Google as a Hacking Tool
James Lee
2005-03-28
2
Advanced Searching
3
Operators
• filetype
• site
• “”
• +, -, OR
• wildcards * and .
4
Operators
http://slashdot.org/article.pl?sid=05/03/02/201216
site:
filetype:
5
Operators
• inurl
• intext
• intitle
• numrange
6
site:slashdot.org
intext:LG3D
numrange:2-7
intitle:livecd
7
Site Mapping
• site:
nmt.edu!!wow!
8
Site Mapping
• site:nmt.edu
• -site:infohost.nmt.edu
• -site:www.nmt.edu
• ...
9
Web Administration
• phpMyAdmin– intitle:phpMyAdmin "Welcome to
phpMyAdmin" "running on * as root@*"
• phpNuke– inurl:admin.php “There are no Administrators”
10
If you’re an administrator...
11
Please don’t do this
12
Or this.
13
If you’re a developer...
14
Please don’t do this
15
Using the Google cache
• Everything so far had to request a page from the target’s web server
• Using Google’s cache, we can avoid this
16
Using the Google cache
What exactly happens when we click on “Cached” pages?
17
• That didn’t work...
This line
gives a
clue:
18
Using the Google cache
• Now the conversation is strictly between us and Google.
19
Using the Google cache
• The difference is “&strip=1”
• No images are requested, only the text that Google keeps on their servers
• Now we can query anonymously– This means fewer entries in IDS logs
20
Conclusions
• Patches probably won’t help
• Pay attention to your configuration
• If it’s not supposed to be public, protect it– put it on an internal development host– htaccess
21
References
• http://johnny.ihackstuff.com/• http://www.google.com/advanced_search• http://www.google.com/help/refinesearch.html• http://www.phpmyadmin.net• http://www.phpnuke.org• http://www.mysql.com
Questions?
Google as a Hacking Tool
James Lee
2005-03-28