1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Find SQL databases on Google (vBulletin etc)

Discussion in 'Black Hat SEO Tools' started by Olly, Dec 28, 2007.

  1. Olly

    Olly Junior Member

    Joined:
    Jun 28, 2007
    Messages:
    153
    Likes Received:
    246
    I found out about this a while ago and just remembered about it so thought I'd post it here. I'm sure most of you know this but a cool trick for those who don't to find forum databases (vBulletin etc) and others on Google.

    In the search box type;

    "vbulletin" filetype:sql

    This will return a list of backups people have placed on their server of their vBulletin forum and a few other things.

    This could be pretty handy if you find a database with lots of users on the same subject of a product you might be promoting ;) Or maybe you want to load yourself a new forum with a few posts/users already there. I just downloaded one and loaded it on localhost and had a forum with 200 users and around 2500 threads.

    I'm sure you can think of something to use them for.

    There was a few other similar commands which I will try and find and post here soon :)
     
    • Thanks Thanks x 1
  2. torched

    torched Junior Member

    Joined:
    Mar 6, 2007
    Messages:
    146
    Likes Received:
    416
    lol thats just evil, but very effective ;)
     
  3. BarAsir

    BarAsir Newbie

    Joined:
    Aug 30, 2007
    Messages:
    8
    Likes Received:
    0
    Have you tried looking for $config['MasterServer']['username'] on Google?

    Sad. Very sad.
     
  4. ryanx

    ryanx Newbie

    Joined:
    Dec 29, 2007
    Messages:
    11
    Likes Received:
    0
    lol, sweet, what should I search for to find users and passwords though?
     
  5. dynamicvb

    dynamicvb Regular Member

    Joined:
    Sep 2, 2007
    Messages:
    389
    Likes Received:
    185
    Evil, but very clever :)
     
  6. BarAsir

    BarAsir Newbie

    Joined:
    Aug 30, 2007
    Messages:
    8
    Likes Received:
    0
    That is the code.

    If you find the above string within a page, it is most likely the vB configuration file to access the DB the vB is running from.

    There is one just like that phpBB, PHPNuke, etc.

    Because they do not lock down the folders, Google scans it, and posts it... If the file is not there, there might be still cached information.

    FYI - what you are planning is illegal in most countries (and that is much more than 'just' black hat, in my opinion).
     
  7. marcus45

    marcus45 Regular Member

    Joined:
    Dec 29, 2007
    Messages:
    301
    Likes Received:
    52
    can we get lots of emails this kind of techniques?
     
  8. teampower

    teampower Newbie

    Joined:
    Jan 8, 2008
    Messages:
    6
    Likes Received:
    0
    love that 1 thanks
     
  9. minirich

    minirich Newbie

    Joined:
    Dec 3, 2007
    Messages:
    10
    Likes Received:
    0
    if i remember right there was an ebook titled "Go*gle as a hacking tool"
    its "quite a view years old" about 2 to 3 i think

    Mike
     
  10. minirich

    minirich Newbie

    Joined:
    Dec 3, 2007
    Messages:
    10
    Likes Received:
    0
    i found a similar one
    if the links not working anymore, at least you get a picture of what's in the book.

    hxxp://knowfree.net/2007/09/04/google-hacks-3rd-edition-with-source-code.kf
     
  11. reinrein

    reinrein Regular Member

    Joined:
    Feb 8, 2008
    Messages:
    443
    Likes Received:
    343
    Home Page:
    Hey that is scary! How can I protect my websites/passwords from that thing?
     
  12. minirich

    minirich Newbie

    Joined:
    Dec 3, 2007
    Messages:
    10
    Likes Received:
    0
    put your mysql db in a directory that can't be index by google(either .htaccess or out of webserver path),
    turn off directory listing,
    add robot.txt
    and look throug your .htaccess files and tight them up.

    Mike
     
  13. paypalaffiliate

    paypalaffiliate Registered Member

    Joined:
    Apr 12, 2008
    Messages:
    54
    Likes Received:
    8
    How does it looks so that i will know that its there site backups?

    please let me know. im learning alot in here
     
  14. Olly

    Olly Junior Member

    Joined:
    Jun 28, 2007
    Messages:
    153
    Likes Received:
    246
    Well for vBulletin ones the backups are named something like;

    forumbackup-06-06-2006-1234d.sql

    So, "forumbackup+date+somenumber.sql"


    I'm not sure about other sites/scripts but I guess just look for file names with words like "backup" or "dump" etc, stuff like that.
     
  15. wingchun3

    wingchun3 Newbie

    Joined:
    Nov 1, 2008
    Messages:
    26
    Likes Received:
    11
    heres a good tip

    type in something like

    "@aol.com" filetype:sql

    or

    "@hotmail.com" filetype:sql

    then search threw the results looking for plain md5 passwords next to the entries

    then just simply enter the email addy unencoded md5 pass or plain pass from the results you find

    i have found over 10 poeples email accounts this way, its good to save and then access poeples info every now and agian
     
  16. plut0

    plut0 Regular Member

    Joined:
    Aug 2, 2008
    Messages:
    262
    Likes Received:
    60
    google dork :)
    just remember me how to carding many years ago :D