I've found some of my very old passwords in huge plaintext databases. it's kind of a nice feeling somehow, as long as you don't still use that password anywhere
@@altypotato2459 It would sound Nonsensical to to those who have not walked in my shoes for the past 2 1/2 years of my life. Thank you for finding it humorous either way. 💜God Bless💙 & 🎇Happy Holidays🎆
The information you give out, people would normally charge us so much money to learn! That makes you a great person and relives my migraine on where to look! Thank you!!
How do you actually log in I have no idea how you would actually do that. You get a username and password for a database but idk how you would access the database
There's no marketing in cybersecurity. Any vulnerability is both an oportunity to protect as it is to do harm. Some people will try to do harm with this information. But the more people know about these things, the more chances there are of people protecting themselves from these threats. If there were other ways to get people more secure we would gladly go for it. But we all know that keeping too much knowledge for just a handful of people is even more dangerous than everyone knowing about a threat.
Just keep in mind that whatever tools listed here are actually well known by law enforcement, which occasionally plant such files on purpose with the intention to incite people to access them. This then leads them to track you down, and is cause for arrest. Unlike entrapment (where someone pressures you to do something illegal), incitement (leaving open an easy target) is not a valid defense in court, and you are likely to face serious consequences if caught; regardless of your motive.
This cap how can you go to jail for looking at things that are on google. now it’s what you do with the things you look at that might get you in trouble
Fascinating stuff, however I'm just getting started with this. Would be nice to have updated info as this video is nearly 2-1/2 years old. LUXURYHACKS🟢NET saved me
i got into some sort of marine biology site found out from a word document that they have plans to have some sort of cruse ship doing research in the us. not like that means anything to me but i thought it was cool
Your commnets about this brilliant, skilled expert, who generously shares his knowledge, says more ABOUT YOU - the people who sadly cut this man down so you could 'measure up.' It is very sad that some of us feel better after we highlight another's weakness or after we insult, degrade, expose, malign, or gossip about another person. Some of us harm ourselves and feel better for it- and we've all done it at some time. Don't beat yourself up over it, just try to do better- AND THERE IS A BETTER WAY- If you want elevate yourself in your own eyes and through the eyes of others, TAKE THE COMPASSIONATE ROUTE. Be that stand-up person who preserves another's dignity, supports, encourages or or finds the positive amid criticism or poor performance. Thanks for reading this
So how do companies “accidentally” leave these logs visible like this? Like it’s not making sense to me... this kinda feels like someone did it on purpose what am I missing here??
Mostly misconfiguration. Like if a web app is meant to run on Apache web server and has a bunch of Apache ".htaccess" configuration files which forbid access to password files. But they decide to run the web app on another web server such as Nginx, which means the Apache-based access restrictions aren't active and all files are exposed. 😂
Actually they can't fix this. Anything uploaded to the Internet in any shape or form using WiFi can be accessed. Basically your Gmail, Instagram etc can all be accessed using Google dorks if you go through hundreds of pages you may find your own password.
The webcam service you looked up seems to be for intentional listings - it's advertised as a way for you to check on your belongings from anywhere. So basically any webcam on that service should be intentionally on that service, you aren't gaining any sort of undesired access to a hidden item.
my dude, there's a resize thing between the awesome bar and the extensions, and you can hide most of your non-active extensions in the menu. You can also just remove or turn off the ones you're not gonna use often. having that many extensions is going to slow down your chrome. Not to mention you are opening yourself to risk to any of the extensions being compromised.
How would you direct the db password filetype:env to specific resources like what if I wanted to find netflix, RUclips red, vpns account passwords to piggyback on preexisting accounts?
How would I as one who owns a server keep my data from being exposed? Is it as easy as storing a file higher than the /var/www/html/ directory or having a blank index.html file for each folder? It's crazy how easy it is to find such stuff!
There are always people that mess with setting that don't know what they are doing or don't realize anyone on the internet can see it. Also some devices just setup that way by default.
So what if I want to look for a specific site that might've been deleted and I can't remember the name of because it was Chinese or something? The reason is, I've got a pen tablet. Manufactured by a company that supposedly closed down. And I want to get the driver file off their ftp or the server in question.
You r just aweso....i was litterly noob in tNice tutorials...u explained it very simply...thanks i will surely go for next parts of tNice tutorials video.. thanks
I've been watching that kind of videos and surprisingly most of them are leading to you. One or another way everything brings me to your channel. No choice but to subscribe! Thank you Null Byte!
I remember using one of these to get Windows 7 keys back in the day. I actually found a company that was selling computers, they used some sort of scanner software to post the specs and it somehow got the Windows key and posted that along with everything else.
