20/09/2018 Hacking with Google for fun and profit! October 2004 Robert Masse & Jian Hui Wang GoSecure Inc.

Slides:



Advertisements
Similar presentations
Adapted from A Google Gambol (Internet Librarian 2003) Greg Notess, Creator, Search Engine Showdown & Reference Librarian, Montana State University.
Advertisements

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.
Google for Genealogists. Google's mission statement “Organize the world's information and make it universally accessible and useful."
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Google hacking & optimizing search results Faris Aloul November 2011.
Advanced searches in To find the Google Advanced search Google advanced search Type these words into Google search bar.
Lesson 13 PROTECTING AND SHARING DOCUMENTS
Google Search Using internet search engine as a tool to find information related to creativity & innovation.
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Server-Side vs. Client-Side Scripting Languages
Searching The Web Search Engines are computer programs (variously called robots, crawlers, spiders, worms) that automatically visit Web sites and, starting.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Google is the Internet’s most popular search engine.
Topics Basic Internet Concepts. Types of Information. Search Tools & Techniques. Managing Internet Resources. Browsing a mail. Composing a mail. Attaching.
2007 WICSEC Conference September 30th - October 4th, 2007 Internet Research Techniques Moderator: Michael Samal Presenters: Tamera Cleveland & Matthew.
GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.
Wasim Rangoonwala ID# CS-460 Computer Security “Privacy is the claim of individuals, groups or institutions to determine for themselves when,
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
CIS 451: Servers, CGI and Log Files Dr. Ralph D. Westfall January, 2009.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
- prevents a search term to show in results for example searching for doughnut -cream can hel p you to avoid creamy doughnutsdoughnut -cream  “ “  using.
MIS Week 3 Site:
Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop Hackers Copyright ©2004 Foundstone, Inc. All Rights Reserved.
Copyright Security-Assessment.com 2005 GoogleMonster Using The Google Search Engine For Underhand Purposes by Nick von Dadelszen.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Web Hosting Control Panel. Our web hosting control panel has been created to provide you with all the tools you need to make the most of your website.
Google This presentation is meant to be a handy tool to help you in your web searches. There is much more in Google than I present here but I hope this.
陈贵梧 Chen Gui-wu Search. Outline l Google Overview l Basics of Google Search l Advanced Search Made Easy l Search Results Page l Google Tools l Questions.
A presentation by Patrick Douglas Crispen NetSquirrel.com.
WEB SERVER SOFTWARE FEATURE SETS
Searching the Internet. What is the best search tool?
A presentation by Patrick Douglas Crispen NetSquirrel.com Modified 2013 by Michael Wood.
Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Windows Administration How to protect your computer.
Introduction. Internet Worldwide collection of computers and computer networks that link people to businesses, governmental agencies, educational institutions,
Modern information gathering Dave van Stein 9 april 2009.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Google Hacking: Tame the internet Information Assurance Group 2011.
● The most common website platform ● User friendly-easy to edit ● Constantly improving-updates, plugins, themes Why WordPress?
Tools We Are Going To Use
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Lesson 13 PROTECTING AND SHARING DOCUMENTS
ArcGIS for Server Security: Advanced
Searching the Internet
Web Programming Language
Chapter Objectives In this chapter, you will learn:
Secure Software Confidentiality Integrity Data Security Authentication
Unit 11 Using the Internet & Browsing the Web
Intro to Ethical Hacking
OWASP CONSUMER TOP TEN SAFE WEB HABITS
Common Security Mistakes
Lesson 13 PROTECTING AND SHARING DOCUMENTS
Microsoft FrontPage 2003 Illustrated Complete
Searching the Internet
Chapter 8 Working with Databases and MySQL
Configuring Internet-related services
Online Translation Service Capstone Design
The Art of Passive Recon
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Designing IIS Security (IIS – Internet Information Service)
Web Application Development Using PHP
Presentation transcript:

20/09/2018 Hacking with Google for fun and profit! October 2004 Robert Masse & Jian Hui Wang GoSecure Inc.

