Advanced password hacking using Google

Google is your best friend when it comes to hacking. The search engine giant has crawled loads of data which was intended to be protected by webmasters, but is being exploited and mined by smart users using Google dorks. Today I will be discussing some practical dorks which will help you gain passwords, databases and vulnerable directories. The basic methodology remains the same, query Google using specialized dorks with precise parameters and you are good to go. I assume you have basic working knowledge of google dorks.

Lets start


FTP passwords

ws_ftp.ini is a configuration file for a popular win32 FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can store for later reference.

intitle:index.of ws_ftp.ini

You can also this dork which uses "parent directory" to avoid results other than directory listings

filetype:ini ws_ftp pwd

Or

"index of/" "ws_ftp.ini" "parent directory"

even if the site or file has been taken offlline, you can still search the contents in the Google cache using the following dork

"cache:www.xyz.com/ws_ftp.ini"

where

www.xyz.com is the site you want to check the dork for