There are many ways to search for vulnerable sites with google. I'll show you here how to get username and password from sites that use FrontPage extentions. Microsoft FrontPage Extensions creates a service.pwd file inside the _vti_pvt directory in the HTTP server's document root. This file contains user names and passwords that could be remotely retrieved by an attacker. The good news is that Google indexes this kind of files, so they are very easy to search for. The bad news is that the passwords are encrypted, but wait, this is not really a bad news :-) because you can crack them if you are patient and you have the will. If you want to become a hacker, you have to be patient and you have to have the will. Please note: I'm not telling you to hack sites, this stuff is just for learning. So if you want to do illegal things, you should know that jail is a possibility.
So lets go to the details:
1- Some administrators change the name of service.pwd file to authors.pwd or administrators.pwd or users.pwd or some thing else. So to get the biggest chance to retreive this file we will add an "inurl" condition to our search string in Google like this: inurl:(service | authors | administrators | users)
2- The file extension is "pwd" and we are not interested to get other extensions, so we will add an "ext" condition to the search string in Google like this: ext:pwd
3- The first line in the file service.pwd is "# -FrontPage-". So we will search for this string with Google
And here is the full search string:(you can click it to go to Google result page)
inurl:(service | authors | administrators | users) ext:pwd "# -FrontPage-"
In the Google result page click any link, you should see some thing like this:
Now, the question is how to crack the passwords?
Do you know john? If so, don't use it from your root account ;-)
UPDATE: Please, please, please STOP!
I delete many comments every day with questions like:
How to hack this/that site or how to get the password for this/that thing.
Please, if you want to ask such question, this is not the good place (I don't know one place on the net where you can get an answer for that) and this post is not for you.
The post was only to demonstrate how much google is powerful and how much M$ stuff is crap. No more than that.
SURE, I DID A MISTAKE speaking about JTR.
So lets go to the details:
1- Some administrators change the name of service.pwd file to authors.pwd or administrators.pwd or users.pwd or some thing else. So to get the biggest chance to retreive this file we will add an "inurl" condition to our search string in Google like this: inurl:(service | authors | administrators | users)
2- The file extension is "pwd" and we are not interested to get other extensions, so we will add an "ext" condition to the search string in Google like this: ext:pwd
3- The first line in the file service.pwd is "# -FrontPage-". So we will search for this string with Google
And here is the full search string:(you can click it to go to Google result page)
inurl:(service | authors | administrators | users) ext:pwd "# -FrontPage-"
In the Google result page click any link, you should see some thing like this:
# -FrontPage-Here, there are 2 users with their encrypted passwords. The first user is ekendall, his encrypted password is bYld1Sr73NLKo and the second user is louisa, her encrypted password is 5zm94d7cdDFiQ.
ekendall:bYld1Sr73NLKo
louisa:5zm94d7cdDFiQ
Do you know john? If so, don't use it from your root account ;-)
UPDATE: Please, please, please STOP!
I delete many comments every day with questions like:
How to hack this/that site or how to get the password for this/that thing.
Please, if you want to ask such question, this is not the good place (I don't know one place on the net where you can get an answer for that) and this post is not for you.
The post was only to demonstrate how much google is powerful and how much M$ stuff is crap. No more than that.
SURE, I DID A MISTAKE speaking about JTR.
07 Feb 2006 15:16:47
hahah, chalk another one up for the crappy Frontpage.
Nice work.
15 Feb 2006 21:40:34
hiiiiiiiiiii there
25 Apr 2006 20:37:19
Now, the quetion is how to crack the passwords?
Do you know john? I hope yes. Don't use it on your root account ;-)
Didnt actually get that. :( plz, can you explain it?
24 May 2006 19:23:56
iirc , it was "jack the ripper password cracker"
it seems to be named "John the Ripper" now , but a search for Jack the Ripper also turns it up :)
http://www.openwall.com/john/
Enjoy.
12 Jun 2006 13:19:58
iol;oiiu
02 Jul 2006 18:03:56
There is nothing else like google
07 Jul 2006 11:11:51
If I want to have username and password of a particular website then what i have to do
suppouse i want username of password of website like
Met Art
Domai
etc
25 Jul 2006 11:18:31
HI Mustapha, I downloaded "John the ripper" but everytime i run it, nothing happen: i tried downloading it from many sites, the same thing happend, anyone could help? khaled_ala_25@hotmail.com THAKS
16 Aug 2006 06:55:47
how can i use the john the ripper software?nothing happened the last time i used it.
22 Aug 2006 09:24:12
this is invincible man !!! One can hack infinitely many id's if one want's. this is just indigenious.
IT ROCKS MAN!!!!