Been dorking for years. At one point I found a string offered by googles suggestion it looked like this with no quotes "?index.of?" . Can anyone provide context to this string as it turns up very interesting domain types.
Is going to unsecured cameras. E.g., a security camera left open allowed? Or can it get you in trouble. As I found one earlier. And I’m worried that it wasn’t allowed. It had no password or anything. I believe I didn’t do anything wrong but would love a response
ok so, what if, theoretically, i would like to log in to some websites database when i have the username and password, how would i, theoretically, do such thing?
I made a mass internet scanner that specifically scans the first pages of ip web pages. I have over 2 mil pages stored and used the tool to regex match thousands of vulnerable devices in a few minutes. Wanted to monetize the system since its valuable for security research, but it's not really doable as the regex stil takes around 10 mins to match against 2 mil sites
People may be using Dorking for hacking, but I found that its very useful for other purposes like finding very obscure information that can't be found by other methods Not telling anyone not to hack tho
![Search for Vulnerable Devices Around the World with Shodan [Tutorial]](http://i.ytimg.com/vi/oDkg1zz6xlw/mqdefault.jpg)
![Search for Vulnerable Devices Around the World with Shodan [Tutorial]](/img/tr.png)
![Haunt a Computer Using SSH [Tutorial]](/img/1.gif)
you should do a tutorial of how to not blink
Loool
Imagine walking into a staring contest and this guy walks in
@@rusirumunasinghe7354 yeah
He has invisible eyelids.
@@rusirumunasinghe7354 you're doomed doomed I say LOL
The fact that Google’s product RUclips recommended me of this video must be an unsolved mystery
Frfr
Same they must have made a major mistake I would have no need for this knowledge
1:24
Same
@@SednaFTW I do
Imagine finding your password
Plot twist: it was a password you forgot and figured was lost to time.
@@vanshajrai6089 yup
@@vanshajrai6089 found my Netflix account and about 300 others
Edit:paswords were included
kazuto kirigaya link?
I've found some of my very old passwords in huge plaintext databases. it's kind of a nice feeling somehow, as long as you don't still use that password anywhere
Trees: exist
This man: Flying bushes
Tree: Exists
4
Creepy Human: # 9
2
Hide behind: Tending
Human 5, 6, ,7,... ..: Backyard.
Flying Bushes: Exist ײ
Cause / Effect:
From Abuse & Neglect
In Backyards belonging to
Creepy Human #9 .... .... ...
All Creepy Human
equivalents like.
I'll be honest with you. I thought you just making nonsense... When I got to that part I laughed hard. lol well played
@@altypotato2459
It would sound Nonsensical to to those who have not walked in my shoes for the past 2 1/2 years of my life.
Thank you for finding it humorous either way.
💜God Bless💙
& 🎇Happy Holidays🎆
"This place is crazy!" - I don't think he goes out so much.
@@HITARIX I don go out much. I hide in a forest... Away from Humans.
Nailed the video length lolll
Off by 1, he should have made it 13:37!
Christian Soto it is 13:37 for me
*Leet*
Anonymouse hax0r xD
@@jimothyus same.
1:04 he blinks
Glitch in the matrix
Half blink, unfortunately
Lol impossible
Oh my god
This can't be!
it was a half blink
i feel like clicking on this video just put me on a watchlist..
Nope
Don’t listen to yoka hes MI5 n wants you to keep doing your normal so he can catch you
Ok zoomer
Joshua Kuehn who
@@joshuakuehn who the hell is zoomer? Is it a code name for a cyber spook
I've been looking everywhere for a Vigor 2950 manual in chinese! Thank you!
hi can we chat inbox
Khall Himines yes
The information you give out, people would normally charge us so much money to learn! That makes you a great person and relives my migraine on where to look! Thank you!!
shows us how to get usernames and passwords and tells us to not login.
Do it
How do you actually log in I have no idea how you would actually do that. You get a username and password for a database but idk how you would access the database
@ugur but how?
@@luiginotcool If you can't figure out how to actually login then you should not be doing any of this stuff like looking for login credentials
There's no marketing in cybersecurity. Any vulnerability is both an oportunity to protect as it is to do harm. Some people will try to do harm with this information. But the more people know about these things, the more chances there are of people protecting themselves from these threats.
If there were other ways to get people more secure we would gladly go for it. But we all know that keeping too much knowledge for just a handful of people is even more dangerous than everyone knowing about a threat.
Just keep in mind that whatever tools listed here are actually well known by law enforcement, which occasionally plant such files on purpose with the intention to incite people to access them.
