The Facebook interface is strange and in places completely illogical. But it just so happened that almost everyone with whom I communicate was there, so I have to endure.
A lot of things on Facebook are not obvious. I tried to collect in this post what I didn’t find right away, and many probably haven’t found it yet.
ribbon
By default, Facebook generates a feed of popular posts. At the same time, on different computers it can be completely different. To force Facebook to generate a "normal" timed feed, click the checkmark to the right of the word "News Feed" and select "Recent" there.Unfortunately, in mobile application for Android, the feed is formed only by popularity.
Tape cleaning
On Facebook, I always add everyone who asks as a friend, but I don’t want to read any nonsense in the feed. In order to remove unnecessary publications from your feed, there is no need to remove anyone from your friends, just disable the subscription. As soon as you see something unnecessary in the feed, click on the checkmark on the right and select "Unsubscribe to ...". After that, this user's posts will never appear in your feed again.
Notifications
When you leave any comment on any post or photo, Facebook starts notifying you of all new comments. To opt out of this, you need to turn off notifications. For different objects, this is done in different places. With the status, everything is simple - click the checkmark to the right of the status and select "Do not receive notifications."
Alas, you cannot unsubscribe from comments in the Android mobile app.
Search by messages
Facebook has a search for private messages, but few people know where it is hidden. Click on the message button, then click "show all" at the bottom of the window that opens.
The messaging interface will open with a second search bar at the top.
There you can search for any words in all private messages written during the entire time you use Facebook.
Fighting Messenger
Facebook requires mobile devices to have a separate messaging app, Facebook Messenger. A lot of people don't like him very much. For now, there is a way to continue messaging on Facebook itself. When Facebook once again refuses to show messages, requiring you to install Messenger, go to the application manager (in Android - System Settings - Applications), find Facebook there and click the "Erase data" button. After that, launch Facebook and re-enter your username and password. Messages will work for a while after that, although Facebook will occasionally pop up a window asking you to install Messenger.Activity log
It is often very difficult to find something on Facebook. The following diagram helps a little. If you see something that might come in handy later, please like it. In the future, this like will be able to find a publication in the activity log. To open the log, click the small checkmark in the upper right corner of the interface and select "Action log" from the menu that opens.
Insert a publication
Every Facebook post has an "Insert Post" link. It produces a code that can be inserted into any site where you can embed html (including LiveJournal). Unfortunately, the ability to insert a video seems to be closed. A week ago it worked, but now it says "This Facebook post no longer available. It may have been deleted or its privacy settings have been changed."Disable video autoplay
By default, Facebook automatically plays all videos in the feed without sound. On mobile devices, this can be a problem, as it consumes a lot of data.In the browser, video autoplay is disabled as follows: click on the checkmark in the upper right corner, there are settings, then - video.
In Android - click on the three bars on the right in the icon bar, there "Application settings" - "Autoplay video" - set to "Off." or "Wi-fi only". V last case videos will autoplay only when connected via wi-fi.
Transition to publication
In order to go from the feed to a specific publication, just click on the publication date, and a link to the publication can be obtained by simply clicking right click click on the date and select "Copy link" there. Thanks for this advice samon , zz_z_z , Borhomey .
Surely, the mysterious Facebook has many more secrets that I have not yet got to.
If you know about other Facebook secrets, write in the comments, I will add to the post.
Saved
All stories in Yandex.News are sorted by importance. First of all, the relevance and number of messages in the story are taken into account. Algorithms for analyzing and ranking data are an original development by Yandex.
How stories are displayed
The first page of the story displays the title, a brief description of the event, and a list of links to posts that provide details of what happened.
A fragment of text that is used for a brief description of the news is extracted by a special algorithm from the text of the message, the title of which has become the title of the story. This fragment should mention the most significant facts for understanding the event - the names of people, the names of organizations, geographical objects, dates and numbers.
Messages on the front page of the story are by default sorted by time, with the most recent at the top. Other things being equal, content with Turbo pages may appear higher.
The plot is illustrated with photographs and videos, links from which lead to news reports using these materials.
How posts are selected to appear on the front page of a story
On the first page of the story, messages with the maximum weight are displayed, sorted by the time of publication. The weight of the message is affected by its citation in other materials included in the story, the time of publication and the weight of the source. All other posts that relate to the plot are available at the link All sources.
