Let's look at the difference between them:

• TO public(public) properties and methods can be accessed from any context.
• TO protected(protected) properties and methods can be accessed either from the containing class or from its subclass. No external code is allowed access to them.
• You can make class data unavailable to the calling program using the keyword private(closed). Such properties and methods can only be accessed from the class in which they are declared. Even subclasses of this class do not have access to such data.

public - open access:

hello"; ) ) $obj = new human; // access from the calling program echo "$obj->age"; // Valid $obj->say(); // Valid?>

private - access only from class methods:

age"; ) ) $obj = new human; // there is no direct access to private data from the calling program echo "$obj->age"; // Error! access denied! // however, using the method you can display private data $obj ->say(); // Acceptable?>

protected - protected access:

The protected modifier, from the point of view of the calling program, looks exactly the same as private: it prohibits access to the object's data from the outside. However, unlike private, it allows you to access data not only from methods of your class, but also from methods of a subclass.

Merged

Hello guys!
I want to say right away that I am not an in-depth specialist - there are people smarter and with deeper knowledge. For me personally this is a hobby. But there are people who know less than me - first of all, the material is not intended for complete fools, but you don’t need to be super pro to understand it.
Many of us are accustomed to thinking that a dork is vulnerability, alas, you were wrong - in essence, a dork is search query sent to the search engine.
That is, the word index.php?id= dork
but the word Shop is also a word.
In order to understand what you want, you must be clearly aware of your requirements for a search engine. The usual form of dork index.php?id= can be divided into
index - key
.php? - code indicating that you need a website based on Php
id= identifier of something on the site
id=2 in our case 2 is an indication with which parameter the identifier should be parsed.
If you write index.php?id=2 then there will be sites only with id=2; if there is a mismatch, the site will be eliminated. For this reason, it makes no sense to write an exact indication to the identifier - since it can be 1,2,3,4,5 and ad infinitum.
If you decide to create an exact dork, say for Steam, then it makes sense to give it this look
inurl:game* +intext:"csgo"
it will parse the word game* in the site URL (where * is an arbitrary number of characters after the word game - after all, it can be games and the like)
It is also worth using an operator such as intitle:
If you have seen a good gaming site or you have a list of vulnerable gaming sites
It makes sense to use the related operator for parsing:
For related: a value in the form of a link to the site is suitable
related: ***
- it will find all sites from the search engine's point of view similar to the specified one
Remember - a dork is a parsing - it is not a hole.
A hole, also known as a vulnerability, is detected by a scanner based on what you have parsed.
I personally do not recommend using a large number of prefixes (search operators) when you work without proxies.
I'll tell you about the method of creating private doors for the country
In order to create a door like index.php?id= we will have to parse it
index - we will replace it with an arbitrary word
.php?id= will be the code for our dork
Invent new code there is no point - because many sites are stable on the same codes and engines and will continue to be. List of codes:

