Burmese intitle all user publications previous. Using Google's Little-Known Features to Find What's Hidden

And today I will tell you about another search engine that is used by pentesters/hackers - Google, or more precisely about the hidden capabilities of Google.

What are Google Dorks?

Google Dork or Google Dork Queries (GDQ) is a set of queries for identifying the worst security holes. Anything that is not properly hidden from search robots.

For brevity, such requests are called Google dorks or simply dorks, like those admins whose resources were hacked using GDQ.

Google Operators

To begin with, I would like to provide a small list of useful Google commands. Among all the Google advanced search commands, we are mainly interested in these four:

• site - search on a specific site;
• inurl - indicate that the searched words should be part of the page/site address;
• intitle - search operator in the title of the page itself;
• ext or filetype - search for files of a specific type by extension.

Also, when creating Dork, you need to know several important operators, which are specified by special characters.

• | - the OR operator, also known as a vertical slash (logical or), indicates that you need to display results containing at least one of the words listed in the query.
• "" - The quote operator indicates an exact match.
• — - the minus operator is used to exclude from displaying results with words specified after the minus.
• * - the asterisk or asterisk operator is used as a mask and means “anything.”

Where to find Google Dorky

The most interesting dorks are the fresh ones, and the freshest ones are those that the pentester found himself. True, if you get too carried away with experiments, you will be banned from Google... before entering the captcha.

If you don’t have enough imagination, you can try to find fresh dorks on the Internet. The best site to find dorks is Exploit-DB.

The Exploit-DB online service is a non-profit Offensive Security project. If anyone doesn't know, this company engaged in training in the field information security, and also provides pentesting services (penetration testing).

The Exploit-DB database contains a huge number of dorks and vulnerabilities. To search for dorks, go to the website and go to the “Google Hacking Database” tab.

The database is updated daily. At the top you can find the latest additions. On the left side is the date the dork was added, name and category.

At the bottom you will find dorks sorted by category.

Another good site is . There you can often find interesting, new dorks that don’t always end up on Exploit-DB.

Examples of using Google Dorks

Here are examples of dorks. When experimenting with dorks, do not forget about the disclaimer!

This material is for informational purposes only. It is addressed to information security specialists and those who are planning to become one. The information presented in this article is provided for informational purposes only. Neither the editors of the website www.site nor the author of the publication bear any responsibility for any harm caused by the material in this article.

Doors for finding website problems

Sometimes it is useful to study the structure of a site by obtaining a list of files on it. If the site is made on the WordPress engine, then the repair.php file stores the names of other PHP scripts.

The inurl tag tells Google to search for the first word in the body of the link. If we had written allinurl, the search would have occurred throughout the entire body of the link, and the search results would have been more cluttered. Therefore, it is enough to make a request like this:

inurl:/maint/repair.php?repair=1

As a result, you will receive a list of WP sites whose structure can be viewed via repair.php.

WordPress causes a lot of problems for administrators with undetected configuration errors. From the open log you can find out at least the names of the scripts and downloaded files.

inurl:"wp-content/uploads/file-manager/log.txt"

In our experiment, a simple request allowed us to find a direct link to the backup in the log and download it.

A lot of valuable information can be gleaned from logs. It is enough to know what they look like and how they differ from the mass of other files. For example, an open source database interface called pgAdmin creates a service file pgadmin.log. It often contains usernames, database column names, internal addresses, and the like.

The log is found with a simple query:

ext:log inurl:"/pgadmin"

There is an opinion that open source is safe code. However, the openness of source codes in itself only means the opportunity to explore them, and the goals of such research are not always good.

For example, Symfony Standard Edition is popular among frameworks for developing web applications. When deployed, it automatically creates a parameters.yml file in the /app/config/ directory, where it stores the database name, as well as login and password.

You can find this file using the following query:

inurl:app/config/ intext:parameters.yml intitle:index.of

Of course, the password could then be changed, but most often it remains the same as it was set at the deployment stage.

The open source UniFi API browser tool is increasingly used in corporate environments. It is used to manage segments of wireless networks created according to the principle seamless Wi-Fi" That is, in an enterprise network deployment scheme in which many access points are controlled from a single controller.

The utility is designed to display data requested through Ubiquiti's UniFi Controller API. With its help, it is easy to view statistics, information about connected clients, and other information about the server’s operation via the UniFi API.

The developer honestly warns: “Please do keep in mind this tool exposes A LOT OF the information available in your controller, so you should somehow restrict access to it! There are no security controls built into the tool...". But many people don't seem to take these warnings seriously.

Knowing about this feature and asking another specific query, you will see a lot of service data, including application keys and passphrases.

inurl:"/api/index.php" intitle:UniFi

General search rule: first we determine the most specific words that characterize the selected target. If this is a log file, then what distinguishes it from other logs? If this is a file with passwords, then where and in what form can they be stored? Marker words are always found in some specific place - for example, in the title of a web page or its address. By limiting the search area and specifying precise markers, you will get a raw search results. Then clean it of debris, clarifying the request.

Doors for searching open NAS

Home and office network storage popular now. The NAS function is supported by many external drives and routers. Most of their owners don’t bother with security and don’t even change default passwords like admin/admin. You can find popular NAS by the typical titles of their web pages. For example, the request:

intitle:"Welcome to QNAP Turbo NAS"

will display a list of NAS IPs made by QNAP. All that remains is to find the weakest one among them.

The QNAP cloud service (like many others) has the function of providing file sharing via closed link. The problem is that it's not that closed.

inurl:share.cgi?ssid=

This simple query shows files shared through the QNAP cloud. They can be viewed directly from the browser or downloaded for more detailed information.

Doors for searching IP cameras, media servers and web admin panels

In addition to NAS, you can find a ton of other web-managed network devices with advanced Google queries.

The most common way to do this is CGI scripts, so the main.cgi file is a promising target. However, he can meet anywhere, so it is better to clarify the request.

For example, by adding a standard call to it?next_file. As a result, we get a dork like:

inurl:"img/main.cgi?next_file"

In addition to cameras, there are similarly media servers that are open to anyone and everyone. This is especially true for Twonky servers manufactured by Lynx Technology. They have a very recognizable name and default port 9000.

For cleaner search results, it is better to indicate the port number in the URL and exclude it from the text part of web pages. The request takes the form

intitle:"twonky server" inurl:"9000" -intext:"9000"

Typically, a Twonky server is a huge media library that shares content via UPnP. Authorization for them is often disabled “for convenience.”

Doors for searching for vulnerabilities

Big data is a buzzword now: it is believed that if you add Big Data to anything, it will magically begin to work better. In reality, there are very few real experts on this topic, and with the default configuration, big data leads to large vulnerabilities.

Hadoop is one of the simplest ways to compromise tera- and even petabytes of data. This open-source platform contains well-known headers, port numbers and service pages that make it easy to find the nodes it manages.

intitle:"Namenode information" AND inurl:":50070/dfshealth.html"

With this concatenation query we get search results with a list of vulnerable Hadoop-based systems. You can browse the HDFS file system directly from your browser and download any file.

Google Dorky is powerful tool any pentester, which not only an information security specialist, but also an ordinary network user should know about.

It is important for any company to protect confidential data. Leakage of client logins and passwords or loss of system files located on the server can not only lead to financial losses, but also destroy the reputation of the most seemingly reliable organization. Author of the article - Vadim Kulish.

Considering everything possible risks, companies are implementing the latest technologies and spending huge amounts of money trying to prevent unauthorized access to valuable data.
However, have you ever thought that in addition to complex and well-designed hacker attacks, exist simple ways detect files that were not reliably protected. These are search operators—words added to search queries to produce more accurate results. But first things first.

Surfing the Internet is impossible to imagine without search engines such as Google, Yandex, Bing and other services of this kind. The search engine indexes many sites on the Internet. They do this with the help of search robots, which process large amounts of data and make it searchable.

Popular Google Search Operators

Using the following operators allows you to make the search process necessary information more precise:

* site: limits the search to a specific resource

Example: request site:example.com will find all the information Google contains for example.com.

* filetype: allows you to search for information in a specific file type

Example: request will show the entire list of files on the site that are present in the Google search engine.

* inurl: - search in resource URL

Example: request site:example.com inurl:admin— looks for the administration panel on the site.

