-Johnny Long
.Learn Google Searching Basics
Explore Google's Web-based Interface, build Google queries, and work with Google URLs.
.Use Advanced Operators to Perform Advanced Queries
Combine advanced operators and learn about colliding operators and bad search-fu.
.Learn the Ways of the Google Hacker
See how to use caches for anonymity and review directory listings and traversal techniques.
.Review Document Grinding and Database Digging
See the ways to use Google to locate documents and then search within the documents to locate information.
.Understand Google's Part in an Information Collection Framework
Learn the principles of automating searches and the applications of data mining.
.Locate Exploits and Finding Targets
Locate exploit code and then vulnerable targets.
.See Ten Simple Security Searches
Learn a few searches that give good results just about every time and are good for a security assessment.
.Track Down Web Servers
Locate and profile web servers, login portals, network hardware and utilities.
.See How Bad Guys Troll for Data
Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.
.Hack Google Services
Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more."
This book helps people find sensitive information on the Web.Google is one of the 5 most popular sites on the internet with more than 380 million unique users per month (Nielsen/NetRatings 8/05). But, Google's search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web including: social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers Volume 2 shows the art of manipulating Google used by security professionals and system administrators to find this sensitive information and "e;self-police? their own organizations.Readers will learn how Google Maps and Google Earth provide pinpoint military accuracy, see how bad guys can manipulate Google to create super worms, and see how they can "e;mash up"e; Google with MySpace, LinkedIn, and more for passive reconaissance.* Learn Google Searching BasicsExplore Google's Web-based Interface, build Google queries, and work with Google URLs.* Use Advanced Operators to Perform Advanced QueriesCombine advanced operators and learn about colliding operators and bad search-fu.* Learn the Ways of the Google HackerSee how to use caches for anonymity and review directory listings and traversal techniques.* Review Document Grinding and Database DiggingSee the ways to use Google to locate documents and then search within the documents to locate information. * Understand Google's Part in an Information Collection FrameworkLearn the principles of automating searches and the applications of data mining.* Locate Exploits and Finding TargetsLocate exploit code and then vulnerable targets.* See Ten Simple Security SearchesLearn a few searches that give good results just about every time and are good for a security assessment.* Track Down Web ServersLocate and profile web servers, login portals, network hardware and utilities.* See How Bad Guys Troll for DataFind ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.* Hack Google ServicesLearn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.
Front Cover 1
Google Hacking for Penetration Testers, Volume 2 4
Copyright Page 5
Contents 14
Chapter 1. Google Searching Basics 22
Introduction 23
Exploring Google's Web-based Interface 23
Building Google Queries 34
Working With Google URLs 43
Summary 65
Solutions Fast Track 65
Links to Sites 66
Frequently Asked Questions 67
Chapter 2. Advanced Operators 70
Introduction 71
Operator Syntax 72
Introducing Google's Advanced Operators 74
Colliding Operators and Bad Search-Fu 102
Summary 107
Solutions Fast Track 107
Links to Sites 111
Frequently Asked Questions 112
Chapter 3. Google Hacking Basics 114
Introduction 115
Anonymity with Caches 115
Directory Listings 121
Going Out on a Limb: Traversal Techniques 131
Summary 137
Solutions Fast Track 137
Links to Sites 139
Frequently Asked Questions 139
Chapter 4. Document Grinding and Database Digging. 142
Introduction 143
Configuration Files 144
Log Files 151
Database Digging 155
Automated Grinding 171
Google Desktop Search 174
Summary 177
Solutions Fast Track 177
Links to Sites 178
Frequently Asked Questions 179
Chapter 5. Google's Part in an Information Collection Framework 182
Introduction 183
The Principles of Automating Searches 183
Applications of Data Mining 217
Collecting Search Terms 233
Summary 243
Chapter 6. Locating Exploits and Finding Targets 244
Introduction 245
Locating Exploit Code 245
Locating Exploits Via Common Code Strings 247
