NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer...
-
Upload
magdalen-randall -
Category
Documents
-
view
214 -
download
0
Transcript of NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer...
NAVY Research GroupDepartment of Computer Science
Faculty of Electrical Engineering and Computer Science VŠB-TUO17. listopadu 15
708 33 Ostrava-Poruba Czech Republic
Google hacking
navy.cs.vsb.cz2
GH – official statement
Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data.
GHDB http://www.hackersforcharity.org/ghdb/
navy.cs.vsb.cz3
GHDB - example
navy.cs.vsb.cz4
Introduction
• Google advanced operators help refine searches.
• They are included as part of a standard Google query.
• Advanced operators use a syntax such as the following: operator:search_term
• There’s no space between the operator, the colon, and the search term!
navy.cs.vsb.cz5
Special characters
• ( + ) force inclusion of something common • ( - ) exclude a search term • ( “ ) use quotes around search phrases • ( . ) a single-character wildcard • ( * ) any word • ( | ) boolean ‘OR’ • Parenthesis group queries (“master card” |
mastercard)
navy.cs.vsb.cz6
Advanced operators
navy.cs.vsb.cz7
Advanced operators
• Link to useful cheatsheethttps://www.sans.org/security-resources/GoogleCheatSheet.pdf
navy.cs.vsb.cz8
Interesting Links
• Find all admin pageshttp://www.google.com/search?q=inurl:admin.php&start=10• Find email addresseshttps://www.google.cz/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=inurl%3A%22email.xls%22
navy.cs.vsb.cz9
Interesting links 2
• Find printer interfacehttps://www.google.cz/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=%22display+printer+status%22+intitle:%22Home%22
• Find security camerashttps://www.google.cz/?gfe_rd=cr&ei=WqAsVd6hHOmk8wfm6YCgBw&gws_rd=ssl#q=inurl:%22viewerframe%3Fmode%3Dmotion%22
navy.cs.vsb.cz10
For fun
• http://193.138.213.169/CgiStart?page=Single&Mode=Motion&Language=9
navy.cs.vsb.cz11
Where to learn more?
• http://www.lukasnovak.net/skolni-prace/kib-google-hacking/
• https://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf
• http://www.hackersforcharity.org/ghdb/