* intitle: - search in the page title

Example: request site: example.com intitle:"Index of"— searches for pages on example.com with a list of files inside

* cache: - search in Google cache

Example: request cache:example.com will return all pages of the example.com resource cached in the system

Unfortunately, search robots are not able to determine the type and degree of confidentiality of information. Therefore, they treat equally a blog article, which is intended for a wide range of readers, and a database backup, which is stored in the root directory of the web server and cannot be used by unauthorized persons.

Thanks to this feature, as well as using search operators, attackers are able to detect web resource vulnerabilities, various information leaks (backups and web application error messages), hidden resources, such as open administration panels, without authentication and authorization mechanisms.

What sensitive data can be found online?

Please be aware that information that may be discovered search engines and may potentially be of interest to hackers, includes:

* Third-level domains of the researched resource

Third-level domains can be discovered using the word “site:”. For example, a request like site:*.example.com will list all 3rd level domains for example.com. Such queries allow you to discover hidden administration resources, version control and assembly systems, as well as other applications that have a web interface.

* Hidden files on the server

Various parts of a web application can appear in search results. To find them, you can use the query filetype:php site:example.com. This allows you to discover previously unavailable functionality in the application, as well as various information about the operation of the application.

* Backups

To search for backups, use the filetype: keyword. Various file extensions are used to store backups, but the most commonly used extensions are bak, tar.gz, and sql. Example request: site:*.example.com filetype:sql. Backups often contain logins and passwords for administrative interfaces, as well as user data and source code website.

* Web application errors

The error text may include various information about system components applications (web server, database, web application platform). Such information is always very interesting to hackers, as it allows them to obtain more information about the system under attack and improve their attack on the resource. Example request: site:example.com "warning" "error".

* Logins and passwords

As a result of hacking a web application, user data of this service may appear on the Internet. Request filetype:txt "login" "password" allows you to find files with logins and passwords. In the same way, you can check whether your mail or any account has been hacked. Just make a request filetype:txtuser_name_or_email_mail".

Keyword combinations and search strings used for discovery confidential information, are called Google Dorks.

Google experts have collected them in their public database Google Hacking Database. This allows a company representative, be it the CEO, developer or webmaster, to perform a query in a search engine and determine how well valuable data is protected. All dorks are divided into categories to make searching easier.

Need help? Order a consultation with a1qa security testing specialists.

How Google Dorks entered hacking history

Finally, here are a few examples of how Google Dorks helped attackers obtain important but unreliably protected information:

Case Study #1. Leakage of confidential documents on the bank's website

As part of the security analysis of the bank's official website, a huge number of PDF documents were discovered. All documents were found using the query “site:bank-site filetype:pdf”. The contents of the documents turned out to be interesting, since they contained plans of the premises in which bank branches were located throughout the country. This information would be of great interest to bank robbers.

Case study #2. Search for payment card data

Very often, when online stores are hacked, attackers gain access to user payment card data. For organization sharing attackers use public services indexed by Google to access this data. Example request: “Card Number” “Expiration Date” “Card Type” filetype:txt.

However, you should not limit yourself to basic checks. Trust a1qa for a comprehensive assessment of your product. After all, data theft is cheaper to prevent than to eliminate the consequences.

Search engine Google system(www.google.com) provides many search options. All these features are an invaluable search tool for a user new to the Internet and at the same time an even more powerful weapon of invasion and destruction in the hands of people with evil intentions, including not only hackers, but also non-computer criminals and even terrorists.
(9475 views in 1 week)

Denis Barankov
denisNOSPAMixi.ru

Attention:This article is not a guide to action. This article was written for you, WEB server administrators, so that you will lose the false feeling that you are safe, and you will finally understand the insidiousness of this method of obtaining information and take up the task of protecting your site.

Introduction

For example, I found 1670 pages in 0.14 seconds!

2. Let's enter another line, for example:

a little less, but this is already enough for free downloading and password guessing (using the same John The Ripper). Below I will give a number of more examples.

So, you need to realize that the Google search engine has visited most of the Internet sites and cached the information contained on them. This cached information allows you to obtain information about the site and the content of the site without direct connection to the site, only delving into the information that is stored inside Google. Moreover, if the information on the site is no longer available, then the information in the cache may still be preserved. All you need for this method is to know some Google keywords. This technique is called Google Hacking.

Information about Google Hacking first appeared on the Bugtruck mailing list 3 years ago. In 2001, this topic was raised by a French student. Here is a link to this letter http://www.cotse.com/mailing-lists/bugtraq/2001/Nov/0129.html. It provides the first examples of such queries:

1) Index of /admin
2) Index of /password
3) Index of /mail
4) Index of / +banques +filetype:xls (for france...)
5) Index of / +passwd
6) Index of / password.txt

This topic made waves in the English-reading part of the Internet quite recently: after the article by Johnny Long, published on May 7, 2004. For a more complete study of Google Hacking, I advise you to go to this author’s website http://johnny.ihackstuff.com. In this article I just want to bring you up to date.

Who can use this:
- Journalists, spies and all those people who like to poke their nose into other people's business can use this to search for incriminating evidence.
- Hackers looking for suitable targets for hacking.

How Google works.

To continue the conversation, let me remind you of some of the keywords used in Google queries.

Search using the + sign

Google excludes words it considers unimportant from searches. For example, question words, prepositions and articles in English: for example are, of, where. In Russian Google language seems to consider all words important. If a word is excluded from the search, Google writes about it. In order for Google to start searching for pages with these words, you need to add a + sign without a space before the word. For example:

ace +of base

Search using the sign –

If Google finds a large number of pages from which it needs to exclude pages with a certain topic, then you can force Google to search only for pages that do not contain certain words. To do this, you need to indicate these words by placing a sign in front of each - without a space before the word. For example:

fishing - vodka

Search using ~

You may want to search not only the specified word, but also its synonyms. To do this, precede the word with the ~ symbol.

Finding an exact phrase using double quotes

Google searches on each page for all occurrences of the words that you wrote in the query string, and it does not care about the relative position of the words, as long as all the specified words are on the page at the same time (this is the default action). To find the exact phrase, you need to put it in quotes. For example:

"book stand"

In order for at least one of the specified words to appear, you must specify logical operation explicit: OR. For example:

book safety OR protection

In addition, you can use the * sign in the search bar to indicate any word and. to represent any character.

Finding words using additional operators

There are search operators that are specified in the search string in the format:

operator:search_term

Spaces next to the colon are not needed. If you insert a space after the colon, you will see an error message, and before it, Google will use them as a normal search string.
There are groups of additional search operators: languages ​​- indicate in which language you want to see the result, date - limit the results for the past three, six or 12 months, occurrences - indicate where in the document you need to search for the line: everywhere, in the title, in the URL, domains - search on the specified site or, conversely, exclude it from the search; safe search - blocks sites containing the specified type of information and removes them from the search results pages.
However, some operators do not require an additional parameter, for example the request " cache:www.google.com" can be called as a full-fledged search string, and some keywords, on the contrary, require a search word, for example " site:www.google.com help". In light of our topic, let's look at the following operators:

Operator site: limits the search only to the specified site, and you can specify not only domain name, but also an IP address. For example, enter:

Operator filetype: Limits the search to a specific file type. For example:

As of the date of publication of the article, Google can search within 13 various formats files:

• Adobe Portable Document Format (pdf)
• Adobe PostScript (ps)
• Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
• Lotus WordPro (lwp)
• MacWrite (mw)
• Microsoft Excel(xls)
• Microsoft PowerPoint (ppt)
• Microsoft Word (doc)
• Microsoft Works (wks, wps, wdb)
• Microsoft Write (wri)
• Rich Text Format (rtf)
• Shockwave Flash(swf)
• Text (ans, txt)

Operator link: shows all pages that point to the specified page.
It's probably always interesting to see how many places on the Internet know about you. Let's try:

Operator cache: shows the version of the site in Google's cache, what it looked like when Google latest visited this page once. Let’s take any frequently changing site and look:

Operator intitle: searches for the specified word in the page title. Operator allintitle: is an extension - it searches for all specified few words in the page title. Compare:

intitle:flight to Mars
intitle:flight intitle:on intitle:mars
allintitle:flight to mars

Operator inurl: forces Google to show all pages containing the specified string in the URL. allinurl operator: searches for all words in a URL. For example:

allinurl:acid acid_stat_alerts.php

This command is especially useful for those who don't have SNORT - at least they can see how it works on a real system.

