Segodnya intitle all user publications. How to delete old posts from Facebook Timeline

Has a terrible habit of reminding you of everything you've ever posted. Most likely, in the dark corners of your Chronicle there are many entries that you no longer remember. It's time to remove them once and for all.

Checking the Chronicle

First and foremost, make sure you know how your Timeline is viewed by regular users (those who aren't your Facebook friends). To do this, go to your Timeline, click on the lock icon, in the “Who can see my materials?” select "View As" and you will see the following:

Look through everything well, and if you don’t like something, click on the date under your name, then on the globe icon, and change the “Shared to everyone” item to “Friends”, “Only me” or “User settings”. In addition, you can completely delete an entry by selecting the appropriate item after clicking on the arrow in the right top corner.

Hide old public posts

If you want to hide many public posts at once, you will be surprised that Facebook has a special tool for this.

Click the privacy settings lock in the top right corner of the page, select "See other settings" and click "Limit access to past posts." Read the message that appears and click “Apply these restrictions to past posts” if you want only your friends to see all your old posts.

Change Timeline settings

Next, let's make sure your Timeline settings match your preferences. Click the privacy settings lock in the top right corner again, select See other settings, and click the Timeline & Tags tab in the left panel.

Make sure that the first, fourth, fifth and seventh items are set to “Friends” or whatever you choose:

A more thorough Facebook cleanup

If these tips are not enough for you, you can use one of the extensions for Chrome browser eg Facebook Post Manager. However, such programs can be overly aggressive, so be careful when using them.

Ready! You have cleared your Timeline of old, forgotten publications. Now you can live in peace and not worry about someone coming across a compromising image or status you posted in 2009.

Social Facebook network becomes more and more popular, the number of its users and the average number of Facebook friends these users have accordingly increases. Sometimes we add strangers or people we don’t know as friends on Facebook. strangers, which we have never even seen in real life.
And I am sure that in connection with this, many people from time to time have the need to publish posts on Facebook “not for everyone.” That is, when you want your post on Facebook to be seen only by certain people from your circle of friends, but not everyone. Or, conversely, you want to hide a post from certain people on Facebook. I would even say that everyone has such a need, but most simply do not realize it, not caring at all about the privacy of their data. And unfortunately, not everyone knows what Facebook has fine settings displaying publications that help maintain privacy on the network and avoid problems caused by certain publications.
When you post on Facebook, below the input form you will see the option to customize the display of the post, thanks to which you can choose who can see your publication. By default, two options are available there - “Shared to everyone” (i.e., your publication will be available throughout the Internet), and “Friends” (i.e., only your Facebook friends will see your publication).

However, sometimes these settings may not be enough, so you can select the “Advanced settings” option.

IN additional settings You can choose the following options for displaying your Facebook post:

Also, the settings allow you to share your post only for your colleagues or for people from your region, or for your own list of friends.

If all these options specially created by Facebook developers are not enough for you, you can create your own settings. This is very convenient for special cases - for example, you want to share photos from a past corporate event with your colleagues, but without the boss seeing it.
To create your own post display rule, select “User Settings” in the post publishing settings.

You will see a window in which you can select both individual people for whom you want to publish a post (just start typing the person’s name and he will appear in the drop-down list), and vice versa, people for whom your post will not be available.

And today I will tell you about another search engine that is used by pentesters/hackers - Google, or more precisely about the hidden capabilities of Google.

What are Google Dorks?

Google Dork or Google Dork Queries (GDQ) is a set of queries for identifying the worst security holes. Anything that is not properly hidden from search robots.

For brevity, such requests are called Google dorks or simply dorks, like those admins whose resources were hacked using GDQ.

Google Operators

To begin with, I would like to give a small list of useful Google Teams. Among all the Google advanced search commands, we are mainly interested in these four:

site - search on a specific site;
inurl - indicate that the searched words should be part of the page/site address;
intitle - search operator in the title of the page itself;
ext or filetype - search for files of a specific type by extension.

