• June intitle all user publications sort by. Google search engine operators

    It would seem that Facebook has already made it much easier to manage your privacy settings, but numerous questions and complaints still continue to come. On and in the comments we receive questions of the same content almost every day: “ How to hide a post from everyone?«, « I don't want to be found in searches«, « How to close your page?"and others.

    We will not consider all the possibilities of privacy and write an online manual. You can easily find all this in the Facebook help center. We’ll just try to highlight the most popular questions and give the most concise and understandable answers.

    Post Visibility

    The most popular question. But in fact, everything is elementary. We can make posts visible for the following options:

    • Visible to everyone
    • Visible to friends
    • Visible to friends except acquaintances
    • Visible only to me
    • Visible for people list
    • Visible to everyone except the People list

    Settings: go to SettingsConfidentialityWho can see my content?

    And choose the marker you need. If you want to set visibility for a separate list of users, then select User Settings.

    Please note that these settings will only apply to new posts, but to apply them to old posts, click the button Limit access to previous publications. You can also set the visibility scope for each publication separately (directly in the timeline).

    Chronicle visibility

    The second most popular question: “ How to make a chronicle invisible?". Unfortunately (or rather, to the article), you cannot be invisible on Facebook. You can hide/unhide posts, photos, personal information, but not hide the entire profile. The only option is to remove the chronicle from search results.

    Settings: Confidentiality

    Annoying users

    Facebook is not VKontakte, there is much less spam and a higher culture of communication, but sooner or later you will still meet characters who will try to sell you some product, invite you to another business training, or simply bother you with stupid questions. Spam can be combated by strengthening filtering or even by a personal ban.

    As you know, Facebook has two private message folders. First - Inbox, second - Other. It’s clear with inboxes, but others are something like a “spam” folder in postal services. Switching the filter to mode Enhanced filtration, you will receive messages in the folder Inbox only from your friends. Everything else will fall into Other without any notification.

    One more useful feature- this is a complete blocking of the user. Add his name to the input field (as in the screenshot below) and forget about his presence.

    Feedback

    You cannot contact the Facebook administration directly (via email, phone, etc.). There is a feedback form for this.

    The Stories function, or “Stories” in Russian localization, allows you to create photos and 10-second videos with overlay of text, emoji and handwritten notes. Key Feature The thing about such posts is that, unlike regular publications in your feed, they do not live forever and are deleted after exactly 24 hours.

    Why is it necessary?

    IN official description Instagram says the new feature isn't really needed for sharing important information about everyday life.

    How to use it

    At its core, the innovation is very similar to and works approximately the same, but with minor differences. Despite the fact that the opportunities Instagram Stories not so many and they are all very simple; not all users can figure them out right away.

    View stories

    All available stories are displayed at the top of the feed in the form of circles with user avatars and are hidden while scrolling. New stories appear as they are published, and a day later they disappear without a trace. In this case, stories are sorted not in chronological order, but by the number of playback cycles and comments.

    To view, you just need to tap on the circle. A photo or video will open and display for 10 seconds. Tap and hold pauses the video.

    At the top, next to the username, the time of publication is shown. If the people you follow have other stories, the next ones will be shown immediately after the first one. You can switch between them by swiping left and right.

    Stories that you have already viewed do not disappear from the menu, but are marked gray. They can be opened again until they are deleted after 24 hours.

    You can comment on stories only using messages that are sent to Direct and are visible only to the author, and not to all subscribers. Whether this is a bug or a feature is unknown.

    Creating stories

    Clicking on the plus sign at the top of the feed and swiping from the edge of the screen to the right opens the menu for recording a new story. Everything is simple here: tap on the record button - we get a photo, hold it down - we shoot a video.

    Shooting or uploading

    You can switch front and rear camera or turn on the flash. It is also easy to select a media file from those that were shot over the past 24 hours: this is done by swiping down. All photos from the gallery go here, including time-lapses and branded boomerangs.

