How To Reveal Password Files With Google Search

By . Filed in Web Tricks

google inurl

Punct of ircsb.com revealed how you can actually find passwords by using Google search engine. Among the files that you can retrieve passwords from are auth_user_file.txt, passlist.txt, config.php, etc. If your web server or your web hosting account is revealing these files, that means you are potentially at risk of security breach.

Modified passwords

intitle:"Index of" passwords modified

auth_user_file.txt

allinurl:auth_user_file.txt

passlist.txt

inurl:passlist.txt

FrontPage files

"# -FrontPage-" inurl:service.pwd

config.php

intitle:"Index of" config.php

inline url passwords

"http://*:*@"

Using the search keywords given by Punct in Google, you are returned a list of urls. Behind these urls are password files, containing username and passwords. I’ve tried and manage to get in one of them, but of course with a little unmentioned process in the middle. So get more alert with what you are revealing on your web account. For starters, make sure you have a index.html on all folders, to avoid all files in the folder getting listed.

Author:

This post is published by a Hongkiat.com staff (editors, interns, sometimes Hongkiat Lim himself) or a guest contributor.

Advertisement