Also, when creating Dork, you need to know several important operators, which are specified by special characters.

| - the OR operator, also known as a vertical slash (logical or), indicates that you need to display results containing at least one of the words listed in the query.
"" - The quote operator indicates an exact match.
— - the minus operator is used to exclude from displaying results with words specified after the minus.
* - the asterisk or asterisk operator is used as a mask and means “anything.”

Where to find Google Dorky

The most interesting dorks are the fresh ones, and the freshest ones are those that the pentester found himself. True, if you get too carried away with experiments, you will be banned from Google... before entering the captcha.

If you don’t have enough imagination, you can try to find fresh dorks on the Internet. The best site to find dorks is Exploit-DB.

The Exploit-DB online service is a non-profit Offensive Security project. If anyone doesn't know, this company provides training in the field of information security, and also provides pentesting services.

The Exploit-DB database contains huge amount dorks and vulnerabilities. To search for dorks, go to the website and go to the “Google Hacking Database” tab.

The database is updated daily. At the top you can find the latest additions. On the left side is the date the dork was added, name and category.

Exploit-DB website

At the bottom you will find dorks sorted by category.

Exploit-DB website

Another good site is . There you can often find interesting, new dorks that don’t always end up on Exploit-DB.

Examples of using Google Dorks

Here are examples of dorks. When experimenting with dorks, do not forget about the disclaimer!

This material is for informational purposes only. It is addressed to information security specialists and those who are planning to become one. The information presented in this article is provided for informational purposes only. Neither the editors of the website www.site nor the author of the publication bear any responsibility for any harm caused by the material in this article.

Doors for finding website problems

Sometimes it is useful to study the structure of a site by obtaining a list of files on it. If the site is made on the WordPress engine, then the repair.php file stores the names of other PHP scripts.

The inurl tag tells Google to search for the first word in the body of the link. If we had written allinurl, the search would have occurred throughout the entire body of the link, and the search results would have been more littered. Therefore, it is enough to make a request like this:

inurl:/maint/repair.php?repair=1

As a result, you will receive a list of WP sites whose structure can be viewed via repair.php.

Studying the structure of a website on WP

WordPress causes a lot of problems for administrators with undetected configuration errors. From the open log you can find out at least the names of the scripts and downloaded files.

inurl:"wp-content/uploads/file-manager/log.txt"

In our experiment simple request allowed me to find a direct link to the backup in the log and download it.

Finding valuable information in WP logs

Many valuable information can be extracted from the logs. It is enough to know what they look like and how they differ from the mass of other files. For example, an open source interface for a database called pgAdmin creates service file pgadmin.log. It often contains usernames, database column names, internal addresses, and the like.

The log is found with a simple query:

ext:log inurl:"/pgadmin"

There is an opinion that open source- This secure code. However, the openness of source codes in itself only means the opportunity to explore them, and the goals of such research are not always good.

For example, Symfony Standard Edition is popular among frameworks for developing web applications. When deployed, it automatically creates a parameters.yml file in the /app/config/ directory, where it saves the database name, as well as login and password.

You can find this file using the following query:

inurl:app/config/ intext:parameters.yml intitle:index.of

f Another file with passwords

Of course, the password could then be changed, but most often it remains the same as it was set at the deployment stage.

The open source UniFi API browser tool is increasingly used in corporate environments. It is used to manage segments wireless networks, created on the principle of “seamless Wi-Fi”. That is, in an enterprise network deployment scheme in which many access points are controlled from a single controller.

The utility is designed to display data requested through Ubiquiti's UniFi Controller API. With its help, it is easy to view statistics, information about connected clients, and other information about the server’s operation via the UniFi API.

The developer honestly warns: “Please do keep in mind this tool exposes A LOT OF the information available in your controller, so you should somehow restrict access to it! There are no security controls built into the tool...". But many people don't seem to take these warnings seriously.

