1 / 16

Google Hacking

Google Hacking. University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD. Basics. Web Search Newsgroups Images Preferences Language Tools. Google Queries. Non-case sensitive * in a query stands for a word ‘.’ in a query is a single character wildcard Automatic stemming

floyd
Download Presentation

Google Hacking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD

  2. Basics • Web Search • Newsgroups • Images • Preferences • Language Tools

  3. Google Queries • Non-case sensitive • * in a query stands for a word • ‘.’ in a query is a single character wildcard • Automatic stemming • Ten-word limit • AND (+) is assumed, OR (|) and NOT (-) must be entered • “” for a phrase

  4. More Queries • You can control the language of the pages and the language of the reports • You can restrict the search to specific countries

  5. Intitle, allintitle Inurl, allinurl Filetype Allintext Site Link Inanchor Daterange Cache Info Related Phonebook Rphonebook Bphonebook Author Group Msgid Insubject Stocks Define Controlling Searches

  6. Controlling Searches (II) • These operators can be used to restrict searches. • To restrict the search to the university: site:sunderland.ac.uk • Or to search for seventh moon merlot in the uk: “seventh moon” merlot site:uk

  7. Typical Filetypes • Pdf • Ps • Xls • Ppt • Doc • Rtf • Txt

  8. Why Google • You access Google, not the original website. • Most crackers access any site, even Google via a proxy server. • Why? If you access the cached web page and it contains images, you will get the images from the original site.

  9. Directory Listings • Search for intitle:index.of • Or intitle:index.of “parent directory” • Or intitle:index.of name size • Or intitle:index.of inurl:admin • Or intitle:index.of filename • This can then lead to a directory traversal • Look for filetype:bak, too, particularly if you want to expose sql data generated on the fly

  10. Commonly Available Sensitive Information • HR files • Helpdesk files • Job listings • Company information • Employee names • Personal websites and blogs • E-mail and e-mail addresses

  11. Network Mapping • Site:domain name • Site crawling, particularly by indicating negative searches for known domains • Lynx is convenient if you want lots of hits: • lynx -dump “http://www.google.com/search?\ • q=site:name+-knownsite&num=100” >\ • test.html • Or use a Perl script with the Google API

  12. Link Mapping • Explore the target site to see what it links to. The owners of the linked sites may be trusted and yet have weak security. • The link operator supports this kind of search. • Also check the newsgroups for questions from people at the organization.

  13. Web-Enabled Network Devices • The Google webspider often encounters web-enabled devices. These allow an administrator to query their status or manage their configuration using a web browser. • You may also be able to access network statistics this way.

  14. Site: Intitle:index.of Error|warning Login|logon Username|userid|employee.ID| “your username is” Password|passcode| “your password is” Admin|administrator -ext:html -ext:htm -ext:shtml -ext:asp -ext:php Inurl:temp|inurl:tmp| inurl:backup|inurl:bak Intranet|help.desk Searches to Worry About

  15. Protecting Yourselves • Solid security policy • Public web servers are Public! • Disable directory listings • Block crawlers with robots.txt • <META NAME=“ROBOTS” CONTENT=“NOARCHIVE”> • NOSNIPPET is similar.

  16. More Protection • Passwords • Delete anything you don’t need from the standard webserver configuration • Keep your system patched. • Hack yourself • If sensitive data gets into Google, use the URL removal tools to delete it.

More Related