Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Author: entr0py
Date: 07.06.2007
Feedback: entr0py [AT] hush [DOT] ai
IRC: irc.2600.net #securitybay
Introduction
Google is one of the most popular web search engine in the Cyberspace. It is an extremely
powerful as well as persuasive search engine because it can be easily compromised by
inputting delineated search queries. This flaw or I can say boon has helped attackers to
acquire top-secret information that cannot be obtained by a normal search queries.
Anyway, in this tutorial I am going to elaborate various segments of Google. They are as
follows:
"NT Exploits"
intext: The intext operator forces Google to search for the query in the website’s
text content. This operator overlooks URL and titles; instead, it focuses
completely on the text content. Example:
intext:"Netcat Readme".
"allintext" is a variant of the "intext" operator. The allintext operator returns links,
in which the complete query is present. Example:
inurl:"index.php?page=security_resources.html".
"allinurl" is a variant of the "inurl" operator. The allinurl operator returns URL’s,
in which the complete query is present. Example:
allinurl:"index.php?p=elf_format.html"
intitle: The intitle operator obligates Google to search for the query in the
website’s title. This operator neglects URL and Titles; instead, it concentrates
entirely on the title. Example:
intitle:"Kernel Development"
cache:www.microsoft.com
info: The info operator will tell Google to provide you information about a
particular website. Let me show you an example:
info:www.linux.org
related: The related operator will compel Google to provide you websites related
to a specific website. Let me give you a quick sample:
related:www.freebsd.org
link: The link operator will compel Google to display websites that link to the
specified URL. This operator is helpful during affiliation building system.
Example:
link:www.the-c0re.org
filetype: The filetype operator will forced Google to show websites with the
specified extension or I can say filetype. This operator will help you in finding
source codes or whitepapers.
filetype:pdf site:www.infosecwriters.com
phonebook:Robert IL
Note: This operator will only show you US street addresses and phone numbers.
There are several variants of the above operator. Let me enlist them along with the
specified examples:
rphonebook:Lanny IL
define: The define operator will command Google to display websites that
contain definition of the specified word.
define:entropy
safesearch: The safesearch operator will instruct Google to ignore spam, adult
sites, malicious links, and advertisement portals.
safesearch:XXX
movie: The movie operator will compel Google to display reviews and show
times of the specified keyword.
weather Illinois
store: The store operator forces Google to provide information from its Froogle
segment. Example:
R60 store:IBM
- site:www.anysite.com
- site:anysite.com –site:www.anysite.com
Utilizing Index Directories to acquire information: One can obtain a lot of
information by utilizing Index directories. Read the section Index Browsing via
Google for more information. Do use the following dork:
- “Index of /” +server
- “Index of /” +Apache/”
Default pages: The default installation page provides significant information
about the website or the web server. Some dorks associated with this:
Apache:
Microsoft IIS:
I would like to credit Johnny Long from Ihackstuff for the above information.
Port Scanning via Google: One can port scan a web server by the means of
Google. Knowledge of ports and their services is a necessity. Anyway, here is the
dork:
allinurl:
• privmsg.php
• init.inc.php
• libpath=".php"
• module_root_path=".php"
• classes_dir
• inc_dir
• rf=
• returnpath=
• auth.php
• cart_isp_root
• BASE_path=
• class_path
• common.php?root_dir=
• redirect.cgi
• cvsweb.cgi
• login.jsp
• dbconnect.inc
• admin
• htgrep
• wais.pl
• amadmin.pl
• subscribe.pl
• news.cgi
• auctionweaver.pl
• acid_main.php
• access.log
• log.htm
• log.html
• log.txt
• logfile
• logfile.htm
• logfile.html
• logfile.txt
• logger.html
• stat.htm
• stats.htm
• stats.html
• stats.txt
• webaccess.htm
• wwwstats.html
• source.asp
• perl
• mailto.cgi
Best Practices
To avoid the Google menace, one can deploy certain security measures. Well, let me list
down several practices that might help you in ignoring Google attacks, help you in
avoiding information disclosure and obviously help you in avoiding script kiddie attacks!:
Incapacitate directory browsing: This is one of the best way to avoid critical
information disclosure.
Authentication: Authenticate all the sensitive as well as confidential directories
and files. This will disable remote directory browsing
Google Removal Process: Do a thorough Google dorking of your website. If you
find some of your top-secret files are listed down in the Google search archive,
then, quickly inform Google by visiting: www.google.com/remove.html
Google Honeypot: Install the sophisticated Google Honeypot.
Security Patches: Install the latest security patches and hot fixes.
CHMOD: CHMOD your directories properly.
Conclusion
Well, that is it for now. I hope you liked the tutorial as much as I did writing it. I guess I
have managed to explain every single bit about Google. Do write a feedback at
entr0py@hush.ai. Before completely ending this tutorial, let me list down several
informative websites, you might want to check: