GoSecure Inc.

03/07/2007

Hacking with Google for fun and profit!
October 2004
Robert Masse & Jian Hui Wang

GoSecure Inc.

03/07/2007

Agenda
    

Google Introduction & Features Google Search Technique Google Basic Operators Google Advanced Operators Google Hacking  Digging for “vulnerability gold”  Identifying operating systems  Vulnerability scanning  Proxying Protect your information from Google
2 03/07/2007

GoSecure Inc.

Google almost has it all! One of the most powerful databases in the world Consolidate a lot of info Usage: – Student … – Business … – Al’Qaeda …  One stop shop for attack. 3 03/07/2007 . addresses.Google Hacking      Google Search Technique – Just put the word and run the search You need to audit your Internet presence – One database. photos. maps. technical information GoSecure Inc.

GoSecure Inc. 4 03/07/2007 .

5 03/07/2007 .Google Hacking  Google Advance Search – A little more sophisticated …… GoSecure Inc.

GoSecure Inc. 6 03/07/2007 .

allinurl:. cache:.Google Hacking  Google Operators: – Operators are used to refine the results and to maximize the search value. site:. intitle:. inurl:. . allintitle:. define:. ~ . “”. rphonebook:. bphonebook:. phonebook:. numrange:. filetype:. They are your tools as well as hackers’ weapons   Basic Operators: +. -. daterange 7 03/07/2007 GoSecure Inc. link:.. *. OR Advanced Operators: – allintext:. intext:. |. info:. related:. .

digit. but “robert masse” only has 927 results.000 results. 8 03/07/2007 . how. Reduce the 99% irrelevant results GoSecure Inc.Google Hacking  Basic Operators – (+) force inclusion of something common – Google ignores common words (where. single letters) by default: Example: StarStar Wars Episode +I – (-) exclude a search term Example: apple –red – (“) use quotes around a search term to search exact phrases: Example: “Robert Masse” – Robert masse without “” has the 309.

Google Hacking  Basic Operators – (~) search synonym: Example: ~food – Return the results about food as well as recipe. 9 03/07/2007 .trix – Return the results of M@trix. – ( * ) any word wildcard GoSecure Inc. matrix. ) a single-character wildcard: Example: m. nutrition and cooking information – ( . metrix…….

If we search a specific site. 10 03/07/2007 .ca site:www.gosecure. usually we get the Web structure of the domain – Examples: site:ca site:gosecure.Google Hacking  Advanced Operators: “Site:” – Site: Domain_name – Find Web pages only on the specified domain.ca GoSecure Inc.

4. 11 03/07/2007 . Google Hacking GoSecure Inc.

wk5. wdb) .Google Hacking  Advanced Operators: “Filetype:” – Filetype: extension_type – Find documents with specified extensions – The supported extensions are: . wku) . wps.Microsoft Write (wri) .HyperText Markup Language (html) . wk4.Text (ans. pl files as long as it is text-compatible.Rich Text Format (rtf) . php and cgi. Example: Budget filetype: xls GoSecure Inc. wk3.Adobe Portable Document Format (pdf) .MacWrite (mw) .Lotus WordPro (lwp) .Microsoft Word (doc) .Microsoft Works (wks. 12 03/07/2007 . wks. txt) .Microsoft Excel (xls) .Microsoft PowerPoint (ppt) .Shockwave Flash (swf) – Note: We actually can search asp. wk2.Adobe PostScript (ps) . wki.Lotus 1-2-3 (wk1.

Google Hacking  Advanced Operators – A budget file we found ……. GoSecure Inc. 13 03/07/2007 .

14 03/07/2007 .GoSecure Inc.

Google Hacking  Advanced Operators “Intitle:” – – – – Intitle: search_term Find search term within the title of a Webpage Allintitle: search_term1 search_term2 search_term3 Find multiple search terms in the Web pages with the title that includes all these words – These operators are specifically useful to find the directory lists – Example: Find directory list: Intitle: Index. 15 03/07/2007 .of “parent directory” GoSecure Inc.

GoSecure Inc. 16 03/07/2007 .

Google Hacking  Advanced Operators “Inurl:” – – – – – Inurl: search_term Find search term in a Web address Allinurl: search_term1 search_term2 search_term3 Find multiple search terms in a Web address Examples: Inurl: cgi-bin Allinurl: cgi-bin password GoSecure Inc. 17 03/07/2007 .

