Transcript Document 7284956

Google as a Hacking Tool
James Lee
2005-03-28
Advanced Searching
2
Operators
•
•
•
•
•
3
filetype
site
“”
+, -, OR
wildcards * and .
Operators
http://slashdot.org/article.pl?sid=05/03/02/201216
site:
filetype:
4
Operators
•
•
•
•
5
inurl
intext
intitle
numrange
site:slashdot.org
intitle:livecd
intext:LG3D
6
numrange:2-7
Site Mapping
• site:
nmt.edu
7
!!
wow!
Site Mapping
•
•
•
•
8
site:nmt.edu
-site:infohost.nmt.edu
-site:www.nmt.edu
...
Web Administration
• phpMyAdmin
– intitle:phpMyAdmin "Welcome to
phpMyAdmin" "running on * as root@*"
• phpNuke
– inurl:admin.php “There are no Administrators”
9
If you’re an administrator...
10
Please don’t do this
11
Or this.
12
If you’re a developer...
13
Please don’t do this
14
Using the Google cache
• Everything so far had to request a page
from the target’s web server
• Using Google’s cache, we can avoid this
15
Using the Google cache
What exactly
happens when
we click on
“Cached”
pages?
16
• That didn’t work...
This line
gives a
clue:
17
Using the Google cache
• Now the conversation is strictly between us
and Google.
18
Using the Google cache
• The difference is “&strip=1”
• No images are requested, only the text that
Google keeps on their servers
• Now we can query anonymously
– This means fewer entries in IDS logs
19
Conclusions
• Patches probably won’t help
• Pay attention to your configuration
• If it’s not supposed to be public, protect it
– put it on an internal development host
– htaccess
20
References
•
•
•
•
•
•
21
http://johnny.ihackstuff.com/
http://www.google.com/advanced_search
http://www.google.com/help/refinesearch.html
http://www.phpmyadmin.net
http://www.phpnuke.org
http://www.mysql.com
Questions?
Google as a Hacking Tool
James Lee
2005-03-28