Google Hacking 4 Wikipedia Google hacking is a

什麼是 Google Hacking？ 4 Wikipedia: Google hacking is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use. 4 Johnny Long is the “grandfather” of Google hacking – http: //www. hackersforcharity. org/ – Book: Google Hacking for Penetration Testers 4 Google Hacking is not hacking into Google 2

Google 進階搜尋 4 http: //www. google. com. tw/advanced_search 4 圖片搜尋 – http: //www. google. com. tw/imghp? hl=zh-TW 4 Google 計算機 – 基本運算 • +, -, *, /, %, mod, ^, nth root, reciprocal – 數學函式 • sin, cos, ln, log, pi – 單位轉換 • 10000 TWD in USD • 15 c in f 3

Special Search Characters 4 ( + ) force inclusion of something common 4 ( - ) exclude a search term 4 ( “ ) use quotes around search phrases 4 (. ) a single-character wildcard 4 ( * ) any word 4 ( | ) boolean ‘OR’ 4 Parenthesis group queries (“master card” | mastercard) 4

Advanced Operators 4 site: restricts a search to a particular site or domain 4 intitle: finds strings in the title of a page 4 inurl: finds strings in the url of a page 4 filetype: finds specific types of files based on file extension 4 link: searches for links to a site or url 4 inanchor: finds text in the descriptive text of links 5

6

Google Hacking Database (GHDB) 4 http: //www. hackersforcharity. org/ghdb/ 7

伺服器資訊 4 intitle: index. of server. at 4 intitle: index. of "parent directory" 8

個人資料、文件 4 姓名 email filetype: xls 4 index of / 4 index: "name" intext: "address" site: docs. google. com 9

帳號、密碼 4 index of /passwd 4 Default Password List 10

資料庫資訊 4 SQL Usernames – "Access denied for user" "using password“ 4 SQL Schemas – "# Dumping data for table" 4 SQL injection hints – "ORA-00933: SQL command not properly ended“ – "unclosed quotation mark before the character 11 string"

4 SQL source – intitle: "Error Occurred" "The error occurred in“ 4 Going after SQL passwords – filetype: inc intext: mysql_connect – fletype: sql "Identified by" -cvs 12

網路資訊 4 Site Crawling – site: cgu. edu. tw -site: www. cgu. edu. tw 4 Port Scanning – inurl: tw: 8080 site: cgu. edu. tw – inurl: 8080 -intext: 8080 4 Network Query Tool – http: //dnsreporter. com/ 13

網路設備 4 Webcam – inurl: "Viewer. Frame? Mode=" 4 Web File Browser – "web file browser" "use regular expression" 4 Printer – "Phaser 6250" "Printer Neighborhood" "XEROX CORPORATION" 4 Power Switch 4 Router 14

被入侵的網站 4 XSS – 9 i 5 t. cn/a. js 4 Hacked – “Hacked by” 15

防止 Google 搜尋 4 robots. txt – User-agent: * – Disallow: / 4 Robot Control Code Generation Tool – http: //www. mcanerin. com/EN/searchengine/robots-txt. asp 16