Wine intitle all user publications rating. Wine ratings. scales by robert parker and jancis robinson - tasting of life - pleasure as a gift! Where are the ratings published? Google search secrets. Special Forces

Dear friends, today I will share with you one of my latest developments in website promotion. I'll tell you how to remove the publication date from search results and what benefits it provides.

As you know, the search results for many website pages display the date of their publication. Dates allow users to navigate search results and select pages with more recent and relevant information.

In most cases, I myself prefer to go to pages that were published not so long ago, and I visit materials that are 3-5 years old or older much less often, since often information on many topics quickly becomes outdated and loses its relevance.

Do you think this article will receive Firefox plugins maximum number of clicks from a search if it is dated 2008?

Or my post about WordPress plugins from 2007:

I think not, since information on these topics becomes outdated over the years.

I thought about how I could use this moment to increase traffic to the sites I promote. There are many “evergreen” topics in which information practically does not become outdated, and materials published several years ago will also be useful and interesting for visitors.

For example, let's take the topic of dog training. The basic principles there have not changed for many years. At the same time, the owner of such a site will be sad 😉 when, in a few years, fewer visitors from search results will go to his articles, since they will see the publication date and choose newer articles on other sites simply because they are more recent, although they may not be nearly as interesting or useful.

But if you take topics such as smartphones, gadgets, fashion, women's clothing, then the information in them becomes outdated very quickly and loses its relevance. There is no point in removing the date from the search results.

I invite you to subscribe to my channels on Telegram:

I wish you high traffic on your sites!

Dessert for today - a fascinating video about how one guy rides a bicycle 😉 . It’s better not for the faint of heart and impressionable people to watch :)

The Google search engine (www.google.com) provides many search options. All these features are an invaluable search tool for a user new to the Internet and at the same time an even more powerful weapon of invasion and destruction in the hands of people with evil intentions, including not only hackers, but also non-computer criminals and even terrorists.
(9475 views in 1 week)

Denis Barankov
denisNOSPAMixi.ru

Attention:This article is not a guide to action. This article was written for you, WEB server administrators, so that you will lose the false feeling that you are safe, and you will finally understand the insidiousness of this method of obtaining information and take up the task of protecting your site.

Introduction

For example, I found 1670 pages in 0.14 seconds!

2. Let's enter another line, for example:

a little less, but this is already enough for free downloading and password guessing (using the same John The Ripper). Below I will give a number of more examples.

So, you need to realize that the Google search engine has visited most of the Internet sites and cached the information contained on them. This cached information allows you to obtain information about the site and the content of the site without directly connecting to the site, only by delving into the information that is stored inside Google. Moreover, if the information on the site is no longer available, then the information in the cache may still be preserved. All you need for this method: know some keywords Google. This technique is called Google Hacking.

Information about Google Hacking first appeared on the Bugtruck mailing list 3 years ago. In 2001, this topic was raised by a French student. Here is a link to this letter http://www.cotse.com/mailing-lists/bugtraq/2001/Nov/0129.html. It provides the first examples of such queries:

1) Index of /admin
2) Index of /password
3) Index of /mail
4) Index of / +banques +filetype:xls (for france...)
5) Index of / +passwd
6) Index of / password.txt

This topic made waves in the English-reading part of the Internet quite recently: after the article by Johnny Long, published on May 7, 2004. For a more complete study of Google Hacking, I advise you to go to this author’s website http://johnny.ihackstuff.com. In this article I just want to bring you up to date.

Who can use this:
- Journalists, spies and all those people who like to poke their nose into other people's business can use this to search for incriminating evidence.
- Hackers looking for suitable targets for hacking.

How Google works.

To continue the conversation, let me remind you of some of the keywords used in Google queries.

Search using the + sign

Google excludes words it considers unimportant from searches. For example, question words, prepositions and articles in English: for example are, of, where. In Russian Google language seems to consider all words important. If a word is excluded from the search, Google writes about it. To Google started to look for pages with these words, you need to add a + sign without a space before the word. For example:

ace +of base

Search using the sign –

If Google finds large number pages from which you want to exclude pages with a certain topic, you can force Google to search only for pages that do not contain certain words. To do this, you need to indicate these words by placing a sign in front of each - without a space before the word. For example:

fishing - vodka

Search using ~

You may want to search not only for the specified word, but also for its synonyms. To do this, precede the word with the ~ symbol.

Finding an exact phrase using double quotes

Google searches on each page for all occurrences of the words that you wrote in the query string, and it does not care about the relative position of the words, as long as all the specified words are on the page at the same time (this is the default action). To find the exact phrase, you need to put it in quotes. For example:

"book stand"

In order to have at least one of the specified words, you need to specify the logical operation explicitly: OR. For example:

book safety OR protection

In addition, you can use the * sign in the search bar to indicate any word and. to represent any character.

Finding words using additional operators

There are search operators that are specified in the search string in the format:

operator:search_term

Spaces next to the colon are not needed. If you insert a space after the colon, you will see an error message, and before it, Google will use them as a normal search string.
There are groups of additional search operators: languages ​​- indicate in which language you want to see the result, date - limit the results for the past three, six or 12 months, occurrences - indicate where in the document you need to search for the line: everywhere, in the title, in the URL, domains - search on the specified site or, conversely, exclude it from the search; safe search - blocks sites containing the specified type of information and removes them from the search results pages.
However, some operators do not require an additional parameter, for example the request " cache:www.google.com" can be called as a full-fledged search string, and some keywords, on the contrary, require a search word, for example " site:www.google.com help". In the light of our topic, let's look at the following operators:

Operator site: limits the search only to the specified site, and you can specify not only domain name, but also an IP address. For example, enter:

Operator filetype: Limits the search to a specific file type. For example:

As of the date of publication of the article, Google can search within 13 various formats files:

• Adobe Portable Document Format (pdf)
• Adobe PostScript (ps)
• Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
• Lotus WordPro (lwp)
• MacWrite (mw)
• Microsoft Excel (xls)
• Microsoft PowerPoint (ppt)
• Microsoft Word(doc)
• Microsoft Works (wks, wps, wdb)
• Microsoft Write (wri)
• Rich Text Format (rtf)
• Shockwave Flash(swf)
• Text (ans, txt)

Operator link: shows all pages that point to the specified page.
It's probably always interesting to see how many places on the Internet know about you. Let's try:

Operator cache: shows the version of the site in Google's cache, what it looked like when Google latest visited this page once. Let’s take any frequently changing site and look:

Operator intitle: searches for the specified word in the page title. Operator allintitle: is an extension - it searches for all specified few words in the page title. Compare:

intitle:flight to Mars
intitle:flight intitle:on intitle:mars
allintitle:flight to mars

Operator inurl: forces Google to show all pages containing the specified string in the URL. allinurl operator: searches for all words in a URL. For example:

allinurl:acid acid_stat_alerts.php

This command is especially useful for those who don't have SNORT - at least they can see how it works on a real system.

Hacking Methods Using Google

So, we found out that using a combination of the above operators and keywords, anyone can collect the necessary information and search for vulnerabilities. These techniques are often called Google Hacking.

Site map

You can use the site: operator to list all the links that Google has found on a site. Typically, pages that are dynamically created by scripts are not indexed using parameters, so some sites use ISAPI filters so that links are not in the form /article.asp?num=10&dst=5, and with slashes /article/abc/num/10/dst/5. This is done so that the site is generally indexed by search engines.

Let's try:

site:www.whitehouse.gov whitehouse

Google thinks that every page on a website contains the word whitehouse. This is what we use to get all the pages.
There is also a simplified version:

site:whitehouse.gov

And the best part is that the comrades from whitehouse.gov didn’t even know that we looked at the structure of their site and even looked at the cached pages that Google downloaded for itself. This can be used to study the structure of sites and view content, remaining undetected for the time being.

View a list of files in directories

WEB servers can display lists of server directories instead of regular HTML pages. This is usually done to ensure that users select and download specific files. However, in many cases, administrators have no intention of showing the contents of a directory. This occurs due to incorrect server configuration or the absence of the main page in the directory. As a result, the hacker has a chance to find something interesting in the directory and use it for his own purposes. To find all such pages, it is enough to note that they all contain the words: index of. But since the words index of contain not only such pages, we need to refine the query and take into account the keywords on the page itself, so queries like:

intitle:index.of parent directory
intitle:index.of name size

Since most directory listings are intentional, you may have a hard time finding misplaced listings the first time. But at least you can already use listings to determine the WEB server version, as described below.

Obtaining the WEB server version.

Knowing the WEB server version is always useful before launching any hacker attack. Again, thanks to Google, you can get this information without connecting to a server. If you look closely at the directory listing, you can see that the name of the WEB server and its version are displayed there.

Apache1.3.29 - ProXad Server at trf296.free.fr Port 80

An experienced administrator can change this information, but, as a rule, it is true. Thus, to obtain this information it is enough to send a request:

intitle:index.of server.at

To get information for a specific server, we clarify the request:

intitle:index.of server.at site:ibm.com

Or vice versa, we are looking for servers running a specific version of the server:

intitle:index.of Apache/2.0.40 Server at

This technique can be used by a hacker to find a victim. If, for example, he has an exploit for a certain version of the WEB server, then he can find it and try the existing exploit.

