Typically for anyone who uses a computer, Google is the most well-known name when it comes to searching for what you want on the Internet.  Many people don’t realize that modern-day hackers also heavily rely on the search results that Google provides them.

When you type a search, it probably looks like this:

Typical Google Search

Hacker’s on the other hand realize the REAL potential behind a search engine and something they would search for might look like this:

Typical search query for a start of a hack.

The search example shown here (filetype:pwd service), will return results of servers/domains that run something called Microsoft FrontPage extensions.  Basically, the results will look like (usernames and passwords; the passwords are of course encrypted):

OMG! Google found us usernames and passwords!!

Now with this information,  Joe Hacker can now load a password cracker on his computer and crack the encrypted password.  Once he has the username and password, he can pretty much “own” the website.  Website defacement is illegal (obviously) and in the underground, we refer to this type of hacking as “script-kiddie” stuff.  This type of search query in Google is just one example.  I’ve compiled a short list below and the entire Google Hacking Database can be found in the link at the bottom of this post.

Examples Of Google Hacking Queries

people.lst

filetype:xls username password email

passlist.txt

Financial spreadsheets: finance.xls

allinurl:cdkey.txt

intitle:webeye inurl:login.ml

inurl:/img/vr.htm

The Google Hacking Database, created by Johnny Long, can be found here.