Google Hacking 4 Wikipedia Google hacking is a
- Slides: 16
什麼是 Google Hacking? 4 Wikipedia: Google hacking is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use. 4 Johnny Long is the “grandfather” of Google hacking – http: //www. hackersforcharity. org/ – Book: Google Hacking for Penetration Testers 4 Google Hacking is not hacking into Google 2
Google 進階搜尋 4 http: //www. google. com. tw/advanced_search 4 圖片搜尋 – http: //www. google. com. tw/imghp? hl=zh-TW 4 Google 計算機 – 基本運算 • +, -, *, /, %, mod, ^, nth root, reciprocal – 數學函式 • sin, cos, ln, log, pi – 單位轉換 • 10000 TWD in USD • 15 c in f 3
Special Search Characters 4 ( + ) force inclusion of something common 4 ( - ) exclude a search term 4 ( “ ) use quotes around search phrases 4 (. ) a single-character wildcard 4 ( * ) any word 4 ( | ) boolean ‘OR’ 4 Parenthesis group queries (“master card” | mastercard) 4
Advanced Operators 4 site: restricts a search to a particular site or domain 4 intitle: finds strings in the title of a page 4 inurl: finds strings in the url of a page 4 filetype: finds specific types of files based on file extension 4 link: searches for links to a site or url 4 inanchor: finds text in the descriptive text of links 5
6
Google Hacking Database (GHDB) 4 http: //www. hackersforcharity. org/ghdb/ 7
伺服器資訊 4 intitle: index. of server. at 4 intitle: index. of "parent directory" 8
個人資料、文件 4 姓名 email filetype: xls 4 index of / 4 index: "name" intext: "address" site: docs. google. com 9
帳號、密碼 4 index of /passwd 4 Default Password List 10
資料庫資訊 4 SQL Usernames – "Access denied for user" "using password“ 4 SQL Schemas – "# Dumping data for table" 4 SQL injection hints – "ORA-00933: SQL command not properly ended“ – "unclosed quotation mark before the character 11 string"
4 SQL source – intitle: "Error Occurred" "The error occurred in“ 4 Going after SQL passwords – filetype: inc intext: mysql_connect – fletype: sql "Identified by" -cvs 12
網路資訊 4 Site Crawling – site: cgu. edu. tw -site: www. cgu. edu. tw 4 Port Scanning – inurl: tw: 8080 site: cgu. edu. tw – inurl: 8080 -intext: 8080 4 Network Query Tool – http: //dnsreporter. com/ 13
網路設備 4 Webcam – inurl: "Viewer. Frame? Mode=" 4 Web File Browser – "web file browser" "use regular expression" 4 Printer – "Phaser 6250" "Printer Neighborhood" "XEROX CORPORATION" 4 Power Switch 4 Router 14
被入侵的網站 4 XSS – 9 i 5 t. cn/a. js 4 Hacked – “Hacked by” 15
防止 Google 搜尋 4 robots. txt – User-agent: * – Disallow: / 4 Robot Control Code Generation Tool – http: //www. mcanerin. com/EN/searchengine/robots-txt. asp 16
- Google hacking webcam
- Ethical hacking: hacking web servers and web applications
- Hacking disclaimer
- Damian gordon
- Search engine hacks
- Gmailgmailgmailgmail
- Web analytics wikipedia
- Http://images.google.com/
- Rcs remote control systems
- Linux kernel programming part 2
- Growth hacking case studies
- Hacking your head
- Mathew bevan
- Hacking exposed 9
- Ethicsl hacking
- Ethical hacking terminologies
- Hacking exposed 9