Knowing about this feature and asking another specific query, you will see a lot of service data, including application keys and passphrases.

inurl:"/api/index.php" intitle:UniFi

General search rule: first we determine the most specific words that characterize the selected target. If this is a log file, then what distinguishes it from other logs? If this is a file with passwords, then where and in what form can they be stored? Marker words are always in some kind of certain place- for example, in the title of a web page or its address. By limiting your search area and specifying precise markers, you will get raw search results. Then clean it of debris, clarifying the request.

Doors for searching open NAS

Home and office network storage popular now. The NAS function is supported by many external drives and routers. Most of their owners don’t bother with security and don’t even change default passwords like admin/admin. You can find popular NAS by the typical titles of their web pages. For example, the request:

intitle:"Welcome to QNAP Turbo NAS"

will display a list of NAS IPs made by QNAP. All that remains is to find the weakest one among them.

The QNAP cloud service (like many others) has the function of providing file sharing via a private link. The problem is that it's not that closed.

inurl:share.cgi?ssid=

Finding shared files

This simple query shows files shared through the QNAP cloud. They can be viewed directly from the browser or downloaded for more detailed information.

Doors for searching IP cameras, media servers and web admin panels

In addition to NAS, with advanced Google queries you can find many other network devices with control via a web interface.

The most common way to do this is CGI scripts, so the main.cgi file is a promising target. However, he can meet anywhere, so it is better to clarify the request.

For example, by adding a standard call to it?next_file. As a result, we get a dork like:

inurl:"img/main.cgi?next_file"

In addition to cameras, there are similarly media servers that are open to anyone and everyone. This is especially true for Twonky servers manufactured by Lynx Technology. They have very recognizable name and default port 9000.

For cleaner search results, it is better to indicate the port number in the URL and exclude it from the text part of web pages. The request takes the form

intitle:"twonky server" inurl:"9000" -intext:"9000"

Video library by year

Typically, a Twonky server is a huge media library that shares content via UPnP. Authorization for them is often disabled “for convenience.”

Doors for searching for vulnerabilities

Big data is a buzzword now: it is believed that if you add Big Data to anything, it will magically begin to work better. In reality, there are very few real experts on this topic, and with the default configuration, big data leads to large vulnerabilities.

Hadoop is one of the simplest ways to compromise tera- and even petabytes of data. This platform is open source code contains well-known headers, port numbers and service pages, which make it easy to find the nodes it manages.

intitle:"Namenode information" AND inurl:":50070/dfshealth.html"

Big Data? Big vulnerabilities!

With this concatenation query we get search results with a list of vulnerable Hadoop-based systems. You can walk around directly from your browser file system HDFS and download any file.

Google Dorky is powerful tool any pentester, which not only an information security specialist should know about, but also regular user networks.

Additional commands to the Google search engine allow you to achieve much more best results. With their help, you can limit the scope of your search, and also indicate to the search engine that you do not need to view all pages.

Operator "Plus" (+):
For a situation where you need to force some mandatory word to be included in the text. To do this, use the “+” operator before the required word. Suppose, if we have a request for Terminator 2, as a result of the request we will have information about the film Terminator, Terminator 2, Terminator 3. To leave only information about the film Terminator 2, we put a “plus sign” in front of the two: just a little about “Home Alone” I". If we have a request like Terminator +2.

For example:
Magazine +Murzilka
+Bernoulli equation

Site operator:

For example:
Music site:www.site
Books site:ru

Link operator:

For example:
link:www.site
Friends link:www.site

Range operator (..):
For those who have to work with numbers, Google has made it possible to search for ranges between numbers. In order to find all pages containing numbers in a certain range “from - to”, you need to put two dots (..) between these extreme values, that is, the range operator.