Locating Code with Google Code Search 248
Locating Malware and Executables 251
Locating Vulnerable Targets 255
Summary 281
Solutions Fast Track 281
Links to Sites 282
Frequently Asked Questions 283
Chapter 7. Ten Simple Security Searches That Work 284
Introduction 285
site 285
intitle:index, of 286
error | warning 286
login | logon 288
username | userid I employee.ID I "your username is " 289
password I passcode I "your password is" 289
admin I administrator 290
-ext:html -ext:htm -ext:shtml -ext:asp -ext:php 292
inurl:temp I inurl:tmp | inurl:backup | inurl:bak 296
intranet | help.desk 296
Summary 298
Solutions Fast Track 298
Frequently Asked Questions 300
Chapter 8. Tracking Down Web Servers, Login Portals, and Network Hardware 302
Introduction 303
Locating and Profiling Web Servers 303
Locating Login Portals 330
Targeting Web-Enabled Network Devices 347
Locating Various Network Reports 348
Locating Network Hardware 351
Summary 361
Solutions Fast Track 361
Frequently Asked Questions 363
Chapter 9. Usernames, Passwords, and Secret Stuff, Oh My! 366
Introduction 367
Searching for Usernames 367
Searching for Passwords 373
Searching for Credit Card Numbers, Social Security Numbers, and More 382
Searching for Other Juicy Info 386
Summary 390
Solutions Fast Track 390
Frequently Asked Questions 391
Chapter 10. Hacking Google Services 394
AJAX Search API 395
Calendar 410
Blogger and Google's Blog Search 413
Signaling Alerts 423
Google Co-op 425
Google Code 431
Chapter 11. Google Hacking Showcase 440
Introduction 441
Geek Stuff 442
Cameras 459
Telco Gear 467
Power 472
Sensitive Info 476
Social Security Numbers 485
Beyond Google 493
Summary 498
Chapter 12. Protecting Yourself from Google Hackers 500
Introduction 501
A Good, Solid Security Policy 501
Web Server Safeguards 502
HackingYour Own Site 509
Getting Help from Google 536
Summary 538
Solutions Fast Track 538
Links to Sites 539
Frequently Asked Questions 540
Index 542
Chapter 2Advanced Operators
Solutions in this chapter:
- Operator Syntax
- introducing Google’s Advanced Operators
- Combining Advanced Operators
- Colliding Operators and Bad Search-Fu
- Links to Sites
Introduction
Beyond the basic searching techniques explored in the previous chapter, Google offers special terms known as advanced operators to help you perform more advanced queries. These operators, used properly can help you get to exactly the information you’re looking for without spending too much time poring over page after page of search results. When advanced operators are not provided in a query, Google will locate your search terms in any area of the Web page, including the title, the text, the Uniform Resource Locator (URL), or the like. We take a look at the following advanced operators in this chapter:
- intitle, allintitle
- inurl, allinurl
- filetype
- allintext
- site
- link
- inanchor
- daterange
- cache
- info
- related
- phonebook
- rphonebook
- bphonebook
- author
- group
- msgid
- insubject
- stocks
- define
Operator Syntax
Advanced operators are additions to a query designed to narrow down the search results. Although they re relatively easy to use, they have a fairly rigid syntax that must be followed. The basic syntax of an advanced operator is operator:search_term. When using advanced operators, keep in mind the following:
- There is no space between the operator, the colon, and the search term. Violating this syntax can produce undesired results and will keep Google from understanding what it is you’re trying to do. In most cases, Google will treat a syntactically bad advanced operator as just another search term. For example, providing the advanced operator intitle without a following colon and search term will cause Google to return pages that contain the word intitle.
- The search term portion of an operator search follows the syntax discussed in the previous chapter. For example, a search term can be a single word or a phrase surrounded by quotes. If you use a phrase, just make sure there are no spaces between the operator, the colon, and the first quote of the phrase.
- Boolean operators and special characters (such as OR and +) can still be applied to advanced operator queries, but be sure they don’t get in the way of the separating colon.
- Advanced operators can be combined in a single query as long as you honor both the basic Google query syntax as well as the advanced operator syntax. Some advanced operators combine better than others, and some simply cannot be combined. We will take a look at these limitations later in this chapter.
