Google Hacking of Oracle Technologies V1.02 - by Red-Database-Security GmbH

Google Hacking of Oracle Technologies V1.02                          

Database Logins  
iSQL*Plus is the web version of SQL*Plus the default user interface for the Oracle database 


iSQL*Plus 
http://www.google.com/search? l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus&btnG=Search


iSQL*Plus 9.2 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2&btnG=Search


iSQL*Plus 9.2.0.1 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.1&btnG=Search


iSQL*Plus 9.2.0.2 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.2&btnG=Search


iSQL*Plus 9.2.0.3 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.3&btnG=Search


iSQL*Plus 9.2.0.4 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.4&btnG=Search


iSQL*Plus 9.2.0.5 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.5&btnG=Search


iSQL*Plus 9.2.0.6 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.6&btnG=SearchGoogle Hacking of Oracle Technologies V1.02 


iSQL*Plus 10.1 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1&btnG=Search


iSQL*Plus 10.1.0.1 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1.0.1&btnG=Search


iSQL*Plus 10.1.0.2 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1.0.2&btnG=Search


iSQL*Plus 10.1.0.3 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1.0.3&btnG=Search


iSQL*Plus 10.1.0.4 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1.0.4&btnG=Search                                


Oracle Application Server: 
iAS Demopages 
http://www.google.de/search?num=100&q=++%22inurl%3A%2FiASDemos.htm%22
http://www.google.de/search?num=100&q=++%22inurl%3A%2FJ2EEandIA.htm%22


Oracle Forms 
Oracle Forms 6i (using CGI) 
http://www.google.com/search?q=+inurl%3Af60cgi&btnG=Search&num=100
http://www.google.com/search?num=100&hl=de&c2coff=1&q=+inurl%3Aifcgi60


Oracle Forms 6i (using Servlets) 
http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=inurl%3Af60servlet


Oracle Forms 9i 
http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=inurl%3Af90servlet
Oracle Reports 


Oracle Reports 6i 
http://www.google.com/search?num=100&q=+inurl%3Arwcgi60


Oracle Reports 9i 
http://www.google.com/search?q=%22inurl%3Arwservlet%22+%22inurl%3Areports%22&num=10


Oracle Discoverer 
Oracle Discoverer 9i Viewer 
http://www.google.com/search?num=100&q=%22inurl%3Adiscoverer%2Fviewer%22


Oracle Discoverer 9i Plus  
http://www.google.com/search?num=100&q=%22inurl%3Adiscoverer%2Fplus%22


Oracle Discoverer 10g 
http://www.google.com/search?num=100&q=%22inurl%3Adiscoverer%2Fapp%22Google 


Oracle HTTP Server 
Browsable Oracle HTTP Server Directories 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22


Oracle HTTP Server 1.3.12 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22+1.3.12


Oracle HTTP Server 1.3.19 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22+1.3.19


Oracle HTTP Server 1.3.22 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22+1.3.22


Oracle HTTP Server 1.3.28 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22+1.3.28


Oracle HTTP Server 10g 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22++%22Oracle-Application-Server-10g%22


Oracle HTTP Server with 300-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A300


Oracle HTTP Server with 302-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A302


Oracle HTTP Server with 401-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A401%22


Oracle HTTP Server with 403-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A403%22


Oracle HTTP Server with 404-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A404+Not+Found%22


Oracle Webdav  
http://www.google.com/search?num=100&q=%22inurl%3Adav_public%22


Oracle Single-Sign-On Page 
http://www.google.de/search?num=100&q=%22intitle%3ASingle+SignOn%22+%22Oracle+Corporation%22+%22All+rights+reserved%22
http://www.google.com/search?num=100&hl=de&q=%22inurl%3Apls%2Forasso%22


Oracle Portal 
http://www.google.com/search?num=100&hl=de&c2coff=1&q=%22inurl%3Apls%2Fportal%22


Oracle HTMLDB 
http://www.google.com/search?num=100&q=%22inurl%3Apls%2Fhtmldb%22


Oracle Internet Directory OIDDAS 
http://www.google.com/search?q=%22inurl%3Aoiddas%22&num=100


Designer generated Web Application 
http://www.google.com/search?q=%22inurl:pls%22+%22inurl:startup%22+%22inurl:%24.%22&nu
m=100


Oracle Enterprise Manager 
Oracle Enterprise Manager 9i 
http://www.google.com/search?q=%22inurl%3A%2Femd%2Fmain%22&num=100


Oracle Enterprise Manager 10g 
http://www.google.com/search?num=100&q=%22inurl%3A%2Fem%2Fconsole%22+%22intitle%3
AOracle+Enterprise+Manager%22++Copyright+Oracle


Oracle Ultrasearch 
http://www.google.com/search?num=100&hl=de&c2coff=1&q=%22inurl%3A%2Fultrasearch%2Fq
uery%22Google Hacking of Oracle Technologies V1.02                                 


Oracle Lite 9i 
http://www.google.de/search?num=100&q=%22inurl%3Awebtogo%2Findex.html%22
Oracle Jinitator Download Page 
http://www.google.de/search?num=100&q=%22inurl%3Ajinitiator%22+%22intitle%3AOracle+JInit
iator%22+%22intitle%3ADownload+Page%22
Oracle mod_plsql-related 


Oracle DAD Config Page 
http://www.google.de/search?num=100&q=%22inurl%3A%2Fpls%2Fadmin_%2Fgateway.htm%22
admin_/globalsettings.htm
http://www.google.com/search?&ie=UTF-8&oe=UTF-
8&q=inurl%3Aadmin%5F%2Fglobalsettings%2Ehtm


Oracle Pages with wrong DAD configuration 
http://www.google.de/search?q=%22No+DAD+configuration+Found%22++%22DAD+Name%22&
num=100


Oracle JDeveloper: 
Oracle OC4j connections.xml 
http://www.google.de/search?as_q=&num=100&as_epq=inurl%3Aconnections+xml&as_filetype=x
ml


Oracle JSP with error messages “at oracle.jsp” 
http://www.google.de/search?num=100&q=%22at+oracle.jsp.%22+%22Exception%3A%22+%22Re
quest+URI%3A%22+%22JSP+Error%3A%22


Oracle JSP with error messages “at oracle.jdbc” 
http://www.google.de/search?num=100&q=%22at+oracle.jdbc%22+%22Exception%3A%22++%22
JSP+Error%22


Oracle UIX Applications: 
http://www.google.de/search?q=inurl%3Auix+inurl%3Aimtapp&num=100
Oracle Web Conferencing: 
http://www.google.de/search?num=100&q=%22inurl%3A%2Fimtapp%22+Conference


OracleAS Wireless Portal: 
http://www.google.de/search?q=%22inurl%3Aptg%2Frm%22&num=100Google Hacking of 


Oracle iLearning: 
http://www.google.de/search?num=100&q=%22inurl%3A%2Filearn%2Fen%22
Oracle FilesOnline: 
http://www.google.de/search?num=100&q=%22inurl%3A%2Ffiles%2Fapp%2FHomePage%22


Oracle iStore: 
http://www.google.com/search?num=100&q=%22inurl%3A%2FOA_HTML%2F%22


Oracle CRM Login Page: 
http://www.google.de/search?num=100&q=%22inurl%3A%2FOA_HTML%2Fjtflogin.jsp%22Google Hacking of Oracle Search 


Engines Used to Attack Databases:
http://www.appsecinc.com/presentations/Search_Engine_Attack_Database.pdf
Johnny Long’s Google Hacking Webpage:  http://johnny.ihackstuff.com/

How to Hack Web Sites Using Googlegoo

Disclaimer: We does not encourage anyone to use the information provided in this video for any illegal or illicit purposes. The video show ways to ways to use Google, and its search engine, to perform tasks like control web cams, and a lot more. This video is for information purposes only. The video doesn’t show security holes created by Google’s search engine, but rather security holes in web sites that are found by the Google spider because they are … security holes that should be closed by the web site owner. In a way Google’s search engine helps site owners check to make sure their sites are secure. Perhaps after watching this video you might suddenly get a cold chill down your spine as you realize your web site is vulnerable to one of these hacks. Hopefully, you also take the time to fix your security hole, and get a good night’s sleep tonight.