22 Aug 2006 19:19:07
Hey mustapha, how do u use John the ripper? Hope you write a blog for this or just email me at: khaled_ala_25@hotmail.com
THANK YOU
01 Sep 2006 12:05:41
How to get the password of a particular username?
09 Sep 2006 05:31:51
How can you narrow the search down to one username?
27 Sep 2006 19:57:54
get me the JSTOR username and Password.
01 Oct 2006 06:53:21
Is it possible to hack an email address and paasword from a computer I don't have access to? Remotely, I mean.
01 Oct 2006 09:48:37
Hey, can John The Ripper hack into someone's email address and password remotely?
19 Oct 2006 13:24:41
I dont understand...
31 Oct 2006 00:34:55
iwould like to get more information about this subject if possible.
22 Nov 2006 04:55:08
http://www.osix.net/modules...
There's a good tutorial on how to use it.
27 Nov 2006 07:55:31
can anyone tell me how to see yahoo webcams without asking for permissions if yes tell or do we have software that we can use it?
02 Dec 2006 12:03:36
may i know how to hack the user name and password if i know him or her IP address. Pls tell me. how to do it and how to protect it. i m a beginner and want to become a hacker. To hack online games :) my email address is maungswetin@hotmail.com
04 Dec 2006 18:22:05
hi plz does anyone knows how to get a username and a password of any email adress? plz help me
09 Dec 2006 13:35:25
http://www.virtualhorseranc... could I crack that username and password from that accoutant
16 Dec 2006 06:36:15
hey, can u explain in more detail and with understandable words,i am just a beginner..plz..
23 Dec 2006 17:30:34
This is quite an interesting topic for sure, how ever i dont understand how you would get the user name and passwords of a spacific website.
Help?
Thanks!
27 Dec 2006 18:24:30
nice site keep it up
09 Jan 2007 19:12:52
How to get the password of a particular username from website like multiply.com?
11 Jan 2007 14:52:11
What about the web sites created using Dream weaver? Do you have any idea to track the user name & password? if u hve plz let me know.
28 Jan 2007 22:26:19
What the hell is up with all of you people asking "how can i h4x0r emial?!1!? Use fuckin google! and.... most email services (eg. yahoo, hotmail..) wont allow someone to use a password cracker like JTR or Cain. They usually have a limited number of times that you can try to log in. So dont even bother trying to hack it..let alone hack anything, if your to incompetent to use google dont try to hack. And if you want to get someones password for their email try Social Engineering, thats your best bet.
This is for all you people who keep asking how to get a username and password for a paticular website. Not all sites use Frontpage, and theres a lot more to getting passwords on websites that what was explained here, this is about as simple as it gets. So, once again, if your to incompetent to use google, stay away from hacking.
For all you people who asked how to use JTR(John The Ripper) You dont open JTR from the file you downloaded, you have to use command prompt. Go read the files that were included when you downloaded JTR. They will help alot.
One last thing... USE FUCKIN' GOOGLE! ...damn skript kiddies....
31 Jan 2007 15:26:33
The quetion is how to crack the passwords?
06 Feb 2007 10:14:10
when i try to run goole.com broweser computer ask me your google username and password only on my working computer computer except other computer
pleae help me
06 Feb 2007 17:11:56
is this software worKing for windows xp?
01 Mar 2007 09:54:35
cool
17 Mar 2007 10:56:57
Baba If This Will Work I'll Love You
Thanks
24 Mar 2007 21:01:05
okay.. so i cracked the password, but what now?
What am i suppose to use it for? i mean, i can't find any login pages :P
11 Apr 2007 07:36:59
Good old FrontPage. I wouldn't be suprised if there was a kowledge base article that describes how to use this technique as a form of "password recovery".
12 Apr 2007 01:36:59
i am embarrassed for ninety-nine percent of the people that posted here.
20 Apr 2007 02:03:49
i just want to point something out: how the fuck are we expected to know all this right off the bat? us beginers want to become good for whatever reason so why the hell are you puting us down for trying to get more info? we're new at this! give us some credit for having the patience to slog through all the crap out there writen for experts! and for putting up with condecending jerks like most of you. do i need to beat it into your skull that we try hard and not all of us were born with brothers that could hack from infancy(apologies to you if you learned all this the old fasioned way) all im saying is a bit more info would be helpful. thanks from the worlds most dedicated "script kiddie"(yeah fuck you SGrocker36!)
11 May 2007 05:38:55
yall want information and knowledge for free. the internet provides the information. if you are not resourceful enough to manipulate the info on your own then you have little chance of becoming anything more than a jerk.