You can also get the server version by viewing the pages that are installed by default when installing the latest version of the WEB server. For example, to see test page Apache 1.2.6 just type

intitle:Test.Page.for.Apache it.worked!

Moreover, some operating systems During installation, they immediately install and launch the WEB server. However, some users are not even aware of this. Naturally, if you see that someone has not removed the default page, then it is logical to assume that the computer has not undergone any customization at all and is likely vulnerable to attack.

Try searching for IIS 5.0 pages

allintitle:Welcome to Windows 2000 Internet Services

In the case of IIS, you can determine not only the server version, but also Windows version and Service Pack.

Another way to determine the WEB server version is to search for manuals (help pages) and examples that may be installed on the site by default. Hackers have found quite a few ways to use these components to gain privileged access to a site. That is why you need to remove these components on the production site. Not to mention the fact that the presence of these components can be used to obtain information about the type of server and its version. For example, let's find the apache manual:

inurl:manual apache directives modules

Using Google as a CGI scanner.

CGI scanner or WEB scanner– a utility for searching for vulnerable scripts and programs on the victim’s server. These utilities must know what to look for, for this they have a whole list of vulnerable files, for example:

/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi

/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll
/cgi-bin/finger.cgi

We can find each of these files using Google, additionally using the words index of or inurl with the file name in the search bar: we can find sites with vulnerable scripts, for example:

allinurl:/random_banner/index.cgi

Using additional knowledge, a hacker can exploit a script's vulnerability and use this vulnerability to force the script to emit any file stored on the server. For example, a password file.

How to protect yourself from Google hacking.

1. Do not post important data on the WEB server.

Even if you posted the data temporarily, you may forget about it or someone will have time to find and take this data before you erase it. Don't do this. There are many other ways to transfer data that protect it from theft.

2. Check your site.

Use the methods described to research your site. Check your site periodically for new methods that appear on the site http://johnny.ihackstuff.com. Remember that if you want to automate your actions, you need to get special permission from Google. If you read carefully http://www.google.com/terms_of_service.html, then you will see the phrase: You may not send automated queries of any sort to Google's system without express permission in advance from Google.

3. You may not need Google to index your site or any part of it.

Google allows you to remove a link to your site or part of it from its database, as well as remove pages from the cache. In addition, you can prohibit the search for images on your site, prohibit short fragments of pages from being shown in search results. All possibilities for deleting a site are described on the page http://www.google.com/remove.html. To do this, you must confirm that you are really the owner of this site or insert tags or

4. Use robots.txt

It is known that search engines look at the robots.txt file located at the root of the site and do not index those parts that are marked with the word Disallow. You can use this to prevent part of the site from being indexed. For example, to prevent the entire site from being indexed, create a robots.txt file containing two lines:

User-agent: *
Disallow: /

What else happens

So that life doesn’t seem like honey to you, I’ll say finally that there are sites that monitor those people who, using the methods outlined above, look for holes in scripts and WEB servers. An example of such a page is

Application.

A little sweet. Try some of the following for yourself:

1. #mysql dump filetype:sql - search for mySQL database dumps
2. Host Vulnerability Summary Report - will show you what vulnerabilities other people have found
3. phpMyAdmin running on inurl:main.php - this will force control to be closed through the phpmyadmin panel
4. not for distribution confidential
5. Request Details Control Tree Server Variables
6. Running in Child mode
7. This report was generated by WebLog
8. intitle:index.of cgiirc.config
9. filetype:conf inurl:firewall -intitle:cvs – maybe someone needs firewall configuration files? :)
10. intitle:index.of finances.xls – hmm....
11. intitle:Index of dbconvert.exe chats – icq chat logs
12. intext:Tobias Oetiker traffic analysis
13. intitle:Usage Statistics for Generated by Webalizer
14. intitle:statistics of advanced web statistics
15. intitle:index.of ws_ftp.ini – ws ftp config
16. inurl:ipsec.secrets holds shared secrets – secret key– good find
17. inurl:main.php Welcome to phpMyAdmin
18. inurl:server-info Apache Server Information
19. site:edu admin grades
20. ORA-00921: unexpected end of SQL command – getting paths
21. intitle:index.of trillian.ini
22. intitle:Index of pwd.db
23.intitle:index.of people.lst
24. intitle:index.of master.passwd
25.inurl:passlist.txt
26. intitle:Index of .mysql_history
27. intitle:index of intext:globals.inc
28. intitle:index.of administrators.pwd
29. intitle:Index.of etc shadow
30.intitle:index.ofsecring.pgp
31. inurl:config.php dbuname dbpass
32. inurl:perform filetype:ini

Imagine being able to collect and analyze competitors' marketing ideas without conducting a full audit of their websites. Isn't it great? Just think of the possibilities this will open up for your online marketing and promotion. By knowing what your competitors have up their sleeves, you can create more relevant content, get more organic traffic and increase conversions.