    Processing

    When the photo or video is ready, you can publish it after processing it. For both photos and videos, the tools are the same: filters, text and emoji, drawings.

    Filters are switched in a circle with simple swipes from the edge of the screen. There are six of them in total, including a rainbow gradient like on the Instagram icon.

    The added text can be enlarged or reduced, or moved around the photo. But, unfortunately, you cannot leave more than one comment. Emoji are also inserted through the text, so if you want to cover your face with an emoticon, you have to choose.

    Drawing has a little more options. We have a palette and three brushes at our disposal: regular, marker and with a “neon” stroke. You can draw with everyone at once, and a bad stroke can be undone.

    Are you satisfied with the result? Click the checkmark button and your video will be available to subscribers. It can be saved to the gallery both before and after.

    Privacy settings, statistics

    The settings and statistics screen is called up by swiping up while viewing a story. From here, the story can be saved to the gallery, deleted, or published in the main feed, turning it into a regular post. The list of spectators is displayed below. You can hide the story from any of them by clicking on the cross next to the name.

    The settings, which are hidden behind the gear icon, allow you to choose who can respond to your stories and hide the story from certain subscribers. In this case, the privacy settings are remembered and applied to all subsequent publications.

    How to live with it

    Fine. Yes, many were hostile to Stories due to its similarity to Snapchat and Instagram’s unresolved problems that developers should focus on. But I think the innovation is useful.

    The problem of a cluttered feed, when you have to unfollow friends who post literally every step they take, has existed for a long time, and no clear solution has ever been invented. Stories can be considered the first step towards this. Over time, people should get used to the culture of behavior offered by , and start posting only really important and noteworthy content to their feed. Everything else should go into Stories. Really?

    Greetings, friends! Today I have sensational news for you! Tonight, Instagram officially announced that they are preparing to launch a special algorithm that will first show users only the most interesting things.

    Simply put, Posts in the feed will very soon stop being shown in chronological order , i.e. according to the time of publication, as, for example, this happens on VKontakte.

    What then will influence the distribution of publications in the news feed?

    And now he will do this special algorithm, that is computer program, which will determine, based on specified criteria, where your publication will appear in the news feed.

    According to Instagram itself, users do not see about 70% of publications , which are in their news feeds. Agree that this is quite an impressive amount!

    Thus, you, as a brand, company, popular user or public, receive significantly less deserved attention, even if your content is really interesting!

    By the way, according to the latest research from the Locowise agency, which has been monthly counting since April 2015 organic growth of followers on Instagram accounts, it (this very organic growth) decreased during this period by - ATTENTION92.86% !!! This suggests that users simply can’t keep up with the rapid growth of social media. networks and are less willing to subscribe to new accounts.

    Also, despite the fact that on average users spend about 21 minutes a day on Instagram, they no longer have time to scroll even half of the news feed. Therefore, the news about the launch of the algorithm is taken for granted. You understand that the main goal of Instagram is to increase the time the user spends on social media. networks. And this can only be done by improving the quality of the content that Instagrammers see in their feed. After all, you must admit that even though Facebook is constantly being slandered for its algorithms and the like, the number of active users on social media. The network is not decreasing at all! Why? Yes, simply because there is less junk and spam on Facebook than on VK, which still uses a chronological order for issuing posts.

    I think you understand the meaning of the introduction of the Instagram algorithm. Let's now deal with the most important thing.

    How will the Instagram algorithm work?


    In principle, there will be nothing supernatural here yet. I emphasize the word for now, since Facebook’s complex algorithm was also “not built right away.”

    Since Instagram belongs to Facebook, the algorithm here promises to be quite similar. So, guys, who took my course “How to beat the Facebook algorithm”, you will also crack the Instagram algorithm like nuts :)

    The main idea is that Instagram will now show publications that, according to the algorithm, will be most interesting to the user. The algorithm will also take into account the user’s connection to the account being shown to him, as well as the “age” of the post.

    Thus, the winners are those profiles that boast high engagement (likes on photos and comments), as well as those Instagram accounts with which the user interacts most often, for example, friends, stars, favorite profiles, etc.