The source weight is determined based on three indicators:
- Efficiency - an indicator of how quickly the source responds to a particular event. The earlier the source reports the event, the higher the efficiency of this message. This indicator is also affected by the weight of other sources: if the message is published before the message from a more significant publication, its efficiency will be even higher.
- Citation - is determined by the number of references to given source in all messages from other sources over the past month and by the weight of citing sources (the more weighty the citing source, the higher the citation rate). Both hyperlinks and text references are taken into account up to synonymous names.
- Audience engagement- depends on the share of the partner site's own audience - the number of users who come to the site from a search or via a direct link. Such readers, as a rule, stay on the site to study its materials, and are ready to return there again. To determine engagement, navigation queries in Yandex.Search and clicks to partner sites in Yandex.Browser are analyzed.
The source weight is automatically recalculated every week.
Why does the story title change?
The title of the story becomes the title of one of the news items included in the story.
The title of the story may change if the title of the news was updated on the source site, the news itself was deleted, or a news with a more informative title appeared in the story.
Link personalization in story
The story page contains a large number of links to news resources. To save the user time and make the collection of posts more useful, the links in the story can be chosen based on the user's preferences. If a story contains a media source among the sources whose website the user visits most often (follows links from Yandex.News), the message from this media will most likely end up on the first page of the story.
Personalization is performed on the basis of anonymized data using automatic algorithms Yandex.News.
The original source of the messages in the story
The original source is the material that has become the starting point for creating news. For example, the primary source for news about a scientific discovery might be a press release from the laboratory where the discovery was made, and for news about a meteorite fall, a photograph of the event in social network.
Knowing the original source, you can track who first published the material and where the news began to spread, as well as see the message that is quoted and analyzed by news outlets.
With the help of machine learning algorithms, Yandex.News can automatically identify stories for which the original source is important to understand, and find it on the Internet. When searching for the original source, it is taken into account how the material corresponds to the plot, as well as the time of its appearance and the authority of the media referring to it.
Limitation. Block What started it all displayed only for stories for which the original source was found using Yandex algorithms.
Quote in story
Quote is a block that shows the most frequently occurring statement about the event. Appears below the plot annotation.
If the same statement is mentioned in most materials, the algorithm automatically highlights it, accompanied by the author's first and last name, as well as a link to the source's website, where you can read the entire text of the material.
The following statements are used as quotes:
- formatted as direct speech in quotation marks;
- indicating the name and surname of the author;
- small in size (2-3 sentences).
The Stories feature, or "Stories" in Russian localization, allows you to create photos and 10-second videos with overlay text, emoji and handwritten notes. The key feature of such posts is that, unlike regular posts in your feed, they do not live forever and are deleted exactly after 24 hours.
Why do you need
Instagram's official description says that new feature not needed for exchange important information about everyday life.
How to use it
At its core, the innovation is very similar to and works in much the same way, but with slight differences. Despite the fact that Instagram Stories has not so many possibilities and they are all very simple, not all users can deal with them on the go.
View stories
All available stories are displayed at the top of the feed as circles with user avatars and are hidden during scrolling. New stories appear as they are published, and a day later they disappear without a trace. At the same time, the stories are sorted not in chronological order, but by the number of playback cycles and comments.
To view, you just need to tap on the mug. The photo or video will open and display for 10 seconds. Tap and hold pauses the video.
At the top, next to the username, the posting time is shown. If the people you follow have other stories, the next ones will be shown immediately after the first one. You can switch between them by swiping left and right.
Stories that you have already viewed do not disappear from the menu, but are marked in gray. They can be opened again until they are removed after a day.
You can comment on stories only with the help of messages that are sent to Direct and are visible only to the author, and not to all subscribers. Whether it's a bug or a feature, I don't know.
Creating stories
Clicking on the plus sign at the top of the feed and swiping from the edge of the screen to the right opens the menu for recording a new story. Everything is simple here: we tap on the record button - we get a photo, we hold it - we shoot a video.
Shooting or uploading
You can switch front and rear camera or turn on the flash. It's also easy to select a media file from those that were filmed within the last 24 hours: this is done by swiping down. All photos from the gallery get here, including time-lapses and branded boomerangs.
Treatment
When the photos or videos are ready, they can be published after processing. Both for photos and videos, the tools are the same: filters, text and emoji, drawings.
Filters are switched in a circle with simple swipes from the edge of the screen. There are six of them in total, including a rainbow gradient like on the Instagram icon.