Hacking Methods Using Google

So, we found out that using a combination of the above operators and keywords, anyone can collect the necessary information and search for vulnerabilities. These techniques are often called Google Hacking.

Site map

You can use the site: operator to list all the links that Google has found on a site. Typically, pages that are dynamically created by scripts are not indexed using parameters, so some sites use ISAPI filters so that links are not in the form /article.asp?num=10&dst=5, and with slashes /article/abc/num/10/dst/5. This is done so that the site is generally indexed by search engines.

Let's try:

site:www.whitehouse.gov whitehouse

Google thinks that every page on a website contains the word whitehouse. This is what we use to get all the pages.
There is also a simplified version:

site:whitehouse.gov

And the best part is that the comrades from whitehouse.gov didn’t even know that we looked at the structure of their site and even looked at the cached pages that Google downloaded for itself. This can be used to study the structure of sites and view content, remaining undetected for the time being.

View a list of files in directories

WEB servers can display lists of server directories instead of regular HTML pages. This is usually done to ensure that users select and download specific files. However, in many cases, administrators have no intention of showing the contents of a directory. This occurs due to incorrect server configuration or the absence of the main page in the directory. As a result, the hacker has a chance to find something interesting in the directory and use it for his own purposes. To find all such pages, it is enough to note that they all contain in their title the words: index of. But since the words index of contain not only such pages, we need to refine the query and take into account the keywords on the page itself, so queries like:

intitle:index.of parent directory
intitle:index.of name size

Since most directory listings are intentional, you may have a hard time finding misplaced listings the first time. But at least you can already use listings to determine WEB versions server as described below.

Obtaining the WEB server version.

Knowing the WEB server version is always useful before launching any hacker attack. Again, thanks to Google, you can get this information without connecting to a server. If you look closely at the directory listing, you can see that the name of the WEB server and its version are displayed there.

Apache1.3.29 - ProXad Server at trf296.free.fr Port 80

An experienced administrator can change this information, but, as a rule, it is true. Thus, to obtain this information it is enough to send a request:

intitle:index.of server.at

To get information for a specific server, we clarify the request:

intitle:index.of server.at site:ibm.com

Or vice versa, we are looking for servers running a specific version of the server:

intitle:index.of Apache/2.0.40 Server at

This technique can be used by a hacker to find a victim. If, for example, he has an exploit for a certain version of the WEB server, then he can find it and try the existing exploit.

You can also get the server version by viewing the pages that are installed by default when installing the latest version of the WEB server. For example, to see test page Apache 1.2.6 just type

intitle:Test.Page.for.Apache it.worked!

Moreover, some operating systems During installation, they immediately install and launch the WEB server. However, some users are not even aware of this. Naturally, if you see that someone has not removed the default page, then it is logical to assume that the computer has not undergone any customization at all and is likely vulnerable to attack.

Try searching for IIS 5.0 pages

allintitle:Welcome to Windows 2000 Internet Services

In the case of IIS, you can determine not only the server version, but also Windows version and Service Pack.

Another way to determine the WEB server version is to search for manuals (help pages) and examples that may be installed on the site by default. Hackers have found quite a few ways to use these components to gain privileged access to a site. That is why you need to remove these components on the production site. Not to mention the fact that the presence of these components can be used to obtain information about the type of server and its version. For example, let's find the apache manual:

inurl:manual apache directives modules

Using Google as a CGI scanner.

CGI scanner or WEB scanner is a utility for searching for vulnerable scripts and programs on the victim’s server. These utilities must know what to look for, for this they have a whole list of vulnerable files, for example:

/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi

/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll
/cgi-bin/finger.cgi

We can find each of these files using Google, additionally using the words index of or inurl with the file name in the search bar: we can find sites with vulnerable scripts, for example:

allinurl:/random_banner/index.cgi

Using additional knowledge, a hacker can exploit a script's vulnerability and use this vulnerability to force the script to emit any file stored on the server. For example, a password file.

How to protect yourself from Google hacking.

