FarisAloulSlides

Download Report

Transcript FarisAloulSlides 

Google hacking &
optimizing search results
Faris Aloul
November 2011
Contents

What is Google hacking?

Basic operators

Advanced operators

Mixing different operators
What is Google hacking?




It's not hacking into Google servers!
Google hacking is using different Google
operators to effectively optimize search results.
It also involves using Google to identify
vulnerabilities in websites.
Results are highly customizable.
Basic operators
• For inclusion of something common (+)
Words that are commonly used, like 'the,' 'a,' and 'for,' are usually
ignored (these are called stop words).
• Terms you want to exclude (-)
Anti-virus -software
Georgia -america -state
• Search for an exact term (“)
“enter your text here”
Basic operators cont.
• ( * ) any word (wild card)
If you include * within a query, it tells Google to try to treat the star
as a placeholder for any unknown term(s) and then find the best
matches.
Estonia parliament voted on the * bill
• ( | ) boolean ‘OR’
I'll let you guess this one on your own.
Advanced operators
Advanced operators use a syntax such as the
following:
operator:search_term
• There’s no space between the operator, the
colon, and the search term!
Advanced operators

Intitle:
Google returns results with the word/phrase found within the title
of the page
Intitle:index.of

Inurl:
Finds a specific term within the URL
Inurl:view/index.shtml
Advanced operators

Filetype:
Searches for a specific filetype
filetype:pdf
filetype:txt
The previous operators are the most commonly
used ones.
Mixing operators
Improvise!

Inurl:securethiscompany.com intitle:index.of

"mysql dump" Inurl: filetype:sql intext:password

inurl:ftp "password" filetype:xls


intitle:admin intitle:login
Search for phpMyAdmin installations that are
configured to run the MySQL database with root
privileges:
intitle:phpMyAdmin “Welcome to phpMyAdmin
***” “running on * as root@*”
Johnny I hack stuff


Most of this information was underground until
Johnny Long put it into public hands and
published the “google hacking database”
Last year he changed his website and started
doing charity work.
The old GHDB (last update 2006)

http://www.hackersforcharity.org/ghdb/

The new and up-to-date GHDB
http://www.exploit-db.com/google-dorks/
Thank you!