18 03/07/2007 .GoSecure Inc.

– Examples: Intext: Administrator login Allintext: Administrator login GoSecure Inc.” – – – – Intext: search_term Find search term in the text body of a document. Allintext: search_term1 search_term2 search_term3 Find multiple search terms in the text body of a document.Google Hacking  Advanced Operators “Intext. 19 03/07/2007 .

GoSecure Inc. 20 03/07/2007 .

Google Hacking  Advanced Operators: “Cache:” – Cache: URL – Find the old version of Website in Google cache – Sometimes. 21 03/07/2007 . the old information might be found in cache – Examples: Cache: www.gosecure.com GoSecure Inc. even the site has already been updated.

22 03/07/2007 .GoSecure Inc.

Be sure to specify a unit of measure or some other indicator of what the number range represents – Examples: Computer $500.. 23 03/07/2007 . with no spaces. separated by two periods..350 GoSecure Inc.Google Hacking  Advanced Operators – <number1>.<number2> – Conduct a number range search by specifying two numbers.1000 DVD player $250..

GoSecure Inc. 24 03/07/2007 .

.10=2453196 2004.Google Hacking  Advanced Operators: “Daterange:” – – – – Daterange: <start_date>-<end date> Find the Web pages between start date and end date Note: start_date and end date use the Julian date The Julian date is calculated by the number of days since January 1.07. 4713 BC.08. the Julian date for August 1.10=2453258 – Vulnerabilities date range: 2453196-2453258 25 03/07/2007 GoSecure Inc. For example. 2001 is 2452122 – Examples: 2004.

GoSecure Inc. 26 03/07/2007 .

ca Info: gosecure. 27 03/07/2007 .ca GoSecure Inc.Google Hacking  Advanced Operators “Link:” – – – – – – – – Link: URL Find the Web pages having a link to the specified URL Related: URL Find the Web pages that are “similar” to the specified Web page info: URL Present some information that Google has about that Web page Define: search_term Provide a definition of the words gathered from various online sources – Examples: Link: gosecure.ca Related: gosecure.

28 03/07/2007 .GoSecure Inc.

GoSecure Inc. 29 03/07/2007 .

30 03/07/2007 .GoSecure Inc.

31 03/07/2007 .GoSecure Inc.

Google Hacking  Advanced Operators “phonebook:” – – – – – – – Phonebook Search the entire Google phonebook rphonebook Search residential listings only bphonebook Search business listings only Examples: Phonebook: robert las vegas (robert in Las Vegas) Phonebook: (702) 944-2001 (reverse search.A GoSecure Inc. not always work) The phonebook is quite limited to U. 32 03/07/2007 .S.

GoSecure Inc. 33 03/07/2007 .

GoSecure Inc.

34 03/07/2007

Google Hacking

Google, Friend or Enemy?
– Google is everyone’s best friend (yours or hackers) – Information gathering and vulnerability identification are the tasks in the first phase of a typical hacking scenario – Passitive, stealth and huge data collection – Google can do more than search – Have you used Google to audit your organization today?

GoSecure Inc.

35 03/07/2007

Google Hacking

What can Google can do for a hacker?
– Search sensitive information like payroll, SIN, even the personal email box – Vulnerabilities scanner – Transparent proxy

GoSecure Inc.

36 03/07/2007

Google Hacking  Salary – Salary filetype: xls site: edu GoSecure Inc. 37 03/07/2007 .

GoSecure Inc. 38 03/07/2007 .

Google Hacking  Security social insurance number – Intitle: Payroll intext: ssn filetype: xls site: edu GoSecure Inc. 39 03/07/2007 .

40 03/07/2007 .GoSecure Inc.

41 03/07/2007 .Google Hacking  Security Social Insurance Number – Payroll intext: Employee intext: ssn iletype: xls GoSecure Inc.

GoSecure Inc. 42 03/07/2007 .

43 03/07/2007 .Google Hacking  Financial Information – Filetype: xls “checking account” “credit card” intext: Application -intext: Form (only 39 results) GoSecure Inc.

44 03/07/2007 .GoSecure Inc.

45 03/07/2007 .Google Hacking  Financial Information – Intitle: “Index of” finances.xls (9) GoSecure Inc.

GoSecure Inc. 46 03/07/2007 .

Google Hacking  Personal Mailbox – Intitle: Index. 47 03/07/2007 .of inurl: Inbox (456) (mit mailbox) GoSecure Inc.

48 03/07/2007 .GoSecure Inc.

got the private email messages GoSecure Inc. 49 03/07/2007 .Google Hacking  Personal Mailbox – After several clicks .

GoSecure Inc. 50 03/07/2007 .

Google Hacking  Personal Mailbox – Intitle: Index. 51 03/07/2007 .of inurl: Inbox (inurl: User OR inurl: Mail) (220) GoSecure Inc.

52 03/07/2007 .GoSecure Inc.

760) GoSecure Inc. 53 03/07/2007 .Google Hacking  Confidential Files – “not for distribution” confidential (1.

GoSecure Inc.

54 03/07/2007

Google Hacking

Confidential Files
– “not for distribution” confidential filetype: pdf (marketing info) (456)

GoSecure Inc.

55 03/07/2007

GoSecure Inc.

56 03/07/2007

Google Hacking     OS Detection Use the keywords of the default installation page of a Web server to search. 57 03/07/2007 . Use the title to search Use the footer in a directory index page GoSecure Inc.

58 03/07/2007 .Google Hacking  OS Detection-Windows – “Microsoft-IIS/5.0 server at” GoSecure Inc.

GoSecure Inc. 59 03/07/2007 .

Google Hacking  OS Detection . 60 03/07/2007 .Windows – Default web page? – Intitle: “Welcome to Windows 2000 Internet Services” GoSecure Inc.

GoSecure Inc. 61 03/07/2007 .

3. 62 03/07/2007 .3.Page.instead GoSecure Inc.this.for.Google Hacking  OS Detection –Apache 1.11-1.Apache seeing.26 – Intitle: Test.

63 03/07/2007 .GoSecure Inc.

Google Hacking  OS Detection-Apache SSL enable – Intitle: Test.page “SSL/TLS-aware” (127) GoSecure Inc. 64 03/07/2007 .

GoSecure Inc. 65 03/07/2007 .

66 03/07/2007 .Google Hacking  Search Passwords – Search the well known password filenames in URL – Search the database connection files or configuration files to find a password and username – Search specific username file for a specific product GoSecure Inc.

67 03/07/2007 . Search Passwords – Inurl: etc inurl: passwd GoSecure Inc.

68 03/07/2007 .GoSecure Inc.

GoSecure Inc.

69 03/07/2007

Google Hacking

Search Passwords
– Intitle: “Index of..etc” passwd

GoSecure Inc.

70 03/07/2007

GoSecure Inc.

71 03/07/2007

Google Hacking  Search Passwords – "# -FrontPage-" inurl: service. 72 03/07/2007 .pwd (then crack it) GoSecure Inc.

GoSecure Inc. 73 03/07/2007 .

74 03/07/2007 .Google Hacking  Search Passwords – Inurl: admin.pwd filetype: pwd GoSecure Inc.

GoSecure Inc. 75 03/07/2007 .

76 03/07/2007 .Google Hacking  Search Passwords – Filetype: inc dbconn GoSecure Inc.

GoSecure Inc. 77 03/07/2007 .

78 03/07/2007 .Google Hacking  Search Passwords – Filetype: inc intext: mysql_connect GoSecure Inc.

79 03/07/2007 .GoSecure Inc.

Google Hacking  Search Passwords – Filetype: ini +ws_ftp +pwd (get the encrypted passwords) GoSecure Inc. 80 03/07/2007 .

GoSecure Inc. 81 03/07/2007 .

log” GoSecure Inc.Google Hacking  Search Passwords – Filetype: log inurl: “password. 82 03/07/2007 .

83 03/07/2007 .GoSecure Inc.

84 03/07/2007 .Google Hacking  Search Username – +intext: "webalizer" +intext: “Total Usernames” +intext: “Usage Statistics for” GoSecure Inc.

GoSecure Inc. 85 03/07/2007 .

86 03/07/2007 .Google Hacking  License Key – Filetype: lic lic intext: key (33) (license key) GoSecure Inc.

GoSecure Inc. 87 03/07/2007 .

net (120) (cookie schema) GoSecure Inc.Google Hacking  Cookies Syntax – Filetype: inc inc intext: setcookie -cvs -examples sourceforge -site: php. 88 03/07/2007 .

89 03/07/2007 .GoSecure Inc.