Agenda Google Introduction & Features Google Search Technique 20/09/2018 Agenda Google Introduction & Features Google Search Technique Google Basic Operators Google Advanced Operators Google Hacking Digging for “vulnerability gold” Identifying operating systems Vulnerability scanning Proxying Protect your information from Google GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Google Search Technique 20/09/2018 Google Hacking Google Search Technique Just put the word and run the search You need to audit your Internet presence One database, Google almost has it all! One of the most powerful databases in the world Consolidate a lot of info Usage: Student … Business … Al’Qaeda … One stop shop for attack, maps, addresses, photos, technical information GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Google Advance Search A little more sophisticated …… 20/09/2018 Google Hacking Google Advance Search A little more sophisticated …… GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Google Operators: Basic Operators: 20/09/2018 Google Hacking Google Operators: Operators are used to refine the results and to maximize the search value. They are your tools as well as hackers’ weapons Basic Operators: +, -, ~ , ., *, “”, |, OR Advanced Operators: allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Basic Operators (+) force inclusion of something common 20/09/2018 Google Hacking Basic Operators (+) force inclusion of something common Google ignores common words (where, how, digit, single letters) by default: Example: StarStar Wars Episode +I (-) exclude a search term Example: apple –red (“) use quotes around a search term to search exact phrases: Example: “Robert Masse” Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Basic Operators (~) search synonym: Example: ~food 20/09/2018 Google Hacking Basic Operators (~) search synonym: Example: ~food Return the results about food as well as recipe, nutrition and cooking information ( . ) a single-character wildcard: Example: m.trix Return the results of M@trix, matrix, metrix……. ( * ) any word wildcard GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Advanced Operators: “Site:” Site: Domain_name 20/09/2018 Google Hacking Advanced Operators: “Site:” Site: Domain_name Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain Examples: site:ca site:gosecure.ca site:www.gosecure.ca GoSecure Inc. 20/09/2018 GoSecure Inc.

20/09/2018 4. Google Hacking GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Advanced Operators: “Filetype:” 20/09/2018 Google Hacking Advanced Operators: “Filetype:” Filetype: extension_type Find documents with specified extensions The supported extensions are: - HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb) - Lotus 1-2-3 - Microsoft Excel (xls) (wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans, txt) Note: We actually can search asp, php and cgi, pl files as long as it is text-compatible. Example: Budget filetype: xls GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Advanced Operators A budget file we found ……. 20/09/2018 Google Hacking Advanced Operators A budget file we found ……. GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Advanced Operators “Intitle:” Intitle: search_term 20/09/2018 Google Hacking Advanced Operators “Intitle:” Intitle: search_term Find search term within the title of a Webpage Allintitle: search_term1 search_term2 search_term3 Find multiple search terms in the Web pages with the title that includes all these words These operators are specifically useful to find the directory lists Example: Find directory list: Intitle: Index.of “parent directory” GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Advanced Operators “Inurl:” Inurl: search_term 20/09/2018 Google Hacking Advanced Operators “Inurl:” Inurl: search_term Find search term in a Web address Allinurl: search_term1 search_term2 search_term3 Find multiple search terms in a Web address Examples: Inurl: cgi-bin Allinurl: cgi-bin password GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Advanced Operators “Intext;” Intext: search_term 20/09/2018 Google Hacking Advanced Operators “Intext;” Intext: search_term Find search term in the text body of a document. Allintext: search_term1 search_term2 search_term3 Find multiple search terms in the text body of a document. Examples: Intext: Administrator login Allintext: Administrator login GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Advanced Operators: “Cache:” Cache: URL 20/09/2018 Google Hacking Advanced Operators: “Cache:” Cache: URL Find the old version of Website in Google cache Sometimes, even the site has already been updated, the old information might be found in cache Examples: Cache: www.gosecure.com GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Advanced Operators <number1>..<number2> 20/09/2018 Google Hacking Advanced Operators <number1>..<number2> Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents Examples: Computer $500..1000 DVD player $250..350 GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Advanced Operators: “Daterange:” 20/09/2018 Google Hacking Advanced Operators: “Daterange:” Daterange: <start_date>-<end date> Find the Web pages between start date and end date Note: start_date and end date use the Julian date The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122 Examples: 2004.07.10=2453196 2004.08.10=2453258 Vulnerabilities date range: 2453196-2453258 GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Advanced Operators “Link:” Link: URL 20/09/2018 Google Hacking Advanced Operators “Link:” Link: URL Find the Web pages having a link to the specified URL Related: URL Find the Web pages that are “similar” to the specified Web page info: URL Present some information that Google has about that Web page Define: search_term Provide a definition of the words gathered from various online sources Examples: Link: gosecure.ca Related: gosecure.ca Info: gosecure.ca Define: Network security GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

