System Analyst and PHP Developer working in Kingdom of Saudi Arabia
Using Google to discover “things” that might interest you!
Google, as we know offers lot of feature including; document translation, browsing free and not free images or stock,underground articles, private files and many other things. However, some uses it to discover new things or stuff that might interest them; example I’m using it to find references needed at work by using Google advance syntax/parameter. Anyway, should you happen to administer a server or involve in managing a server exposed in internet(public IP)…make sure that your site,directory or private files not “INDEXED” else people can freely “get” something which is not intended for public.
I’ve remember once at PHPUGPH.COM when we had the discussion on one Philippine manning/agency site which our founding member AJ reported it to site owner because it exposes our fellow “Kababayan” personal identity. Why bother reporting it? because the site itself hosted all scanned documents that they processed that have; passport and VISA information,resume/cover letter,credentials and other personal notes of a specific person. Unfortunately, we had a very unusual and unexpected reply…lol.
Fig. 1 Email to the Agency/Manning Site
Fig. 2 Unusual Reply(Probably an Automated Reply…)
Anyway, what are the things that we can find at Google by using advance syntax of what often referred to by media as “Google Hacking”?
1. Files (index.of? pdf)
Fig. 3 Free Ebooks
2.Default Installation that anybody can make fun of?!! (xampp “inurl:xampp/index)
Fig. 4 XAMPP
3. Informative Stuff and many other things by using other syntax/search query that anybody can try:
inurl:Proxy.txt
intitle:index.of administrators.pwd
Index of phpMyAdmin
Notes:
* To search for a phrase, supply the phrase surrounded by double quotes (” “).
* A period (.) serves as a single-character wildcard.
* The index.of: operator instructs Google to search for a term that Google had indexed.
* The inurl: operator instructs Google to search only within the URL (web address) of a document.
I’d recommend to check the book by Johnny Long or type in “Google Hacking” within Google search and it will tell you more!
Resources:
Wikipedia
http://en.wikipedia.org/wiki/Google_hacking
Johnny Long
http://www.amazon.com/Google-Hacking-Penetration-Testers-1/dp/1931836361
http://www.hackersforcharity.org
Comments are closed.