The added text can be enlarged or reduced, moved around the photo. But to leave more than one comment, unfortunately, it is impossible. Emoji are also inserted through the text, so if you want to cover your face with an emoji, you have to choose.
Drawing has little more possibilities. We have at our disposal a palette and as many as three brushes: regular, marker and with a “neon” stroke. You can draw all at once, while an unsuccessful stroke can be canceled.
Satisfied with the result? Click the checkmark button and your video will become available to subscribers. It can be saved to the gallery both before and after.
Privacy settings, statistics
The settings and statistics screen is called up by swiping up while viewing a story. From here, the story can be saved to the gallery, deleted or published in the main feed, turning it into regular entry. The list of viewers is displayed below. You can hide the story from any of them by clicking on the cross next to the name.
The settings hidden behind the gear icon allow you to choose who can reply to your stories and hide the story from certain subscribers. At the same time, privacy settings are remembered and applied to all subsequent publications.
How to live with it
Fine. Yes, many have taken Stories with hostility because of the similarities to Snapchat and the unresolved problems of Instagram, which developers should focus on. But I think the innovation is useful.
The problem of a cluttered feed, when you have to unsubscribe from friends who literally lay out their every step, has existed for a long time, and a clear solution to it has not been invented. Stories can be considered the first step towards this. Over time, people should get used to the culture of behavior offered and start posting only really important and noteworthy content to the feed. Everything else should go into Stories. It's true?
search engine Google system(www.google.com) provides many search options. All these features are an invaluable search tool for a user who first got on the Internet and at the same time even more powerful weapon invasions and destruction at the hands of people with evil intentions, including not only hackers, but also non-computer criminals and even terrorists.
(9475 views in 1 week)
Denis Batrankov
denisNOSPAMixi.ru
Attention:This article is not a guide to action. This article is written for you web administrators servers so that you no longer have the false feeling that you are safe, and you finally understand the insidiousness of this method of obtaining information and set about protecting your site.
Introduction
For example, I found 1670 pages in 0.14 seconds!
2. Let's enter another line, for example:
inurl:"auth_user_file.txt"a little less, but this is already enough for free download and for guessing passwords (using the same John The Ripper). Below I will give some more examples.
So, you need to realize that the Google search engine has visited most of the Internet sites and cached the information contained on them. This cached information allows you to get information about the site and the content of the site without a direct connection to the site, just digging into the information that is stored internally by Google. Moreover, if the information on the site is no longer available, then the information in the cache may still be preserved. All it takes for this method is to know some Google keywords. This technique is called Google Hacking.
For the first time, information about Google Hacking appeared on the Bugtruck mailing list 3 years ago. In 2001, this topic was raised by a French student. Here is a link to this letter http://www.cotse.com/mailing-lists/bugtraq/2001/Nov/0129.html . It gives the first examples of such requests:
1) Index of /admin
2) Index of /password
3) Index of /mail
4) Index of / +banques +filetype:xls (for france...)
5) Index of / +passwd
6) Index of/password.txt
This topic made a lot of noise in the English-reading part of the Internet quite recently: after an article by Johnny Long published on May 7, 2004. For a more complete study of Google Hacking, I advise you to go to the site of this author http://johnny.ihackstuff.com. In this article, I just want to bring you up to date.
Who can use it:
- Journalists, spies and all those people who like to stick their nose in other people's business can use this to search for compromising evidence.
- Hackers looking for suitable targets for hacking.
How Google works.
To continue the conversation, let me remind you of some of the keywords used in Google queries.
Search using the + sign
Google excludes unimportant, in its opinion, words from the search. For example, interrogative words, prepositions and articles in English language: for example are, of, where. In Russian Google language seems to consider all words important. If the word is excluded from the search, then Google writes about it. In order for Google to start searching for pages with these words, you need to add a + sign before them without a space before the word. For instance:
ace + of base
Search by sign -
If Google finds a large number of pages from which it is necessary to exclude pages with certain topics, then you can force Google to search only for pages that do not have certain words. To do this, you need to indicate these words by putting a sign in front of each - without a space before the word. For instance:
fishing - vodka
Search with the ~ sign
You may want to look up not only the specified word, but also its synonyms. To do this, precede the word with the symbol ~.