Spoiler: Dorky

Php?ts=
.php?topic=
.php?t=
.php?ch=
.php?_nkw=
.php?id=
.php?option=
.php?view=
.php?lang=
.php?page=
.php?p=
.php?q=
.php?gdjkgd=
.php?son=
.php?search=
.php?uid=
.php?title=
.php?id_q=
.php?prId=
.php?tag=
.php?letter=
.php?prid=
.php?catid=
.php?ID=
.php?iWine=
.php?productID=
.php?products_id=
.php?topic_id=
.php?pg=
.php?clan=
.php?fid=
.php?url=
.php?show=
.php?inf=
.php?event_id=
.php?term=
.php?TegID=
.php?cid=
.php?prjid=
.php?pageid=
.php?name=
.php?id_n=
.php?th_id=
.php?category=
.php?book_id=
.php?isbn=
.php?item_id=
.php?sSearchword=
.php?CatID=
.php?art=
.html?ts=
.html?topic=
.html?t=
.html?ch=
.html?_nkw=
.html?id=
.html?option=
.html?view=
.html?lang=
.html?page=
.html?p=
.html?q=
.html?gdjkgd=
.html?son=
.html?search=
.html?uid=
.html?title=
.html?id_q=
.html?prId=
.html?tag=
.html?letter=
.html?prid=
.html?catid=
.html?ID=
.html?iWine=
.html?productID=
.html?products_id=
.html?topic_id=
.html?pg=
.html?clan=
.html?fid=
.html?url=
.html?show=
.html?inf=
.html?event_id=
.html?term=
.html?TegID=
.html?cid=
.html?prjid=
.html?pageid=
.html?name=
.html?id_n=
.html?th_id=
.html?category=
.html?book_id=
.html?isbn=
.html?item_id=
.html?sSearchword=
.html?CatID=
.html?art=
.aspx?ts=
.aspx?topic=
.aspx?t=
.aspx?ch=
.aspx?_nkw=
.aspx?id=
.aspx?option=
.aspx?view=
.aspx?lang=
.aspx?page=
.aspx?p=
.aspx?q=
.aspx?gdjkgd=
.aspx?son=
.aspx?search=
.aspx?uid=
.aspx?title=
.aspx?id_q=
.aspx?prId=
.aspx?tag=
.aspx?letter=
.aspx?prid=
.aspx?catid=
.aspx?ID=
.aspx?iWine=
.aspx?productID=
.aspx?products_id=
.aspx?topic_id=
.aspx?pg=
.aspx?clan=
.aspx?fid=
.aspx?url=
.aspx?show=
.aspx?inf=
.aspx?event_id=
.aspx?term=
.aspx?TegID=
.aspx?cid=
.aspx?prjid=
.aspx?pageid=
.aspx?name=
.aspx?id_n=
.aspx?th_id=
.aspx?category=
.aspx?book_id=
.aspx?isbn=
.aspx?item_id=
.aspx?sSearchword=
.aspx?CatID=
.aspx?art=
.asp?ts=
.asp?topic=
.asp?t=
.asp?ch=
.asp?_nkw=
.asp?id=
.asp?option=
.asp?view=
.asp?lang=
.asp?page=
.asp?p=
.asp?q=
.asp?gdjkgd=
.asp?son=
.asp?search=
.asp?uid=
.asp?title=
.asp?id_q=
.asp?prId=
.asp?tag=
.asp?letter=
.asp?prid=
.asp?catid=
.asp?ID=
.asp?iWine=
.asp?productID=
.asp?products_id=
.asp?topic_id=
.asp?pg=
.asp?clan=
.asp?fid=
.asp?url=
.asp?show=
.asp?inf=
.asp?event_id=
.asp?term=
.asp?TegID=
.asp?cid=
.asp?prjid=
.asp?pageid=
.asp?name=
.asp?id_n=
.asp?th_id=
.asp?category=
.asp?book_id=
.asp?isbn=
.asp?item_id=
.asp?sSearchword=
.asp?CatID= .asp?art=
.htm?ts= .htm?topic=
.htm?t= .htm?ch=
.htm?_nkw=
.htm?id=
.htm?option=
.htm?view=
.htm?lang=
.htm?page=
.htm?p=
.htm?q=
.htm?gdjkgd=
.htm?son=
.htm?search=
.htm?uid=
.htm?title=
.htm?id_q=
.htm?prId=
.htm?tag=
.htm?letter=
.htm?prid=
.htm?catid=
.htm?ID=
.htm?iWine=
.htm?productID=
.htm?products_id=
.htm?topic_id=
.htm?pg=
.htm?clan=
.htm?fid=
.htm?url=
.htm?show=
.htm?inf=
.htm?event_id=
.htm?term=
.htm?TegID=
.htm?cid=
.htm?prjid=
.htm?pageid=
.htm?name=
.htm?id_n=
.htm?th_id=
.htm?category=
.htm?book_id=
.htm?isbn=
.htm?item_id=
.htm?sSearchword=
.htm?CatID=
.htm?art=
.cgi?ts=
.cgi?topic=
.cgi?t=
.cgi?ch=
.cgi?_nkw=
.cgi?id=
.cgi?option=
.cgi?view=
.cgi?lang=
.cgi?page=
.cgi?p=
.cgi?q=
.cgi?gdjkgd=
.cgi?son=
.cgi?search=
.cgi?uid=
.cgi?title=
.cgi?id_q=
.cgi?prId=
.cgi?tag=
.cgi?letter=
.cgi?prid=
.cgi?catid=
.cgi?ID=
.cgi?iWine=
.cgi?productID=
.cgi?products_id=
.cgi?topic_id=
.cgi?pg=
.cgi?clan=
.cgi?fid=
.cgi?url=
.cgi?show=
.cgi?inf=
.cgi?event_id=
.cgi?term=
.cgi?TegID=
.cgi?cid=
.cgi?prjid=
.cgi?pageid=
.cgi?name=
.cgi?id_n=
.cgi?th_id=
.cgi?category=
.cgi?book_id=
.cgi?isbn=
.cgi?item_id=
.cgi?sSearchword=
.cgi?CatID=
.cgi?art=
.jsp?ts=
.jsp?topic=
.jsp?t=
.jsp?ch=
.jsp?_nkw=
.jsp?id=
.jsp?option=
.jsp?view=
.jsp?lang=
.jsp?page=
.jsp?p=
.jsp?q=
.jsp?gdjkgd=
.jsp?son=
.jsp?search=
.jsp?uid=
.jsp?title=
.jsp?id_q=
.jsp?prId=
.jsp?tag=
.jsp?letter=
.jsp?prid=
.jsp?catid=
.jsp?ID=
.jsp?iWine=
.jsp?productID=
.jsp?products_id=
.jsp?topic_id=
.jsp?pg=
.jsp?clan=
.jsp?fid=
.jsp?url=
.jsp?show=
.jsp?inf=
.jsp?event_id=
.jsp?term=
.jsp?TegID=
.jsp?cid=
.jsp?prjid=
.jsp?pageid=
.jsp?name=
.jsp?id_n=
.jsp?th_id=
.jsp?category=
.jsp?book_id=
.jsp?isbn=
.jsp?item_id=
.jsp?sSearchword=
.jsp?CatID=
.jsp?art=

