top of page

Google-Hacking☠: Find Passwords, Email lists & CCTVs in occupied Ukraine😈

CyberMoransđŸ€—

You can hack devices just by Googling the password to log in😝 Because Google is very dedicated at indexing everything connected to the internetđŸ€Ż thus possible to find files that are exposed accidentally and contain critical information for anyone to seeđŸ€«

The advanced application of Google search operators is Google Dorking/Hacking — using search operators to hunt for specific vulnerable devices through targeted search strings. If we assume that Google has indexed most devices accidentally exposed to the internet, we can use the text we know appears in their login or administrative pages to find them🧐

 

🚀 Things can you find with Dorks on the Internet

You would be amazed. Everything from the pool controller of Yachts in the ocean to configuration interfaces for critical systems is connected to the internet by well-meaning people with the assumption that no one will ever find themđŸ€­

The Worst kind of exposed file đŸ€ą we can find is one that leaks the credentials to user accounts or the entire service itself. Usually, this will happen in one of ✌ two ways;

☝ One, a server or other service is set up incorrectly and exposes its administrative logs to the internet. When passwords are changed, or a user fails to log in correctly, these logs can leak the credentials being used to the internet đŸ„¶


✌ Two, is when configuration files that contain the same information are exposed. These are files that are supposed to be internal but are often leave critical information out in the open. Either one of these mistakes can cause the entire service to be taken over by an hacker😈 who happens to chance upon the informationđŸ€Ż


✊ I'll be using Google Hacks/dorks to not just to find these files, but also things like file transfer servers that may contain interesting information, email lists, and my favorite, exposed webcams and CCTVs 👀


Morans, Fire up your TOR browsers and Lets nduthisđŸ’Ș


 

🚀 Finding FTP Servers & Websites Using HTTP

To start, we'll use the dork😈 to search for file transfer servers (FTP) published sometime this year. Searching for these servers can allow us to find files that are supposed to be internal, but were unknowingly made public👇

intitle:"index of" inurl:ftp after:2022

See...You are browsing the latest payment logs of pharmacy...👇

This is a FTP server with very well named files đŸ˜” and you can check and even download all the files...👇

ooh wow...👇

These servers become public because the index file of their FTP server is the kind of data that Google loves to scan . Google's scanning leads to a complete list of all the files contained within the server being searchable on Google...đŸ€€


Give me one sec.....😎

aah, lets continue....*clears throat mischievously*😏


If we want to find insecure webpages still using HTTP to poke at, we can modify the command slightly to do so by changing the "ftp" to "http" and re-running the search👇

intitle:"index of" inurl:http after:2022

Searching that string should produce a list of lots and lots of websites using HTTP, BEGGING to be attacked. But if we're looking for a specific type of site, we can go even further 😛


If we want to start attacking some easy targets, we can be more specific and search for online forms still using HTTP by changing the text in the search title👇

intitle:"forum" inurl:http after:2022

And you wont believe the results thst turn upđŸ€Ż -- We can keep adding search operators like AND inurl:"registration" to get more specific and hunt down the registration pages of insecure form websites👇



Here you can see we've found a list of vulnerable online forums using HTTP. Just hit continue to HTTP site...and In the immortal words of Hollywood movies....You are in!

 

🚀 Find Log Files with Passwords

Next is to search for files of the '.LOG' type. Searching for LOG files will allow us to look for clues about what the credentials to the system or various user or admin accounts might be 🙉


The dork to do this is 👇

allintext:password filetype:log after:2020

When searching for current log files exposed to the internet, we find this almost immediately 👇


When you open some of the logs🙊....This sh*t's legit!👇



This logs show orders, purchases, requests (GET)..etcđŸ€€


 

🚀 Config Files with Passwords & Cookies

Configuration files should not be public pretty much ever, and .ENV files are great examples of this. If we search for .ENV files that contain a string for the database password, we instantly find the password to this database we've discovered 👇

filetype:env "DB_PASSWORD" after:2020


Some are traps to lure nosy researchers like you and I....đŸ˜€ thats why I started by saying i prefer we did this with TOR browser....Tails OS is you really wish to get the belly of the beast....see 😠💀 👇

If we remove the after:2020 we can see older log files also exposing services to the internet.

 

🚀 Email Lists for Phishing and Recon

Email lists are a great way of scraping email addresses and trying to find information on corporate or school targets. These lists are frequently exposed by companies or schools that are trying to organize email lists for their membersđŸ„”


To find them, we'll be looking for spreadsheet .XLS file type with the string "email.xls" in the URL....👇


While these results are useful, be careful not to download any file without first considering if it's a honeypot to distribute malware. Many people will take popular dorks and then leave a server hosting a file that looks vulnerable but could instead contain malware....đŸ„”

 

🚀 Cameras & CCTVs

Finally, if you thought Shodan was the only service that can find weird open cameras, you are wrong. Camera login and viewing pages are usually HTTP, meaning Google is happy to index them and provide them for viewing if you know the right search string.


One common format for webcam strings is searching for "top.htm" in the URL with the current time and date included. You'll find a lot of results....👇

inurl:top.htm inurl:currenttime




The first result is a webcam that appears to be the Windows XP background from another angle in Ireland. The second is in Milan, ItalyđŸ’«

Another dork for cameras that produces outstanding results searches for a common live-view page hosted on routers 👇

inurl:"lvappl.htm"

Many cameras also monitor inside factories or industrial areas. Even in Russian occupied Ukraine. Yeah Putin, Tunawacheki cheki....👀 warecrimes paleđŸ˜€


Mexico city 👇


Sevastopol, Crimea, Russian occupied Ukraine...👇


LVIV, western Ukraine...👇

While you can view the cameras I showed without a password; many dorks look for webcam login pages that have a well-known default password. This tactic, while illegal, allows easy access to many webcams not intended for public viewing😜

 

🚀 Dorks Allows lazy-Hacking

Thanks to the way Google indexes nearly everything connected to the internet that offers a web interface, there's no shortage of misconfigured services that leave critical elements exposed to the internet đŸ€«


đŸ€š Make sure you don't log in to any of these services even if the password is exposed, as this could get you into trouble because you don't have permission😬


If you have a service online, smart to run a few common dorks on your domains to see what turns up, just in case you've accidentally left something exposed that a hacker might find usefulđŸ€Ș


Other Google dorks/Hacks you can try😝 :







and Hundreds others in Google Hacking Database:GHDB

 

🚀Conclusion đŸ€–

Subscribe to receive notifications of similar posts 😜 where we will be reverse engineering malware, vulnerabilities as well as hacking vectors, stories, tutorials and other Infosec stuff...😋


Follow me on twitter for daily Infosec Memes and shenanigans😝


Morans,


Thank you for taking time and hope you learned something new, Like and leave a comment/review and as always, stay awesome! 😋👊 đŸ’Ș


55 views0 comments

Recent Posts

See All
Post: Blog2_Post
bottom of page