Finding an exact phrase using double quotes
Google searches on each page for all occurrences of the words that you wrote in the query string, and it does not care about the relative position of the words, the main thing is that all the specified words are on the page at the same time (this is the default action). To find the exact phrase, you need to put it in quotation marks. For instance:
"bookend"
To have at least one of the specified words, you must specify the logical operation explicitly: OR. For instance:
book safety OR protection
In addition, you can use the * sign in the search string to denote any word and. to represent any character.
Searching for words using additional operators
Exists search operators, which are specified in the search string in the format:
operator:search_term
The spaces next to the colon are not needed. If you insert a space after a colon, you will see an error message, and before it, Google will use them as a normal search string.
There are groups of additional search operators: languages - indicate in which language you want to see the result, date - limit the results for the past three, six or 12 months, occurrences - indicate where in the document you need to look for the string: everywhere, in the title, in the URL, domains - search the specified site or vice versa exclude it from the search, safe search - block sites containing the specified type of information and remove them from the search results pages.
However, some operators do not need an additional parameter, for example, the query " cache:www.google.com" can be called as a full search string, and some keywords, on the contrary, require a search word, for example " site:www.google.com help". In the light of our topic, let's look at the following operators:
Operator |
Description |
Requires additional parameter? |
search only for the site specified in search_term |
||
search only in documents with type search_term |
||
find pages containing search_term in title |
||
find pages containing all the words search_term in the title |
||
find pages containing the word search_term in their address |
||
find pages containing all the words search_term in their address |
Operator site: limits the search only on the specified site, and you can specify not only the domain name, but also the IP address. For example, enter:
Operator filetype: restricts searches in files certain type. For instance:
As of the publication date of the article, Google can search within 13 various formats files:
- Adobe Portable Document Format (pdf)
- Adobe PostScript (ps)
- Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
- Lotus Word Pro (lwp)
- MacWrite(mw)
- Microsoft Excel(xls)
- Microsoft PowerPoint (ppt)
- Microsoft Word (doc)
- Microsoft Works (wks, wps, wdb)
- Microsoft Write (wri)
- Rich Text Format (rtf)
- Shockwave Flash(swf)
- Text (ans, txt)
Operator link: shows all pages that point to the specified page.
It must always be interesting to see how many places on the Internet know about you. We try:
Operator cache: shows the version of the site in Google cache what she looked like when google latest visited this page once. We take any frequently changing site and look:
Operator title: searches for the specified word in the page title. Operator allintitle: is an extension - it looks for all the specified few words in the page title. Compare:
intitle:flight to mars
intitle:flight intitle:on intitle:mars
allintitle:flight to mars
Operator inurl: forces Google to show all pages containing URL specified line. allinurl: searches for all words in a URL. For instance:
allinurl:acid_stat_alerts.php
This command is especially useful for those who don't have SNORT - at least they can see how it works on a real system.
Google Hacking Methods
So, we found out that, using a combination of the above operators and keywords, anyone can collect the necessary information and search for vulnerabilities. These techniques are often referred to as Google Hacking.
site `s map
You can use the site: statement to see all the links that Google has found on the site. Usually, pages that are dynamically created by scripts are not indexed using parameters, so some sites use ISAPI filters so that links are not in the form /article.asp?num=10&dst=5, but with slashes /article/abc/num/10/dst/5. This is done to ensure that the site is generally indexed by search engines.
Let's try:
site:www.whitehouse.gov whitehouse
Google thinks that every page on a site contains the word whitehouse. This is what we use to get all the pages.
There is also a simplified version:
site:whitehouse.gov
And the best part is that the comrades from whitehouse.gov didn't even know that we looked at the structure of their site and even looked into the cached pages that Google downloaded for itself. This can be used to study the structure of sites and view content without being noticed for the time being.
Listing files in directories
WEB servers can show lists of server directories instead of the usual HTML pages. This is usually done so that users select and download certain files. However, in many cases administrators have no intention of showing the contents of a directory. This occurs due to incorrect server configuration or lack of home page in the directory. As a result, the hacker has a chance to find something interesting in the directory and use it for his own purposes. To find all such pages, it is enough to notice that they all contain the words: index of in their title. But since the index of words contain not only such pages, we need to refine the query and take into account the keywords on the page itself, so queries like:
intitle:index.of parent directory
intitle:index.of name size
Since most directory listings are intentional, you may have a hard time finding misplaced listings the first time. But on at least, you can already use the listings to define WEB versions server as described below.
Getting the WEB server version.
