Presentation is loading. Please wait.

Presentation is loading. Please wait.

Google Hacking: Tame the internet Information Assurance Group 2011.

Published byBrian O’Connor’ Modified over 8 years ago

Similar presentations

Presentation on theme: "Google Hacking: Tame the internet Information Assurance Group 2011."— Presentation transcript:

1 Google Hacking: Tame the internet Information Assurance Group 2011

2 What is Google Hacking? My Def: Using Google in a clever way to find things that shouldn’t be found. Wikipedia: Gogle hacking is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.computer hacking Google SearchGoogleconfigurationcomputer code websites

3 Advanced Search Operators OPERATOR : KEYWORD intitle / allintitle - in The title bar inurl / allinurl – in the URL link – pages that link to site - only that site filetype – only with a certain extension cache – only search cached copies of pages.

4 Logic Operators + Numbers ##..## - Number ranges ie. 1..1000 * - Wild card “I * cats” = I love cats, I hate cats, I eat cats… AND OR NOT – AND, is default, it tries to find both. TRIES. OR, I love (dogs OR cats), but not both. Use pipe symbol | NOT, use a “minus sign” I love pets –dogs, all but dogs. +, use a “plus sign” to force a word to be included. ( ), Use parentheses for grouping “ “, Use quotes for phrases

5 Getting Creative Can you think of a way to find social security numbers? 100000000..199999999 What happens? Google knows you’re up to no good. Try numrange:100000000-199999999 instead Suggest you are looking for social security numbers, add ssn Get rid of garbage using the NOT operator -123456789 Specify only SQL Databases. filetype:sql

6 Using the GHDB Luckily, there is a database of Google Hacks to find all sorts of things. http://www.exploit-db.com/google-dorks/ Vulnerable Servers / Files, Login Portals, Passwords, Errors, and more! Many older Hacks no longer return anything interesting. Why?

7 GHDB Demo 1 DVR Login http://www.exploit-db.com/ghdb/1397/ http://www.exploit-db.com/ghdb/1397/ allintitle:”DVR Login” Filter out some garbage results by subtracting words -issue -failed -free -forum -download –youtube Click on some of the links. The Default login…. admin / admin, But wait! Lets talk legality….

8 Is it Legal? Is it Legal to type admin / admin to see if you can log in? What about if it didn’t work? Is it legal to search for these things in google? Is it legal to click on the search results?

9 Office Cams http://www.exploit-db.com/ghdb/1008/

10 GHDB Demo 2 http://www.exploit-db.com/ghdb/3612/ Somewhere in the links is http://210.75.8.13/level/15/exec/- /clear/ip/igmp/grouphttp://210.75.8.13/level/15/exec/- /clear/ip/igmp/group A Whois reveals it is in china somewhere. You can execute commands But don’t.

11 GHDB Demo 3 filetype:sql “phpmyAdmin SQL Dump” First site, sql database dump. Emails, logins, passwords..

12 Smarter Google Hacking It’s fun to just find examples of errors through google, Say you want to focus on something specific. Start with site:specificsite.com Then systematically look for: error pages, different file types, login pages….

13 One More Thing. Way Back Machine Allows you to view web sites from the past. www.archive.org Try looking at IUP’s website, in 1999? 2001?

14 END Information Assurance Group 2011

Download ppt "Google Hacking: Tame the internet Information Assurance Group 2011."

Similar presentations

WordPress Installation for Beginners Sheila Bergman

WordPress Installation for Beginners Sheila Bergman
B: STUDENT DRIVE MOVE INSTRUCTIONS. Using Internet Explorer: From your computers desktop, double click on the Internet Explorer icon. (Internet Explorer.

B: STUDENT DRIVE MOVE INSTRUCTIONS. Using Internet Explorer: From your computers desktop, double click on the Internet Explorer icon. (Internet Explorer.
E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.

E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.
Editorial roles Members of a Manila site can be assigned an editorial role if you want to grant them access to write stories or modify the appearance of.

Editorial roles Members of a Manila site can be assigned an editorial role if you want to grant them access to write stories or modify the appearance of.
Google as a Hacking Tool James Lee 2005-03-28. 2 Advanced Searching.

Google as a Hacking Tool James Lee Advanced Searching.
Becoming a search ninja.. First. Know your enemy.

Becoming a search ninja.. First. Know your enemy.
Installing Instant WordPress 1)Download Instant WordPress from the following location:- 2) Double Click on the downloaded.

Installing Instant WordPress 1)Download Instant WordPress from the following location:- 2) Double Click on the downloaded.
1 State Records Center Searching and Requesting Inventory  Versatile web address:  Look for any new ‘Special.

1 State Records Center Searching and Requesting Inventory  Versatile web address:  Look for any new ‘Special.
Google Chrome & Search C Chapter 18. Objectives 1.Use Google Chrome to navigate the Word Wide Web. 2.Manage bookmarks for web pages. 3.Perform basic keyword.

Google Chrome & Search C Chapter 18. Objectives 1.Use Google Chrome to navigate the Word Wide Web. 2.Manage bookmarks for web pages. 3.Perform basic keyword.
Web Portal Training.

Web Portal Training.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Finding Credible Sources Research Report Library Presentation.

Finding Credible Sources Research Report Library Presentation.
Google hacking & optimizing search results Faris Aloul November 2011.

Google hacking & optimizing search results Faris Aloul November 2011.
Museum Box is a free website that allows users to create a project using cubes to organize information. Users can use text, images, sounds, web links and.

Museum Box is a free website that allows users to create a project using cubes to organize information. Users can use text, images, sounds, web links and.
Google Search Using internet search engine as a tool to find information related to creativity & innovation.

Google Search Using internet search engine as a tool to find information related to creativity & innovation.
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.

Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
Introduction The Basic Google Hacking Techniques How to Protect your Websites.

Introduction The Basic Google Hacking Techniques How to Protect your Websites.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)

Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)

Similar presentations

Ads by Google