Subject Index
A
Abuse database systems, 61
Active server page (ASP) error messages, 147
Actual database files, 71
Admin directories, 52
account, 187
Adobe Acrobat, 67
Advanced operators, 21–45
allintext operator, 27
cache, 36
colliding operators and bad search-FU, 40–42
daterange operator, 36–37
define operator, 39–40
filetype operator, 30–32
google’s advanced operators, 24
inanchor operator, 35
info operator, 37–38
“intitle” and “allintitle” operator, 24–26
introduction, 21
inurl and allinurl operator, 27–29
link operator, 32–35
numrange operator, 36
operator syntax, 22–23
related operator, 38
site operator, 29–30
stocks operator, 38–39
summary, 42–43
troubleshooting your syntax, 23–24
Allintext:moo goo gai filetype:pdf, 40
Allintext operator, 27
Allintext:Sum Dum Goy intitle:Dragon, 40
Allintitle:”index of”“backup files”, 25
“Allintitle” operator, 24–26
Allinurl operator, 27–29
Allinurl:pdf allintitle:pdf, 42
ALL operators, 22
AMX NetLinx systems, 203
AND operator, 17
Anonymity, 47
with caches, 48–51
AOL Instant Messenger (AIM), 168
Apache log, 117
Apache servers, 146
Apache 2.0 source code, 144
Apache web server, 211
2.4.12 web servers, 143
based methods, 75
Application software version and revision, 150
ASP.NET application, 147
ASPX extension, 133
as_qdr field, 37
as_qdr variable, 23
Authentication systems, 161
Automated grinding, 71–76
Automated scanning process, 216
Automated scanning software, 172
Automating searches
principles of, 80–81
Automation, principles of, 108
Axis network print server, 183
B
Belkin, 179
Bing hacking for penetration testers, 102
Bing search engine, 102
Blackmail fodder, 191
Boolean logic, 32
Bottom.html file, 144
C
Cache, 36
Calendar, 171–172
files, 206
service, 172
Cameras, 191–198
Carriage return line feed (CRLF), 91
CGI programs, 147
CGI scanners, 149
CGI vulnerability, 67
Cleartext passwords, 161
Clipboard, 50
CNAME, 107
Colliding operators
and bad search-FU, 40–42
Common file extension, 134
Computer program, 80
Conf file extension, 62
contents of, 63
store program, 61
Configuration panel, 215
Configured portals, 134
Content-language string, 146
Conventional security assessments, 79
Co-op Custom engine, 174
Corel WordPerfect, 67
Correlation function, 111
C programs, 121
Credit card numbers, 165
searching for, 165–167
CSV files, 11
Curl request, 93
Customers’ networks, 137
Custom search engines, 174
Cut-and-dried approach, 11
CVS files, 64
D
“Dark side” exercises, 119
“Dark side” hacker, 161
Database
dumps, 70–71
headers, 71
hacking, 76
systems, 71
Data collection, 118
Data-mining programs, 82
Data source, 109
Daterange operator, 36–37
Date restrictor, 37
0day, See Zero day
Default documentation, 149
Default username/password combination, 189
Define operator, 39–40
DejaNews, 3
Difficult-to-read machine code, 120
advantage of, 52
importance of, 138
locating, 52
Directory traversal, 55–56
Document digging, 61
Documents, types of, 61
Domain name server (DNS) queries, 151
names, 29
Dropdown box, 4
E
Electric bong, 206
parsing, 102–107
verifying, 83–84
“Evil cybercriminal”, 10
Exit administrative access button, 190
Exploits, 119–123
caches, 119
introduction, 119
locating exploit code, 119
locating exploits via common code strings, 121
locating public exploit sites, 120
summary, 122–123
Extension walking, 57–58
F
Favorite programming language, 94
Filetype:c c, 120
Filetype:c exploit, 120
Filetype:conf inurl:firewall, 62
Filetype:c query, 121
Filetype:doc, 32
Filetype:ini inurl:ws_ftp, 62
Filetype:log inurl:log, 66
Filetype:pdf, 32
Filetype:ppt, 88
Filetype:xls inurl:password.xls, 67
Finger CGI script, 176
Finger tool, 176
Firefox extensions, 216
FTP client software, 62
G
Gain sensitive information, 135
GEEK stuff, 176–179
utilities, 176–179
GET parameters, 115
GNUCITIZEN group, 174
GNU Zebra, 11
Golden rules, of google searching, 7–8
google queries are not case sensitive, 7
google reserves the right to ignore you, 8
google wildcards, 8
32-word limit, 8
advanced operators, 24
advanced search page, 16
alerts, 173
cached page, 49
crawls, 148
custom search engine, 174
databases, 56
free search service, 74
navigation items, 4
pages, 112
preferences, 4–6
and language tools, 18
processes, 2
result, 112
areas, 18
button, 2
interface, 3
reduction, 11–14
results, 47
server, 49
system, 113
translate feature, 165
translation features of, 4
trolls camera phone picture sites, 191
URLs, working with, 14–15
video, 2
warnings, 17
web interface, 1
web pages, 5
web results page, 1–3
web search page, 1–2
ZeitGeist page, 113
Googlebot, 211
Google Co-op, 173–174
Googledork, 176
arsenal, 42
effective search reduction, 63
protecting from, 209–218
advanced dork, 216
directory listings and missing index files, 210–211
getting help from google, 216–217
good solid security policy, 209–210
hacking your own site, 214–215
introduction, 209
NOARCHIVE, cache “killer”, 213
NOSNIPPET, getting rid of snippets, 213–214