This then leads them to track you down, and is cause for arrest.
Unlike entrapment (where someone pressures you to do something illegal), incitement (leaving open an easy target) is not a valid defense in court, and you are likely to face serious consequences if caught; regardless of your motive.
Like for example?
This cap how can you go to jail for looking at things that are on google. now it’s what you do with the things you look at that might get you in trouble
The fact that this video is 13:37 long makes it 100000 times better
fr:3
Thank you, oh RUclips algorithm, for showing this to me instead of making it go viral first.
I got it today as youtube recommendation, great one!
I can't thumbs up bcuz the #111 is too good.
“Dont log in to accounts with passwords”
Literally everyone who watched this video : ok boomer
ggDefault no shit boomer
@ggDefault Ok boomer
@ggDefault ok boomer
@ggDefault Boomer
@ggDefault Ok boomer
Or use the alternative "bing nerds"
How about no
What about yahoo geeks?
.
question
AskJeeves knowitalls
"Flying bushes"
We generally call those trees.
LMFAOOO
Lol
Fascinating stuff, however I'm just getting started with this. Would be nice to have updated info as this video is nearly 2-1/2 years old. LUXURYHACKS🟢NET saved me
I second that request...
13:37 nice cut ;-)
came here for this!
Yesss
Bruh
Haven't got done by one of those in ages GG
I don't get it, what's awesome about it? Am I missing something?
You should do a tutorial on how to TAP YOUR KEYBOARD LOUDER
It's such a popular sound that they still sell mechanical keyboards. Beats the typewriter sound by a smidge.
hi can we chat inbox
@@mpanobertin4955 huh?
@@MatthewA1106 came inbox
@@mpanobertin4955 what inbox
who else went looking through random web cams around the world
didn't worked for me
@@im_cool_lol work**
@@Procrastinator12 that guy's name is "gfjhsgdfjh dashgfjhasbfjha". Do you really grammar police on them?
i got into some sort of marine biology site found out from a word document that they have plans to have some sort of cruse ship doing research in the us. not like that means anything to me but i thought it was cool
Yep, me too.
Your commnets about this brilliant, skilled expert, who generously shares his knowledge, says more ABOUT YOU - the people who sadly cut this man down so you could 'measure up.' It is very sad that some of us feel better after we highlight another's weakness or after we insult, degrade, expose, malign, or gossip about another person. Some of us harm ourselves and feel better for it- and we've all done it at some time. Don't beat yourself up over it, just try to do better- AND THERE IS A BETTER WAY- If you want elevate yourself in your own eyes and through the eyes of others, TAKE THE COMPASSIONATE ROUTE. Be that stand-up person who preserves another's dignity, supports, encourages or or finds the positive amid criticism or poor performance. Thanks for reading this
Me: I think I’ll go to sleep now
Also me 4 hours later: watching RUclips video on how to hack
Hahaha ikr
So how do companies “accidentally” leave these logs visible like this? Like it’s not making sense to me... this kinda feels like someone did it on purpose what am I missing here??
Exactly
I don't know if you notice it doesn't actually give many results
robots.txt many people don't use it.
Stupid people. That's it
Mostly misconfiguration. Like if a web app is meant to run on Apache web server and has a bunch of Apache ".htaccess" configuration files which forbid access to password files. But they decide to run the web app on another web server such as Nginx, which means the Apache-based access restrictions aren't active and all files are exposed. 😂
“These dorks are extremely powerful” 😂
...."i feel like i say that a lot"
@@TheWizard45134 dying lol
New Null Byte tee shirt? All black with gray text "these dorks are extremely powerful"
Meditate. Realize the power of your inner dork. May it serve everyone.
I read this comment as he said it
Google is going to delete this video faster than they fix vulnerabilities
When i tried the methods google opend a captcha because of "possibly botted searches" .
Actually they can't fix this. Anything uploaded to the Internet in any shape or form using WiFi can be accessed. Basically your Gmail, Instagram etc can all be accessed using Google dorks if you go through hundreds of pages you may find your own password.
yeah, about that
hi can we chat inbox
still up
Just looking at this dude you can tell he visits the dark web daily
idk how to :(
.
@@rensaito9009 tor browser... (.onion links)
"Just looking at this dude you can tell he visits the dark web daily" ... whats that? a new combination between deep web and darknet? :D
It's easy to visit the dark web lol
all throughout the intro i was questioning wether or not he's missing his right hand
The webcam service you looked up seems to be for intentional listings - it's advertised as a way for you to check on your belongings from anywhere. So basically any webcam on that service should be intentionally on that service, you aren't gaining any sort of undesired access to a hidden item.
