g o o g l e as a hacking tool n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
G o o g l e as a Hacking Tool PowerPoint Presentation
Download Presentation
G o o g l e as a Hacking Tool

Loading in 2 Seconds...

play fullscreen
1 / 22

G o o g l e as a Hacking Tool - PowerPoint PPT Presentation


  • 146 Views
  • Uploaded on

G o o g l e as a Hacking Tool. James Lee 2005-03-28. Advanced Searching. Operators. filetype site “” +, -, OR wildcards * and . site :. filetype:. Operators. http://slashdot.org/article.pl?sid=05/03/02/201216. Operators. inurl intext intitle numrange. site:slashdot.org.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'G o o g l e as a Hacking Tool' - selma


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
g o o g l e as a hacking tool

Google as a Hacking Tool

James Lee

2005-03-28

operators
Operators
  • filetype
  • site
  • “”
  • +, -, OR
  • wildcards * and .
operators1

site:

filetype:

Operators

http://slashdot.org/article.pl?sid=05/03/02/201216

operators2
Operators
  • inurl
  • intext
  • intitle
  • numrange
slide6

site:slashdot.org

intitle:livecd

intext:LG3D

numrange:2-7

site mapping

!!

wow!

Site Mapping
  • site:

nmt.edu

site mapping1
Site Mapping
  • site:nmt.edu
  • -site:infohost.nmt.edu
  • -site:www.nmt.edu
  • ...
web administration
Web Administration
  • phpMyAdmin
    • intitle:phpMyAdmin "Welcome to phpMyAdmin" "running on * as root@*"
  • phpNuke
    • inurl:admin.php “There are no Administrators”
using the google cache
Using the Google cache
  • Everything so far had to request a page from the target’s web server
  • Using Google’s cache, we can avoid this
using the google cache1
Using the Google cache

What exactly happens when we click on “Cached” pages?

slide17
That didn’t work...

This line

gives a

clue:

using the google cache2
Using the Google cache
  • Now the conversation is strictly between us and Google.
using the google cache3
Using the Google cache
  • The difference is “&strip=1”
  • No images are requested, only the text that Google keeps on their servers
  • Now we can query anonymously
    • This means fewer entries in IDS logs
conclusions
Conclusions
  • Patches probably won’t help
  • Pay attention to your configuration
  • If it’s not supposed to be public, protect it
    • put it on an internal development host
    • htaccess
references
References
  • http://johnny.ihackstuff.com/
  • http://www.google.com/advanced_search
  • http://www.google.com/help/refinesearch.html
  • http://www.phpmyadmin.net
  • http://www.phpnuke.org
  • http://www.mysql.com