Security Tips for Google Hacking

Only available on StudyMode
  • Download(s) : 66
  • Published : January 31, 2013
Open Document
Text Preview
intitle:”Google Hacking”
Presented by Robert Vinson

Because having direction is good…
• • • • What - is Google (hacking)? Why/When - do we care? How - can we find “stuff”? Where - do we come in?

• Google
– It was created by two guys. – They have lots of money now. – Motto: Do no evil. – Goal: “Organize the world’s information and make it universally accessible and useful”

• Google hacking is not hacking Google. • Google hacking is using Google in creative ways to find nifty tidbits.

We care when:
• Google can be used to compromise the security of:
– An establishment (i.e. our university) – An individual

Google operators
• Used to make searches less ambiguous • Some of the more useful operators: – site (e.g. – intitle/allintitle – inurl – filetype

Searching strategy
• Search for phrases where possible. • Use advanced operators to your advantage. • Make searches as specific as possible to narrow results. – If the search is too specific. Try using a more generic search, and the refine it.

Be good!
• The information in the following searches, and from Google hacking in general, has the possibility of being used for malicious purposes. This demonstration is delivered for illustrative purposes, not as a way of enabling illegal and/or harmful actions. However, it is our hope that this demonstration enables administrators to locate and resolve insecurities in their environments.

Threats to individuals - examples
• resume OR vitae filetype:doc "social security number" 000000000..999999999 • inurl:customers.xls

Threats to establishments -examples
• intext:"Tobias Oetiker" "traffic analysis" site:edu • filetype:log site:edu "set password for“ • filetype:config OR filetype:conf site:edu - Google Search

And, because Jason Alexander went to Iowa State…
• intitle:"index of" modified

Creepy Crawlers: Worms and Spiders
• There has already been a worm that...
tracking img