We will use these codes for the dork generator.
We go to Google translator - translate into Italian - list of the most frequently used words.
We parse a list of words in Italian - insert it into the first column of the dork generator - put the codes into the second, usually php - these are a variety of sites, cfm shops, jsp - gaming ones.
We generate - we remove spaces. Private doors for Italy are ready.
It also makes sense to insert phrases in the same language in the right column in the style of “remember me, forgot your password” instead of site:it
They will parse cool, they will be private if you parse something unique and replace the dork key.
And add remember me in the same language - then the sites will fly only with databases.
It's all about thinking. Dorks will look like name.php?uid= all their features will be in a unique key. They will be mixed, the Inurl: operator does not need to be used - since parsing will proceed without it in the url, and in the text, and in the title.
After all, the whole point of dork is that anything can happen - stim, stick, netteler - or it may not happen. Here you need to take in quantity.
There is also so-called vulnerability parsing.

Spoiler: Dorky

intext:"java.lang.NumberFormatException: null"
intext:"error in your SQL syntax"
intext:"mysql_num_rows()"
intext:"mysql_fetch_array()"
intext:"Error Occurred While Processing Request"
intext:"Server Error in "/" Application"
intext:"Microsoft OLE DB Provider for ODBC Drivers error"
intext:"Invalid Querystring"
intext:"OLE DB Provider for ODBC"
intext:"VBScript Runtime"
intext:"ADODB.Field"
intext:"BOF or EOF"
intext:"ADODB.Command"
intext:"JET Database"
intext:"mysql_fetch_row()"
intext:"Syntax error"
intext:"include()"
intext:"mysql_fetch_assoc()"
intext:"mysql_fetch_object()"
intext:"mysql_numrows()"
intext:"GetArray()"
intext:"FetchRow()"

These dorks are immediately looking for vulnerabilities directly, that is, using them together with unique words that were unlikely to be parsed before you

This time I will try to tell you what dorks should not be like. Because you often have to work with clients whose dorks look completely crazy. And after talking a little, it turns out that they also paid for these dorks. It’s annoying, in general) I myself, out of stupidity, bought dorks, both for 300 rubles and for 20 rubles. But I have not yet met a competent person who will make dorks that will be good and the search engine will return what I need from them. I'm not trying to offend anyone, and this is just my personal opinion. Firstly, before purchasing, always ask for 10-15 doors to check, just visually evaluate them. I hope after this guide you will be able to identify more or less tailored dorks for your request from those who cannot even be called public. Let's go! It’s easier for me to work with examples, so I’ll try to sketch out a list of “game” traps that sometimes come across, and tell you what you should pay attention to:
Code: mistake.php?gta_5= frame

Let's break it down into parts: mistake.php - here, it is assumed that this word should be present in the link. In fact, it's a little different. For a word to be present in a link, it must be applied to the inurl: or allinurl operator:

Let's say we come across some links with this word. But, it is this part (judging by the door) that should refer to the title of the page. I don't know what kind of coder would create a mistake.php page on their gaming site. Of course, there will be such people. But this will be a very small percentage.

As for me, the page should be more or less with a popular name used by PHP coders. A couple more pages that are not desirable in dorks (often dork sellers use random words): Code: gta5.php - no one will call the page farcry_primal.php farcry_primal.cfm - the .cfm extension is used in ASP.NET, yes, on it they write, but not as often as in PHP. And to run into a page with such a name is a great success kramble.php how_to_work.php catch"in.php - special characters should not be in the name of the page jzooo.php - in general, don't understand what kind of page this is game_of_trone.php - a rare page , + does not refer to games, but most likely to the title of a movie. I hope you understand the approximate logic.