Knowing the WEB server version is always helpful before starting any hacker attack. Again thanks to Google it is possible to get this information without connecting to a server. If you carefully look at the directory listing, you can see that the name of the WEB server and its version are displayed there.
Apache1.3.29 - ProXad Server at trf296.free.fr Port 80
An experienced administrator can change this information, but, as a rule, it is true. Thus, to get this information, it is enough to send a request:
intitle:index.of server.at
To get information for a specific server, we refine the request:
intitle:index.of server.at site:ibm.com
Or vice versa, we are looking for servers running on certain version servers:
intitle:index.of Apache/2.0.40 Server at
This technique can be used by a hacker to find a victim. If, for example, he has an exploit for a certain version of the WEB server, then he can find it and try the existing exploit.
You can also get the server version by looking at the pages that are installed by default when installing a fresh version of the WEB server. For example, to see the Apache 1.2.6 test page, just type
intitle:Test.Page.for.Apache it.worked!
Moreover, some operating systems immediately install and launch the WEB server during installation. However, some users are not even aware of this. Naturally, if you see that someone has not deleted the default page, then it is logical to assume that the computer has not been subjected to any configuration at all and is probably vulnerable to attacks.
Try looking for IIS 5.0 pages
allintitle:Welcome to Windows 2000 Internet Services
In the case of IIS, you can determine not only the version of the server, but also the version of Windows and the Service Pack.
Another way to determine the version of the WEB server is to look for manuals (help pages) and examples that can be installed on the site by default. Hackers have found quite a few ways to use these components to gain privileged access to the site. That is why you need to remove these components on the production site. Not to mention the fact that by the presence of these components you can get information about the type of server and its version. For example, let's find the apache manual:
inurl:manual apache directives modules
Using Google as a CGI scanner.
CGI scanner or web scanner is a utility for searching for vulnerable scripts and programs on the victim's server. These utilities need to know what to look for, for this they have a whole list of vulnerable files, for example:
/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi
/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll
/cgi-bin/finger.cgi
We can find each of these files using Google, additionally using the words index of or inurl with the file name in the search bar: we can find sites with vulnerable scripts, for example:
allinurl:/random_banner/index.cgi
With additional knowledge, a hacker could exploit a script vulnerability and use the vulnerability to force the script to serve any file stored on the server. For example a password file.
How to protect yourself from being hacked through Google.
1. Do not upload important data to the WEB server.
Even if you posted the data temporarily, you can forget about it or someone will have time to find and take this data before you erase it. Don't do it. There are many other ways to transfer data that protect it from theft.
2. Check your site.
Use the described methods to research your site. Check your site periodically for new methods that appear on the site http://johnny.ihackstuff.com. Remember that if you want to automate your actions, you need to get special permission from Google. If you carefully read http://www.google.com/terms_of_service.html, then you will see the phrase: You may not send automated queries of any sort to Google's system without express permission in advance from Google.
3. You may not need Google to index your site or part of it.
Google allows you to remove a link to your site or part of it from its database, as well as remove pages from the cache. In addition, you can prohibit the search for images on your site, prohibit the display of short fragments of pages in search results All the possibilities for deleting a site are described on the page http://www.google.com/remove.html. To do this, you must confirm that you are really the owner of this site or insert tags on the page or
4. Use robots.txt
It is known that search engines look into the robots.txt file at the root of the site and do not index those parts that are marked with the word Disallow. You can use this to prevent part of the site from being indexed. For example, to avoid indexing the entire site, create a robots.txt file containing two lines:
User-agent: *
disallow: /
What else happens
So that life does not seem like honey to you, I will say in the end that there are sites that follow those people who, using the above methods, look for holes in scripts and WEB servers. An example of such a page is
Appendix.
A little sweet. Try one of the following for yourself:
1. #mysql dump filetype:sql - search for database dumps mySQL data
2. Host Vulnerability Summary Report - will show you what vulnerabilities other people have found
3. phpMyAdmin running on inurl:main.php - this will force close the control via phpmyadmin panel
4. Not for distribution confidential
5. Request Details Control Tree Server Variables
6. Running in child mode
7. This report was generated by WebLog
8. intitle:index.of cgiirc.config
9. filetype:conf inurl:firewall -intitle:cvs - maybe someone needs firewall configuration files? :)
10. intitle:index.of finances.xls - hmm....
