How To Reveal Password Files With Google Search
Punct of ircsb.com revealed how you can actually find passwords by using Google search engine. Among the files that you can retrieve passwords from are auth_user_file.txt, passlist.txt, config.php, etc. If your web server or your web hosting account is revealing these files, that means you are potentially at risk of security breach.
intitle:"Index of" passwords modified
"# -FrontPage-" inurl:service.pwd
intitle:"Index of" config.php
inline url passwords
Using the search keywords given by Punct in Google, you are returned a list of urls. Behind these urls are password files, containing username and passwords. I’ve tried and manage to get in one of them, but of course with a little unmentioned process in the middle. So get more alert with what you are revealing on your web account. For starters, make sure you have a index.html on all folders, to avoid all files in the folder getting listed.
This post is published by a Hongkiat.com staff (editors, interns, sometimes Hongkiat Lim himself) or a guest contributor.