In theory, everyone knows that passwords should not reside on post-its stuck to the monitor or under the keyboard. In practice, however, surprisingly many people store passwords in text files and put them in their home directories, which(funnily enough) are acces-sible through the Internet.


What’s more, many such individuals work as network administrators or similar, so the files can get pretty big.It’s hard to define a single method of locating such data, but googling for such keywords as account, users, admin, administrators, passwd,password and so on can be pretty effective, especially coupled with such filetypes as .xls, .txt, .doc,.mdb and .pdf

. It’s also worth nothing directories whose names containthe words admin,backup and so forth – a query like inurl:admin intitle:index.of will do the trick.here are some Google queries for locating passwords :

“http://*:*@www” site : passwords for site, stored as the string “http://username:password@www…”
filetype:bak inurl:”htaccess|passwd|shadow|ht users” :file backups, potentially containing user names and passwords
filetype:mdb inurl:”account|users|admin|administrators|passwd|password” : mdb files, potentially containing password information
intitle:”Index of” pwd.db : pwd.db :files, potentially containing user names and encrypted passwords
inurl:admin inurl:backup intitle:index.of : directories whose names contain the words admin and backup
“Index of/” “Parent Directory” “WS _ FTP.ini” filetype:ini WS _ FTP PWD : WS_FTP configuration files, potentially containing FTP server access passwords ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-” : files containing Microsoft FrontPage passwords
filetype:sql (”passwd values ****” | “password values ****” | “pass values ****” ) : files containing SQL code and passwords inserted into a database

intitle:index.of trillian.ini : configuration files for the Trillian IM
eggdrop filetype:user user : configuration files for the Eggdrop ircbot
filetype:conf slapd.conf : configuration files for OpenLDAP
inurl:”wvdial.conf” intext:”password” : configuration files for WV Dial
ext:ini eudora.ini : configuration files for the Eudora mail client
filetype:mdb inurl:users.mdb : Microsoft Access files, potentially containing user account information
intext:”powered by Web Wiz Journal” : websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file – just enter http://<host>/journal/journal.mdb instead of the default http://<host>/ journal/
“Powered by DUclassified” -site:duware.com : websites using the DUclassified, DUcalendar, DUdirectory, DU-
“Powered by DUcalendar” -site:duware.com : classmate, DUdownload, DUpaypal, DUforum or DUpics applica-
“Powered by DUdirectory” -site:duware.com : tions, which by default make it possible to obtain the passwords
“Powered by DUclassmate” -site:duware.com : file – for DUclassified, just enter http://<host>/duClassified/ _
“Powered by DUdownload” -site:duware.com : private/duclassified.mdb instead of http://<host>/duClassified/
“Powered by DUpaypal” -site:duware.com :
“Powered by DUforum” -site:duware.com :
intitle:dupics inurl:(add.asp | default.asp |view.asp | voting.asp) -site:duware.com :

intext:”BiTBOARD v2.0″ “BiTSHiFTERS Bulletin Board” : websites using the Bitboard2 bulletin board application, which on default settings allows the passwords file to be obtained – enter http://<host>/forum/admin/data _ passwd.dat instead of the default http://<host>/forum/forum.php