Sounds good, doesn't it? Then pay attention - we offer a secret weapon that allows you to spy on your competitors' ideas in a matter of seconds. This weapon is 100% free - any player on the market can use it. You probably know what we're talking about. And you probably use this platform every day. Because the secret weapon we're talking about is the operators.

What are search operators?

Operators Google search are commands and symbols that limit or expand your search space. They can be used for almost any purpose, including competitor research. If your competitors are not well-known enough to immediately appear at the top of the search results, then traditional search will not be very useful - it will take a lot of time to scroll through the results.

When you need to limit your search space, search operators can help you. They are useful for SEO, content marketing and many other areas. And, unlike specialized programs and utilities, search operators are available to everyone right in the search engine bar.

Let's imagine that you are a small web studio that helps marketers and plans to provide services for working with cheap or free DIY services like Canva. How to quickly study their content, marketing strategies and audience?

Analyzing an entire site is an overwhelming task. Of course, you can simply search for “Canva competitors.” But the volume of output for such a request cannot be analyzed carefully:

You'll get too many results - 221,000 links to be exact. You'll spend hours scrolling through their rows to find the information you need. How to immediately get a summary of the most relevant sites for a request? This is where search operators will help you.

When in doubt, use chains of command

Search operators can be difficult to use. Sometimes it is easier to add one or two additional statements to achieve the goal.

Command chains allow you to use multiple search operators to improve search results. No matter how you use them, search chains can help you get to the data you need faster.

Now let's go.

Command 1: site:

site: is a basic command that will launch a search on a competitor's site. The team limits search results to one site, which will make the results more relevant. Let's say we're exploring a Canva website and want to analyze its pages. We can go directly to the resource and study it manually, but this will take time.

Another option is to type “site:canva.com/ru_ru” into Google. This is what you get as a result:

Please note that all results are only from the site we need. You don’t have to scroll through advertisements, articles, forum threads and other information on third-party resources. You have received a short list of pages of one site. By quickly scanning this list, you can find ideas for your own projects.

But there is one drawback in the example above: we have narrowed the search to one site, but the results are still quite large. We need to add a few more conditions to the request. Let's imagine that your company places a special emphasis on creating infographics. In this case, simply add the request “create infographic” after the site: operator and the site address. Here's what it looks like: "site:canva.com create infographic."

As a result, you will receive far fewer links. In our example, search engine produced only 21 pages. Now you can explore materials relevant to your business interests.

Strictly speaking, by asking search query Canva and infographics, you would get the same results. But you would have to wade through dozens and dozens of irrelevant pages. This is why the site: operator is so useful. It significantly narrows the search and helps you get faster necessary information.

Command 2: intitle: or allintitle:

Let's consider two commands that perform approximately the same function. The intitle: and allintitle: search operators search for pages that have the search terms you select in their “title” field. These operators are great for finding exact phrases in the titles of pages, articles, or landing pages.

Let's say you run a search for "infographic templates":

That's better - only 52,700 pages. But the problem is that even this issuance is not narrow enough. And, if you noticed, now the command only accepts the first word of the request - “patterns”. Let's reformulate it slightly and include the entire query in the search.

Now we have 3300 pages - great progress! We would get the same result if we used the command “allintitle:infographic templates” instead of the cumbersome “intitle:intitle:infographic templates”. Allintitle operator: searches the entire phrase using page titles.

So, we have eliminated 99% of irrelevant sites and can now calmly study the results that are most interesting to us. But the results can be narrowed down even further by adding the site: operator. For example: “allintitle:infographic templates site:canva.com/ru_ru”. Combining two operators will allow you to narrow the search volume to just a few links.

This will allow you to receive extremely specific and relevant materials on the topic that interests you.

Command 3: intext: or allintext:

The intext: or allintext: operators also allow you to find a word or phrase, but only in the body of the page, not in the title. The allintext: operator, like the allintitle: operator, searches for entire phrases, eliminating the need to preface each word with an intext: command.

These teams provide even deeper insight into competitors' content. This is especially useful in researching their sites' SEO strategy and learning how search engines categorize their pages.

