220 likes | 437 Views
G o o g l e as a Hacking Tool. James Lee 2005-03-28. Advanced Searching. Operators. filetype site “” +, -, OR wildcards * and . site :. filetype:. Operators. http://slashdot.org/article.pl?sid=05/03/02/201216. Operators. inurl intext intitle numrange. site:slashdot.org.
E N D
Google as a Hacking Tool James Lee 2005-03-28
Operators • filetype • site • “” • +, -, OR • wildcards * and .
site: filetype: Operators http://slashdot.org/article.pl?sid=05/03/02/201216
Operators • inurl • intext • intitle • numrange
site:slashdot.org intitle:livecd intext:LG3D numrange:2-7
!! wow! Site Mapping • site: nmt.edu
Site Mapping • site:nmt.edu • -site:infohost.nmt.edu • -site:www.nmt.edu • ...
Web Administration • phpMyAdmin • intitle:phpMyAdmin "Welcome to phpMyAdmin" "running on * as root@*" • phpNuke • inurl:admin.php “There are no Administrators”
Using the Google cache • Everything so far had to request a page from the target’s web server • Using Google’s cache, we can avoid this
Using the Google cache What exactly happens when we click on “Cached” pages?
That didn’t work... This line gives a clue:
Using the Google cache • Now the conversation is strictly between us and Google.
Using the Google cache • The difference is “&strip=1” • No images are requested, only the text that Google keeps on their servers • Now we can query anonymously • This means fewer entries in IDS logs
Conclusions • Patches probably won’t help • Pay attention to your configuration • If it’s not supposed to be public, protect it • put it on an internal development host • htaccess
References • http://johnny.ihackstuff.com/ • http://www.google.com/advanced_search • http://www.google.com/help/refinesearch.html • http://www.phpmyadmin.net • http://www.phpnuke.org • http://www.mysql.com
Questions?Google as a Hacking Tool James Lee 2005-03-28