Google Hacking using GooScan

GooScan is a Google Hacking tool written by Jhonny Long. The tool can be run against a Google search appliance or against Google search directly. The tool is configurable and we can run our own custom queries using it. The best part is that, it already ships with a list of common queries which can assess the information leakage of a website. More details on Google Hacking are available on Jhonny Long's website.

DEFCON : Google Hacking for Penetration Testers

Google Hack Video !!!

How to use Google for Hacking.

Google serves almost 80 percent of all search queries on the Internet, proving itself as the most popular search engine. However Google makes it possible to reach not only the publicly available information resources, but also gives access to some of the most confidential information that should never have been revealed. In this post I will show how to use Google for exploiting security vulnerabilities within websites. The following are some of the hacks that can be accomplished using Google.

1. Hacking Security Cameras

There exists many security cameras used for monitoring places like parking lots, college campus, road traffic etc. which can be hacked using Google so that you can view the images captured by those cameras in real time. All you have to do is use the following search query in Google. Type in Google search box exactly as follows and hit enter

inurl:”viewerframe?mode=motion”

Click on any of the search results (Top 5 recommended) and you will gain access to the live camera which has full controls.

you now have access to the Live cameras which work in real-time. You can also move the cameras in all the four directions, perform actions such as zoom in and zoom out. This camera has really a less refresh rate. But there are other search queries through which you can gain access to other cameras which have faster refresh rates. So to access them just use the following search query.

intitle:”Live View / – AXIS”

Click on any of the search results to access a different set of live cameras. Thus you have hacked Security Cameras using Google.

2. Hacking Personal and Confidential Documents

Using Google it is possible to gain access to an email repository containing CV of hundreds of people which were created when applying for their jobs. The documents containing their Address, Phone, DOB, Education, Work experience etc. can be found just in seconds.

intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”

You can gain access to a list of .xls (excel documents) which contain contact details including email addresses of large group of people. To do so type the following search query and hit enter.

filetype:xls inurl:”email.xls”

Also it’s possible to gain access to documents potentially containing information on bank accounts, financial summaries and credit card numbers using the following search query

intitle:index.of finances.xls

3. Hacking Google to gain access to Free Stuffs

Ever wondered how to hack Google for free music or ebooks. Well here is a way to do that. To download free music just enter the following query on google search box and hit enter.

“?intitle:index.of?mp3 eminem“

Now you’ll gain access to the whole index of eminem album where in you can download the songs of your choice. Instead of eminem you can subtitute the name of your favorite album. To search for the ebooks all you have to do is replace “eminem” with your favorite book name. Also replace “mp3″ with “pdf” or “zip” or “rar”.

4. Using Google, and some finely crafted searches we can find a lot of interesting information.

For Example we can find:
Credit Card Numbers
Passwords
Software / MP3′s
…… (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:
intitle:”Index of” passwords modified
allinurl:authuserfile.txt
“access denied for user” “using password”
“A syntax error has occurred” filetype:ihtml
allinurl: admin mdb
“ORA-00921: unexpected end of SQL command”
inurl:passlist.txt
“Index of /backup”
“Chatologica MetaSearch” “stack tracking:”

Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999

“parent directory ” /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory “Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

METHOD 2

put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson

METHOD 3

put this string in google search:
inurl:microsoft filetype:iso
You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…

“# -FrontPage-” inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!

“AutoCreate=TRUE password=” 
This searches the password for “Website Access Analyzer”, a Japanese software that creates webstatistics. For those who can read Japanese, check out the author’s site at: coara.or.jp/~passy/[or.jp]

“http://:@www” domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

“http://:@www” bangbus or “http://:*@www”bangbus

Another way is by just typing
“http://bob:bob@www”

“sets mode: +k”
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb
Not all of these pages are administrator’s access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:authuserfile.txt
DCForum’s password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)

intitle:”Index of” config.php
This search brings up sites with “config.php” files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:”htaccess|passwd|shadow|htusers” This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.

Let’s pretend you need a serial number for windows xp pro.