The page should have a logical name, this is the main thing. It is not very important whether the name has something related to the game theme or not. Which pages are mostly used by coders, and generally more popular ones that can be used in dorks:

Index.php
private.php
pm.php
user.php
members.php
area.php
config.php
search.php
redirect.php
r.php (same redirect)
s.php (same search)
mail.php forum.php
post.php account.php
exit.php
query.php
q.php (the same query), etc.

Something like this.

The title of the page in the door (if there is one) should be monosyllabic, convenient for use on the site, and carry some kind of logical subtext. It’s okay that we don’t have names like steam.php or steam_keys.php or roulette.php here, it’s important for us to find more links. And the more often a word from a query is used on websites, the better. We will select the ones we need more or less by topic using the rest of the documentation. We've sorted out the page titles, but that's not the most important thing.

Let's move on to the second part.

Meet this GET request: ?gta_5 - Let me tell you right away, there are no such requests. (I remind you that this is my personal opinion) The GET request, ideally, which we need, should access the database, and in the case SQL injection, cause an output error from the database. This is what we need. However, finding a request that would be called gta_5 is, again, great luck. And if we find him, we need him to be vulnerable. This again discards most of the links we are interested in. A couple more bad examples, no good requests:

Groove=
?paypal=
?qiwi_wallet=
?my_money=
?dai_webmoney=
?skdoooze=
?sadlkjadlkjswq=
?213123=
?777=

Why is PayPal a bad request? Because it is assumed that with this request we want to access the database with a selection of PayPal. Nobody stores the Paypal database, except perhaps the company itself. Again, I'm defending it.

Examples of good queries, kind ones that everyone loves to use because they are short, convenient, easy to remember, and have at least some logic:
?id=
?cat=
?cat_id=
?get=
?post=
?frame=
?r=
?redirect= (well, you get the idea)
?banner=
?go=
?leave=
?login=
?pass=
?password=
?username=
?user=
?search=
?s=
?wallet=
?acc=
?balance=
?do=
?page=
?page_id=
?topic=
?forum=
?thread=
?download=
?free=
?message=
Of course, you can continue indefinitely.
But these are universal requests that can perfectly suit mix dorks, gaming dorks, money dorks, and any others. We will come across forums, torrent sites, and everything else. As an example, a couple of queries that may be useful, let’s say for game queries:
?game=
?game_id=
?battle=
?log=
?team=
?weapon=
?inv= (inventory)
?gamedata=
?player=
?players=
?play= (you will come across sites with video clips)
?playtag=
?match=

Approximately the same query logic should ideally be applied to other topics. You need to understand at least a little English and understand what kind of doors you are buying. In general, it’s enough to look at 10-20 doors and it will immediately become clear what kind of mega private you bought, and whether it’s worth contacting this seller in the future. Or in general, make a refund through black if you see that your dorks contain sex.php? or?photo= and you ordered doors for shops. Hands under the train to such figures

And so, finally - the most important part of the dorka (which is sometimes completely absent). If we have just looked at the name of the GET request (not the request itself), now we are moving on to a request that can help us find exactly what we need. From our test dork this part is frame

I won’t say that this is a bad request, but considering that we are looking for gaming sites, the effectiveness of such a request is approximately 15-20%. For mix tracks, or just for the number of links (just to leak something), it will do just fine. The name of the request can include, as they correctly say in many tutorials and manuals on dorks, any words related to our topic. Let’s not deviate from gaming queries, so I’ll give an example of good, suitable queries for games:
game
gaming
exp
player
level
players
dota
counter-strike
AWP | Aziimov
M19
NAVI
play free
free games
download game
game forum
about game
screenshot game
game guide

It should be clear here what the theme of your roads is. If your purchased dorks have something like the following (and we bought gaming ones): Code: watch freedom text dsadaswe 213123321 ledy gaga fuck america bla bla girl tits free XXX porn futurama s01e13 Then again, feel free to send a message to the seller and throw out your dorks. You won’t see gaming sites One more thing, with these queries you can use operators - intitle: , allintitle: , intext: , allintext: Where, after the colon, there will be the gaming query itself from the list just above (intitle: game, allintext: play free)

