Google as a Hacking Tool

James Lee

2005-03-28

2

Advanced Searching

3

Operators

• filetype

• site

• “”

• +, -, OR

• wildcards * and .

4

Operators

http://slashdot.org/article.pl?sid=05/03/02/201216

site:

filetype:

5

Operators

• inurl

• intext

• intitle

• numrange

6

site:slashdot.org

intext:LG3D

numrange:2-7

intitle:livecd

7

Site Mapping

• site:

nmt.edu!!wow!

8

Site Mapping

• site:nmt.edu

• -site:infohost.nmt.edu

• -site:www.nmt.edu

• ...

9

Web Administration

• phpMyAdmin– intitle:phpMyAdmin "Welcome to

phpMyAdmin" "running on * as root@*"

• phpNuke– inurl:admin.php “There are no Administrators”

10

If you’re an administrator...

11

Please don’t do this

12

Or this.

13

If you’re a developer...

14

Please don’t do this

15

Using the Google cache

• Everything so far had to request a page from the target’s web server

• Using Google’s cache, we can avoid this

16

Using the Google cache

What exactly happens when we click on “Cached” pages?

17

• That didn’t work...

This line

gives a

clue:

18

Using the Google cache

• Now the conversation is strictly between us and Google.

19

Using the Google cache

• The difference is “&strip=1”

• No images are requested, only the text that Google keeps on their servers

• Now we can query anonymously– This means fewer entries in IDS logs

20

Conclusions

• Patches probably won’t help

• Pay attention to your configuration

• If it’s not supposed to be public, protect it– put it on an internal development host– htaccess

21

References

• http://johnny.ihackstuff.com/• http://www.google.com/advanced_search• http://www.google.com/help/refinesearch.html• http://www.phpmyadmin.net• http://www.phpnuke.org• http://www.mysql.com

Questions?

Google as a Hacking Tool

James Lee

2005-03-28