1. Do not post important data on the WEB server.

Even if you posted the data temporarily, you may forget about it or someone will have time to find and take this data before you erase it. Don't do this. There are many other ways to transfer data that protect it from theft.

2. Check your site.

Use the methods described to research your site. Check your site periodically for new methods that appear on the site http://johnny.ihackstuff.com. Remember that if you want to automate your actions, you need to get special permission from Google. If you read carefully http://www.google.com/terms_of_service.html, then you will see the phrase: You may not send automated queries of any sort to Google's system without express permission in advance from Google.

3. You may not need Google to index your site or part of it.

Google allows you to remove a link to your site or part of it from its database, as well as remove pages from the cache. In addition, you can prohibit the search for images on your site, prohibit short fragments of pages from being shown in search results. All possibilities for deleting a site are described on the page http://www.google.com/remove.html. To do this, you must confirm that you are really the owner of this site or insert tags into the page or

4. Use robots.txt

It is known that search engines look at the robots.txt file located at the root of the site and do not index those parts that are marked with the word Disallow. You can use this to prevent part of the site from being indexed. For example, to prevent the entire site from being indexed, create a robots.txt file containing two lines:

User-agent: *
Disallow: /

What else happens

So that life doesn’t seem like honey to you, I’ll say finally that there are sites that monitor those people who, using the methods outlined above, look for holes in scripts and WEB servers. An example of such a page is

Application.

A little sweet. Try some of the following for yourself:

1. #mysql dump filetype:sql - search for mySQL database dumps
2. Host Vulnerability Summary Report - will show you what vulnerabilities other people have found
3. phpMyAdmin running on inurl:main.php - this will force control to be closed through the phpmyadmin panel
4. not for distribution confidential
5. Request Details Control Tree Server Variables
6. Running in Child mode
7. This report was generated by WebLog
8. intitle:index.of cgiirc.config
9. filetype:conf inurl:firewall -intitle:cvs – maybe someone needs firewall configuration files? :)
10. intitle:index.of finances.xls – hmm....
11. intitle:Index of dbconvert.exe chats – icq chat logs
12. intext:Tobias Oetiker traffic analysis
13. intitle:Usage Statistics for Generated by Webalizer
14. intitle:statistics of advanced web statistics
15. intitle:index.of ws_ftp.ini – ws ftp config
16. inurl:ipsec.secrets holds shared secrets - secret key - good find
17. inurl:main.php Welcome to phpMyAdmin
18. inurl:server-info Apache Server Information
19. site:edu admin grades
20. ORA-00921: unexpected end of SQL command – getting paths
21. intitle:index.of trillian.ini
22. intitle:Index of pwd.db
23.intitle:index.of people.lst
24. intitle:index.of master.passwd
25.inurl:passlist.txt
26. intitle:Index of .mysql_history
27. intitle:index of intext:globals.inc
28. intitle:index.of administrators.pwd
29. intitle:Index.of etc shadow
30.intitle:index.ofsecring.pgp
31. inurl:config.php dbuname dbpass
32. inurl:perform filetype:ini

Modern operating systems are supplemented software that allow you to solve any problem. One of these add-ons is the program Microsoft Publisher. It makes it easy to create and publish high-quality content and professional-quality web pages.

Program Microsoft Publisher designed specifically for users who are serious about creating printed works. Publisher provides the user with the combination of advanced desktop publishing features including templates, a design checker, Microsoft Office compatibility, and online printing and publishing capabilities. Using these features greatly helps in improving your work efficiency.

Microsoft Office Publisher functionality:

Paragraph-level formatting in a Microsoft program Office Word, including indentations and spacing, and end-of-line or paragraph formatting.

Dialog for creating bulleted and numbered lists.

Functions for searching and replacing text across an entire publication or an individual text block.

With Publisher's convenient and feature-rich start menu, you can get started quickly.

Using the new sections of the New Publication task pane, you can get started by choosing a publication type (print, email, or online), choosing a template, or creating a publication from scratch.

Use the Quick Publication Options task pane to configure publishing options. You can choose colors, font schemes, page layout settings, and design elements, and then simply add your own text and images.

