How To Reveal Password Files With Google Search

By . Filed in Web Tricks

google inurl

Punct of revealed how you can actually find passwords by using Google search engine. Among the files that you can retrieve passwords from are auth_user_file.txt, passlist.txt, config.php, etc. If your web server or your web hosting account is revealing these files, that means you are potentially at risk of security breach.

Modified passwords

intitle:"Index of" passwords modified





FrontPage files

"# -FrontPage-" inurl:service.pwd


intitle:"Index of" config.php

inline url passwords


Using the search keywords given by Punct in Google, you are returned a list of urls. Behind these urls are password files, containing username and passwords. I’ve tried and manage to get in one of them, but of course with a little unmentioned process in the middle. So get more alert with what you are revealing on your web account. For starters, make sure you have a index.html on all folders, to avoid all files in the folder getting listed.


This post is published by a staff (editors, interns, sometimes Hongkiat Lim himself) or a guest contributor.