For example:
Buy a book $100..$150

Excluding words from the query. Logical NOT (-):
To exclude any words, the minus (-) exclusion operators are used. That is, a logical “NOT”. Useful in cases where the results direct search too littered

For example:
Aquarium group - we are looking for everything about the aquarium excluding the "Aquarium" group

Search for exact phrase (""):
Useful for searching for a specific text (an entire article based on a quote). To do this, you need to enclose the query in quotes (double quotes).

For example:
“And the dungeon is cramped, and there is only one freedom And we always trust in it” - we are looking for Vysotsky’s ballad one line at a time

Note: Google allows you to enter a maximum of 32 words per search string.

Word truncation (*):
Sometimes you need to look for information about a word combination in which one or more words are unknown. For these purposes, the “*” operator is used instead of unknown words. Those. “*” is any word or group of words.

For example:
Master and *
Leonardo * Vinci

cache operator:
The search engine stores the version of the text that is indexed by the search spider in a special storage format called a cache. A cached version of a page can be retrieved if original page inaccessible (for example, the server on which it is stored is not working). The cached page is shown as it is stored in the database search engine and is accompanied by a notice at the top of the page stating that this is a cached page. It also contains information about the time the cached version was created. On a cached page keywords queries are highlighted, and each word is highlighted in its own color for user convenience. You can create a request that will immediately return a cached version of a page with a specific address: cache:page_address, where instead of “page_address” is the address of the page saved in the cache. If you need to find any information in a cached page, you need to write a request for this information separated by a space after the page address.

For example:
cache:www.site
cache:www.site tournaments

We must remember that there should not be a space between “:” and the page address!

filetype operator:
As you know, Google indexes not only html pages. If, for example, you needed to find some information in a place other than html type file, you can use the filetype operator, which allows you to search for information in a specific file type (html, pdf, doc, rtf...).

For example:
Specification html filetype:pdf
Essays filetype:rtf

Operator info:
The info operator lets you see information that Google knows about that page.

For example:
info:www.site
info:www.site

Site operator:
This operator limits the search to a specific domain or site. That is, if you make a request: marketing intelligence site:www.site, then the results will be obtained from pages containing the words “marketing” and “intelligence” on the site “www..

For example:
Music site:www.site
Books site:ru

Link operator:
This operator allows you to see all the pages that link to the page for which the request was made. Thus, the request link:www.google.com will return pages that contain links to google.com.

For example:
link:www.site
Friends link:www.site

allintitle operator:
If you start a query with the allintitle operator, which translates as “everything is in the title,” then Google will return texts in which all the words of the query are contained in the titles (inside TITLE tag in HTML).

For example:
allintitle:Free software
allintitle:Download music albums

intitle operator:
Shows pages where only the word immediately following the intitle statement is in the title, and all other query words can appear anywhere in the text. Putting the intitle operator before each word of the query is equivalent to using the allintitle operator.

For example:
Programs intitle:Download
intitle:Free intitle:download software

allinurl operator:
If the query begins with the allinurl operator, then the search is limited to those documents in which all the query words are contained only in the page address, that is, in the url.

For example:
allinurl:rus games
allinurl:books fantasy

inurl operator:
The word that is located directly together with the inurl operator will be found only in the address of the Internet page, and the remaining words will be found anywhere in such a page.

For example:
inurl:books download
inurl:games crack

Operator related:
This operator describes pages that are "similar" to some specific page. Thus, the query related:www.google.com will return pages with similar topics to Google.

For example:
related:www.site
related:www.site

define statement:
This operator acts as a kind of explanatory dictionary, which allows you to quickly get the definition of the word that is entered after the operator.

For example:
define:Kangaroo
define:Motherboard

Synonym search operator (~):
If you want to find texts containing not only your keywords, but also their synonyms, then you can use the “~” operator before the word for which you want to find synonyms.