It seems that everything I wanted to convey. Basically, I hope the article will be useful at least in some way for beginners (it would be useful for me and would help me save several hundred rubles, and help put unscrupulous wood sellers in their place). Well, if you more or less understand how to make dorks yourself, I will be only glad. Practice, get your eye/hand trained, there’s nothing particularly complicated about dorks. And finally, I don’t know how it works in the dumper, but the a-parser calmly eats and searches for many links with queries in Russian. Why not, I thought. I tested it and was pleased with the effect. You can laugh))

Frame.php?name= games for free
get.php?query= download KS
search.php?ok= game servers

Search engine Google system(www.google.com) provides many search options. All these features are an invaluable search tool for a user new to the Internet and at the same time an even more powerful weapon of invasion and destruction in the hands of people with evil intentions, including not only hackers, but also non-computer criminals and even terrorists.
(9475 views in 1 week)

Denis Barankov
denisNOSPAMixi.ru

Attention:This article is not a guide to action. This article was written for you, WEB server administrators, so that you will lose the false feeling that you are safe, and you will finally understand the insidiousness of this method of obtaining information and take up the task of protecting your site.

Introduction

For example, I found 1670 pages in 0.14 seconds!

2. Let's enter another line, for example:

inurl:"auth_user_file.txt"

a little less, but this is already enough for free downloading and password guessing (using the same John The Ripper). Below I will give a number of more examples.

So, you need to realize that the Google search engine has visited most of the Internet sites and cached the information contained on them. This cached information allows you to obtain information about the site and the content of the site without directly connecting to the site, only by delving into the information that is stored inside Google. Moreover, if the information on the site is no longer available, then the information in the cache may still be preserved. All you need for this method: know some key Google words. This technique is called Google Hacking.

Information about Google Hacking first appeared on the Bugtruck mailing list 3 years ago. In 2001, this topic was raised by a French student. Here is a link to this letter http://www.cotse.com/mailing-lists/bugtraq/2001/Nov/0129.html. It provides the first examples of such queries:

1) Index of /admin
2) Index of /password
3) Index of /mail
4) Index of / +banques +filetype:xls (for france...)
5) Index of / +passwd
6) Index of / password.txt

This topic made waves in the English-reading part of the Internet quite recently: after the article by Johnny Long, published on May 7, 2004. For a more complete study of Google Hacking, I advise you to go to this author’s website http://johnny.ihackstuff.com. In this article I just want to bring you up to date.

Who can use this:
- Journalists, spies and all those people who like to poke their nose into other people's business can use this to search for incriminating evidence.
- Hackers looking for suitable targets for hacking.

How Google works.

To continue the conversation, let me remind you of some of the keywords used in Google queries.

Search using the + sign

Google excludes words it considers unimportant from searches. For example, question words, prepositions and articles in English: for example are, of, where. In Russian, Google seems to consider all words important. If a word is excluded from the search, Google writes about it. In order for Google to start searching for pages with these words, you need to add a + sign without a space before the word. For example:

ace +of base

Search using the sign –

If Google finds a large number of pages from which it needs to exclude pages with a certain topic, then you can force Google to search only for pages that do not contain certain words. To do this, you need to indicate these words by placing a sign in front of each - without a space before the word. For example:

fishing - vodka

Search using ~

You may want to search not only the specified word, but also its synonyms. To do this, precede the word with the ~ symbol.

Finding an exact phrase using double quotes

Google searches on each page for all occurrences of the words that you wrote in the query string, and it does not care about the relative position of the words, as long as all the specified words are on the page at the same time (this is the default action). To find the exact phrase, you need to put it in quotes. For example:

"book stand"

In order for at least one of the specified words to appear, you must specify logical operation explicit: OR. For example:

book safety OR protection

In addition, you can use the * sign in the search bar to indicate any word and. to represent any character.

Search for words using additional operators

There are search operators that are specified in the search string in the format:

operator:search_term

Spaces next to the colon are not needed. If you insert a space after the colon, you will see an error message, and before it, Google will use them as a normal search string.
There are groups of additional search operators: languages ​​- indicate in which language you want to see the result, date - limit the results for the past three, six or 12 months, occurrences - indicate where in the document you need to search for the line: everywhere, in the title, in the URL, domains - search on the specified site or, conversely, exclude it from the search; safe search - blocks sites containing the specified type of information and removes them from the search results pages.
However, some operators do not require an additional parameter, for example the request " cache:www.google.com" can be called as a full-fledged search string, and some keywords, on the contrary, require a search word, for example " site:www.google.com help". In light of our topic, let's look at the following operators:

