Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Transcript of Google Hacking
inurl:view/index.shtml Originally created by Johnny Long of Hackers for Charity,
The Google Hacking Database (GHDB) is an authoritative source for querying the ever-widening reach of the Google search engine.
In the GHDB, you will find search terms for files containing usernames, vulnerable servers, and even files containing passwords.
When The Google Hacking Database was integrated in The Exploit Database, the various googledorks contained in the thousands of exploit entries were entered into the GHDB.
The direct mapping allows penetration testers to more rapidly determine if a particular web application has a publicly available exploit. Google Hacking Database Google Hacking Database Google Hacking Google, Friend or Enemy?
Google is everyone’s best friend (yours or hackers)
Information gathering and vulnerability identification are the tasks in the first phase of a typical hacking scenario
Passitive, stealth and huge data collection
Google can do more than search
Have you used Google to audit your organization today? Google Hacking Advanced Operators: “Filetype:”
Find documents with specified extensions
The supported extensions are:
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt)
- Adobe Portable Document Format (pdf) - Microsoft Word (doc)
- Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb)
- Lotus 1-2-3 - Microsoft Excel (xls)
(wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri)
- Lotus WordPro (lwp) - Rich Text Format (rtf)
- MacWrite (mw) - Shockwave Flash (swf)
Text (ans, txt)
Note: We actually can search asp, php and cgi, pl files as long as it is text-compatible.
Example: Budget filetype: xls Google Hacking Advanced Operators: “Site:”
Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain
site:www.cbseresults.nic.in Google Hacking Google Operators:
Operators are used to refine the results and to maximize the search value. They are your tools as well as hackers’ weapons
+, -, ~ , ., *, “”, |, OR
allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange Google Hacking Google Advance Search
A little more sophisticated …… Google Hacking Google Search Technique
Just put the word and run the search
You need to audit your Internet presence
One database, Google almost has it all!
One of the most powerful databases in the world
Consolidate a lot of info
One stop shop for attack, maps, addresses, photos, technical information Google Introduction & Features
Google Search Technique
Google Basic Operators
Google Advanced Operators Agenda
Using internet search engine as a tool to find information related to creativity & innovation IMP GHDB LINKS http://www.exploit-db.com/google-dorks/
http://www.airdemon.net/ghdb3.html Google Hacking Database Google Hacking Advanced Operators “Intitle:”
Find search term within the title of a Webpage
Allintitle: search_term1 search_term2 search_term3
Find multiple search terms in the Web pages with the title that includes all these words
These operators are specifically useful to find the directory lists
Find directory list:
Intitle: Index.of “parent directory” Google Hacking Advanced Operators
A budget file we found ……. 4. Google Hacking