90 03/07/2007 .Google Hacking  Sensitive Directories Listing – Powerful buzz word: Index of – Search the well known vulnerable directories names GoSecure Inc.

Google Hacking  Sensitive Directories Listing – “index of cgi-bin” (3590) GoSecure Inc. 91 03/07/2007 .

92 03/07/2007 .GoSecure Inc.

Google Hacking  Sensitive Directories Listing – Intitle: “Index of” cfide (coldfusion directory) GoSecure Inc. 93 03/07/2007 .

GoSecure Inc. 94 03/07/2007 .

95 03/07/2007 .of.Google Hacking  Sensitive Directories Listing – Intitle: index.winnt GoSecure Inc.

96 03/07/2007 .GoSecure Inc.

Google Hacking  Sensitive Directories Listing – Intitle: “index of” iissamples (dangeous iissamples) (32) GoSecure Inc. 97 03/07/2007 .

GoSecure Inc. 98 03/07/2007 .

Google Hacking  Sensitive Directories Listing – Inurl: iissamples (1080) GoSecure Inc. 99 03/07/2007 .

100 03/07/2007 .GoSecure Inc.

101 03/07/2007 .Google Hacking  Database Manipulation – Different database applications leave different signatures on the database files GoSecure Inc.

Google Hacking  Database Manipulation – “Welcome to phpMyAdmin” AND “Create new database” -intext: “No Priviledge” (find a page that might have privilege to update mysql) GoSecure Inc. 102 03/07/2007 .

103 03/07/2007 .GoSecure Inc.

104 03/07/2007 . we got this) GoSecure Inc.Google Hacking  Database Manipulation – “Welcome to phpMyAdmin” AND “Create new database” (after several hits.

105 03/07/2007 .GoSecure Inc.

Google Hacking  Database Manipulation – “Select a database to view” intitle: “filemaker pro” (94) Filemaker GoSecure Inc. 106 03/07/2007 .

107 03/07/2007 .GoSecure Inc.

Google Hacking  Database Manipulation – After several clicks and you can query the table GoSecure Inc. 108 03/07/2007 .

GoSecure Inc. 109 03/07/2007 .

com –cvs (289) (backup data of mysqldump) GoSecure Inc.Google Hacking  Database Manipulation – “# Dumping data for table (username|user|users| password)” -site: mysql. 110 03/07/2007 .

GoSecure Inc. 111 03/07/2007 .

Google Hacking  Database Manipulation – “# Dumping data for table (username|user|users| password)” –site: mysql. 112 03/07/2007 .com -cvs GoSecure Inc.

GoSecure Inc. 113 03/07/2007 .

Google Hacking  Database Manipulation – “# Dumping data for table (username|user|users| password)” -site: mysql. 114 03/07/2007 .com –cvs GoSecure Inc.

GoSecure Inc. 115 03/07/2007 .

Google Hacking  Sensitive System Information – Network security reports have lists of vulnerabilities for your system – Configuration files often contain the application parameters inventory GoSecure Inc. 116 03/07/2007 .

Google Hacking  Network Security Report (ISS) – “Network Host Assessment Report” “Internet Scanner” (iss report) (13) GoSecure Inc. 117 03/07/2007 .

118 03/07/2007 .GoSecure Inc.

Google Hacking  Network Security Report (ISS) – “Host Vulnerability Summary Report” (ISS report) (25) GoSecure Inc. 119 03/07/2007 .

120 03/07/2007 .GoSecure Inc.

Google Hacking  Network Security Report (nessus) – “This file was generated by Nessus” || intitle:”Nessus Scan Report” -site:nessus.org (185) GoSecure Inc. 121 03/07/2007 .

GoSecure Inc. 122 03/07/2007 .

Google Hacking  Network Scanner Report (Snort) – “SnortSnarf alert page” (15. 123 03/07/2007 .500) GoSecure Inc.

124 03/07/2007 .GoSecure Inc.

125 03/07/2007 . acid alert database) GoSecure Inc.Google Hacking  Network Security Report (Snort) – Intitle: “Analysis Console for Intrusion Databases” +intext:”by Roman Danyliw” inurl:acid/ acid_main.php (13 results.

126 03/07/2007 .GoSecure Inc.

txt) – (inurl: “robot.Google Hacking  Configuration Files (robots.txt” | inurl: “robots.txt means to protect you privacy from crawlers – But allows you to determine the file system architecture GoSecure Inc. 127 03/07/2007 .txt”) intext:disallow filetype:txt – Robots.