    Please note that Instagram won't be doing anything super radical for now! Don't be alarmed by this news!

    All publications that would have appeared in the user’s feed anyway if the algorithm did not exist will still remain there! For now, the algorithm will only be responsible for the order in which posts will appear in the feed!

    How will this affect you?

    I am sure that, starting today, a lot of angry articles and comments about the introduction of the algorithm will appear on the Internet. People will panic that now no one will see the publications, and Instagram radishes only want to push you to advertise.

    Friends, don't give in to negativity! The devil is not as scary as he is painted :)

    In fact, you will only benefit if, of course, you take promotion on Instagram seriously, and don’t just send there photos from a product catalog with 30 hashtags, without bringing any benefit to the Instagrammer. Such accounts, of course, will suffer from the algorithm, since no one is interested in them.

    But if you really manage to engage your audience through interesting, inspiring publications, then engagement, thanks to the algorithm, should increase!

    Why? Well, at least because the algorithm will erase time frames, giving priority to interesting content and those who missed your post because it went deep into the feed when the user connected will get an additional chance to see your news. Thus, your users from Vladivostok will not miss posts that were sent during the peak of activity in Moscow. Do you know what I mean?

    Interesting posts will now be at the very top of the Instagram feed, regardless of the time of publication!

    Once again in popular language :) If your favorite music group publishes a cool video from a night concert that you weren’t at, then you won’t miss it, but will see it as soon as you log into Instagram. In the same spirit, you will no longer miss interesting news from your close friends, because the algorithm knows very well who is most interesting to you 😉

    Well, that's all for today! Instagram says that they will begin a phased launch of the algorithm gradually over the next couple of months, but I, as always, will keep you updated on all the news!

    I wish you successful promotion!

    In August, Instagram launched a new feature: stories that disappear after 24 hours. In the new review I have sorted out all the possibilities

    Literally on the first day that “stories” appeared, I wrote an article with. However, there are more and more questions about how to use Stories every day. So I decided to prepare full instructions via Instagram Stories.

    Well, let's go? 🙂

    What are Instagram Stories?

    This question is asked in different ways. Here are just some of the search queries for new feature Instagram: “what are the circles on Instagram at the top”, “how to make it on Instagram so that you are in a circle”, “what are the circles in the news”, “what is the circle around the avatar”, “circle on Instagram”, “what is the new bullshit on Instagram” and so on.

    is a new feature of the application, which in Russian is called “stories” or “stories”. These are photos and videos that will disappear exactly one day after uploading.

    What is the meaning of "stories"?

    Instagram launched Stories with the idea of ​​getting users to share more of their moments. real life. Because now, if you look at your social media feed, most of the photos are perfect: they don’t spend 5 minutes working on them in photo editors to post them, analyze statistics and choose the best time to publish.

    In addition, it is believed that taking more than 1-3 photos a day is bad manners. And Stories allows you to make at least 10 publications without being a spammer.

    And in general, content that disappears is a new trend. The pioneer is Snapchat, in some ways a competitor to Instagram. And apparently, the second one decided to keep up.

    Where are Stories?

    You can see “stories” at the top of the news feed, where they are presented as a separate feed. It looks like this.

    The first avatar is my “story”. The + sign in the blue circle means that I don't currently have a photo or video in my “story”, and I can add it. To add a "story", I need to click on the plus in the black circle above my avatar.

    The following avatars in the colored circle are “stories” of people I follow and who have something new that I haven’t seen. If you scroll to the left, you can see all the “stories” my friends have posted. Including those that I have already seen - in such “stories” the circles are not colored, but white. Example below.

    How to connect Instagram Stories?

    “Stories” are available to all users of the application. There is no need to connect it specially. If for some reason you do not have this feature, you should update Instagram to the latest version.

    How to start your “story”?

    Click on the plus in the black circle in the left corner of the “news” tab. Another option is to swipe left anywhere in your news feed. So Instagram Stories will also appear in front of you.