GoSecure Inc. 20/09/2018

GoSecure Inc. 20/09/2018

GoSecure Inc. 20/09/2018

Google Hacking Advanced Operators “phonebook:” Phonebook 20/09/2018 Google Hacking Advanced Operators “phonebook:” Phonebook Search the entire Google phonebook rphonebook Search residential listings only bphonebook Search business listings only Examples: Phonebook: robert las vegas (robert in Las Vegas) Phonebook: (702) 944-2001 (reverse search, not always work) The phonebook is quite limited to U.S.A GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

GoSecure Inc. 20/09/2018

Google Hacking Google, Friend or Enemy? 20/09/2018 Google Hacking Google, Friend or Enemy? Google is everyone’s best friend (yours or hackers) Information gathering and vulnerability identification are the tasks in the first phase of a typical hacking scenario Passitive, stealth and huge data collection Google can do more than search Have you used Google to audit your organization today? GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking What can Google can do for a hacker? 20/09/2018 Google Hacking What can Google can do for a hacker? Search sensitive information like payroll, SIN, even the personal email box Vulnerabilities scanner Transparent proxy GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Salary Salary filetype: xls site: edu GoSecure Inc. 20/09/2018 Google Hacking Salary Salary filetype: xls site: edu GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Security social insurance number 20/09/2018 Google Hacking Security social insurance number Intitle: Payroll intext: ssn filetype: xls site: edu GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Security Social Insurance Number 20/09/2018 Google Hacking Security Social Insurance Number Payroll intext: Employee intext: ssn iletype: xls GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Financial Information 20/09/2018 Google Hacking Financial Information Filetype: xls “checking account” “credit card” - intext: Application -intext: Form (only 39 results) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Financial Information 20/09/2018 Google Hacking Financial Information Intitle: “Index of” finances.xls (9) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Personal Mailbox 20/09/2018 Google Hacking Personal Mailbox Intitle: Index.of inurl: Inbox (456) (mit mailbox) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Personal Mailbox 20/09/2018 Google Hacking Personal Mailbox After several clicks , got the private email messages GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Personal Mailbox 20/09/2018 Google Hacking Personal Mailbox Intitle: Index.of inurl: Inbox (inurl: User OR inurl: Mail) (220) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Confidential Files 20/09/2018 Google Hacking Confidential Files “not for distribution” confidential (1,760) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Confidential Files 20/09/2018 Google Hacking Confidential Files “not for distribution” confidential filetype: pdf (marketing info) (456) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking OS Detection 20/09/2018 Google Hacking OS Detection Use the keywords of the default installation page of a Web server to search. Use the title to search Use the footer in a directory index page GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking OS Detection-Windows “Microsoft-IIS/5.0 server at” 20/09/2018 Google Hacking OS Detection-Windows “Microsoft-IIS/5.0 server at” GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking OS Detection - Windows Default web page? 20/09/2018 Google Hacking OS Detection - Windows Default web page? Intitle: “Welcome to Windows 2000 Internet Services” IIS 5.0 GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking OS Detection –Apache 1.3.11-1.3.26 20/09/2018 Google Hacking OS Detection –Apache 1.3.11-1.3.26 Intitle: Test.Page.for.Apache seeing.this.instead GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking OS Detection-Apache SSL enable 20/09/2018 Google Hacking OS Detection-Apache SSL enable Intitle: Test.page “SSL/TLS-aware” (127) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Search Passwords 20/09/2018 Google Hacking Search Passwords Search the well known password filenames in URL Search the database connection files or configuration files to find a password and username Search specific username file for a specific product GoSecure Inc. 20/09/2018 GoSecure Inc.