11. intitle:Index of dbconvert.exe chats - icq chat logs
12. intext:Tobias Oetiker traffic analysis
13. intitle:Usage Statistics for Generated by Webalizer
14. intitle:statistics of advanced web statistics
15. intitle:index.of ws_ftp.ini - ws ftp config
16. inurl:ipsec.secrets holds shared secrets - secret key - good find
17. inurl:main.php Welcome to phpMyAdmin
18. inurl:server-info Apache Server Information
19. site:edu admin grades
20. ORA-00921: unexpected end of SQL command - get paths
21. intitle:index.of trillian.ini
22. intitle:Index of pwd.db
23. intitle:index.of people.lst
24. intitle:index.of master.passwd
25.inurl:passlist.txt
26. intitle:Index of .mysql_history
27. intitle:index of intext:globals.inc
28. intitle:index.of administrators.pwd
29. intitle:Index.of etc shadow
30. intitle:index.of secring.pgp
31. inurl:config.php dbuname dbpass
32. inurl:perform filetype:ini
Training center "Informzashchita" http://www.itsecurity.ru - a leading specialized center in the field of information security training (License of the Moscow Committee of Education No. 015470, State accreditation No. 004251). The only authorized training center of companies internet security Systems and Clearswift in Russia and CIS countries. Microsoft authorized training center (Security specialization). Training programs are coordinated with the State Technical Commission of Russia, FSB (FAPSI). Certificates of training and state documents on advanced training.
SoftKey is a unique service for buyers, developers, dealers and affiliate partners. Moreover, it is one of best online stores Software in Russia, Ukraine, Kazakhstan, which offers customers a wide range, many payment methods, prompt (often instant) order processing, tracking the order fulfillment process in personal section, various discounts from the store and software manufacturers.
Receiving private data does not always mean hacking - sometimes it is published in public access. Knowing the Google settings and a little ingenuity will allow you to find a lot of interesting things - from credit card numbers to FBI documents.
WARNING
All information is provided for informational purposes only. Neither the editor nor the author is responsible for any possible harm caused by the materials of this article.Everything is connected to the Internet today, caring little about restricting access. Therefore, many private data become the prey of search engines. Spider robots are no longer limited to web pages, but index all content available on the Web and constantly add confidential information to their databases. Learning these secrets is easy - you just need to know how to ask about them.
Looking for files
In capable hands, Google will quickly find everything that is bad on the Web, such as personal information and files for official use. They are often hidden like a key under a rug: there are no real access restrictions, the data just lies in the back of the site, where links do not lead. Google's standard web interface only provides basic settings advanced search, but even those will suffice.
There are two operators you can use to restrict Google searches to files of a certain type: filetype and ext . The first sets the format that the search engine determined by the file header, the second - the file extension, regardless of its internal content. When searching in both cases, you need to specify only the extension. Initially, the ext operator was convenient to use in cases where the file did not have specific format characteristics (for example, to search for configuration files). ini files and cfg, which can contain anything). Now Google algorithms changed, and there is no visible difference between the operators - the results are the same in most cases.
Filtering the output
By default, Google searches for words and in general for any characters entered in all files on indexed pages. You can limit the search scope by domain top level, a specific site or the location of the desired sequence in the files themselves. For the first two options, the site statement is used, followed by the name of the domain or the selected site. In the third case, a whole set of operators allows you to search for information in service fields and metadata. For example, allinurl will find the specified in the body of the links themselves, allinanchor - in the text provided with the tag , allintitle - in the page headers, allintext - in the body of the pages.
For each operator there is a lighter version with a shorter name (without the prefix all). The difference is that allinurl will find links with all words, while inurl will only find links with the first of them. The second and subsequent words from the query can appear anywhere on web pages. The inurl operator also differs from another similar in meaning - site . The first one also allows you to find any sequence of characters in the link to the desired document (for example, /cgi-bin/), which is widely used to find components with known vulnerabilities.
Let's try it in practice. We take the allintext filter and make the query return a list of credit card numbers and verification codes, which will expire only after two years (or when their owners get tired of feeding everyone in a row).