Slyvester is no Scam, I’m sure💯✅
Slyvester is no Scam, I’m sure💯✅
What was more interesting than the video were some of your bookmarks... especially the "The VPN service provider for the truly paranoid" :D
Proving, as always, that the main vulnerability to any system is, and always will be, people's stupidity.
Bro, I swear, the amount of vulnerable public schools via username teacher password student is saddening
Gabe Cargo and how could one find them?
I’m asking for a friend
@@alakey98 are you somali
Ace yes
I was only tried to find about OSINT a few times, and RUclips suggested I need to see this.
No complaints.
I love that the video length is 13:37
;p
Imagine having a staring contest with this guy.
2jzSupra lol
I would rather have a roundhouse contest with Chuck Norris.
After series of being scammed, finally I got my cashout from a reliable vendor name Cardlegit on telegram. High balance cc with high PayPal deposit
the fact he didnt blinked give me chills for his existence
you should warn people that by watching this video they gonna get backstabbed with knowledge at some point... Awesome video, thanks
You should do a tutorial on how to make sure your own information wont come up in any of these searches!! Please!
Hey Kody, how come you haven’t made the null byte article into an app on Android and iOS in the App Store or google store?
Every time I see your intro, I want to grab a Pi3 case cover from my spares and mail it to you.
my dude, there's a resize thing between the awesome bar and the extensions, and you can hide most of your non-active extensions in the menu. You can also just remove or turn off the ones you're not gonna use often. having that many extensions is going to slow down your chrome. Not to mention you are opening yourself to risk to any of the extensions being compromised.
Thanks for the tip JessicaFEREM!
*Sees trees*
“Woah, they’ve got flying bushes”
go ez on him; he's probably rarely outside of his house
drippin wet Your proper use of the semicolon is a disgrace to its god given purpose of being used wrong...
Predivno ime
Andrej Ivanovic da😂😂😂
Reminds me of a time that I had to tell a friend that what she just saw was not in fact a "giant fucking minivan".
why is this recommended to me
thanks
Is intitle:”admin”db_password filetype:env a dork or do I have errors in this code
How would you direct the db password filetype:env to specific resources like what if I wanted to find netflix, RUclips red, vpns account passwords to piggyback on preexisting accounts?
Imagine looking into random webcams and you find yourself
Lmao
oh no
(Chuckles) I’m in danger
your profile picture checks out
I hope it doesn't happen to me.
How would I as one who owns a server keep my data from being exposed? Is it as easy as storing a file higher than the /var/www/html/ directory or having a blank index.html file for each folder? It's crazy how easy it is to find such stuff!
This man has little sledgehammers on his fingertips that he uses for typing
Thanks for the laugh
I think this guy owns my soul now
Do you have enough browser extentions?
Three things not to do :
1. hacking FBI
2. Doing illegal activites
3. Staredown with this guy
But my question is how the information gets leaked in internet unless somebody post it online !
There are always people that mess with setting that don't know what they are doing or don't realize anyone on the internet can see it. Also some devices just setup that way by default.
I found a list with usernames and passwords of Facebook, youtube, emails, and other stuff. What should I do?
Nothing. These powers can be used for non-malicious activities.
Post it here
Sell it for good amount of money
dont get fucked by the fbi
Im probably on a list now.
Yea, on the allintext:username lists
I've been watching Modern Rogue, Lockpicking Lawyer, Defcon talks etc.. for years. I'm definitely on some list by now lol
@@nimmen I love all of those channels!
I'm so glad this video ends at 13:37
13:37 duration.
Coincidence? Maybe
Dedication? Possibly
Hotel?
Trivago
Is it only me who noticed the video length is 1337
Nope
did you plan for the video length to be 1337?
for some people it is 1336 so... not so leet
So what if I want to look for a specific site that might've been deleted and I can't remember the name of because it was Chinese or something?
The reason is, I've got a pen tablet. Manufactured by a company that supposedly closed down. And I want to get the driver file off their ftp or the server in question.
I got this in my recommended. I have no idea what you’re talking about but im interested.
This dude looks like he drank 11 coffees in a couple of minutes
Sir Please How Can I Track Lost Phone Using the IMEI
Not possible. Imei does not have GPS attached to it
13:37 mins long👌
IM NG
I don’t get it ???