- The ALL operators (the operators beginning with the word ALL) are oddballs. They are generally used once per query and cannot be mixed with other operators.
Examples of valid queries that use advanced operators include these:
- intitle: Google This query will return pages that have the word Google in their title.
- intitle: “index of” This query will return pages that have the phrase index of in their title. Remember from the previous chapter that this query could also be given as intitle:index.of, since the period serves as any character. This technique also makes it easy to supply a phrase without having to type the spaces and the quotation marks around the phrase.
- intitle: “index of” private This query will return pages that have the phrase index of in their title and also have the word private anywhere in the page, including in the URL, the title, the text, and so on. Notice that intitle only applies to the phrase index of and not the word private, since the first unquoted space follows the phrase index of. Google interprets that space as the end of your advanced operator search term and continues processing the rest of the query.
- intitle: “index of” “backup files” This query will return pages that have the phrase index of in their title and the phrase backup files anywhere in the page, including the URL, the title, the text, and so on. Again, notice that intitle only applies to the phrase index of.
Troubleshooting Your Syntax
Before we jump head first into the advanced operators, let’s talk about troubleshooting the inevitable syntax errors you’ll run into when using these operators. Google is kind enough to tell you when you’ve made a mistake, as shown in Figure 2.1.
Figure 2-1. Google’s Helpful Error Messages
In this example, we tried to give Google an invalid option to the as_qdr variable in the URL. (The correct syntax would be as_qdr=m3, as we’ll see in a moment.) Google’s search result page listed right at the top that there was some sort of problem. These messages are often the key to unraveling errors in either your query string or your URL, so keep an eye on the top of the results page. We’ve found that it’s easy to overlook this spot on the results page, since we normally scroll past it to get down to the results.
Sometimes, however, Google is less helpful, returning a blank results page with no error text, as shown in Figure 2.2.
Figure 2-2. Google’s Blank Error Message
Fortunately, this type of problem is easy to resolve once you understand what’s going on. In this case, we simply abused the allintitle operator. Most of the operators that begin with all do not mix well with other operators, like the inurl operator we provided. This search got Google all confused, and it coughed up a blank page.
As you grom in your Google-Fu, you will undoubtedly want to perform a search that Google’s syntax doesn’t allow. When this happens, you’ll have to find other ways to tackle the problem. For now though, take the easy route and play by Google’s rules.
Introducing Google’s Advanced Operators
Google’s advanced operators are very versatile, but not all operators can be used everywhere, as we saw in the previous example. Some operators can only be used in performing a Web search, and others can only be used in a Groups search. Refer to Table 2.3, which lists these distinctions. If you have trouble remembering these rules, keep an eye on the results line near the top of the page. If Google picks up on your bad syntax, an error message will be displayed, letting you know what you did wrong. Sometimes, however, Google will not pick up on your bad form and will try to perform the search anyway. If this happens, keep an eye on the search results page, specifically the words Google shows in bold within the search results. These are the words Google interpreted as your search terms. If you see the word intitle in bold, for example, you’ve probably made a mistake using the intitle operator.
Intitle and Allintitle: Search Within the Title of a Page
From a technical standpoint, the title of a page can be described as the text that is found within the TITLE tags of a Hypertext Markup Language (HTML) document. The title is displayed at the top of most browsers when viewing a page, as shown in Figure 2.3. In the context of Google groups, intitle will find the term in the title of the message post.
Figure 2-3. Web Page Title
As shown in Figure 2.3, the title of the Web page is “Syngress Publishing.” It is important to realize that some Web browsers will insert text into the title of a Web page, under certain circumstances. For example, consider the same page shown in Figure 2.4, this time captured before the page is actually finished loading.
Figure 2-4. Title Elements Injected by Browser
This time, the...
| Erscheint lt. Verlag | 18.4.2011 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Mathematik / Informatik ► Informatik ► Theorie / Studium | |
| Mathematik / Informatik ► Informatik ► Web / Internet | |
| ISBN-10 | 0-08-048426-3 / 0080484263 |
| ISBN-13 | 978-0-08-048426-6 / 9780080484266 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 34,2 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
EPUB (Adobe DRM)Größe: 20,2 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