Now search results are completely based on specific words and phrases. But we continue to narrow the search field and return to the site: operator, since we are interested in the content of a specific site:

We again received a small output - only 34 results. Now all you have to do is select the best articles, read them and borrow the most profitable ideas from your competitor.

Command 4: Exact Search with Quotes

Another method of finding exact matches of a word or phrase. This command is especially useful for researching key phrases on a competitor's site.

By enclosing your query in quotation marks, you will find exact matches - unlike regular search results. Let's see how this works using the example of the phrase “infographics for marketers.”

So, the service is not promoted directly for this keyword. On the one hand, this is bad - we will not be able to find out how Canva works with this audience. On the other hand, we have a chance to offer our own solution to audiences not reached by Canva's marketing. Do you think you would have come up with such a business idea without knowing smart search techniques?

Command 5: exclude words (-) or add words (+)

Sometimes during the competitive analysis process you will need to exclude or add certain expressions to get the results you want. In such cases, use the (-) or (+) symbols to add or remove specific words from the search.

For example, you need to find information about infographics, but you don't want to see too many examples. Then we exclude the word “examples” from the output and this is what we get:

We received lots of links to resources about infographics, with specific tips and tutorials, but without annoying examples.

As you may have guessed, the (+) sign, on the contrary, includes the word in the search. We use it to find infographics about content marketing. Here's the basic search:

Team 6: Related:

The last search operator in this collection returns sites similar to the domain of a given resource. Once you've examined your main competitor's website, you can check who else is active in your market. This will make it easier to avoid overlaps and stand out among similar offers. Let's go back to the Canva tool and see if Google can find sites with a similar model?

Only 9 results! This gives you an additional list of resources to explore in the future.

Conclusion

If you're stumped when developing a digital marketing strategy, just take a look at what your competitors are doing. But traditional search methods may not provide quick results. Therefore, learn to “Google” like a pro - using search operators. These commands will allow you to filter results by site, title, text, and even find sites similar to a competitor’s resource. This way you will reduce the search area from millions of links to a few dozen of the most important pages.

What to do when you have analyzed your competitors, compiled a “semantic core” of the most promising keywords and are ready to launch a campaign? Don't forget to accept the targeted incoming traffic flow on it.

Additional commands to the Google search engine allow you to achieve much more best results. With their help, you can limit the scope of your search, and also indicate to the search engine that you do not need to view all pages.

Operator "Plus" (+):
For a situation where you need to force some mandatory word into the text. To do this, use the “+” operator before the required word. Suppose, if we have a request for Terminator 2, as a result of the request we will have information about the film Terminator, Terminator 2, Terminator 3. To leave only information about the film Terminator 2, we put a “plus sign” in front of the two: just a little about “Home Alone” I". If we have a request like Terminator +2.

For example:
Magazine +Murzilka
+Bernoulli equation

Site operator:

For example:
Music site:www.site
Books site:ru

Link operator:

For example:
link:www.site
Friends link:www.site

Range operator (..):
For those who have to work with numbers, Google has made it possible to search for ranges between numbers. In order to find all pages containing numbers in a certain range “from - to”, you need to put two dots (..) between these extreme values, that is, the range operator.

For example:
Buy a book $100..$150

Excluding words from the query. Logical NOT (-):
To exclude any words, the minus (-) exclusion operators are used. That is, a logical “NOT”. Useful in cases where direct search results are too cluttered

For example:
Aquarium group - we are looking for everything about the aquarium excluding the "Aquarium" group

Search for exact phrase (""):
Useful for searching for a specific text (an entire article based on a quote). To do this, you need to enclose the query in quotes (double quotes).

For example:
“And the dungeon is cramped, and there is only one freedom And we always trust in it” - we are looking for Vysotsky’s ballad one line at a time

Note: Google allows you to enter a maximum of 32 words per search string.

Word truncation (*):
Sometimes you need to look for information about a word combination in which one or more words are unknown. For these purposes, the “*” operator is used instead of unknown words. Those. “*” is any word or group of words.

For example:
Master and *
Leonardo * Vinci

cache operator:
The search engine stores the version of the text that is indexed by the search spider in a special storage format called a cache. A cached version of a page can be retrieved if the original page is unavailable (for example, the server on which it is stored is down). A cached page is shown as it is stored in the search engine's database and is accompanied by a notice at the top of the page indicating that it is a cached page. It also contains information about the time the cached version was created. On the page from the cache, the query keywords are highlighted, and each word is highlighted in a different color for user convenience. You can create a request that will immediately return a cached version of a page with a specific address: cache:page_address, where instead of “page_address” is the address of the page saved in the cache. If you need to find any information in a cached page, you need to write a request for this information separated by a space after the page address.