    Let's figure out what's here.

    Circle in the center- this is a button for taking a photo or video. Click once to take a photo. Press and hold your finger to take a video.

    Just a few days ago Instagram added a new feature: Now in “stories” you can immediately shoot a Boomerang (rounded video). To make a Boomerang, tap the word at the bottom of the screen and then the circle to make a video.

    Two arrow icon to the right of the white circle is a button to switch between the front and external cameras. You can also switch by double-tapping the screen, which is especially useful if you're shooting video and need to quickly change cameras.

    To the left of white mug you see two icons. Lightning in a circle- this is a flash. Click on it to add lighting to your photo or video. Moon in a circle - appears automatically when the phone detects that there is not enough lighting. It’s worth clicking on it to improve the quality of the photo (although, I think you understand that in poor lighting, even with a flash or “moon”, the quality will not be so good).

    In the upper left corner you see an icon setting.
    So what is there?

    Opportunity hide "stories"» from people who follow you, but you wouldn't want them to view those photos and videos (as you can see, I have two of these people).

    Below - comment limit. You can choose to allow anyone to write you a reply message to your “story”, those you follow, or disable this feature altogether (especially suitable public people, who have hundreds of thousands of subscribers).

    Save photos from “stories” automatically. You can enable this feature and the entire stream of your photos and videos will be saved on your phone.

    If you don’t need to save all the photos, you can save the post you like separately. In the photo on the left you see a post I made in Stories. There is an arrow in the lower right corner - clicking on it will save this photo.

    On the left you see Cancel - By clicking, you remove the photo or video you took. Be careful, by clicking “cancel”, you cannot return the photo/video.

    We will also look at additional Instagram features Stories. On the right top corner you see two icons - a picture and text.

    Drawing Can be applied to both photos and text. It can be created using three tools: marker, highlight and neon brushes. Choose the one that you like best and fits the content. There you can select the stroke thickness and color. See the photo below for an example.

    Text can contain not only letters, but also emoticons. You can choose any color, including one color for one word and another for another. You can resize the text and rotate it as you wish. To do this, move two fingers together and spread them apart.

    There is no option to add multiple inscriptions yet. Well, so that the text is in this place, and in this, and in this. But here life hack how this can be done. The first option is to add spaces so that the inscription is in several places (photo below).

    You can also use special applications, where you can add as many inscriptions as you like, any fonts, colors and sizes.

    Just put @ and start typing the name of the person or page you want to tag in the photo/video. Avatars will appear, among them you select the desired profile. After publication, the link will become active. An example - see the photo below.

    Also, along with a link to profiles, Instagram announced that it was starting to test links to external sites. Famous personalities with verified accounts (checkmark next to nickname) were the first to gain access to this function.

    In addition to text and drawing, Instagram Stories can add effects to photos and videos. To do this, swipe left or right on the screen and select a filter. There are only six of them, and they often complement the content very well.

    In Stories you can add photos and videos that you already have on your phone from your gallery. This is the secret of high-quality photos uploaded to “stories,” as well as filters and effects that seem to be missing from Stories. For example, users often upload videos made on Snapchat (you know when a person has a dog's face and licks the screen? God, even writing is funny)).

    So you have the opportunity to process photos and videos in any application - and upload them to stories.

    Swipe your finger from top to bottom and a window will pop up with a list of photos and videos taken over the last 24 hours and saved on your phone. Please note: only for the last 24 hours! Select the content you want to upload and it will be in Stories.

    Lifehack. If the photo was taken not in the last day, but a week/month/year ago, process it in one of the applications (such as VSCO or Snapseed) and download it to your phone. It will appear as good as new. You don’t even have to process it, just download it into the app and upload it back to your phone.

    With Boomerang and video it’s a little more difficult. The trick I use is to send a video from my phone to Google Drive or to my email and download it again from there. If you know better way, please share :)

    You can also calmly delete photo or video from Stories. To do this, click on the three dots in the lower right corner.

    Even if you don't delete the photo, it will still disappear from your feed after 24 hours, don't forget about it.

    What photo format?

    Many people immediately began to complain about the specific photo format after the new feature appeared. Indeed, it’s unclear why photos in Instagram Stories seem to be enlarged.

    The fact is that Instagram adjusts the photo to Stories, which is why part of the photo may be cropped. Moreover, without the ability to choose what exactly to trim.

    For example, I have a photo that I took on my phone in a square format. That's what Stories does with it.

    What to do in this case? There are several options. The first is to shoot directly in Instagram Stories (but then you can’t edit the photo). The second is to shoot vertically with your phone, and the edges will still be cut off, but only slightly.

    The third option is to add a frame. I do it in a simple way: I open a photo in the gallery on my phone and take a screenshot. This is what happens.

    I think it's worth experimenting with apps that allow you to add frames. Remember how it was before Instagram allowed you to upload more than just square photos? These applications will come in handy again. The truth is, I don’t worry about it.

    How to leave comments in Stories?

    No way. There are no comments and no likes in “stories”. But it is possible to respond to a publication by sending a personal message to the person via direct message. For example, how I sent a compliment to Polina.

    How to pause “stories”?

    Yes, you can stop the “story” to read the text on the picture, for example. To do this, just press and hold your finger on the screen - photos and videos will not move.

    How to merge photos and videos into one “story”?

    Your publications are collected into one story independently. You just upload one photo after another, a video, a Boomerang - and the app does everything for you. The result is a selection of events over 24 hours. How many publications were made can be seen at the very top - see the ribbon of dashes?

    Whose “stories” am I seeing?

    You see Stories of people you follow. Their “stories” appear one after another at the top of the news feed. New “stories” are outlined with a colored halo.

    By clicking on a person's avatar, you will see their "story". The transition between “stories” occurs automatically, but you can speed up the process by tapping the screen with your finger. Well, if you press left and right on the screen, you will move between the “stories” of different users.

    You can also see the person’s “story” in his profile: his avatar is outlined in a bright color.

    Is it possible to turn off someone's “stories”?

    If you follow a person but don't want to see their “stories,” you can hide them.

    To do this, go to the news feed, find the “story” of the person you want to hide - press with your finger and hold for a couple of seconds. A screen will appear with a "hide @user's stories" button. Press and exhale. You will no longer see this person's "story".

    You can see “stories” again. To do this, scroll to the end of the Stories feed - there you will see the profiles of those you have hidden. Click on the avatar, hold for a couple of seconds and the same field will appear in front of you with the ability to return the profile to the feed.

    Will the person see that I watched his “story”?

    Yes, remember this, if you watch someone's "story", the person will know about it. The number of views appears under the photo, and if you pull the screen up, a list of all users who have seen your “story” will appear. Only you can do this, that is, other users do not know how many people have seen your “story.”

    By the way, the list does not show how many times a person has viewed your “story.” So it will be difficult to figure out fans 😉

    Who is the first to be seen in the list of my “stories”?

    When you open the list of those who watched your Stories, at the top you usually see those users with whom you interact most actively: give them likes and receive in return, comment on their posts, and they are yours, communicate in direct messages. You most likely see their “stories” among the first in your feed.

    Why I say “most likely” and “usually” is because Instagram does not disclose its algorithms, and then it’s difficult to say for sure. These are my personal observations.

    Is it possible to secretly watch someone's "story"?

    No, Instagram does not provide this option. And I haven’t yet found any applications that can make you “invisible”.

    True, under the previous review I received many comments that “invisible” features have already appeared in Stories. For example, one girl said that she sees the same number of views on her “story,” but when she opens the list, there are several fewer of them. I haven’t observed such a phenomenon in my accounts, but I think it’s more likely a glitch in “stories” than the appearance of “invisibles”. Time will show.

    Who sees my “story”?

    It all depends on your account privacy settings. You have private profile ? Then only your approved subscribers, those who are your friends, see your “story”. Outsiders cannot see your Stories.

    Obtaining private data does not always mean hacking - sometimes it is published in public access. Knowledge Google settings and a little ingenuity will allow you to find a lot of interesting things - from credit card numbers to FBI documents.

    WARNING

    All information is provided for informational purposes only. Neither the editors nor the author are responsible for any possible harm caused by the materials of this article.

    Today, everything is connected to the Internet, with little concern for restricting access. Therefore, many private data become the prey of search engines. Spider robots are no longer limited to web pages, but index all content available on the Internet and constantly add non-public information to their databases. Finding out these secrets is easy - you just need to know how to ask about them.

    Looking for files

    In capable hands, Google will quickly find everything that is not found on the Internet, for example, personal information and files for official use. They are often hidden like a key under a doormat: there are no real access restrictions, the data simply lies on the back of the site, where no links lead. Standard Google web interface provides only basic settings advanced search, but even these will be sufficient.

    You can limit your Google search to a specific type of file using two operators: filetype and ext . The first specifies the format that the search engine determined from the file title, the second specifies the file extension, regardless of its internal contents. When searching in both cases, you only need to specify the extension. Initially, the ext operator was convenient to use in cases where the file did not have specific format characteristics (for example, to search for ini and cfg configuration files, which could contain anything). Now Google algorithms have changed, and there is no visible difference between the operators - the results in most cases are the same.


    Filtering the results

    By default, Google searches for words and, in general, any entered characters in all files on indexed pages. You can limit the search area by top-level domain, a specific site, or by the location of the search sequence in the files themselves. For the first two options, use the site operator, followed by the name of the domain or selected site. In the third case, a whole set of operators allows you to search for information in service fields and metadata. For example, allinurl will find the given one in the body of the links themselves, allinanchor - in the text equipped with the tag , allintitle - in page titles, allintext - in the body of pages.

    For each operator there is a lightweight version with a shorter name (without the prefix all). The difference is that allinurl will find links with all words, and inurl will only find links with the first of them. The second and subsequent words from the query can appear anywhere on web pages. The inurl operator also differs from another operator with a similar meaning - site. The first also allows you to find any sequence of characters in a link to the searched document (for example, /cgi-bin/), which is widely used to find components with known vulnerabilities.

    Let's try it in practice. We take the allintext filter and make the request produce a list of numbers and verification codes of credit cards that will expire only in two years (or when their owners get tired of feeding everyone).

    Allintext: card number expiration date /2017 cvv

    When you read in the news that a young hacker “hacked into the servers” of the Pentagon or NASA, stealing classified information, in most cases we are talking about just such a basic technique of using Google. Suppose we are interested in a list of NASA employees and their contact information. Surely such a list is available in electronic form. For convenience or due to oversight, it may also be on the organization’s website itself. It is logical that in this case there will be no links to it, since it is intended for internal use. What words can be in such a file? At a minimum - the “address” field. Testing all these assumptions is easy.


    Inurl:nasa.gov filetype:xlsx "address"


    We use bureaucracy

    Finds like this are a nice touch. A truly solid catch is provided by a more detailed knowledge of Google's operators for webmasters, the Network itself, and the peculiarities of the structure of what is being sought. Knowing the details, you can easily filter the results and refine the properties of the necessary files in order to get truly valuable data in the rest. It's funny that bureaucracy comes to the rescue here. It produces standard formulations that are convenient for searching for secret information accidentally leaked onto the Internet.

    For example, the Distribution statement stamp, required by the US Department of Defense, means standardized restrictions on the distribution of a document. The letter A denotes public releases in which there is nothing secret; B - intended only for internal use, C - strictly confidential, and so on until F. The letter X stands out separately, which marks particularly valuable information representing a state secret of the highest level. Let those who are supposed to do this on duty search for such documents, and we will limit ourselves to files with the letter C. According to DoDI directive 5230.24, this marking is assigned to documents containing a description of critical technologies that fall under export control. You can find such carefully protected information on sites in the top-level domain.mil, allocated for the US Army.