Operator	Description	Requires an additional parameter?
	search only on the site specified in search_term
	search only in documents with type search_term
	find pages containing search_term in the title
	find pages containing all search_term words in the title
	find pages containing the word search_term in their address
	find pages containing all search_term words in their address

Operator site: limits the search only to the specified site, and you can specify not only domain name, but also an IP address. For example, enter:

Operator filetype: Limits the search to a specific file type. For example:

As of the publication date of the article, Google can search within 13 different file formats:

• Adobe Portable Document Format (pdf)
• Adobe PostScript (ps)
• Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
• Lotus WordPro (lwp)
• MacWrite (mw)
• Microsoft Excel(xls)
• Microsoft PowerPoint (ppt)
• Microsoft Word(doc)
• Microsoft Works (wks, wps, wdb)
• Microsoft Write (wri)
• Rich Text Format (rtf)
• Shockwave Flash(swf)
• Text (ans, txt)

Operator link: shows all pages that point to the specified page.
It's probably always interesting to see how many places on the Internet know about you. Let's try:

Operator cache: shows the version of the site in Google's cache, what it looked like when Google latest visited this page once. Let’s take any frequently changing site and look:

Operator intitle: searches for the specified word in the page title. Operator allintitle: is an extension - it searches for all specified few words in the page title. Compare:

intitle:flight to Mars
intitle:flight intitle:on intitle:mars
allintitle:flight to mars

Operator inurl: forces Google to show all pages containing the specified string in the URL. allinurl operator: searches for all words in a URL. For example:

allinurl:acid acid_stat_alerts.php

This command is especially useful for those who don't have SNORT - at least they can see how it works on a real system.

Hacking Methods Using Google

So, we found out that using a combination of the above operators and keywords, anyone can collect the necessary information and search for vulnerabilities. These techniques are often called Google Hacking.

Site map

You can use the site: operator to list all the links that Google has found on a site. Typically, pages that are dynamically created by scripts are not indexed using parameters, so some sites use ISAPI filters so that links are not in the form /article.asp?num=10&dst=5, and with slashes /article/abc/num/10/dst/5. This is done so that the site is generally indexed by search engines.

Let's try:

site:www.whitehouse.gov whitehouse

Google thinks that every page on a website contains the word whitehouse. This is what we use to get all the pages.
There is also a simplified version:

site:whitehouse.gov

And the best part is that the comrades from whitehouse.gov didn’t even know that we looked at the structure of their site and even looked at the cached pages that Google downloaded. This can be used to study the structure of sites and view content, remaining undetected for the time being.

View a list of files in directories

WEB servers can show lists of server directories instead of the usual ones HTML pages. This is usually done to ensure that users select and download specific files. However, in many cases, administrators have no intention of showing the contents of a directory. This occurs due to incorrect server configuration or lack of home page in the directory. As a result, the hacker has a chance to find something interesting in the directory and use it for his own purposes. To find all such pages, it is enough to note that they all contain in their title the words: index of. But since the words index of contain not only such pages, we need to refine the query and take into account the keywords on the page itself, so queries like:

intitle:index.of parent directory
intitle:index.of name size

Since most directory listings are intentional, you may have a hard time finding misplaced listings the first time. But at least you can already use listings to determine WEB versions server as described below.

Obtaining the WEB server version.

Knowing the WEB server version is always useful before launching any hacker attack. Again, thanks to Google, you can get this information without connecting to a server. If you look closely at the directory listing, you can see that the name of the WEB server and its version are displayed there.

Apache1.3.29 - ProXad Server at trf296.free.fr Port 80

An experienced administrator can change this information, but, as a rule, it is true. Thus, to obtain this information it is enough to send a request:

intitle:index.of server.at

To get information for a specific server, we clarify the request:

intitle:index.of server.at site:ibm.com

Or, on the contrary, we are looking for servers running a specific version of the server:

intitle:index.of Apache/2.0.40 Server at

This technique can be used by a hacker to find a victim. If, for example, he has an exploit for a certain version of the WEB server, then he can find it and try the existing exploit.

You can also get the server version by viewing the pages that are installed by default when installing the latest version of the WEB server. For example, to see the Apache 1.2.6 test page, just type

intitle:Test.Page.for.Apache it.worked!

Moreover, some operating systems During installation, they immediately install and launch the WEB server. However, some users are not even aware of this. Naturally, if you see that someone has not removed the default page, then it is logical to assume that the computer has not undergone any customization at all and is likely vulnerable to attack.