Search Passwords Inurl: etc inurl: passwd GoSecure Inc. 20/09/2018

GoSecure Inc. 20/09/2018

GoSecure Inc. 20/09/2018

Google Hacking Search Passwords Intitle: “Index of..etc” passwd 20/09/2018 Google Hacking Search Passwords Intitle: “Index of..etc” passwd GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Search Passwords 20/09/2018 Google Hacking Search Passwords "# -FrontPage-" inurl: service.pwd (then crack it) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Search Passwords Inurl: admin.pwd filetype: pwd 20/09/2018 Google Hacking Search Passwords Inurl: admin.pwd filetype: pwd GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Search Passwords Filetype: inc dbconn GoSecure Inc. 20/09/2018 Google Hacking Search Passwords Filetype: inc dbconn GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Search Passwords Filetype: inc intext: mysql_connect 20/09/2018 Google Hacking Search Passwords Filetype: inc intext: mysql_connect GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Search Passwords 20/09/2018 Google Hacking Search Passwords Filetype: ini +ws_ftp +pwd (get the encrypted passwords) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Search Passwords Filetype: log inurl: “password.log” 20/09/2018 Google Hacking Search Passwords Filetype: log inurl: “password.log” GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Search Username 20/09/2018 Google Hacking Search Username +intext: "webalizer" +intext: “Total Usernames” +intext: “Usage Statistics for” GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking License Key 20/09/2018 Google Hacking License Key Filetype: lic lic intext: key (33) (license key) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Cookies Syntax 20/09/2018 Google Hacking Cookies Syntax Filetype: inc inc intext: setcookie -cvs -examples -sourceforge -site: php.net (120) (cookie schema) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Sensitive Directories Listing 20/09/2018 Google Hacking Sensitive Directories Listing Powerful buzz word: Index of Search the well known vulnerable directories names GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Sensitive Directories Listing “index of cgi-bin” (3590) 20/09/2018 Google Hacking Sensitive Directories Listing “index of cgi-bin” (3590) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Sensitive Directories Listing 20/09/2018 Google Hacking Sensitive Directories Listing Intitle: “Index of” cfide (coldfusion directory) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Sensitive Directories Listing Intitle: index.of.winnt 20/09/2018 Google Hacking Sensitive Directories Listing Intitle: index.of.winnt GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Sensitive Directories Listing 20/09/2018 Google Hacking Sensitive Directories Listing Intitle: “index of” iissamples (dangeous iissamples) (32) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Sensitive Directories Listing Inurl: iissamples (1080) 20/09/2018 Google Hacking Sensitive Directories Listing Inurl: iissamples (1080) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Database Manipulation 20/09/2018 Google Hacking Database Manipulation Different database applications leave different signatures on the database files GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Database Manipulation 20/09/2018 Google Hacking Database Manipulation “Welcome to phpMyAdmin” AND “Create new database” -intext: “No Priviledge” (find a page that might have privilege to update mysql) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Database Manipulation 20/09/2018 Google Hacking Database Manipulation “Welcome to phpMyAdmin” AND “Create new database” (after several hits, we got this) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Database Manipulation 20/09/2018 Google Hacking Database Manipulation “Select a database to view” intitle: “filemaker pro” (94) Filemaker GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Database Manipulation 20/09/2018 Google Hacking Database Manipulation After several clicks and you can query the table GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Database Manipulation 20/09/2018 Google Hacking Database Manipulation “# Dumping data for table (username|user|users|password)” -site: mysql.com –cvs (289) (backup data of mysqldump) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Database Manipulation 20/09/2018 Google Hacking Database Manipulation “# Dumping data for table (username|user|users|password)” –site: mysql.com -cvs GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Database Manipulation 20/09/2018 Google Hacking Database Manipulation “# Dumping data for table (username|user|users|password)” -site: mysql.com –cvs GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Sensitive System Information 20/09/2018 Google Hacking Sensitive System Information Network security reports have lists of vulnerabilities for your system Configuration files often contain the application parameters inventory GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Network Security Report (ISS) 20/09/2018 Google Hacking Network Security Report (ISS) “Network Host Assessment Report” “Internet Scanner” (iss report) (13) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Network Security Report (ISS) 20/09/2018 Google Hacking Network Security Report (ISS) “Host Vulnerability Summary Report” (ISS report) (25) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Network Security Report (nessus) 20/09/2018 Google Hacking Network Security Report (nessus) “This file was generated by Nessus” || intitle:”Nessus Scan Report” -site:nessus.org (185) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Network Scanner Report (Snort) 20/09/2018 Google Hacking Network Scanner Report (Snort) “SnortSnarf alert page” (15,500) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Network Security Report (Snort) 20/09/2018 Google Hacking Network Security Report (Snort) Intitle: “Analysis Console for Intrusion Databases” +intext:”by Roman Danyliw” inurl:acid/acid_main.php (13 results, acid alert database) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Configuration Files (robots.txt) 20/09/2018 Google Hacking Configuration Files (robots.txt) (inurl: “robot.txt” | inurl: “robots.txt”) intext:disallow filetype:txt Robots.txt means to protect you privacy from crawlers But allows you to determine the file system architecture GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking A vulnerable targets scanning example 20/09/2018 Google Hacking A vulnerable targets scanning example Get the new vulnerabilities from advisory Find the signature from vendor Website Google search to find the targets Perform further malicious actions GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking An advisory looks like…… GoSecure Inc. 20/09/2018