Publisher includes numerous templates for customization, design assistance, and a full suite of desktop publishing tools. Additionally, the Auto Convert feature allows users to convert any publication for use on the web.

Publisher is fully supported professional means printing, including four-color and multi-color printing.

Publisher is installed during installation Microsoft package Office. After the publishing system loads, the Task Pane window appears on the screen, which is located on the left side of the Publisher screen (on the right side of the screen in other Office applications) to search, open or create new documents, view the contents of the clipboard, and format publications. The task field provides a visual representation of the copied data and sample text, making it easy to select the desired element to paste into other documents.

As with all applications Office package, the task pane is a centralized place where users can create new file or open an existing one. "Task pane" New publication" in the Publisher application combines the Publisher directory (the point for viewing layouts and types of publications when creating a new document) and a wizard window.

Users can create a new publication by starting by revising a set of layouts (e.g., Slices, Lattice), publication type (e.g., newsletter, booklet), or start right away by creating a blank publication.

IN new version The Publisher application includes a collection of graphic samples to help you select the desired type of publication.

Publisher now supports the Office clipboard. ("Edit" - "Clipboard"). With the enhanced clipboard, users can copy up to 24 items simultaneously across all Office applications and store data and information in the task tray.

There is a built-in search for information in the task area (in the "File" menu, select the "Find" command). You can also search folders and files, no matter where they are stored, while continuing to work on the current document. In addition, users can index files on their computer. The search is faster and more efficient.

Post layouts make it easier to select a publication layout and apply a new layout (from the Format menu, select Post Layouts).

The taskbar also contains Color schemes (select the color of the publication), font schemes (in the "Format" menu, select the "Font schemes" command): using font schemes, you can easily and quickly select a set of fonts that combine well with each other. Font schemes created Based on styles and supported by the style available in Word, you can apply a font scheme to what you import. Word document or a publication created in Publisher. In this case, the font and color schemes are adequately applied to the entire publication.

The Styles and Formatting task pane (Format menu, click Styles and Formatting) shows the style and formatting options that you can apply to the text in this document. Changes made to any parameters are immediately reflected in the document. If the user creates his own style, the latter is automatically added to the list of available options.

The latest version of the Publisher application has general application Word Mail Merge Enhancement (From the Tools menu, choose Mail Merge, then Mail Merge Wizard). With this feature, you can easily merge a publication using information from Word applications, Outlook, Excel, Works and other widely used address books and databases. There are thousands of pictures, sounds, photos, and animations on the Internet that can be accessed directly from Publisher.

The Design Gallery Live library (formerly Clip Gallery Live) is updated monthly, allowing users to continually expand their publication design capabilities. Application users

Publisher can also find printable versions of their favorite photos (with more high resolution) on the CDs that came with Publisher 2002 (from the Insert menu, choose Drawing),

Publisher includes autoshapes used in other applications of the Office family (on the vertical "Objects" toolbar, click the "Autoshapes" button), ready-to-use autoshapes include lines, connectors, basic shapes, curly arrows, flowchart elements, callouts, stars and ribbons, you can resize, rotate, flip, fill in shapes and combine them with shapes such as circles and squares to create more complex shapes, if you need to add text, you can enter it into the corresponding AutoShape,

The Format dialog box has the following tabs: Colors and Lines, Size, Layout, Picture, Text Box, and Web. They allow you to format objects in the "Format" menu, select the "Format Object" command,

Preview allows you to view the design, layout and content of the publication before printing, you can also view color separations and trapping (in the "File" menu, select the "View" command), on the top of the screen there are toolbars that can be edited or created new panels for adding icons In existing panels, in the "Tools" menu, select the "Settings" command,

In the "Settings" dialog, in the Categories field there are all kinds of categories of commands. They are mainly grouped by the name of the menus they are included in, but there are lists of commands under the names of categories that we rarely or never encounter,

If in common applications such as Microsoft Word there is a category “All commands”, and there it is easier for you to find your commands by simple visual browsing, then the most common commands for insertions seem to be collected in two menus - Insert (Insert) and Format (Format), Toolbar "Image Adjustment" is used to change the color and brightness, task transparent colors, cropping an image, inserting an image obtained using a scanner, changing the style of lines and borders, choosing a text wrapping option, formatting the image and restoring its original parameters (in the "View" menu, select "Toolbars", select "Image Settings").

