Presented by Robert Vinson email@example.com
Because having direction is good…
• • • • What - is Google (hacking)? Why/When - do we care? How - can we find “stuff”? Where - do we come in?
– It was created by two guys. – They have lots of money now. – Motto: Do no evil. – Goal: “Organize the world’s information and make it universally accessible and useful”
• Google hacking is not hacking Google. • Google hacking is using Google in creative ways to find nifty tidbits.
We care when:
• Google can be used to compromise the security of:
– An establishment (i.e. our university) – An individual
• Used to make searches less ambiguous • Some of the more useful operators: – site (e.g. site:uiowa.edu) – intitle/allintitle – inurl – filetype
• Search for phrases where possible. • Use advanced operators to your advantage. • Make searches as specific as possible to narrow results. – If the search is too specific. Try using a more generic search, and the refine it.
• The information in the following searches, and from Google hacking in general, has the possibility of being used for malicious purposes. This demonstration is delivered for illustrative purposes, not as a way of enabling illegal and/or harmful actions. However, it is our hope that this demonstration enables administrators to locate and resolve insecurities in their environments.
Threats to individuals - examples
• resume OR vitae filetype:doc "social security number" 000000000..999999999 • inurl:customers.xls
Threats to establishments -examples
• intext:"Tobias Oetiker" "traffic analysis" site:edu • filetype:log site:edu "set password for“ • filetype:config OR filetype:conf site:edu - Google Search
And, because Jason Alexander went to Iowa State…
• site:iastate.edu intitle:"index of" modified
Creepy Crawlers: Worms and Spiders
• There has already been a worm that...