GoSecure Inc. 20/09/2018

Google Hacking Vendor Website Information GoSecure Inc. 20/09/2018

GoSecure Inc. 20/09/2018

Google Hacking Google search…… Inurl: smartguestbook.asp GoSecure Inc. 20/09/2018 Google Hacking Google search…… Inurl: smartguestbook.asp GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking The victim’s Website GoSecure Inc. 20/09/2018

GoSecure Inc. 20/09/2018

Google Hacking Download the database…… Game over GoSecure Inc. 20/09/2018 Google Hacking Download the database…… Game over GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Transparent Proxy Normal surfing on www.myip.nu 20/09/2018 Google Hacking Transparent Proxy Normal surfing on www.myip.nu GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Transparent Proxy 20/09/2018 Google Hacking Transparent Proxy When we use Google translation tool to surf www.myip.nu GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Google Automated Scanning 20/09/2018 Google Hacking Google Automated Scanning Google doesn’t like the idea about automating Google scan. They issue a free licence limited to 1000 queries/day to Google Gooscan Gooscan is a UNIX (Linux/BSD/Mac OS X) tool that automates queries against Google search appliances, which helps to do the external vulnerability assessment. For more information about this tool, including the ethical implications of its use. See: http://johnny.ihackstuff.com GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Google Automated Tools SiteDigger 20/09/2018 Google Hacking Google Automated Tools SiteDigger SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on Web sites. See: http://www.foundstone.com GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Google Automated Tools Athena 20/09/2018 Google Hacking Google Automated Tools Athena Another Google query tool. It supports an open XML configuration format to support multiple search engines (not just Google) GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Google Materials Googledorks 20/09/2018 Google Hacking Google Materials Googledorks The famous Google Hack Website, it has many different examples of unbelievable things: http://johnny.ihackstuff.com. GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

20/09/2018 Google Hacking GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking Google Materials Freshgoo 20/09/2018 Google Hacking Google Materials Freshgoo Search Google for the page published on today, yesterday, within the last seven days or last 30 days: http://www.freshgoo.com/index.php GoSecure Inc. 20/09/2018 GoSecure Inc.

GoSecure Inc. 20/09/2018

Google Hacking Protect Your Data 20/09/2018 Google Hacking Protect Your Data Keep patching your systems and applications Keep your sensitive data off the Web apply authentication (RSA, Clienless VPN) Disable directory browsing Google hack your Website Consider removing your site from Google's index: http://www.google.com/remove.html. Use a robots.txt file to against Web crawlers: http://www.robotstxt.org. GoSecure Inc. 20/09/2018 GoSecure Inc.

Google Hacking References 20/09/2018 Google Hacking References Google APIS: www.google.com/apis Remove: http://www.google.com/remove.html Googledorks: http://johnny.ihackstuff.com/ O’reilly Google Hack: http://www.oreilly.com/catalog/googlehks/ Google Hack Presentation, Jonhnny Long: http://johnny.ihackstuff.com/modules.php?op=modload&name= ownloads&file=index&req=viewdownload&cid=1 “Autism: Using google to hack: www.smart-dev.com/texts/google.txt “Google: Net Hacker Tool du Jour: http://www.wired.com/news/infostructure/0,1377,57897,00.html GoSecure Inc. 20/09/2018 GoSecure Inc.

Montréal, Québec, Canada H2Y 2G2 514-287-7427 20/09/2018 Contact Information: Robert Masse rmasse@gosecure.ca www.GoSecure.ca 407 McGill, suite 900 Montréal, Québec, Canada H2Y 2G2 514-287-7427 888-287-7427 24h Emergency Hotline GoSecure Inc. 20/09/2018 GoSecure Inc.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.