128 03/07/2007 .GoSecure Inc.

129 03/07/2007 .Google Hacking  A vulnerable targets scanning example – – – – Get the new vulnerabilities from advisory Find the signature from vendor Website Google search to find the targets Perform further malicious actions GoSecure Inc.

130 03/07/2007 .Google Hacking  An advisory looks like…… GoSecure Inc.

131 03/07/2007 .GoSecure Inc.

132 03/07/2007 .Google Hacking  Vendor Website Information GoSecure Inc.

133 03/07/2007 .GoSecure Inc.

asp GoSecure Inc. 134 03/07/2007 .Google Hacking  Google search…… – Inurl: smartguestbook.

135 03/07/2007 .GoSecure Inc.

136 03/07/2007 .Google Hacking  The victim’s Website GoSecure Inc.

GoSecure Inc. 137 03/07/2007 .

138 03/07/2007 .Google Hacking  Download the database…… Game over GoSecure Inc.

139 03/07/2007 .GoSecure Inc.

Google Hacking  Transparent Proxy – Normal surfing on www. 140 03/07/2007 .myip.nu GoSecure Inc.

GoSecure Inc. 141 03/07/2007 .

Google Hacking  Transparent Proxy – When we use Google translation tool to surf www. 142 03/07/2007 .myip.nu GoSecure Inc.

GoSecure Inc. 143 03/07/2007 .

144 03/07/2007 . which helps to do the external vulnerability assessment. See: http:// johnny. including the ethical implications of its use. They issue a free licence limited to 1000 queries/ day to Google – Gooscan – Gooscan is a UNIX (Linux/BSD/Mac OS X) tool that automates queries against Google search appliances.ihackstuff.Google Hacking  Google Automated Scanning – Google doesn’t like the idea about automating Google scan.com GoSecure Inc. For more information about this tool.

Google Hacking  Google Automated Tools – SiteDigger – SiteDigger searches Google’s cache to look for vulnerabilities. proprietary information.com GoSecure Inc. configuration issues. errors.foundstone. and interesting security nuggets on Web sites. See: http://www. 145 03/07/2007 .

GoSecure Inc. 146 03/07/2007 .

It supports an open XML configuration format to support multiple search engines (not just Google) GoSecure Inc. 147 03/07/2007 .Google Hacking  Google Automated Tools – Athena – Another Google query tool.

GoSecure Inc. 148 03/07/2007 .

com. it has many different examples of unbelievable things: http:// johnny. 149 03/07/2007 . GoSecure Inc.Google Hacking  Google Materials – Googledorks – The famous Google Hack Website.ihackstuff.

150 03/07/2007 .GoSecure Inc.

Google Hacking

GoSecure Inc.

151 03/07/2007

Google Hacking

Google Materials
– Freshgoo – Search Google for the page published on today, yesterday, within the last seven days or last 30 days: http:// www.freshgoo.com/index.php

GoSecure Inc.

152 03/07/2007

GoSecure Inc.

153 03/07/2007

google. Clienless VPN) – Disable directory browsing – Google hack your Website – Consider removing your site from Google's index: http://www.com/remove.Google Hacking  Protect Your Data – Keep patching your systems and applications – Keep your sensitive data off the Web apply authentication – (RSA.txt file to against Web crawlers: http://www.robotstxt.html. 154 03/07/2007 . – Use a robots.org. GoSecure Inc.

Google Hacking References Google APIS: www.oreilly.com/texts/google.com/apis Remove: http://www.txt “Google: Net Hacker Tool du Jour: http://www.smart-dev.1377.wired.php?op=modload&name= ownloads&file=index&req=viewdownload&cid=1 “Autism: Using google to hack: www.com/modules. 155 03/07/2007 .html Googledorks: http://johnny.com/catalog/googlehks/ Google Hack Presentation.ihackstuff.00.google.html GoSecure Inc.google.com/news/infostructure/0.ihackstuff.com/ O’reilly Google Hack: http://www.57897.com/remove. Jonhnny Long: http://johnny.

Québec. suite 900 Montréal.ca www. 156 03/07/2007 .Contact Information: Robert Masse rmasse@gosecure. Canada H2Y 2G2 514-287-7427 GoSecure Inc.ca 407 McGill.GoSecure.

Sign up to vote on this title
UsefulNot useful