For example:
Types of ~metamorphoses
~Object orientation

For example:
Buy a book $100..$150
Population 1913..1935

Obtaining private data does not always mean hacking - sometimes it is published in public access. Knowledge Google settings and a little ingenuity will allow you to find a lot of interesting things - from credit card numbers to FBI documents.

WARNING

All information is provided for informational purposes only. Neither the editors nor the author are responsible for any possible harm caused by the materials of this article.

Today, everything is connected to the Internet, with little concern for restricting access. Therefore, many private data become the prey of search engines. Spider robots are no longer limited to web pages, but index all content available on the Internet and constantly add non-public information to their databases. Finding out these secrets is easy - you just need to know how to ask about them.

Looking for files

IN in capable hands Google will quickly find anything that is not found on the Internet, such as personal information and files for business use. They are often hidden like a key under a rug: there are no real access restrictions, the data simply lies on the back of the site, where no links lead. The standard Google web interface provides only basic advanced search settings, but even these will be sufficient.

Limit search to files certain type in Google you can use two operators: filetype and ext . The first specifies the format that the search engine determined from the file title, the second specifies the file extension, regardless of its internal contents. When searching in both cases, you only need to specify the extension. Initially, the ext operator was convenient to use in cases where specific signs the file did not have a format (for example, to search for configuration ini files and cfg, inside of which there can be anything). Now Google algorithms have changed, and there is no visible difference between the operators - the results in most cases are the same.

Filtering the results

By default, Google searches for words and, in general, any entered characters in all files on indexed pages. You can limit your search by domain top level, a specific site or at the location of the desired sequence in the files themselves. For the first two options, use the site operator, followed by the name of the domain or selected site. In the third case, a whole set of operators allows you to search for information in service fields and metadata. For example, allinurl will find the given one in the body of the links themselves, allinanchor - in the text equipped with the tag , allintitle - in page titles, allintext - in the body of pages.

For each operator there is a light version with a shorter name (without the prefix all). The difference is that allinurl will find links with all words, and inurl will only find links with the first of them. The second and subsequent words from the query can appear anywhere on web pages. The inurl operator also differs from another operator with a similar meaning - site. The first also allows you to find any sequence of characters in a link to the searched document (for example, /cgi-bin/), which is widely used to find components with known vulnerabilities.

Let's try it in practice. We take the allintext filter and make the request produce a list of numbers and verification codes of credit cards that will expire only in two years (or when their owners get tired of feeding everyone).

Allintext: card number expiration date /2017 cvv

When you read in the news that a young hacker “hacked into the servers” of the Pentagon or NASA, stealing classified information, in most cases we are talking about just such a basic technique of using Google. Suppose we are interested in a list of NASA employees and their contact information. Surely such a list is available in electronic form. For convenience or due to oversight, it may also be on the organization’s website itself. It is logical that in this case there will be no links to it, since it is intended for internal use. What words can be in such a file? At a minimum - the “address” field. Testing all these assumptions is easy.

Inurl:nasa.gov filetype:xlsx "address"

We use bureaucracy

Finds like this are a nice touch. A truly solid catch is provided by a more detailed knowledge of Google's operators for webmasters, the Network itself, and the peculiarities of the structure of what is being sought. Knowing the details, you can easily filter the results and refine the properties of the necessary files in order to get truly valuable data in the rest. It's funny that bureaucracy comes to the rescue here. It produces standard formulations that are convenient for searching for secret information accidentally leaked onto the Internet.

For example, the Distribution statement stamp, required by the US Department of Defense, means standardized restrictions on the distribution of a document. The letter A denotes public releases in which there is nothing secret; B - intended only for internal use, C - strictly confidential, and so on until F. The letter X stands out separately, which marks particularly valuable information representing a state secret of the highest level. Let those who are supposed to do this on duty search for such documents, and we will limit ourselves to files with the letter C. According to DoDI directive 5230.24, this marking is assigned to documents containing a description of critical technologies that fall under export control. Such carefully protected information can be found on sites in the top-level domain.mil, allocated for the US Army.

