A Dark Intro To Google Hacking By d0ubl3_h3lix Mon Jan 07 2008

Agenda What to know First What Google Hacking (GH)? GH As a Hack Tool Some GH Syntaxes GH Formula The Bad Guys’ Weapon The Good Guys’ Defense

What to know First

What Google Hacking (GH)?

GH As a Hack Tool

Some GH Syntaxes

GH Formula

The Bad Guys’ Weapon

The Good Guys’ Defense

What to Know First Make sure to have well understanding of Google Advanced Search Operators and Exploit Strings you search Simply browsing Google Hacking Database loses your time much E.g., phpBB 3.0 hole is announced. Before you do GH, ask yourself ‘Do I know about that hole well?’

Make sure to have well understanding of Google Advanced Search Operators and Exploit Strings you search

Simply browsing Google Hacking Database loses your time much

E.g., phpBB 3.0 hole is announced. Before you do GH, ask yourself ‘Do I know about that hole well?’

What Google Hacking (GH)? Effective Google Searching with the help of Google Advanced Search Operators Results Highly Customizable Goes Straight to only what we desire Supposed to have initial popularity among underground hacker communities; then widely publicized because of Johnny ’s community

Effective Google Searching with the help of Google Advanced Search Operators

Results Highly Customizable

Goes Straight to only what we desire

Supposed to have initial popularity among underground hacker communities; then widely publicized because of Johnny ’s community

GH As Hack Tool Mainly used in Information Gathering and Recon States of HardC0re hacking Eliminates former heavy use of Vulnerability Scanners Lets you dig security vulnerabilities using clues of texts on pages that vulnerable products use For example, intext:"Powered by InvisionBoard 1.x"

Mainly used in Information Gathering and Recon States of HardC0re hacking

Eliminates former heavy use of Vulnerability Scanners

Lets you dig security vulnerabilities using clues of texts on pages that vulnerable products use

For example, intext:"Powered by InvisionBoard 1.x"

Some GH Syntaxes Most commonly used: - intitle: - intext: - inurl: - ext: - filetype: - cache: - link: - site:

Most commonly used: - intitle: - intext: - inurl: - ext: - filetype: - cache: - link: - site:

GH Formula For one vulnerability, Vulnerability x Google Hacking = Possible Thousands of Victims

For one vulnerability, Vulnerability x Google Hacking = Possible Thousands of Victims

The Bad Guys’ Weapon Hunt for random vulnerable hosts using GH Viruses, worms, …etc use GH to find next victims Once they find victims, they auto-launch endless sequences of attacks with the aid of malwares

Hunt for random vulnerable hosts using GH

Viruses, worms, …etc use GH to find next victims

Once they find victims, they auto-launch endless sequences of attacks with the aid of malwares

The Good Guys’ Defense While Bad Guys search random targets, Good Guys protect a particular host that they’re responsible for using GH Methods Test both blackbox & whitebox approaches. Use Goolge Honeypot if you wish inurl:<vulnerable strings here> + site:www.IProtectThisSite.com

While Bad Guys search random targets,

Good Guys protect a particular host that they’re responsible for using GH Methods

Test both blackbox & whitebox approaches. Use Goolge Honeypot if you wish