Allintext: card number expiration date /2017 cvv 
When you read on the news that a young hacker "hacked into the servers" of the Pentagon or NASA, stealing classified information, then in most cases it is precisely this elementary technique of using Google. Suppose we are interested in a list of NASA employees and their contact details. Surely such a list is in electronic form. For convenience or due to an oversight, it can also lie on the organization's website itself. It is logical that in this case there will be no references to it, since it is intended for internal use. What words can be in such a file? At least - the field "address". It is easy to test all these assumptions.
inurl:nasa.gov filetype:xlsx "address"
We use bureaucracy
Such finds are a pleasant trifle. The really solid catch comes from a more detailed knowledge of Google Webmaster Operators, the Web itself, and the structure of what you're looking for. Knowing the details, you can easily filter the output and refine the properties of the files you need in order to get really valuable data in the rest. It's funny that bureaucracy comes to the rescue here. It produces typical formulations that make it convenient to search for secret information that has accidentally leaked onto the Web.
For example, the Distribution statement stamp, which is mandatory in the office of the US Department of Defense, means standardized restrictions on the distribution of a document. The letter A marks public releases in which there is nothing secret; B - intended for internal use only, C - strictly confidential, and so on up to F. Separately, there is the letter X, which marks especially valuable information that represents a state secret of the highest level. Let those who are supposed to do it on duty look for such documents, and we will limit ourselves to files with the letter C. According to DoDI 5230.24, such marking is assigned to documents containing a description of critical technologies that fall under export control. You can find such carefully guarded information on sites in the .mil top-level domain allocated to the US Army.
"DISTRIBUTION STATEMENT C" inurl:navy.mil 
It is very convenient that only sites from the US Department of Defense and its contract organizations are collected in the .mil domain. Domain-limited search results are exceptionally clean, and the titles speak for themselves. It is practically useless to search for Russian secrets in this way: chaos reigns in the .ru and .rf domains, and the names of many weapons systems sound like botanical (PP "Kiparis", self-propelled guns "Acacia") or even fabulous (TOS "Pinocchio").
By carefully examining any document from a site in the .mil domain, you can see other markers to refine your search. For example, a reference to the export restrictions "Sec 2751", which is also convenient to search for interesting technical information. From time to time, it is removed from official sites, where it once appeared, so if you can’t follow an interesting link in the search results, use the Google cache (cache operator) or the Internet Archive website.
We climb into the clouds
In addition to accidentally declassified documents from government departments, links to personal files from Dropbox and other data storage services that create "private" links to publicly published data occasionally pop up in the Google cache. It's even worse with alternative and self-made services. For example, the following query finds the data of all Verizon clients that have an FTP server installed and actively using a router on their router.
Allinurl:ftp://verizon.net
There are now more than forty thousand such smart people, and in the spring of 2015 there were an order of magnitude more. Instead of Verizon.net, you can substitute the name of any well-known provider, and the more famous it is, the larger the catch can be. Through the built-in FTP server, you can see files on an external drive connected to the router. Usually this is a NAS for remote work, a personal cloud, or some kind of peer-to-peer file download. All the content of such media is indexed by Google and other search engines, so you can access files stored on external drives via a direct link.
Peeping configs
Before the wholesale migration to the clouds, simple FTP servers, which also lacked vulnerabilities, ruled as remote storages. Many of them are still relevant today. For example, the popular WS_FTP Professional program stores configuration data, user accounts, and passwords in the ws_ftp.ini file. It is easy to find and read because all entries are stored in plain text and passwords are encrypted using the Triple DES algorithm after minimal obfuscation. In most versions, simply discarding the first byte is sufficient.
Decrypting such passwords is easy using the WS_FTP Password Decryptor utility or a free web service.
When talking about hacking an arbitrary site, they usually mean getting a password from logs and backups of CMS or e-commerce application configuration files. If you know them typical structure, then you can easily specify keywords. Lines like those found in ws_ftp.ini are extremely common. For example, Drupal and PrestaShop always have a user ID (UID) and a corresponding password (pwd), and all information is stored in files with the .inc extension. You can search for them like this:
"pwd=" "UID=" ext:inc
We reveal passwords from the DBMS
In the configuration files of SQL servers, names and addresses Email users are stored in clear text, and their MD5 hashes are written instead of passwords. Decrypting them, strictly speaking, is impossible, but you can find a match among known hash-password pairs.
Until now, there are DBMSs that do not even use password hashing. The configuration files of any of them can simply be viewed in the browser.
Intext:DB_PASSWORD filetype:env
With the advent of Windows servers the place of configuration files was partly occupied by the registry. You can search through its branches in exactly the same way, using reg as the file type. For example, like this:
Filetype:reg HKEY_CURRENT_USER "Password"=
Don't Forget the Obvious
sometimes get to classified information succeeds with the help of data accidentally discovered and caught in the field of view of Google. Perfect option- find a list of passwords in some common format. Store account information in a text file, Word document or electronic Excel spreadsheet Only desperate people can, but there are always enough of them.
Filetype:xls inurl:password
On the one hand, there are many means to prevent such incidents. It is necessary to specify adequate access rights in htaccess, patch CMS, do not use left scripts and close other holes. There is also a file with a robots.txt exclusion list, which prohibits search engines from indexing the files and directories specified in it. On the other hand, if the robots.txt structure on some server differs from the standard one, then it immediately becomes clear what they are trying to hide on it.
The list of directories and files on any site is preceded by the standard inscription index of. Since it must appear in the title for service purposes, it makes sense to limit its search to the intitle operator. Interesting stuff can be found in the /admin/, /personal/, /etc/ and even /secret/ directories.
Follow the updates
Relevance is extremely important here: old vulnerabilities are closed very slowly, but Google and its search results are constantly changing. There is even a difference between the "last second" filter (&tbs=qdr:s at the end of the request url) and the "real time" filter (&tbs=qdr:1).
The time interval of the last file update date from Google is also implicitly indicated. Through the graphical web interface, you can select one of the typical periods (hour, day, week, and so on) or set a date range, but this method is not suitable for automation.
By type address bar one can only guess about a way to limit the output of results using the construction &tbs=qdr: . The letter y after it sets the limit of one year (&tbs=qdr:y), m shows the results for the last month, w - for the week, d - for the past day, h - for last hour, n is per minute and s is per second. The most recent results that have just become famous Google, found using the filter &tbs=qdr:1 .
If you need to write a tricky script, it will be useful to know that the date range is set in Google in Julian format through the daterange operator. For example, this is how you can find a list of PDF documents with the word confidential uploaded between January 1st and July 1st, 2015.
Confidential filetype:pdf daterange:2457024-2457205
The range is specified in Julian date format without decimals. It is inconvenient to translate them manually from the Gregorian calendar. It's easier to use a date converter.
Targeting and filtering again
In addition to specifying additional operators in search query they can be sent directly in the body of the link. For example, the filetype:pdf trait corresponds to the as_filetype=pdf construct. Thus, it is convenient to set any clarifications. Let's say that the output of results only from the Republic of Honduras is set by adding the construction cr=countryHN to the search URL, but only from the city of Bobruisk - gcs=Bobruisk . See the developer section for a complete list of .
Facilities google automation designed to make life easier, but often add problems. For example, a user's city is determined by the user's IP through WHOIS. Based on this information, Google not only balances the load between servers, but also changes the search results. Depending on the region, for the same query, different results will get to the first page, and some of them may turn out to be completely hidden. Feel like a cosmopolitan and search for information from any country will help its two-letter code after the directive gl=country . For example, the code for the Netherlands is NL, while the Vatican and North Korea do not have their own code in Google.
Often search results are littered even after using a few advanced filters. In this case, it is easy to refine the query by adding a few exception words to it (each of them is preceded by a minus sign). For example, banking , names , and tutorial are often used with the word Personal. Therefore, cleaner search results will show not a textbook example of a query, but a refined one:
Intitle:"Index of /Personal/" -names -tutorial -banking
Last Example
A sophisticated hacker is distinguished by the fact that he provides himself with everything he needs on his own. For example, a VPN is a convenient thing, but either expensive or temporary and with restrictions. Signing up for yourself alone is too expensive. It's good that there are group subscriptions, and with the help of Google it's easy to become part of a group. To do this, just find the Cisco VPN configuration file, which has a rather non-standard PCF extension and a recognizable path: Program Files\Cisco Systems\VPN Client\Profiles . One request, and you join, for example, the friendly staff of the University of Bonn.
Filetype:pcf vpn OR Group
INFO
Google finds configuration files with passwords, but many of them are encrypted or replaced with hashes. If you see strings of a fixed length, then immediately look for a decryption service.The passwords are stored in encrypted form, but Maurice Massard has already written a program to decrypt them and is providing it for free via thecampusgeeks.com.
At Google help hundreds of different types of attacks and penetration tests are performed. There are many options, affecting popular programs, major database formats, numerous PHP vulnerabilities, clouds, and so on. Knowing exactly what you're looking for makes it much easier to get the information you need (especially the information you didn't intend to make public). No Shodan single nourishes interesting ideas, but any database of indexed network resources!
