Johnny Long - Google hackers.pdf

(634 KB) Pobierz
The Google Hacker’s Guide
johnny@ihackstuff.com
http://johnny.ihackstuff.com
The Google Hacker’s Guide
Understanding and Defending Against
the Google Hacker
by Johnny Long
johnny@ihackstuff.com
http://johnny.ihackstuff.com
- Page 1 -
The Google Hacker’s Guide
johnny@ihackstuff.com
http://johnny.ihackstuff.com
GOOGLE SEARCH TECHNIQUES................................................................................................................ 3
G
OOGLE WEB INTERFACE
................................................................................................................................... 3
B
ASIC SEARCH TECHNIQUES
.............................................................................................................................. 7
GOOGLE ADVANCED OPERATORS ........................................................................................................... 9
A
BOUT
G
OOGLE
S
URL
SYNTAX
.................................................................................................................... 12
GOOGLE HACKING TECHNIQUES........................................................................................................... 13
D
OMAIN SEARCHES USING THE
SITE
OPERATOR
........................................................................................... 13
F
INDING
GOOGLETURDS
USING THE
SITE
OPERATOR
................................................................................. 14
S
ITE MAPPING
: M
ORE ABOUT THE
SITE
OPERATOR
...................................................................................... 15
F
INDING
D
IRECTORY LISTINGS
........................................................................................................................ 16
V
ERSIONING
: O
BTAINING THE
W
EB
S
ERVER
S
OFTWARE
/ V
ERSION
............................................................. 17
via directory listings ................................................................................................................................... 17
via default pages ......................................................................................................................................... 19
via manuals, help pages and sample programs......................................................................................... 21
U
SING
G
OOGLE AS A
CGI
SCANNER
................................................................................................................ 23
U
SING
G
OOGLE TO FIND INTERESTING FILES AND DIRECTORIES
.................................................................... 25
ABOUT GOOGLE AUTOMATED SCANNING.......................................................................................... 26
OTHER GOOGLE STUFF .............................................................................................................................. 27
G
OOGLE
A
PPLIANCES
...................................................................................................................................... 27
G
OOGLEDORKS
................................................................................................................................................. 27
G
OOSCAN
......................................................................................................................................................... 28
G
OO
P
OT
........................................................................................................................................................... 28
A WORD ABOUT HOW GOOGLE FINDS PAGES (OPERA)................................................................. 30
PROTECTING YOURSELF FROM GOOGLE HACKERS...................................................................... 30
THANKS AND SHOUTS.................................................................................................................................. 31
- Page 2 -
The Google Hacker’s Guide
johnny@ihackstuff.com
http://johnny.ihackstuff.com
The Google search engine found at
www.google.com
offers many different features
including language and document translation, web, image, newsgroups, catalog and
news searches and more. These features offer obvious benefits to even the most
uninitiated web surfer, but these same features allow for far more nefarious possibilities
to the most malicious Internet users including hackers, computer criminals, identity
thieves and even terrorists. This paper outlines the more nefarious applications of the
Google search engine, techniques that have collectively been termed “Google hacking.”
The intent of this paper is to educate web administrators and the security community in
the hopes of eventually securing this form of information leakage.
Google search techniques
Google web interface
The Google search engine is fantastically easy to use. Despite the simplicity, it is very
important to have a firm grasp of these basic techniques in order to fully comprehend the
more advanced uses. The most basic Google search can involve a single word entered
into the search page found at
www.google.com.
Figure 1: The main Google search page
As shown in Figure 1, I have entered the word “sardine” into the search screen. Figure 1
shows many of the options available from the
www.google.com
front page.
The Google toolbar
The Internet Explorer browser I am using has a Google
“toolbar” (a free download from toolbar.google.com) installed
and presented under the address bar. Although the toolbar
offers many different features, it is not a required element for
performing advanced searches. Even the most advanced
search functionality is available to any user able to access the
www.google.com
web page with any type of browser, including
text-based and mobile browsers.
- Page 3 -
The Google Hacker’s Guide
johnny@ihackstuff.com
http://johnny.ihackstuff.com
“Web, Images,
Groups, Directory and
News” tabs
text-based and mobile browsers.
These tabs allow you to search web pages, photographs,
message group postings, Google directory listings, and news
stories respectively. First-time Google users should consider
that these tabs are not always a replacement for the “Submit
Search” button.
Located directly below the alternate search tabs, this text field
allows the user to enter a Google search term. Search term
rules will be described later.
This button submits the search term supplied by the user. In
many browsers, simply pressing the “Enter/Return” key after
typing a search term will activate this button.
Instead of presenting a list of search results, this button will
forward the user to the highest-ranked page for the entered
search term. Often times, this page is the most relevant page
for the entered search term.
This link takes the user to the “Advanced Search” page as
shown in Figure 2. Much of the advanced search functionality is
accessible from this page. Some advanced features are not
listed on this page.
This link allows the user to select several options (which are
stored in cookies on the user’s machine for later retrieval)
including languages, filters, number of results per page, and
window options.
This link allows the user to set many different language options
and translate text to and from various languages.
Search term input field
“Submit Search”
“I’m Feeling Lucky”
“Advanced Search”
“Preferences”
“Language tools”
- Page 4 -
The Google Hacker’s Guide
johnny@ihackstuff.com
http://johnny.ihackstuff.com
Figure 2: Advanced Search page
Once a user submits a search by clicking the “Submit Search” button or by pressing
enter in the search term input box, a results page may be displayed as shown in Figure
3.
Figure 3: A basic Google search results page.
The search results page allows the user to explore the search results in various ways.
Top line
The top line (found under the alternate search tabs) lists the
search query, the number of hits displayed and found, and
how long the search took.
- Page 5 -

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin