Hacking With The Google search engine

Google: Yes, you can find anything

------------

Hackers and security experts use various custom and open
source tools to complete their tasks. In fact, one of
tools you use will probably use every time you browse the
web, the Google Search Engine.

I remember the first time I used the Google search engine
years ago. I was amazed at how quickly fulfilled my
search request. Index of large systems of Google /
information and its ability to perform complex searches
have evolved over the years. When we performed security
assessments and penetration testing, is used regularly to Google
identify the information that organizations typically want to maintain
private and confidential.

The reason for me writing this article is to give
several examples of basic and complex Google search terms
and queries. In a statement, it is not my intention that
you use this information to invade someone's privacy
or else data access and file systems that do not belong
to you. This information is strictly educational and a way to
make people more aware of what type of information that can
to expose to the world.

Using Google to locate the password file

------------

One of the most common web tools remote authoring is
Microsoft Front Page. Front Page Extensions and WebDAV
services on the web server to allow remote
connect and author web pages, can be configured with a
some confidence. However, in some
configurations, the user ID and password are stored locally
files on the server. Using a query to Google, you can easily
find thousands of these files and download content.

The search is very simple: "inurl: (filename) pwd."
where (filename) is the name of the file. pwd. This query
can be expanded to be very specific and a specific target
site via a command to search for a specific site or
domain. The results of a search specifies how this would be
List hundreds if not thousands of these files that would
contain something like "#-FrontPage-
dmiller:. I1KEaH1TZqxEw "In substance discharging the userID and
password.

This type of query base can be used to find all types of
interesting information such as with the "intitle:" index
of "(name of the directory you want to find)" that not only
structures reveals many web directory "index of /", is
also reveals how many Web servers on the Internet does not
also the most basic and directory permissions
safety. You will find that once you access a particular
directory, which you can then move the directory tree and
you never know what you can find.

More complex search queries

------------

The Google search engine supports the following types of very complex queries.
For example, if you were to create a query like "" parent
directory "Gamez-xxx-html-htm-php-shtml-OpenDivX-MD5
-Md5sums ", the query would result in a list of lists
systems that have a directory / Gamez the root of
"Parent directory" of web server. Or, to detect music
mp3 file type, you can run a query as
"Intitle: index.of mp3 (band name / song)."

The bottom line here is that it is possible to localize very
specific types of files. It 's also possible to make
query for passwords to various online search engines
running a query like "http:// *: * @ www".

What more can be found with Google search query

------------

One of the things we do when we're running a title
evaluation is to perform a quick review of various web
server to determine which types of scripting is used.
For example, a lot of people use PHP to create dynamic
content. Many people install sample code and PHP
administrative tools to help them manage their site.
Unfortunately, most of the time, these files are not protected
and contain login ID and password. We then use Google
search query to locate specific files on these servers
in question. I would say that we managed to file as
those who help us to gain access to systems by about 60%
of time.

We recently learned of a financial institution that was
taking credit card information from one of their partners
using a web service-based loaded on their primary web
servers. The problem was this file was indexed by
Microsoft Index Service, the information was spidered
by search engines, and the file itself did not
effective security permissions on it. The result, the file
was indexed by Google and some Google queries
found and was able to open in the browser, revealing
hundreds of credit card numbers, names and other personal information
Information. This happens all the time.

Conclusion

------------

The search engine Google is a powerful tool that can be used
as well as by persons with malicious can be used to
A basic web search. If you are configuring a web server
home or office, you must understand that it can be
publication of information on the web that no one but you should
watch. This file may include financial, credit cards
information, and other private information / personal. There
is much more to the creation of a site "secure" that only
after installing Microsoft wizards.

You may reprint or publish this article free of charge as long as the bylines are included .......