For example:
cache:www.site
cache:www.site tournaments

We must remember that there should not be a space between “:” and the page address!

filetype operator:
As you know, Google indexes not only html pages. If, for example, you needed to find some information in a file type other than html, you can use the filetype operator, which allows you to search for information in a specific file type (html, pdf, doc, rtf...).

For example:
Specification html filetype:pdf
Essays filetype:rtf

Operator info:
The info operator lets you see information that Google knows about that page.

For example:
info:www.site
info:www.site

Site operator:
This operator limits the search to a specific domain or site. That is, if you make a request: marketing intelligence site:www.site, then the results will be obtained from pages containing the words “marketing” and “intelligence” on the site “www..

For example:
Music site:www.site
Books site:ru

Link operator:
This operator allows you to see all the pages that link to the page for which the request was made. Thus, the request link:www.google.com will return pages that contain links to google.com.

For example:
link:www.site
Friends link:www.site

allintitle operator:
If you start a query with the allintitle operator, which translates as “everything is in the title,” then Google will return texts in which all the words of the query are contained in the titles (inside the TITLE tag in HTML).

For example:
allintitle:Free software
allintitle:Download music albums

intitle operator:
Shows pages where only the word immediately following the intitle statement is in the title, and all other query words can appear anywhere in the text. Putting the intitle operator before each word of the query is equivalent to using the allintitle operator.

For example:
Programs intitle:Download
intitle:Free intitle:download software

allinurl operator:
If the query begins with the allinurl operator, then the search is limited to those documents in which all the query words are contained only in the page address, that is, in the url.

For example:
allinurl:rus games
allinurl:books fantasy

inurl operator:
The word that is located directly together with the inurl operator will be found only in the address of the Internet page, and the remaining words will be found anywhere in such a page.

For example:
inurl:books download
inurl:games crack

Operator related:
This operator describes pages that are "similar" to a specific page. Thus, the query related:www.google.com will return pages with similar topics to Google.

For example:
related:www.site
related:www.site

define statement:
This operator acts as a kind of explanatory dictionary, which allows you to quickly get the definition of the word that is entered after the operator.

For example:
define:Kangaroo
define:Motherboard

Synonym search operator (~):
If you want to find texts containing not only your keywords, but also their synonyms, then you can use the “~” operator before the word for which you want to find synonyms.

For example:
Types of ~metamorphoses
~Object orientation

Range operator (..):
For those who have to work with numbers, Google has made it possible to search for ranges between numbers. In order to find all pages containing numbers in a certain range “from - to”, you need to put two dots (..) between these extreme values, that is, the range operator.

For example:
Buy a book $100..$150
Population 1913..1935

Over the past few years, many articles have appeared that warn that hackers (or crackers, if you prefer) are using the Google search engine to gain access to files that they are not supposed to have access to. What I I’ll tell you, maybe someone has been using it for their own purposes for a long time, but I was always interested in finding out for myself how it works. In 2001, James Middleton wrote an article for vnunet.com, which discussed the use of special words by hackers. Google search engine to find important banking information:

"In a message in one of the security conferences it was said that by entering "Index of / +banques +filetype:xls" into the search bar, you could eventually get hold of important / secret Excel tables from French banks. The same technology can be used to search for password files."

Another article that appeared on wired.com describes how Adrian Lamo, hacker Often featured in computer crime reports, he used Google to gain access to the websites of large corporations.

"For example, when you type in 'Select a database to view' - a common phrase used in the FileMaker Pro database interface - Google returns approximately 200 links, most of which lead to a page with access to FileMaker for all users."

Similar articles continued to appear on the Internet. United States Government and Military websites were also vulnerable because scripts used by admins could be easily found using google. Medical records, personal notes - everything could unexpectedly end up in the hands of users of this search engine. But the articles never described how Google could be used for “such” purposes. Even an example of the line that I entered hacker was not made available to a wider audience. After the last time I read such an article, I decided that it was time to figure it out myself - does Google really allow you to do everything that has been mentioned so many times in various reports. The following text is the result of my research.

Theory

In fact, the theory is very simple. To get the information you're interested in, you need to try to imagine what files that information might be in, and then just try to find them. (For example, try searching for *.xls files). Or you can take a more interesting approach - think about what software installed on the attacked machine, provides the ability to perform the tasks you need, then enter the critical/dangerous files of this software into the search bar. An example would be a content management system. You need to research this system, find out what files it includes, and then use Google. But let’s return to the database example discussed above. You know that the "view database" line is on web pages that you shouldn't be able to access. Therefore, you just have to find the pages that contain this string or find out that, for example, the “view database” option refers to the page “viewdbase.htm”, that is, you will need to enter it into the search bar.

The most important thing is to clearly set a goal and know what you want to find. Only then can you use Google.

Google Search Options

Google allows you to search for special types of files, that is, as a search result, you do not get html pages (web sites), but, for example, Microsoft file Excel. Here's what you need to enter in the search bar:

Filetype:xls (for excel files) or filetype:doc for Word files.

It will probably be more interesting to find *.db and *.mdb files. You can search for other file types as well. The first thing that comes to mind is *.cfg or *.pwd, *.dat files, etc. First, think about which files may contain valuable information.

One more useful option when searching - inurl: an option that allows you to search for specified words in a url. This gives you the ability to search for the directories you need.

Example: inurl:admin The search result will be websites that have the word "admin" in the url.

Index of

The "index of" option is also not fully thought out by the Google developers, but it will be very useful to us. If you use the "index of" option, then as a result, Google will show you a directory listing on the server. Here's an example:

"index of" admin or index.of.admin

The result will be a listing of multiple "admin" directories.

The "site" option allows you to show search results only for a specific domain or site. For example, you can search on all .com or .box.sk or .nl sites, or on just one site. It will be very interesting to search on military and government sites. Here's an example search string:

Site:mil or site:gov

Site:neworder.box.sk "board"

Intitle is another interesting option. She lets you search html files whose title contains the word or combination of words you need. The search string will look like this: intitle:word_here. You can find out what words are present in the title of, say, the same content management system, and then search for these words in google using the Intitle option. As a result, you will have access to similar systems on other sites.

The Link option allows you to find out which web pages have a link to the site you specified. As described in the book "Hacking Exposed Third Edition", we can also use this option for our own purposes.

Combining options when searching

All of the above options may or may not be known to you. In any case, using them, we will get an interesting result. The fact remains that Google shows its magical power when we begin to combine these options with each other. For example, you can try searching for this:

inurl:nasa.gov filetype:xls "restricted" or this: site:mil filetype:xls "password" or maybe this: site:mil "index of" admin

(These examples are just off the top of my head and I don't know if Google will turn up anything interesting. You need to find a combination of options to get the expected result).

Examples; Practical Material

Special file types: *.xls, *.doc, *.pdf *.ps *.ppt *.rtf

To begin with, try searching for those files in which you think the information you are interested in is located. For me, the obvious choices were the following:

Password, passwords, pwd, account, accounts, userid, uid, login, logins, secret, secrets. Of course, I searched for all these words with the extension *.doc, *.xls and *.db

Here come the first ones interesting results, especially if you look for files with the *.db extension. Is it true, passwords I also found it in *.doc files.

http://www.doc.state.ok.us/Spreadsheets/private%20prison%20survey%20for%20web.xls
http://www.bmo.com/investorrelations/current/current/suppnew/private.xls
http://www.nescaum.org/Greenhouse/Private/Participant_List.xls
http://www.dscr.dla.mil/aviationinvest/attendance_5Apr01.xls
http://web.nps.navy.mil/~drdolk/is3301/PART_IS3301.XLS

Admin.cfg

Admin.cfg, in most cases, configuration file admin. Many software developers also use names like "config", "admin" or "setup". Often such files contain sensitive information and therefore should not be accessible to most people. I tried searching for the admin.cfg file using the following search string:

inurl:admin.cfg "index of"

As a result, Google returned a lot of files, some of which were very interesting;). For example, I found a file: http://www.alternetwebdesign.com/cgi-bin/directimi/admin.cfg, which contained passwords One password was from the database, which was located at: http://www.alternetwebdesign.com/cgi-bin/directimi/database.cgi?admin.cfg. The database contained confidential information clients of this company. I decided to contact this company and tell them about the vulnerability. The people there turned out to be friendly and said that they would try to fill the gap in the near future.

Webadmin

Some time ago, while I was working on this article, I visited the website:

http://wacker-welt.de/webadmin/

It was written there that “webadmin” allows you to remotely edit the contents of a website, upload files, etc. The main page of the webadmin control center is called "webeditor.php". Obviously my next step was to visit google and use the "inurl" option to find the webeditor.php pages. Here's what I entered in the search bar:

inurl:webeditor.php

and this is what I found:

http://orbyonline.com/php/webeditor.php
http://www-user.tu-chemnitz.de/~hkri/Neuer%20Ordner/webeditor.php
http://artematrix.org/webeditor/webeditor.php
http://www.directinfo.hu/kapu/webeditor.php

Access to all these files was unrestricted, and all because the site owners did not bother to install (correctly) protection using .htaccess. Similar error allows absolutely any Internet user to replace web pages on the server, and, consequently, deface the site. The ability to upload your own files allows you to gain full access to the server.