Let's take a look at the Toolbar. It is located on the left side of the screen, to the left of the working field.

Let's list all the elements of the toolbar from top to bottom:

Select Objects (Select objects, the tool is simply called Arrow)

Text Box (Text block, Frame)

Insert Table... (Insert Table...);

WordArt... (Insert a WordArt Object)

Picture Frame

Clip Organizer Frame

Line, Arrow

Oval (Oval, Ellipse)

Rectangle

AutoShapes

Form Control

HTML Code Fragment ... (Fragment TO HTML ...);

Design Gallery Object... (Object from the Design Gallery). Creating a publication from scratch in MS Publisher

To create a publication from scratch, you must complete the following steps:

1. From the File menu, select New.

2. In the “Creating Publication” task area, in the “Create” group, perform one of the following actions: A. To create a publication that needs to be printed, select the “Blank Publication” command. B. To create a web page, select the “Blank Web Page” command.

3. Add text, drawings and any other necessary objects to the publication.

5. In the “Folder” field, select the folder in which you want to save the new publication.

6. In the "File name" field, enter the name of the file to be published.

7. In the "File Type" field, select "Publisher Files".

Using Post Layouts and Templates

To create publications using layouts, perform the following steps:

1. From the "File" menu, select "New"

2. In the "New Publication" task pane, in the "Start with Layout" group, select the "Layout Set" command.

3. On the taskbar, select the desired set of layouts.

4. In the collection viewing window, select the desired publication type.

Select one of the following options: To change the publication layout, click the “Publication Layouts” button in the task area. To change the color scheme of a publication, select the "Color Schemes" command in the task area. To change the font scheme of a publication, select the "Font Schemes" command in the task area. To change page content settings when creating a web page, newsletter, or publication directory, select the "Page Content" command. Change or choose any additional options in the taskbar for the created publication type.

5. We replace the text of the miscezapovnyuvac and drawings in the publication with our own or other objects.

7. In the “Folder” field, select the folder in which you want to save the new publication.

8. In the "File name" field, enter the name of the file to be published. In the "File Type" field, select "Publisher Files"). Click the "Save" button.

To create a publication using templates, we create this template in advance. To do this, after creating a publication, when storing it, select “Save As” from the “File” menu. In the “File name” field, enter the file name for the template. In the "File Type" field, select "Publisher Template". To create a publication based on the created template you need:

1. In the "File" menu, select the "New" command.

2. In the New Publication task pane, in the Start with Layout group, select the Templates command.

3. In the collection viewing window, select the desired template.

4. Make the necessary changes.

6. In the "Folder" field, select the folder in which you want to save the new publication.

7. In the File Name field, enter a name for the file you want to publish.

8. In the "File Type" field, select "Publisher Files".

General plan for creating a publication (postcard)

1. Select material for creating a postcard.

2. Consider the size of the postcard and its background.

3. Think about the location of objects on the work area.

4. Determine the number of colors used.

5. Select the fonts to use and define the styles.

6. Start creating a publication.

The Facebook interface is strange and in some places completely illogical. But it just so happens that almost everyone I talk to ended up there, so I have to endure it.

Much about Facebook is not obvious. I tried to collect in this post what I did not find right away, and many probably have not found until now.

Ribbon

Unfortunately, in the Android mobile app, the feed is formed only by popularity.

Cleaning the tape

Notifications

Unfortunately, you cannot unsubscribe from comments in the Android mobile app.

Search by messages

The message interface will open, with a second search bar appearing at the top.

There you can search for any words in all personal messages written during your entire use of Facebook.

Fighting Messenger

Action Log

Inserting a publication

Disable video autoplay

In the browser, video autoplay is disabled as follows: click the checkbox in the upper right corner, there are settings, then video.

In Android - click the three bars on the right in the icon line, there "Application Settings" - "Autoplay video" - set "Off." or "Wi-fi only". In the latter case, videos will autoplay only when connected via Wi-Fi.

Go to publication

Surely, the mysterious Facebook still has many secrets that I haven’t gotten to yet.

If you know about other Facebook secrets, write in the comments, I’ll add them to the post.

Saved