    "DISTRIBUTION STATEMENT C" inurl:navy.mil

    It is very convenient that the .mil domain contains only sites from the US Department of Defense and its contract organizations. Search results with a domain restriction are exceptionally clean, and the titles speak for themselves. Searching for Russian secrets in this way is practically useless: chaos reigns in domains.ru and.rf, and the names of many weapons systems sound like botanical ones (PP “Kiparis”, self-propelled guns “Akatsia”) or even fabulous (TOS “Buratino”).


    By carefully studying any document from a site in the .mil domain, you can see other markers to refine your search. For example, a reference to the export restrictions “Sec 2751”, which is also convenient for searching for interesting technical information. From time to time it is removed from official sites where it once appeared, so if you cannot follow an interesting link in the search results, use Google’s cache (cache operator) or the Internet Archive site.

    Climbing into the clouds

    In addition to accidentally declassified government documents, links to personal files from Dropbox and other data storage services that create “private” links to publicly published data occasionally pop up in Google's cache. It’s even worse with alternative and homemade services. For example, the following query finds data for all Verizon customers who have an FTP server installed and actively using their router.

    Allinurl:ftp:// verizon.net

    There are now more than forty thousand such smart people, and in the spring of 2015 there were many more of them. Instead of Verizon.net, you can substitute the name of any well-known provider, and the more famous it is, the larger the catch can be. Through the built-in FTP server, you can see files on an external storage device connected to the router. Usually this is a NAS for remote work, a personal cloud, or some kind of peer-to-peer file downloading. All contents of such media are indexed by Google and other search engines, so you can access files stored on external drives via a direct link.

    Looking at the configs

    Before the widespread migration to the cloud, simple FTP servers ruled as remote storage, which also had a lot of vulnerabilities. Many of them are still relevant today. For example, the popular WS_FTP Professional program stores configuration data, user accounts and passwords in the ws_ftp.ini file. It is easy to find and read, since all records are saved in text format, and passwords are encrypted with the Triple DES algorithm after minimal obfuscation. In most versions, simply discarding the first byte is sufficient.

    It is easy to decrypt such passwords using the WS_FTP Password Decryptor utility or a free web service.

    Speaking about hacking an arbitrary website, they usually mean obtaining a password from logs and backups of configuration files of CMS or applications for e-commerce. If you know them typical structure, then you can easily indicate keywords. Lines like those found in ws_ftp.ini are extremely common. For example, in Drupal and PrestaShop there is always a user identifier (UID) and a corresponding password (pwd), and all information is stored in files with the .inc extension. You can search for them as follows:

    "pwd=" "UID=" ext:inc

    Revealing DBMS passwords

    In the configuration files of SQL servers, names and addresses email users are stored in clear text, and instead of passwords, their MD5 hashes are recorded. Strictly speaking, it is impossible to decrypt them, but you can find a match among the known hash-password pairs.

    There are still DBMSs that do not even use password hashing. The configuration files of any of them can simply be viewed in the browser.

    Intext:DB_PASSWORD filetype:env

    Since appearing on Windows servers The place of configuration files was partially taken by the registry. You can search through its branches in exactly the same way, using reg as the file type. For example, like this:

    Filetype:reg HKEY_CURRENT_USER "Password"=

    Let's not forget the obvious

    Sometimes it is possible to get to classified information with the help of accidentally opened and caught in the field of view Google data. Ideal option- find a list of passwords in some common format. Store account information in text file, Word document or electronic Excel spreadsheet Only desperate people can, but there are always enough of them.

    Filetype:xls inurl:password

    On the one hand, there are a lot of means to prevent such incidents. It is necessary to specify adequate access rights in htaccess, patch the CMS, not use left-handed scripts and close other holes. There is also a file with a list of robots.txt exceptions that prohibits search engines from indexing the files and directories specified in it. On the other hand, if the structure of robots.txt on some server differs from the standard one, then it immediately becomes clear what they are trying to hide on it.

    The list of directories and files on any site is preceded by the standard index of. Since for service purposes it must appear in the title, it makes sense to limit its search to the intitle operator. Interesting things are in the /admin/, /personal/, /etc/ and even /secret/ directories.

    Stay tuned for updates

    Relevance here is extremely important: old vulnerabilities are closed very slowly, but Google and its search results change constantly. There is even a difference between a “last second” filter (&tbs=qdr:s at the end of the request URL) and a “real time” filter (&tbs=qdr:1).

    Date time interval latest update Google also indicates the file implicitly. Through the graphical web interface, you can select one of the standard periods (hour, day, week, etc.) or set a date range, but this method is not suitable for automation.

    By appearance address bar We can only guess about a way to limit the output of results using the &tbs=qdr: construction. The letter y after it sets the limit of one year (&tbs=qdr:y), m shows the results for the last month, w - for the week, d - for the past day, h - for the last hour, n - for the minute, and s - for second. The most recent results that have just become known to Google are found using the &tbs=qdr:1 filter.

    If you need to write a clever script, it will be useful to know that the date range is set in Google in Julian format using the daterange operator. For example, this is how you can find a list PDF documents with the word confidential, uploaded from January 1 to July 1, 2015.

    Confidential filetype:pdf daterange:2457024-2457205

    The range is indicated in Julian date format without taking into account the fractional part. Translating them manually from the Gregorian calendar is inconvenient. It's easier to use a date converter.

    Targeting and filtering again

    In addition to indicating additional operators V search query they can be sent directly in the body of the link. For example, the filetype:pdf specification corresponds to the construction as_filetype=pdf . This makes it convenient to ask any clarifications. Let's say that the output of results only from the Republic of Honduras is specified by adding the construction cr=countryHN to the search URL, and only from the city of Bobruisk - gcs=Bobruisk. You can find a complete list in the developer section.

    Google's automation tools are designed to make life easier, but they often add problems. For example, a user’s IP is used to determine their city via WHOIS. Based on this information, Google not only balances the load between servers, but also changes the search results. Depending on the region, for the same request, different results will appear on the first page, and some of them may be completely hidden. The two-letter code after the gl=country directive will help you feel like a cosmopolitan and search for information from any country. For example, the code of the Netherlands is NL, but the Vatican and North Korea do not have their own code in Google.

    Often, search results end up cluttered even after using several advanced filters. In this case, it is easy to clarify the request by adding several exception words to it (a minus sign is placed in front of each of them). For example, banking, names and tutorial are often used with the word Personal. Therefore, cleaner search results will be shown not by a textbook example of a query, but by a refined one:

    Intitle:"Index of /Personal/" -names -tutorial -banking

    One last example

    A sophisticated hacker is distinguished by the fact that he provides himself with everything he needs on his own. For example, VPN is a convenient thing, but either expensive, or temporary and with restrictions. Signing up for a subscription for yourself is too expensive. It's good that there are group subscriptions, and with the help of Google it's easy to become part of a group. To do this, just find the Cisco VPN configuration file, which has a rather non-standard PCF extension and a recognizable path: Program Files\Cisco Systems\VPN Client\Profiles. One request and you join, for example, the friendly team of the University of Bonn.

    Filetype:pcf vpn OR Group

    INFO

    Google finds configuration files with passwords, but many of them are written in encrypted form or replaced with hashes. If you see strings of a fixed length, then immediately look for a decryption service.

    Passwords are stored encrypted, but Maurice Massard has already written a program to decrypt them and provides it for free through thecampusgeeks.com.

    At Google help hundreds are executed different types attacks and penetration tests. There are many options affecting popular programs, basic database formats, numerous vulnerabilities of PHP, clouds and so on. If you know exactly what you are looking for, it will make it much easier to get necessary information(especially one that was not planned to be made public). Shodan is not the only one who feeds interesting ideas, but any database of indexed network resources!

    Read more: