google hacking university of sunderland csem02 harry r erwin, phd peter dunne, phd
DESCRIPTION
Google Queries Non-case sensitive * in a query stands for a word ‘.’ in a query is a single character wildcard Automatic stemming Ten-word limit AND (+) is assumed, OR (|) and NOT (-) must be entered “” for a phraseTRANSCRIPT
![Page 1: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/1.jpg)
Google Hacking
University of SunderlandCSEM02
Harry R Erwin, PhDPeter Dunne, PhD
![Page 2: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/2.jpg)
Basics
• Web Search• Newsgroups• Images• Preferences• Language Tools
![Page 3: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/3.jpg)
Google Queries
• Non-case sensitive• * in a query stands for a word• ‘.’ in a query is a single character wildcard• Automatic stemming• Ten-word limit• AND (+) is assumed, OR (|) and NOT (-) must be
entered• “” for a phrase
![Page 4: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/4.jpg)
More Queries
• You can control the language of the pages and the language of the reports
• You can restrict the search to specific countries
![Page 5: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/5.jpg)
Controlling Searches• Intitle, allintitle• Inurl, allinurl• Filetype• Allintext• Site• Link• Inanchor• Daterange• Cache• Info
• Related• Phonebook• Rphonebook• Bphonebook• Author• Group• Msgid• Insubject• Stocks• Define
![Page 6: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/6.jpg)
Controlling Searches (II)
• These operators can be used to restrict searches.
• To restrict the search to the university: site:sunderland.ac.uk
• Or to search for seventh moon merlot in the uk: “seventh moon” merlot site:uk
![Page 7: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/7.jpg)
Typical Filetypes
• Pdf• Ps• Xls• Ppt• Doc• Rtf• Txt
![Page 8: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/8.jpg)
Why Google
• You access Google, not the original website.
• Most crackers access any site, even Google via a proxy server.
• Why? If you access the cached web page and it contains images, you will get the images from the original site.
![Page 9: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/9.jpg)
Directory Listings
• Search for intitle:index.of• Or intitle:index.of “parent directory”• Or intitle:index.of name size• Or intitle:index.of inurl:admin• Or intitle:index.of filename• This can then lead to a directory traversal• Look for filetype:bak, too, particularly if you want
to expose sql data generated on the fly
![Page 10: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/10.jpg)
Commonly Available Sensitive Information
• HR files• Helpdesk files• Job listings• Company information• Employee names• Personal websites and blogs• E-mail and e-mail addresses
![Page 11: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/11.jpg)
Network Mapping
• Site:domain name• Site crawling, particularly by indicating
negative searches for known domains• Lynx is convenient if you want lots of hits:
– lynx -dump “http://www.google.com/search?\– q=site:name+-knownsite&num=100” >\– test.html
• Or use a Perl script with the Google API
![Page 12: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/12.jpg)
Link Mapping
• Explore the target site to see what it links to. The owners of the linked sites may be trusted and yet have weak security.
• The link operator supports this kind of search.
• Also check the newsgroups for questions from people at the organization.
![Page 13: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/13.jpg)
Web-Enabled Network Devices
• The Google webspider often encounters web-enabled devices. These allow an administrator to query their status or manage their configuration using a web browser.
• You may also be able to access network statistics this way.
![Page 14: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/14.jpg)
Searches to Worry About
• Site:• Intitle:index.of• Error|warning• Login|logon• Username|userid|
employee.ID| “your username is”
• Password|passcode| “your password is”
• Admin|administrator• -ext:html -ext:htm
-ext:shtml -ext:asp -ext:php
• Inurl:temp|inurl:tmp| inurl:backup|inurl:bak
• Intranet|help.desk
![Page 15: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/15.jpg)
Protecting Yourselves
• Solid security policy• Public web servers are Public!• Disable directory listings• Block crawlers with robots.txt• <META NAME=“ROBOTS”
CONTENT=“NOARCHIVE”>• NOSNIPPET is similar.
![Page 16: Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD](https://reader036.vdocuments.mx/reader036/viewer/2022082510/5a4d1b2f7f8b9ab05999a4dc/html5/thumbnails/16.jpg)
More Protection
• Passwords• Delete anything you don’t need from the
standard webserver configuration• Keep your system patched.• Hack yourself• If sensitive data gets into Google, use the
URL removal tools to delete it.