@@ko-Daegu leet
Perfection
@@ko-Daegu 1337 = "LEET" en.m.wikipedia.org/wiki/Leet
Leet
You r just aweso....i was litterly noob in tNice tutorials...u explained it very simply...thanks i will surely go for next parts of tNice tutorials video.. thanks
I've been watching that kind of videos and surprisingly most of them are leading to you. One or another way everything brings me to your channel. No choice but to subscribe! Thank you Null Byte!
Me: I have 4 extensions in my browser, may be that is what slows my browser.
Null Byte: Hold my beer
Im seriously curious as to what they all are
SCP-173 must really hate this guy
yeah i won't duel in a don't blink game
I remember using one of these to get Windows 7 keys back in the day. I actually found a company that was selling computers, they used some sort of scanner software to post the specs and it somehow got the Windows key and posted that along with everything else.
Wow that's wild!
Been dorking for years. At one point I found a string offered by googles suggestion it looked like this with no quotes "?index.of?" . Can anyone provide context to this string as it turns up very interesting domain types.
How do I get Netflix passwords using this ? For research purposes of course
🤣
🤣😂
I feel so sorry for the keys, I don't know but that hurts 😭😭😭
Time to find my crushes web cam.
FBI Plaz don't get serious dis a joke
Null Byte: *provides legit useful info*
Comments: “BLINK, YOU DAMN ROBOT!”
Hi please teach how to create a scampage for data collection on any login website.
thank you for this concise explanation of google dorks! 😎
What’s the intro song? Or is that a self-made music piece?
Obligatory Darude Sandstorm reply
@@cheapo7279 classic trance.
Great video. Love that intro music!
I've used to know a site with a huge database of Google dorks for any situation, but forgot it's url. Anyone can help?
Search "Google hacking database". You'll find exploit-db ghdb
@@kuldeeppandya768 Thanks, will do.
Is going to unsecured cameras. E.g., a security camera left open allowed? Or can it get you in trouble. As I found one earlier. And I’m worried that it wasn’t allowed. It had no password or anything. I believe I didn’t do anything wrong but would love a response
Thank you, now i can stop paying for pornub premium
link
Lmao
How!!!?!?!?!
I so love you dude! You make FUN videos!! Actually something that one can learn from! Thank you so much! :D
Why are .env files being exposed to the internet? lol
ok so, what if, theoretically, i would like to log in to some websites database when i have the username and password, how would i, theoretically, do such thing?
Would would the command be to bring up the search bar to pin point words on a page
2:00 Those browser extensions 😐
I saw one of my old passwords on the dark web once. Wasn’t able to find tthe site again
sure buddy
JCentreChannel _ you don’t have to believe me. I just felt like I had to share it because it happens. It was a very old 2010 password
Some of these ".env" files are insane, so far ive found 3 pay-pal usernames and passwords.
And they work? Hook me up with some PH accounts please brother haha
@@user-pb4bn1eb2j Not saying i did or didn't or that one of the accounts logged in and the rest didn't.
Daryl is really good at what he does.
I made a mass internet scanner that specifically scans the first pages of ip web pages. I have over 2 mil pages stored and used the tool to regex match thousands of vulnerable devices in a few minutes.
Wanted to monetize the system since its valuable for security research, but it's not really doable as the regex stil takes around 10 mins to match against 2 mil sites
6:08 lmao I used to do that to find ftp url that contains movies that I wanted to watch since I couldn't do torrenting in my uni wifi.
Nice, how well did that work for you?
@@NullByteWHT Worked too well. I got everything that I wanted at that time. Probably because it was movie, so people tend to keep it.
What’s up FBI how ya doing?
Even if you do illegal things the chances of the FBI coming for you is highly unlikely.
Notice me senpai...
Is it possible to use these against a specific url? Like using it against forums or browser game like roblox?
Yes you can site search but no guarantee that the site has vulnerable data.
thanks to( @classified_pro_hacker7) hacker hw help me get back my account his the best
He’s a good extraterrestrial.. just surprised they really walk among us to this degree like have lives and fit into our world
That .env file are from laravel framework. Can be found like that must be because the dev cannot upload the web properly lol ... or maybe a trap lol
Or ruby on rails
I guess I should go to sleep .Its getting
D O R K
Yes! Glad to see you teaching Dorks. Meanwhile, I'm building a Pumpkin Pi for the holidays!😁
Pumpkin pi's are fun
And tasty.... oh wait wrong universe! 😂😂
I like pineapple and pumpkin pie very tasty
HOw many laptops do you own and what operating system do u use?
People may be using Dorking for hacking, but I found that its very useful for other purposes like finding very obscure information that can't be found by other methods
Not telling anyone not to hack tho
USERNAME=**
PASSWORD=secret
Very secure
Guys I found a password!
*For my own pc* 😂