In the google search bar type in just like this – “Windows XP Professional” 94FBR

the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of ‘fake’ porn sites that trick you.

or if you want to find the serial for winzip 8.1 – “Winzip 8.1″ 94FBR

Credits and More Info http://johnny.ihackstuff.com

I have shown you this info to let you know that there is a real risk putting your info online. If you do want to buy stuff online make sure the site you are using is secure normally if a site is secure you will see a pop up saying you are now entering a secure part of the site or a symbal of a padlock at the bottom of your browser or just use pay pal, pay pal is very safe to use. But most of the time just use common sense if a site looks cheap it normally hasn’t got the protection to keep your info safe. I am not saying don’t buy stuff online because that is one of the best thing’s about the internet i am just saying be aware of websites that want your bank details and there is no symbal of a padlock at the bottom of your browser

5.Crash a Computer using Flash and Google.

Open up a new flash document. Open up the Actions panel for the stage of the first frame. If it’s in Actionscript 2, write the following:

onEnterFrame = function () { getURL(“http://www.google.com”, “_blank”); }

Or if it’s actionscript 3 write the following:

function openGoogle(e:Event):void { navigateToURL(“http://www.google.com”, “_blank”); } stage.addEventListener(Event.ENTER_FRAME, openGoogle);

Press Control-Enter when you’re ready to crash your computer. What this does is repeatedly open up new tabs of Google. But it opens so many Google tabs every second that after maybe 20-30 seconds your computer will barely be able to respond to you mouse clicks or even mouse movements. Usually, any attempt to stop it will result in processing overload and cause the computer to freeze. The only real way to stop this is to force-quit BOTH flash.exe and iexplorer.exe. Some teachers may know enough to do this, but might accidentally close explorer.exe

hope you enjoyed this post. Pass your comments. Cheers!

Google Secrets

Method 1 ?www.google.com

put this string in google search:

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip-xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Notice that i am onlychanging the word after the parent directory, change it to what you want and you will get a lot of stuff.




Method 2

?www.google.com

put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.

Example: ?intitle:index.of? mp3 jackson




Method 3

?www.google.com

just type crack: app name

example: crack: demohget 1.6a 

How To Browse Forums Without Logging -Googlebot

Googlebot 

Googlebot is Google's web crawling bot (sometimes also called a "spider"). Crawling is the process by which Googlebot discovers new and updated pages to be added to the Google index.

Googlebot use a huge set of computers to fetch (or "crawl") billions of pages on the web. Googlebot uses an algorithmic process: computer programs determine which sites to crawl, how often, and how many pages to fetch from each site.

Googlebot's crawl process begins with a list of webpage URLs, generated from previous crawl processes and augmented with Sitemap data provided by webmasters. As Googlebot visits each of these websites it detects links (SRC and HREF) on each page and adds them to its list of pages to crawl. New sites, changes to existing sites, and dead links are noted and used to update the Google index.

How Googlebot accesses your site

For most sites, Googlebot shouldn't access your site more than once every few seconds on average. However, due to network delays, it's possible that the rate will appear to be slightly higher over short periods. In general, Googlebot should download only one copy of each page at a time. If you see that Googlebot is downloading a page multiple times, it's probably because the crawler was stopped and restarted.

Googlebot was designed to be distributed on several machines to improve performance and scale as the web grows. Also, to cut down on bandwidth usage, we run many crawlers on machines located near the sites they're indexing in the network. Therefore, your logs may show visits from several machines at google.com, all with the user-agent Googlebot. Our goal is to crawl as many pages from your site as we can on each visit without overwhelming your server's bandwidth. Request a change in the crawl rate.

How To Browse Forums Without Logging -Googlebot 


Visit any forum or website to find something useful and they will ask you to register.
All websites and forums will block unregistered users, but they won’t block Google Bot. What we will do is to switch our User Agent to that of Google Bot and freely browse any website orforum without registering. 

First grab the User Agent Switcher add-on for Firefox called ‘user agent’ here and install it.
Now go to Tools > User Agent Switcher > Options and then again to Options.




Select User Agent from the left sidebar and click Add. Now in the description field type:

crawl-66-249-66-1.googlebot.com

and in user agent field type:

Googlebot/2.1 (+What is Googlebot? - Webmaster Tools Help)

as shown in the screenshot below.





Select Google Bot as your User Script by going to Tools > User Agent Switcher.


Now browse any website or forum without registering.