[Google Hacking] Advanced Skills google search for Hacking.

I've been thinking about this paper published a long but because of lack of time, so I was not able to finish it.I have added and updated this paper when I was tired of the daily research work. Google is a powerful search engine and the world's most popular, it has the ability to accept a predefined command when entering and for the incredible results. This allows users with malice as hackers, crackers, script kiddies etc .. and use the search engine Google to gather confidential information and sensitive, the ones that can not see through look Search usual. In this article I will clarify the point below which the administrators or security professionals must take into account to prevent confidential information being exposed.

Syntax Advanced Google Search

- Search the Site or Server (server) vulnerable to attack using Google's advanced syntax

- Security for servers or sites from Google's onslaught

The advanced search syntax with Google Here discuss Google's special order and I will explain each command in brief and clearly it is used as to how to find information.

[Intitle:]
Syntax "intitle:" helps Google restrict the search results to pages containing that word in the title. For example, "intitle: login password" (without quotes) will result is the link to the page with the word "login" in the title, and the word "password" located somewhere in trang.Tuong self, if I want to query more than one word in the title of the page, we can use the "allintitle:" instead of "intitle" to get the list of pages containing all those words in the title. For example using "intitle: login intitle: password" query like "allintitle: login password".

[Inurl:]
Syntax "inurl:" limit search results to those URLs containing the search keyword. For example: "inurl: passwd" (without quotes) will result in the links to those pages that have "passwd" in the URL. Similarly, if we want to query more than one word in the URL, we can use "allinurl:" instead of "inurl" to get the list of URLs containing all those search keywords in it example: "allinurl: etc / passwd "will look for the URLs containing" etc "and" passwd ". The slash ( "/") between the words will be ignored by Google.


[Site:]
The "site:" query restricts Google determine which keywords in a particular site or domain.

Example: "exploits
site: hackingspirits.com "(without quotes) will look for keywords
"Exploits" in those pages present in all links of the domain
"Hackingspirits.com". There is no space between "site:" and "domain".


[Filetype:]
Syntax "filetype:" restricts Google search for files with the extension treninternet separately (eg doc, pdf or ppt etc ...).

Example: "filetype: doc site: gov confidential" (without quotes) will look for files with the extension ".doc" in all government domains with the extensions of ".gov" and containing the word "confidential" (secret) in the page or in the ".doc" file. Example . The results will include links to all confidential word document files on the government sites.


[Link:]
The "link:" will list web pages that have links to Web sites to specify. Example: "link: www.securityfocus.com" will list webpages that have links pointing to the SecurityFocus homepage.

Note there is no space between the "link:" and the URL of the Web page.

[Related:]
The "related:" will list web pages "similar" to a specified web page.

Example :
"Related: www.securityfocus.com" will list similar sites with Securityfocus homepage. Remember that there is no space between the "related:" and the URL of the Web page.

[Cache:]
The query "cache:" will result in the version of the Web page that Google has in store. Example: "cache: www.hackingspirits.com" will show the page saved by Google's. Remember that there is no space between the "cache:" and the URL of the page you web.Neu include other words in the query, Google will highlight those words within the text has been saved.

Example: "cache: www.hackingspirits.com guest" will produce documents
is saved with the word "guest" highlighted.

[Intext:]
The syntax "intext" searches for words in a particular website. It ignores links or URLs and page titles.
For example: "intext: exploits" (without quotes) will result in the
link to the website with the search keyword "exploits" in
its pages. [phonebook:] "phonebook" seeking information about the US street address and phone number. Example: "phonebook: Lisa + CA" will list all names of person having "Lisa" in the name and in "California (CA)". This syntax can be used as a great tool of hackers in case someone wants to search for personal information to social work.

Query sites or servers vulnerable to attack using Google's advanced syntax.

The advanced query syntax discussed above can really help people to correct these searches and get what they are really looking for.
Now Google becomes a smart search engine, malicious users do not mind exploiting its ability to dig up secret information from the internet, but only limited access. Now I will discuss these techniques in detail how malicious user denhung digging information on the internet using Google as a tool. Use the syntax "Index of" to identify the site allows browsing bookmarks
A webserver (web server) allows browsing the index means that anyone can browse the webserver directories like ordinary local directories. Here I will discuss how to use the syntax "index of" to get a list of links to the webserver directory browsing enabled. This becomes an easy source for information gathering of hackers. Imagine if they understand the password file or other sensitive files that normally can not be seen on the internet. Here are some example use to get access to a lot of sensitive information a lot easier:

Index of / adminIndex of / passwd
Index of / password
Index of / mail
"Index of /" + passwd
"Index of /" + password.txt
"Index of /" + .htaccess
"Index of / secret"
"Index of / confidential"
"Index of / root"
"Index of / cgi-bin", "Index of / credit-card"
"Index of / logs"
"Index of / config"
Search for sites or servers vulnerable to attack using the syntax "inurl:"
or "allinurl:"

Asian. Using "allinurl: winnt / system32 /" (without quotes) will list down all the links to the server which gives access to restricted directories like "system32" through web. If you are lucky enough, you can get access to the cmd.exe in the "system32". Once you have access to the file "cmd.exe" and can execute it, then you can move beyond your rights escalated across server and harm it.

b. Using "allinurl: wwwboard / passwd.txt" (without quotes) trongGoogle search will list all links to the server which vulnerable to "vulnerable properties wwwboard password". To know more about this hacked tinhde you can visit the following link: http://www.securiteam.com/exploits/2BUQ4S0SAW.html

C. Using "inurl: .bash_history" (without quotes) will list down all the links to the server which gives access to ".bash_history" file via the web. This is a command-line history file. This file includes a list of commands to be executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if it includes an encrypted password system unix (or * nix), it can be easily cracked using "John The Ripper".

 d. Using "inurl: config.txt" (without quotes) will list down all the links to the server that allows access to "config.txt" file through web interface. This file includes sensitive information including the hash value of the password management and access authentication database. Example: Learning Management System is a Web application Ingenium for Windows systems developed by Click2learn, Inc. Learning Management System version 5.1 va6.1 Ingenium store sensitive information insecurely in the config.txt file. For more information on the following link: http://www.securiteam.com/securitynews/6M00H2K5PG.html The similar search using "inurl:" or "allinurl:" combined with other syntax:

inurl: admin filetype: txt
inurl: admin filetype: db
inurl: admin filetype: cfg
inurl: mysql filetype: cfg
inurl: passwd filetype: txt
inurl: iisadmin
inurl: auth_user_file.txt
inurl: Orders.txt
inurl: "wwwroot / *."
inurl: adpassword.txt
inurl: webeditor.php
inurl: file_upload.php
inurl: gov filetype: xls "restricted"

Index of ftp + .mdb allinurl: / cgi-bin / + mailtoTim sites or servers for vulnerabilities using "intitle:" or "allintitle:" a. Using [allintitle: "index of / root"] (without brackets) will list links to the Web server (Web server) allows access to restricted directories like "root" through web interface . this directory sometimes contains sensitive information that can be easily retrieved through simple web requests.

b. Using [allintitle: "index of / admin"] (without brackets) will list links to websites allowing browsing the directory index limit as "admin" through web interface. Most applications web application sometimes uses names like "admin" to store admin credentials in it. this Directory sometimes contains sensitive information that can be easily retrieved through simple web requests. the same search using "intitle:" or "allintitle:" combined with other syntax.

intitle: "Index of" .sh_history
intitle: "Index of" .bash_history
intitle: "index of" passwd
intitle: "index of" people.lst
intitle: "index of" pwd.dbintitle: "index of" etc / shadow
intitle: "index of" spwd
intitle: "index of" master.passwd
intitle: "index of" htpasswd
intitle: "index of" members OR accounts
intitle: "index of" user_carts OR user_cart
allintitle: sensitive filetype: doc
allintitle: restricted filetype: mail
allintitle: restricted filetype: doc site: search query govNhung interesting
To find the site vulnerable to Cross-Sites
Scripting (XSS):
allinurl: /scripts/cart32.exe
allinurl: /CuteNews/show_archives.php
allinurl: /phpinfo.php
To search for sites vulnerable to SQL Injection method:
allinurl: /privmsg.php
allinurl: /privmsg.phpBao density servers or from the attack site Google

Here are the security measures that the administrator and the
Security experts have taken into account for security information
key from falling into the wrong place:

- Install the latest security patches for applications and the operating system running on the server.

- Do not put sensitive information on a server key and without a validated system that can be accessed directly by anyone on the internet.

- Do not allow to browse folders on the webserver. Browse folder should only be allowed with the web directories you want to anyone on the internet to access.

- If you find any links to the server or limit your site in Google's search results, it must be removed. On the following link for more details: http://www.google.com/remove.html- not allow anonymous access to the webserver via the Internet at the limited system directory.

- Set the filter as URLScan tool for servers running IIS as webserver.

Conclude :

Sometimes increasing the complexity of the system creates a new problem. Google becomes more complex can be used by any Tom, Dick & Harry him something on the internet to dig up sensitive information that normally can not be seen or to come by anyone. One can not prevent someone continuously create fake so the only option left for those security professionals and system administrators to protect their systems and make it more difficult from encroachment unexpected.

Written by Ebasis Mohanty- www.hackingspirits.com