After browsing these sites, I noticed that the file that allows you to upload files is called "file_upload.php". Then Google comes into play.

http://www.hvcc.edu/~kantopet/ciss_225/examples/begphp/ch10/file_upload.php

Here's a good example:

http://www.pelicandecals.com/admin/webeditor.php

Given script allows you to modify files as in the previous examples, including index.php. In theory, any interested person can change an existing one or upload his own script to the server and execute it. I don’t think it’s worth mentioning the consequences.

http://www.pelicandecals.com/admin/administration.html

Information about customers, the ability to change prices for goods, etc. were available here.

Site Content Management Systems

Site content management systems are programs that allow web masters edit, change the content of a website. The same applies to control panels for web sites. The bottom line is that you need to determine which files are key in a given product. This file could be "cms.html", "panel.html" or "control.cfg".

Frontpage Server Extensions HTML Administration Forms

"You can remotely administer FrontPage Server Extensions from any computer connected to the internet using FrontPage Server Extension HTML Administration Forms."
Here's what Microsoft documentation says about it. This means that users who have access to these forms can perform some administrative functions remotely. This means that forms must be well protected from unauthorized users. Well, how about looking for such forms on the Internet? The first thing we need to do is figure out what files this one is using. software A quick visit to the Microsoft website or a glance at the FrontPage documentation will show that home page All admin forms are "fpadmin.htm". This is the file we will be looking for. But first, we must correctly select the options that will be used in the search bar in order to get the result we need. If the default installation is carried out, then all files are placed in the "admin" directory. Remembering everything we've learned about google options and search theory, a search string like:

inurl:fpadmin.htm "index of" admin or inurl:admin/fpadmin.htm

And here are the results obtained from the search:

http://www.lehigh.edu/~ineduc/degree_programs/tbte/admin/
http://blackadder.eng.monash.edu.au/frontpage/admin/
http://www.lehigh.edu/collegeofeducation/degree_programs/tbte/admin/
http://www.vsl.gifu-u.ac.jp/freeman/frontpage4/admin/
http://www.tech-geeks.org/contrib/loveless/e-smith-fp-2002/frontpage/version5.0/admin/1033/fpadmin.htm
http://fp.nsk.fio.ru/admin/1033/fpadmin.htm

Here's what else is written in the FrontPage documentation:

"For security reasons, HTML Administration Forms are not active immediately after installation, which will not allow you to remotely administer FrontPage from a web browser."

This means only one thing - some links that the search engine gave us google system, may turn out to be useless and there is only one way to check their functionality - try using some administrator functions and see the result. I decided not to go that far so as not to break the law. But I'm not here to teach you manners, at least not today.

Freesco Router

Freesco router software for Linux installs by default small browser, which allows owners to control the operation of the router via http protocol. By default, login and password for the control panel - "admin". A lot of freesco users don't know about this. You can search for Freesco routers control panel using the following line:

intitle:"freesco control panel" or "check the connection" these words are either in the page titles or on the pages themselves. It all comes down to one thing - you must study software find those parts of it that are responsible for something important (the same admin page) and compose a line, using which you will gain access to these same parts.

Additional Tips

• Remember, English is the most common language on the Internet, but it is not the only one. Try searching for words or lines from your native language or French or German etc. For example, "beeheer" means "administration" in German.
• You can use strings from the list of vulnerabilities of any security scanner. For examples you can go here: http://paris2k.at.box.sk/listings/
• Try looking for the files "config.inc.php" or "mysql.cfg" - they may contain database login-password combinations MySQL Try using words in the search bar PHP SQL mySQL etc.
• Try these combinations: inurl:admin "index of" "database" or inurl:phpmyadmin "index of" or inurl:mysql "index of" site:neworder.box.sk intitle:index.of or intitle:index.of.private (=intitle:"index of private")

Conclusion

The Internet is a network to which hundreds of thousands, or even millions, are connected. web servers and in theory, you can get access to any data, of course, if it is not properly protected. Both software developers and end users should pay more attention to the default security configuration and security policy. After all, there will always be people who make mistakes, install everything by default, use poorly protected software and don't care at all, or still believe that nothing will happen if they put it all on the Internet like that. But there are still curious individuals who like to find interesting information not for prying eyes. Google can help you a lot in such matters, and it's not at all difficult.