Try searching for IIS 5.0 pages

allintitle:Welcome to Windows 2000 Internet Services

In the case of IIS, you can determine not only the server version, but also Windows version and Service Pack.

Another way to determine the WEB server version is to search for manuals (help pages) and examples that may be installed on the site by default. Hackers have found many ways to use these components to gain privileged access to a site. That is why you need to remove these components on the production site. Not to mention the fact that the presence of these components can be used to obtain information about the type of server and its version. For example, let's find the apache manual:

inurl:manual apache directives modules

Using Google as a CGI scanner.

CGI scanner or WEB scanner is a utility for searching for vulnerable scripts and programs on the victim’s server. These utilities must know what to look for, for this they have a whole list of vulnerable files, for example:

/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi

/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll
/cgi-bin/finger.cgi

We can find each of these files with using Google, using additionally the words index of or inurl with the file name in the search bar: we can find sites with vulnerable scripts, for example:

allinurl:/random_banner/index.cgi

Using additional knowledge, a hacker can exploit a script's vulnerability and use this vulnerability to force the script to emit any file stored on the server. For example, a password file.

How to protect yourself from Google hacking.

1. Do not post important data on the WEB server.

Even if you posted the data temporarily, you may forget about it or someone will have time to find and take this data before you erase it. Don't do this. There are many other ways to transfer data that protect it from theft.

2. Check your site.

Use the methods described to research your site. Check your site periodically for new methods that appear on the site http://johnny.ihackstuff.com. Remember that if you want to automate your actions, you need to get special permission from Google. If you read carefully http://www.google.com/terms_of_service.html, then you will see the phrase: You may not send automated queries of any sort to Google's system without express permission in advance from Google.

3. You may not need Google to index your site or any part of it.

Google allows you to remove a link to your site or part of it from its database, as well as remove pages from the cache. In addition, you can prohibit the search for images on your site, prohibit short fragments of pages from being shown in search results. All possibilities for deleting a site are described on the page http://www.google.com/remove.html. To do this, you must confirm that you are really the owner of this site or insert tags into the page or

4. Use robots.txt

It is known that search engines look at the robots.txt file located at the root of the site and do not index those parts that are marked with the word Disallow. You can use this to prevent part of the site from being indexed. For example, to prevent the entire site from being indexed, create a robots.txt file containing two lines:

User-agent: *
Disallow: /

What else happens

So that life doesn’t seem like honey to you, I’ll say finally that there are sites that monitor those people who, using the methods outlined above, look for holes in scripts and WEB servers. An example of such a page is

Application.

A little sweet. Try some of the following for yourself:

1. #mysql dump filetype:sql - search for mySQL database dumps
2. Host Vulnerability Summary Report - will show you what vulnerabilities other people have found
3. phpMyAdmin running on inurl:main.php - this will force control to be closed through the phpmyadmin panel
4. not for distribution confidential
5. Request Details Control Tree Server Variables
6. Running in Child mode
7. This report was generated by WebLog
8. intitle:index.of cgiirc.config
9. filetype:conf inurl:firewall -intitle:cvs – maybe someone needs firewall configuration files? :)
10. intitle:index.of finances.xls – hmm....
11. intitle:Index of dbconvert.exe chats – icq chat logs
12. intext:Tobias Oetiker traffic analysis
13. intitle:Usage Statistics for Generated by Webalizer
14. intitle:statistics of advanced web statistics
15. intitle:index.of ws_ftp.ini – ws ftp config
16. inurl:ipsec.secrets holds shared secrets – secret key – good find
17. inurl:main.php Welcome to phpMyAdmin
18. inurl:server-info Apache Server Information
19. site:edu admin grades
20. ORA-00921: unexpected end of SQL command – getting paths
21. intitle:index.of trillian.ini
22. intitle:Index of pwd.db
23.intitle:index.of people.lst
24. intitle:index.of master.passwd
25.inurl:passlist.txt
26. intitle:Index of .mysql_history
27. intitle:index of intext:globals.inc
28. intitle:index.of administrators.pwd
29. intitle:Index.of etc shadow
30.intitle:index.ofsecring.pgp
31. inurl:config.php dbuname dbpass
32. inurl:perform filetype:ini

"Hacking mit Google"

Training center "Informzashchita" http://www.itsecurity.ru - leading specialized center in the field of education information security(License of the Moscow Committee of Education No. 015470, State accreditation No. 004251). The only authorized training center for companies Internet Security Systems and Clearswift in Russia and the CIS countries. Authorized training center Microsoft(specialization Security). The training programs are coordinated with the State Technical Commission of Russia, the FSB (FAPSI). Certificates of training and state documents on advanced training.

SoftKey is a unique service for buyers, developers, dealers and affiliate partners. In addition, this is one of the best online software stores in Russia, Ukraine, Kazakhstan, which offers customers a wide range, many payment methods, prompt (often instant) order processing, tracking the order process in the personal section, various discounts from the store and manufacturers BY.

And so, now I’ll tell you how to hack something without any special knowledge. I’ll say right away that there is little benefit from this, but still.
First, you need to find the sites themselves. To do this, go to google.com and search for dorks

Inurl:pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php? id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurl:Stray- Questions-View.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl: news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl: select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:ogl_inet.php?ogl_id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem. php3?id= inurl:kategorie.php4?id= inurl:news.php?id= inurl:index.php?id= inurl:faq2.php?id= inurl:show_an.php?id= inurl:preview.php? id= inurl:loadpsb.php?id= inurl:opinions.php?id= inurl:spr.php?id= inurl:pages.php?id= inurl:announce.php?id= inurl:clanek.php4?id= inurl:participant.php?id= inurl:download.php?id= inurl:main.php?id= inurl:review.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl: prod_detail.php?id= inurl:viewphoto.php?id= inurl:article.php?id= inurl:person.php?id= inurl:productinfo.php?id= inurl:showimg.php?id= inurl:view. php?id= inurl:website.php?id= inurl:hosting_info.php?id= inurl:gallery.php?id= inurl:rub.php?idr= inurl:view_faq.php?id= inurl:artikelinfo.php? id= inurl:detail.php?ID= inurl:index.php?= inurl:profile_view.php?id= inurl:category.php?id= inurl:publications.php?id= inurl:fellows.php?id= inurl :downloads_info.php?id= inurl:prod_info.php?id= inurl:shop.php?do=part&id= inurl:productinfo.php?id= inurl:collectionitem.php?id= inurl:band_info.php?id= inurl :product.php?id= inurl:releases.php?id= inurl:ray.php?id= inurl:produit.php?id= inurl:pop.php?id= inurl:shopping.php?id= inurl:productdetail .php?id= inurl:post.php?id= inurl:viewshowdetail.php?id= inurl:clubpage.php?id= inurl:memberInfo.php?id= inurl:section.php?id= inurl:theme.php ?id= inurl:page.php?id= inurl:shredder-categories.php?id= inurl:tradeCategory.php?id= inurl:product_ranges_view.php?ID= inurl:shop_category.php?id= inurl:transcript.php ?id= inurl:channel_id= inurl:item_id= inurl:newsid= inurl:trainers.php?id= inurl:news-full.php?id= inurl:news_display.php?getid= inurl:index2.php?option= inurl :readnews.php?id= inurl:top10.php?cat= inurl:newsone.php?id= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl :aboutbook.php?id= inurl:preview.php?id= inurl:loadpsb.php?id= inurl:pages.php?id= inurl:material.php?id= inurl:clanek.php4?id= inurl:announce .php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:viewapp.php?id= inurl:viewphoto.php?id= inurl:rub.php?idr= inurl:galeri_info.php ?l= inurl:review.php?id= inurl:iniziativa.php?in= inurl:curriculum.php?id= inurl:labels.php?id= inurl:story.php?id= inurl:look.php? ID= inurl:newsone.php?id= inurl:aboutbook.php?id= inurl:material.php?id= inurl:opinions.php?id= inurl:announce.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:tekst.php?idt= inurl:newscat.php?id= inurl:newsticker_info.php?idn= inurl:rubrika.php?idr= inurl:rubp.php?idr= inurl: offer.php?idf= inurl:art.php?idm= inurl:title.php?id= inurl:".php?id=1" inurl:".php?cat=1" inurl:".php?catid= 1" inurl:".php?num=1" inurl:".php?bid=1" inurl:".php?pid=1" inurl:".php?nid=1"

here is a small list. You can use yours. And so, we found the site. For example http://www.vestitambov.ru/
Next, download this program

**Hidden Content: To see this hidden content your post count must be 3 or greater.**

Click OK. Then we insert the victim site.
We press start. Next we wait for the results.
And so, the program found an SQL vulnerability.

Next, download Havij, http://www.vestitambov.ru:80/index.php?module=group_programs&id_gp= paste the received link there. I won’t explain how to use Havij and where to download it; it’s not difficult to find. All. You have received the data you need - the administrator password, and then it’s up to your imagination.

P.S. This is my first attempt to write something. Sorry if something is wrong