"DISTRIBUTION STATEMENT C" inurl:navy.mil

It is very convenient that the .mil domain contains only sites from the US Department of Defense and its contract organizations. Search results with a domain restriction are exceptionally clean, and the titles speak for themselves. Searching for Russian secrets in this way is practically useless: chaos reigns in domains.ru and.rf, and the names of many weapons systems sound like botanical ones (PP “Kiparis”, self-propelled guns “Akatsia”) or even fabulous (TOS “Buratino”).

By carefully studying any document from a site in the .mil domain, you can see other markers to refine your search. For example, a reference to the export restrictions “Sec 2751”, which is also convenient for searching for interesting technical information. From time to time it is removed from official sites where it once appeared, so if you cannot follow an interesting link in the search results, use Google’s cache (cache operator) or the Internet Archive site.

Climbing into the clouds

In addition to accidentally declassified government documents, links to personal files from Dropbox and other data storage services that create “private” links to publicly published data occasionally pop up in Google's cache. It’s even worse with alternative and homemade services. For example, the following query finds data for all Verizon customers who have an FTP server installed and actively using their router.

Allinurl:ftp:// verizon.net

There are now more than forty thousand such smart people, and in the spring of 2015 there were many more of them. Instead of Verizon.net, you can substitute the name of any well-known provider, and the more famous it is, the larger the catch can be. Through the built-in FTP server, you can see files on an external storage device connected to the router. Usually this is a NAS for remote work, a personal cloud, or some kind of peer-to-peer file downloading. All contents of such media are indexed by Google and other search engines, so you can access files stored on external drives via a direct link.

Looking at the configs

Before the widespread migration to the cloud, simple FTP servers ruled as remote storage, which also had a lot of vulnerabilities. Many of them are still relevant today. For example, the popular WS_FTP Professional program stores configuration data, user accounts and passwords in the ws_ftp.ini file. It is easy to find and read, since all records are saved in text format, and passwords are encrypted with the Triple DES algorithm after minimal obfuscation. In most versions, simply discarding the first byte is sufficient.

It is easy to decrypt such passwords using the WS_FTP Password Decryptor utility or a free web service.

Speaking about hacking an arbitrary website, they usually mean obtaining a password from logs and backups of configuration files of CMS or applications for e-commerce. If you know their typical structure, you can easily indicate the keywords. Lines like those found in ws_ftp.ini are extremely common. For example, in Drupal and PrestaShop there is always a user identifier (UID) and a corresponding password (pwd), and all information is stored in files with the .inc extension. You can search for them as follows:

"pwd=" "UID=" ext:inc

Revealing DBMS passwords

In the configuration files of SQL servers, names and addresses email users are stored in open form, and instead of passwords their MD5 hashes are written. Strictly speaking, it is impossible to decrypt them, but you can find a match among the known hash-password pairs.

There are still DBMSs that do not even use password hashing. The configuration files of any of them can simply be viewed in the browser.

Intext:DB_PASSWORD filetype:env

With the appearance on the servers Windows place configuration files were partially taken over by the registry. You can search through its branches in exactly the same way, using reg as the file type. For example, like this:

Filetype:reg HKEY_CURRENT_USER "Password"=

Let's not forget the obvious

Sometimes get to classified information succeeds with the help of accidentally opened and caught in the field of view Google data. The ideal option is to find a list of passwords in some common format. Store account information in text file, Word document or electronic Excel spreadsheet Only desperate people can, but there are always enough of them.

Filetype:xls inurl:password

On the one hand, there are a lot of means to prevent such incidents. It is necessary to specify adequate access rights in htaccess, patch the CMS, not use left-handed scripts and close other holes. There is also a file with a list of robots.txt exceptions that prohibits search engines from indexing the files and directories specified in it. On the other hand, if the structure of robots.txt on some server differs from the standard one, then it immediately becomes clear what they are trying to hide on it.

The list of directories and files on any site is preceded by the standard index of. Since for service purposes it must appear in the title, it makes sense to limit its search to the intitle operator. Interesting things are in the /admin/, /personal/, /etc/ and even /secret/ directories.

Stay tuned for updates

Relevance is extremely important here: old vulnerabilities are closed very slowly, but Google and its search results are constantly changing. There is even a difference between a “last second” filter (&tbs=qdr:s at the end of the request URL) and a “real time” filter (&tbs=qdr:1).

Date time interval latest update Google also indicates the file implicitly. Through the graphical web interface, you can select one of the standard periods (hour, day, week, etc.) or set a date range, but this method is not suitable for automation.

By appearance address bar We can only guess about a way to limit the output of results using the &tbs=qdr: construction. The letter y after it sets the limit of one year (&tbs=qdr:y), m shows the results for the last month, w - for the week, d - for the past day, h - for last hour, n - per minute, and s - per second. The latest results, just famous Google, is found using the filter &tbs=qdr:1 .

If you need to write a clever script, it will be useful to know that the date range is set in Google in Julian format using the daterange operator. For example, this is how you can find a list of PDF documents with the word confidential, downloaded from January 1 to July 1, 2015.

Confidential filetype:pdf daterange:2457024-2457205

The range is indicated in Julian date format without taking into account the fractional part. Translating them manually from the Gregorian calendar is inconvenient. It's easier to use a date converter.

Targeting and filtering again

In addition to specifying additional operators in search query they can be sent directly in the body of the link. For example, the filetype:pdf specification corresponds to the construction as_filetype=pdf . This makes it convenient to ask any clarifications. Let's say that the output of results only from the Republic of Honduras is specified by adding the construction cr=countryHN to the search URL, and only from the city of Bobruisk - gcs=Bobruisk. You can find a complete list in the developer section.

Google's automation tools are designed to make life easier, but they often add problems. For example, the user’s city is determined by the user’s IP through WHOIS. Based on this information, Google not only balances the load between servers, but also changes the search results. Depending on the region, for the same request, different results will appear on the first page, and some of them may be completely hidden. The two-letter code after the gl=country directive will help you feel like a cosmopolitan and look for information from any country. For example, the code of the Netherlands is NL, but the Vatican and North Korea do not have their own code in Google.

Often, search results end up cluttered even after using several advanced filters. In this case, it is easy to clarify the request by adding several exception words to it (a minus sign is placed in front of each of them). For example, banking, names and tutorial are often used with the word Personal. Therefore cleaner search results will show not a textbook example of a request, but a refined one:

Intitle:"Index of /Personal/" -names -tutorial -banking

One last example

A sophisticated hacker is distinguished by the fact that he provides himself with everything he needs on his own. For example, VPN is a convenient thing, but either expensive, or temporary and with restrictions. Signing up for a subscription for yourself is too expensive. It's good that there are group subscriptions, and with the help of Google it's easy to become part of a group. To do this, just find the file Cisco configurations VPN, which has a rather non-standard PCF extension and a recognizable path: Program Files\Cisco Systems\VPN Client\Profiles. One request and you join, for example, the friendly team of the University of Bonn.

Filetype:pcf vpn OR Group

INFO

Google finds configuration files with passwords, but many of them are written in encrypted form or replaced with hashes. If you see strings of a fixed length, then immediately look for a decryption service.

Passwords are stored encrypted, but Maurice Massard has already written a program to decrypt them and provides it for free through thecampusgeeks.com.

At Google help hundreds are executed different types attacks and penetration tests. There are many options affecting popular programs, basic database formats, numerous vulnerabilities of PHP, clouds and so on. If you know exactly what you are looking for, it will make it much easier to get necessary information(especially one that was not planned to be made public). Shodan is not the only one who feeds interesting ideas, but any database of indexed network resources!