Google Hacking for PenTester – Penetration Testing in Linux

Google Hacking the meaning of the original use of Google Google search engine to search for information technology and behavior, now refers to the use of various search engines to search for information technology and behavior.Google Hacking is not really anything new, in fact A few years ago I have seen in some foreign sites related to the introduction, but because at that time did not attach importance to this technology, that is only used to find the most unnamed mdb or others left the webshell or something, not too Big practical use.But some time ago carefully nibbled some information to suddenly find Google Hacking is not so simple.

[all]inurl
[all]intext
[all]intitle
site
ext,filetype
symbol: – . * |
boolean Epression: and or not
lang:”c++” define

Privacy Information

1. The user name and password

“create table” insert into” “pass|passwd|password” (ext:sql | ext:dump | ext:txt)
“your password * is” (ext:csv | ext.doc | ext:txt)

2. Key

“index of” slave_datatrans OR from_master

3. Privacy Password

“Begin (DSA | RSA)” ext:key
“index of” “secring.gpg”

4. An encrypted message

-“public | pubring | pubkeysignature | pgp | and | or |release” ext:gpg
-intext:”and” (ext:enc | ext:axx)
“ciphervalue” ext:xml

5. Chat Logs

“session start” “session ident” thomas ext:txt

6. Personal letters / e-mail

“index of” inbox.dbx
“To parent directory” inurl:”Identities”

7. Confidential files and directories

“index of” (private | secure | geheim | gizli)
“robots.txt” “User-agent” ext:txt
“this document is private | confidential | secret” ext:doc | ext:pdf | ext:xls
intitle:”index of” “jpg | png | bmp” inurl”personal | inurl:private

8. Online Webcam

intitle:”live View/ -AXIS” | inurl:view/view.shtml
inurl:”ViewFrame?Mode=”
inurl:”MultiCameraFrame?Mode=”
inturl:”axis-cgi/mjpg”
intext:”MOBOTIX M1″
intext:”Open Menu”
inurl:”view/index.shtml”

9. Description Identification private information

allintext: name email phone address intext:”thomas fischer” ext:pdf

Twiki inurl:”View/Main” “thomas fischer”

intitle:CV OR intitle:Lebenslauf “thomas fischer”

intitle:CV OR intitle:Lebenslauf ext:pdf OR ext:doc

10. username

ntitle:”usage Statistics for” intext:”Total Unique Usernames”

11. Unreliable procedures to disclose information

“php version” intitle:phpinfo inurl:info.php

12. SQL injection vulnerabilities and weak opening path

“advanced guestbook * powered” inurl:addentry.php

intitle:”View img” inurl:viewimg.php

13. Security Scan Report

“Assessment report” “nessus” filetype:pdf

14. Database program and error files

“Welcome to phpmyadmin ***” “running on * as root@*” intitle:phpmyadmin

“mysql error with query”

15. find records of these sites robots.txt screening

“robots.txt” “disallow:” filetype:txt

16. Use this search string, you can get a lot of passwords and login account, search for these files password and account have not had encrypted

nurl:_vti_pvt “service.pwd”

17. VNC user info

“vnc desktop” inurl:5800

18. View public network shared printer, you can check their status, set up, you can use some of them to print their own stuff

nurl:”port_255″ -htm

19. php admin access

intitle:phpMyAdmin “Welcome to phpMyAdmin ***” running on * as root@*”

Some search engine parameter on Google

intext

This is the text content of the web page in the search conditions such as a character in google, enter: intext: Mobility will return all of the body of the page with “Mobility” website .allintext:. Use and intext similar.

intitle

And that almost intext search page title if there is we’re looking for character, for example search above: intitle:Safety Angel, will return all the page title contains the “Security Angels” website empathy allintitle: Similar with intitle

cache

search google cache in on something, and sometimes may be able to find some good things

define

The definition of a word search, search for: define: hacker, the hacker’s definition of return.

filetype

I recommend this to focus on, whether it is net attacks or behind us to say collect information on specific targets need to use this type of search for the specified input file, for example: filetype:. doc will return all doc ending file URL. of course, if you find .bak, .mdb, or .inc is also possible, the information obtained may be richer

info

Find some basic information about the specified site.

inurl

We search the specified character exists in the URL, for example, enter: inurl: admin. allinurl with similar inurl, you can specify more than one character.

site

This is also useful, for example: site: kali-linux.co returns all URL .

You can view video demo

How to countermeasure Google hacking

Use automatic tools to check your system(e.g. gooscan,sitedigger,goolink)

Install and manage Google Honeypot

The post Google Hacking for PenTester appeared first on Penetration Testing in Linux. http://ift.tt/2ohYpGY http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s