Return-Path: <sentto-279987-3931-1006752162-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sun, 25 Nov 2001 21:25:07 -0800 (PST) Received: (qmail 19872 invoked by uid 510); 26 Nov 2001 05:23:07 -0000 Received: from n18.groups.yahoo.com (216.115.96.68) by all.net with SMTP; 26 Nov 2001 05:23:07 -0000 X-eGroups-Return: sentto-279987-3931-1006752162-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.222] by n18.groups.yahoo.com with NNFMP; 26 Nov 2001 05:22:48 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 26 Nov 2001 05:22:42 -0000 Received: (qmail 92876 invoked from network); 26 Nov 2001 05:22:42 -0000 Received: from unknown (216.115.97.167) by m4.grp.snv.yahoo.com with QMQP; 26 Nov 2001 05:22:42 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1.grp.snv.yahoo.com with SMTP; 26 Nov 2001 05:22:42 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAQ5OJS00360 for iwar@onelist.com; Sun, 25 Nov 2001 21:24:19 -0800 Message-Id: <200111260524.fAQ5OJS00360@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sun, 25 Nov 2001 21:24:19 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Google.search.terms.for.hackers...] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi, I am a french student and I heard recently about the capacity of google to deal with documents from Word, Excel or Powerpoint. Intested in that fact, I decided to experiment some words and expression (with ") to look for (sorry if my english is not perfect..) and I found some combos that give enormous results. In google, if you type things like : 1)"Index of /admin" 2)"Index of /password" 3)"Index of /mail" 4)"Index of /" +banques +filetype:xls (for france...) 5)"Index of /" +passwd 6)"Index of /" password.txt And you can continue as long as your imaginatio is active. For example of my results, I saw great informations from the central banks of Luxemboug and Switzerland, could admin a SQL server, ... So, I don't know if it is a great technical bug, but I know about hacking and security (I would like to be a security consultant later..) (and I am looking for a training in security in a foreign country like US or England...) and even if we don't get root access immediatly, it is a great step for social engineering and spying. I hope you will answer me very soon. I love your web site !!! ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/r9F0cB/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST