Just when you think that all possible google password dorks have been found and documented. For the ones still not familiar with the google hacking database (just click it) :)
I just stumbled upon this new dork to find passwords(and all other kind of interesting network related data(just enter the following into google):
example stuff you can find(I have censored the sensitive information using ***):
+OK Hello there.
-ERR Invalid command.
+OK Password required.
+OK logged in.
+OK 0 0
This was just a quick post…cause I honestly didn’t think people would STILL let google index their sensitive stuff.
Well I suspect that people already know about this. I didn’t, so I felt like blogging about it. Often when searching for specific directories on google it can be a pain in the ass, I mean you can combine “inurl” and “intitle” but still… so the other day I stumblod upon this nice feature of the “site” command. you can actually append a directory name to it!!
That actually seems to yield better results. For example I used it to search for a specific directory on some TLD and it worked fine. I particularly like it because it makes searching for a specific directory with specific characteristics a lot easier. A nice example to try for example could be, it results in (almost) only include directories which allow directory listing:
site:org/include/ intitle:”index of”
If you stretch it even further you *COULD* argue that you can do a directory search withouth actually hitting the target, of course it would be limited to the directories indexed by google.
If you already knew it then oh well…if not enjoy.