1 / 22

G o o g l e as a Hacking Tool

G o o g l e as a Hacking Tool. James Lee 2005-03-28. Advanced Searching. Operators. filetype site “” +, -, OR wildcards * and . site :. filetype:. Operators. http://slashdot.org/article.pl?sid=05/03/02/201216. Operators. inurl intext intitle numrange. site:slashdot.org.

selma
Download Presentation

G o o g l e as a Hacking Tool

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Google as a Hacking Tool James Lee 2005-03-28

  2. Advanced Searching

  3. Operators • filetype • site • “” • +, -, OR • wildcards * and .

  4. site: filetype: Operators http://slashdot.org/article.pl?sid=05/03/02/201216

  5. Operators • inurl • intext • intitle • numrange

  6. site:slashdot.org intitle:livecd intext:LG3D numrange:2-7

  7. !! wow! Site Mapping • site: nmt.edu

  8. Site Mapping • site:nmt.edu • -site:infohost.nmt.edu • -site:www.nmt.edu • ...

  9. Web Administration • phpMyAdmin • intitle:phpMyAdmin "Welcome to phpMyAdmin" "running on * as root@*" • phpNuke • inurl:admin.php “There are no Administrators”

  10. If you’re an administrator...

  11. Please don’t do this

  12. Or this.

  13. If you’re a developer...

  14. Please don’t do this

  15. Using the Google cache • Everything so far had to request a page from the target’s web server • Using Google’s cache, we can avoid this

  16. Using the Google cache What exactly happens when we click on “Cached” pages?

  17. That didn’t work... This line gives a clue:

  18. Using the Google cache • Now the conversation is strictly between us and Google.

  19. Using the Google cache • The difference is “&strip=1” • No images are requested, only the text that Google keeps on their servers • Now we can query anonymously • This means fewer entries in IDS logs

  20. Conclusions • Patches probably won’t help • Pay attention to your configuration • If it’s not supposed to be public, protect it • put it on an internal development host • htaccess

  21. References • http://johnny.ihackstuff.com/ • http://www.google.com/advanced_search • http://www.google.com/help/refinesearch.html • http://www.phpmyadmin.net • http://www.phpnuke.org • http://www.mysql.com

  22. Questions?Google as a Hacking Tool James Lee 2005-03-28

More Related