Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright Security-Assessment.com 2005 GoogleMonster Using The Google Search Engine For Underhand Purposes by Nick von Dadelszen.

Published byMarianna McDowell Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright Security-Assessment.com 2005 GoogleMonster Using The Google Search Engine For Underhand Purposes by Nick von Dadelszen."— Presentation transcript:

1 Copyright Security-Assessment.com 2005 GoogleMonster Using The Google Search Engine For Underhand Purposes by Nick von Dadelszen

2 Copyright Security-Assessment.com 2005 Introduction Google is a great search tool Trolls Internet searching for pages Finds pages based on links Finds even those pages you don’t want people to know about Caches pages

3 Copyright Security-Assessment.com 2005 Simple Start We can use a standard Google search to find interesting pages such as indexes. “index of /etc” “index of /etc” passwd “index of /etc” shadow Lots of irrelevant results

4 Copyright Security-Assessment.com 2005 Advanced Operators Google allows us to do more than just simple searching using advanced operators E.g. – filetype: – inanchor: – intext: – intitle: – inurl: – site:

5 Copyright Security-Assessment.com 2005 Using Advanced Operators We can now search in the Title field for indexed pages intitle:index.of./etc passwd intitle:index.of./etc shadow Results are now a lot more relevant

6 Copyright Security-Assessment.com 2005 Filetype We can use the filetype: operator to find particular files such as Excel spreadsheets, configuration files and databases password filetype:xls filetype:config web.config -CVS filetype:mdb users.mdb

7 Copyright Security-Assessment.com 2005 Combining Operators We can combine multiple operators to create very specific searches filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To“ "# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd

8 Copyright Security-Assessment.com 2005 Searching For Vulnerabilities We can use Google to search for specific web vulnerabilities +"Powered by phpBB 2.0.6..10" -phpbb.com - phpbb.pl inurl:citrix/metaframexp/default/login.asp? ClientDetection=On

9 Copyright Security-Assessment.com 2005 Enter the GHDB GHDB = Google Hacking Database Over 900 unique search criteria for finding information Created and maintained at johhny.ihackstuff.com

10 Copyright Security-Assessment.com 2005 Targeting Websites With all these searches, we can use the site: operator to restrict queries to a particular domain This allows an attacker to use google to test a site for vulnerabilities without actually touching that site. Enter Wikto – Web Server Assessment Tool

11 Copyright Security-Assessment.com 2005 Wikto Functionality Back-end Miner Nikto-like functionality Googler file searcher GoogleHacks GHDB tester

12 Copyright Security-Assessment.com 2005 Googler

13 Copyright Security-Assessment.com 2005 GoogleHacks

14 Copyright Security-Assessment.com 2005 Defending Against Google Attacks Ensure your web servers are well configured Regularly assess what information is available through Google

Download ppt "Copyright Security-Assessment.com 2005 GoogleMonster Using The Google Search Engine For Underhand Purposes by Nick von Dadelszen."

Similar presentations

Google as a Hacking Tool James Lee 2005-03-28. 2 Advanced Searching.

Google as a Hacking Tool James Lee Advanced Searching.
Session 2 Project Initiation. Goal You are Here Initiating the Project Meet with your academic supervisor to discuss their ideas and expectations for.

Session 2 Project Initiation. Goal You are Here Initiating the Project Meet with your academic supervisor to discuss their ideas and expectations for.
Advanced Google Becoming a Power Googler. (c) Thomas T. Kaun 2005 How Google Works PageRank: The number of pages link to any given page. “Importance”

Advanced Google Becoming a Power Googler. (c) Thomas T. Kaun 2005 How Google Works PageRank: The number of pages link to any given page. “Importance”
Google for Genealogists. Google's mission statement “Organize the world's information and make it universally accessible and useful.

Google for Genealogists. Google's mission statement “Organize the world's information and make it universally accessible and useful."
LIS618 lecture 9 Thomas Krichel 2003-04-06. Structure Google “theory”, see essay by Brin and Page fullpapers/1921/com1921.htm.

LIS618 lecture 9 Thomas Krichel Structure Google “theory”, see essay by Brin and Page fullpapers/1921/com1921.htm.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
Google hacking & optimizing search results Faris Aloul November 2011.

Google hacking & optimizing search results Faris Aloul November 2011.
Advanced Guide to Searching the Internet. Think about the best way to find legal information Three ways of locating information on the internet Three.

Advanced Guide to Searching the Internet. Think about the best way to find legal information Three ways of locating information on the internet Three.
Google Search Using internet search engine as a tool to find information related to creativity & innovation.

Google Search Using internet search engine as a tool to find information related to creativity & innovation.
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.

Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
Introduction The Basic Google Hacking Techniques How to Protect your Websites.

Introduction The Basic Google Hacking Techniques How to Protect your Websites.
Page 1 June 2, 2015 Optimizing for Search Making it easier for users to find your content.

Page 1 June 2, 2015 Optimizing for Search Making it easier for users to find your content.
Copyright Security-Assessment.com 2005 From The Trenches (Australia) What We Are Seeing Within Security Today by Peter Benson.

Copyright Security-Assessment.com 2005 From The Trenches (Australia) What We Are Seeing Within Security Today by Peter Benson.
Searching The Web Search Engines are computer programs (variously called robots, crawlers, spiders, worms) that automatically visit Web sites and, starting.

Searching The Web Search Engines are computer programs (variously called robots, crawlers, spiders, worms) that automatically visit Web sites and, starting.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
IDK0040 Võrgurakendused I Building a site: Publicising Deniss Kumlander.

IDK0040 Võrgurakendused I Building a site: Publicising Deniss Kumlander.
Databases & Data Warehouses Chapter 3 Database Processing.

Databases & Data Warehouses Chapter 3 Database Processing.
Getting on the Web CCSD Technology Team. Post a page to the Web using a simple file transfer process Goal: Process: Create a Web page using Microsoft.

Getting on the Web CCSD Technology Team. Post a page to the Web using a simple file transfer process Goal: Process: Create a Web page using Microsoft.
MIS 5211.001 Week 3 Site:

MIS Week 3 Site:

Similar presentations

Ads by Google