Day 2: Google Hacking
Hello Everyone.
Well today I am going to talk a little about hacking with Google. Now I am going to warn you that no actually hacking techniques are neccessary to do these things, only the knowledge of directory structures within a web server or file server. The basis of this technique is to search for specific things that will give you a back door into a web server so you can look around. Some of the information will not be useful, but other information can be used to help in social engineering, or plotting network structure inside a specific business, or even give the passwords and login scripts for administrative areas of various web sites. Now, I did not read a book to find out this stuff so if you see that it is somewhat similiar to somthing else you have read, I apologize. I got the idea while browsing the security focus website and they had a section where you could read a few pages from a book about google hacking. I figured that I could try and find out the info for myself so I went ahead and played around with different search strings and this is what I came up with.
First, it is neccessary to understand how a directory structure works inside a web server. They are broken down into trees where there may be other directories or files inside, eg www/cgi-bin, etc. It is also essential to know how a search engine crawls data on a web page. Most crawlers use the first couple of words on the page when making search keywords if they are not specified via metatags, so if you have a heading on your page that reads "Page Heading" then most likely in a search engine it will say the same thing for your discription. You may ask why this is important, well if you notice when looking at a web server directory, at the top of ever one is the words "Parent Directory". This is the first hint on how to find open servers using google. In the search bar type in parent directory and probably 8 out of 10 sites listed will be direcotry trees from with a web server!
Next thing is to look for specific file names or directory names if you wnat to narrow down your search, eg password.txt, /admin, /private, etc. This will tell the search engine to look for those specific names when pulling up the sites so if you put "parent directory password.txt" in your search bar it will come up with all the sites within web servers that have a password.txt file. Now most of the time these files don't mean anything so this is mostly just an example, but if you use keywords like /admin, this can be very fruitful. Also it is possible to search for specific sites you wish to target by usuing their URL in your search terms.
Another good thing you can do is to stake out specific servers that you have exploits for because the server type and version is usually listed at the very bottom of the page. With this information you can look up the ip address to the site and run a port scan, use whatever exploits you wish and your in, theoretically.
When I performed these methods I sorted through about fifty pages of nonsense before I came up with anything good so patience is a vertue, but you will find somthing of interest if you are persistant. I found secret encypted building plans to an office in Utah, I don't really know if they are that important, but it was pretty cool to download the docs and break the password on them and see blue prints for some building. Now I will never do anything with these files but it does show you that you never know what you are going to find.
Well I hope that was mildly informative and that some of you can find other ways to get sensitive material just by searching for it. By the way, all of the things I said above will work for any search engine like Yahoo!, Google, Excite, etc. So have fun!
Talk to you all later!
Kn1ghtl0rd
