Can you use Google to find out people's passwords?

Question

Don't ask me why, I'm just curious. I heard there was a code that you type in that can help you find out people's passwords. Is this true? If so what's the code?

Answer 1

I've noticed that there is no informative responses to this question, obviously with little background knowledge/research being supplied in any of the posts.

Google, as stated in previous answers has no functionality for finding or revealing locked away passwords that have for example been encypted, or exist within a back-end database. Google does however index all the files it can find within a website/web domain and therefore sensitive files can be found for a given website/domain.

Such sensitive files could include: htpasswd, htaccess, pwd, password files from FTP clients such as WS_FTP provided by Ipswitch, plus configuration files for FTP servers. Many of these files can easily become indexed by Google's search bot. The WSFTP client usually generates a log/config type file everytime you upload files to your web server, although the user details are encrypted Ipswitch (the developers of WSFTP) provide a mechanism for importing these files back into WSFTP, and therefore giving you access to the user's FTP server whether you can decrypt the password or not!

It is therefore important that you move these sensitive files to a private area of your web server that is not in the public domain and/or add the files to the robots.txt file to ensure that the search engine bots do not index these sensitive files and directories.

Such search 'exploits' can easily be found if you search for 'google hacking' on any of the najor search engines including video tutorials on YouTube. These tutorials will give you the advanced search criteria you need to supply in your google search to find such exposed files. Similar techniques can also be used to find particular file types such as mp3's, pdf's, e-books, access databases (etc).

The information I have provided is solely for informative purposes only and should be used to protect your own websites/domains from potential attacks. Just because you don't put a link to a particular file on your website doesn't mean the search engine won't index it, and doesn't mean that someone trying hard enough won't be able to find it.

Answer 2

OK, Yoi_55 has it pretty close. Google (the web search engine) basically indexes websites and the information it catalogs can be searched. Typically people don't leave their passwords in plain text for you to search. What does become a bit of concern is when people start using Google Desktop on a multi-user system where files on the system can be indexed using each users permissions when they are logged on. The index files and caches are updated and supposedly a user can see files used by another user on the system. Imagine a high level administrative assistant running Google Desktkop to index all the files, including salary, bids, etc.... You come along and login and search the local repository and find a cached version of everyones salary information. Not exactly a password being revealed but it is sensitive information to most people.

Now if people store any passwords on their desktop in plain text, Google will find that. Some software developers could store this in uncompiled code if they are connecting to a database without using JDBC connection pools or ODBC data sources.

Answer 3

never heard of that code and I would not believe you could use google to get people's passwords. Stranger things have happened but that would be a new one for me. Sorry!

Answer 4

Google is a search engine.it only searches and and gives result what is in its directory.but if you want to find passwords of people by using google i think it is not possible because passwards,in internet traffic, are in encrypted form.

Answer 5

Unless they have their password listed on a website, there is no way.

Answer 6

Not True!

Answer 7

i am sorry but can't

Answer 8

no there not srry

Answer 9

NO!!