04 Jun 2007 20:13:25
Fu#$$ng n00bs, learn some scripting (eg php, sql, python, ruby, java etc...) and use a little imagination. There are numerous sites for beginners to learn hacking and if you put in alittle effort and don't just plain ask to be spoon fed, then maybe, just maybe a l33t haX0r will help. Sheesh!!!!
19 Jul 2007 10:19:10
wow. great help. thanks for the interesting and informative topic. :D
25 Jul 2007 15:28:02
nice i like it
26 Jul 2007 16:22:02
Well, very interesting post... Unfortunately the rest was all crappy. I am a newbie. I don't know much about hacking, but then again. I don't care. I look around everywhere and pick up bits and try to put it all together.
I am guessing, that all of the "hackers" / experts here have done the same in the past. They will not give all of that stuff to newbies. (I hope it is because such knowledge in inexperienced hands could be disastrous) First learn to crawl, then walk and eventually run.
I have not a single problem finding guides, workshops and forums for newbies. There are LOTS AND LOTS of them. And in my opinion. A good newbie / hacker-to-be looks in books as well as a computerscreen.
Right now, I am still working on C++ from a damn stupid book. And I just bought a copy of "The Operatingsystem Unix". Because I do think Windows does not really live up to my standard. Like I said, I am a newbie. Unix is old, but who says old is bad? Get some basic knowledge and work from there.
15 Sep 2007 05:02:51
pretty generic, only a few results come up, which is probably from web servers not being secured properly. I suppose if ya wanna do random sites, then this is ok, but I doubt that there is a way that you could get all the results there are, let alone for a specific site.
If im wrong then let me know.
04 Oct 2007 05:13:05
hai
I am not able to understand what to do. Can you please explain it with example and if possible can you please add some sreen shorts?
Thanks
Please reply me
09 Oct 2007 08:06:12
nice!
27 Oct 2007 23:37:59
Another comment: This is a very clever trick, mustapha. I will probably use this many times to discourage the use of Micro$oft Frontpage Extensions.
Micro$oft sucks. Long live GNU/Linux. Also, no one get angry and try to kill my computer. The IP address you might be looking at is not my real IP, I don't run winblows and I have a firewall. By the way, my root password is not "root" or "admin" or something stupid like that. It is a long string of random letters with a LONG wait after every unsuccessful attemp, so don't even try. People with skill: do not take this as a challenge. I am just discouraging those who don't even know what's in /etc/passwd to not waste a few hours of there time.
Oh, this one is for JayD213: going to Unix is a step in th right direction, but Linux is still better (and it's free, and it runs many of the same programs, and it has better software, and it has a larger userbase now, etc.)I would recommend Ubuntu for someone new to Linux. Google it.
17 Dec 2007 14:12:57
how to get full version of password craker
22 Dec 2007 08:37:09
hai
I am not able to understand what to do. Can you please explain it with example and if possible can you please add some sreen shorts?
Thanks
Please reply me
31 Dec 2007 19:15:50
yeah heard this once but didnt save the text nor site,nice one...an the url to get the john ripper is http://openwall.com/john
24 Jan 2008 07:26:53
Ha,,ha,,,verry good stuffs...should be the best stuff to hack someone's account.thanks buddy.
02 Feb 2008 08:11:08
plss. tell us how to crack the password, i am an IT student and i want to know about this thing...
17 Feb 2008 02:31:12
this is so cool!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
17 Mar 2008 07:18:57
It is very good........
05 May 2008 13:14:03
Nice work Man !!
07 May 2008 09:30:28
Cool work..keep it up
15 Aug 2008 18:03:13
Most impressive. To use John the Ripper, the best tool to use to decrypt the passes, do a Google search for how to use John the Ripper. There are sites that have tutorials on how to use the prog.
24 Sep 2008 10:12:12
Most impressive. To use John the Ripper, the best tool to use to decrypt the passes, do a Google search for how to use John the Ripper. There are sites that have tutorials on how to use the prog.
28 Sep 2008 01:21:52
i dont understand how? example inurl:hotmail.com ext:pwd #-frontpage- i put this in google and dont found nothing!! which is the trick??? please give me an answer for correct code if you know!!
11 Nov 2008 22:43:09
Guys excellent writeup....but the entire stuff is spoilt by the kind of comments u got.
Why dont u change the heading that says, FRONTPAGE BUG - STRENGTH of GOOGLE?
I believe the comments come from people who googled...how to crack a password and landed out here. They are then disappointed. Its exceedingly refreshing to for novices like me to understand the critical security deficits of microsoft products.
28 Jan 2009 22:07:12
OK VERY FINE
09 Mar 2009 11:19:05
Very nice&cool