password-protected mechanisms, 213–214
Robots.txt: preventing caching, 211–212
site yourself, 215
software default settings and programs, 214
web server safeguards, 210
Wikto tool, 215–216
search, 149
target, 161
trade, 119
actual database files, 71
anonymity with caches, 48–51
automated grinding, 71–75
basics, 61–77
configuration files, 61–65
database digging, 67
database dumps, 70–71
directory listings, 51–52
error messages, 69
going out on limb, traversal techniques, 55–58
directory traversal, 55–56
extension walking, 57–58
incremental substitutions, 56–57
locate files, 65–66
locating directory listings, 52
log files, 66
login portals, 68
office document, 67
server versioning, 53–55
specific directories, finding of, 52–53
specific files, finding of, 53
support files, 68–69
search, 174
Google hacking license test, 41
Google Images, 2
search, 3–4
Google license key, 215
Google Mail, See GMail
Google Maps, 2
Google News, 2
feature, 48
Google search basics, 1–20
exploring google’s web-based interface, 1–17
basic searching, 9
building google queries, 7
golden rules of, 7–8
Google Groups, 3
Google Image search, 3–4
google preferences, 4–6
language tools, 6–7
putting the pieces together, 16–17
search reduction, 11–14
special characters, 15–16
URL syntax, 15
using Boolean operators and special characters, 9–11
web results page, 2–3
web search page, 1–2
working with google URLs, 14–15
fast track solutions, 18–20
building google queries, 19
exploring google’s web-based interface, 18
working with google URLs, 19
introduction, 1
summary, 17–18
Grabbers, 92
Grep script, 73
Groups search, 24
H
Hackers, See Google hackers
Hacking, 214
reasons for, 79
Hacking google services, 171–174
calendar, 171–172
Google Co-op, 173–174
google’s custom search engine, 174
signaling alerts, 172–173
Hacking google showcase, 175–207
cameras, 191–198
GEEK stuff, 176–179
utilities, 176–179
introduction, 175–176
open applications, 186–191
open network devices, 179–186
power, 203–206
sensitive info, 206–207
summary, 207
telco gear, 198–203
HELO test, 84
Hex encoding, 15
HIPPA act, 175
Home language, 89
HomeSeer control panel, 206
Hosting C source code, 120
Hostname router, 14
HTM files, 57
HTTPS protocol, 134
http://www.defcon.org web site, 33
Hyperlink, 98
content, 153
files, 139
pages, 75
templates, 143
Hypertext preprocessor (PHP)
application errors, 147
files, 57
Nuke administrator account, 187
script, 176
Hypertext Transfer Protocol (HTTP), 92
error 404, 141
error code 403, 92
1.1 error messages, 139
1.1 error pages, 142
version 1.0, 90
I
IBM.com, 206
ID cookie, 116
Identity theft, 161
Inanchor:click, 35
Inanchor:click –click, 42
Inanchor operator, 35
Incremental substitutions, 56–57
Inevitable syntax errors, 23
Info linux, 37
Info operator, 37–38
Information collection framework
google’s part in, 79–118
automating searches
principles of, 80–81
collecting search terms, 113–118
referrals, 117–118
spot transparent proxy, 116–117
spying on your own, 113–116
domains and subdomains, 107–108
expanding search terms, 82–87
email addresses, 82–83
email addresses, verifying, 83–84
getting lots of results, 86–87
people, 85–86
getting data from source, 88
introduction, 79
original search term, 82
parsing the data, 102–107
parsing email addresses, 102–107
postprocessing, 109–112
beyond snippets, 112
presenting results, 112
sorting results by relevance, 109–112
scraping it yourself, requesting and receiving responses, 88–94
scraping it yourself, the butcher shop, 94–101
summary, 118
telephone numbers, 108–109
using other search engines, 102
using “special” operators, 87–88
Integrated tools, 138
Nessus, 138
OpenVAS, 138
Qualys, 138
Retina, 138
users, 3
Internet-connected network, 137
Internet Information Server (IIS), 139
error pages, 142
HTTP/1.1 error pages, 141
Internet Information Services, 141
Internet Protocol (IP), 151
based filters, 213
based routing protocols, 11
nslookup of, 49
google, 22
index.of.admin, 52
index of backup files, 23
“index of”“backup files”, 25
index.of inurl:“admin”, 55
index of private, 22
query, 139
search, 141
something, 40
Intranet, 134
Intranet#help.desk query, 135
Inurl:Computers inurl:Operating_Systems, 35
Inurl:0day, 119
Inurl operator, 27–29
iPhone, 88
ISBN number, 108
ISP’s Internet gateway, 114
J
JPG image, 49
Juicy info
searching for, 167
Julian dates, 37
L
Language tools, 6–7
Learning tool, 66
Libssl32.dll download, 93
Libwhisker Perl library, 56
Link:linux.org, 33
Link:linux search, 34
Link operator, 32–35
Link: syntax, 34
Linux/Mac OS X command, 153
Load google hacks database, 216
Loading, 25
Local international dialing method, 108
Locate files, 65–66
Log files, 66
record, 66
locating, 149–150
Login process, 128
Login trouble, 129
Lynx command, 74
Lynx text-based browser, 94
M
MacWrite, 67
Malicious hacker, 201
Management devices, 179
Management system, 200
Metadata, 61
META tag, 213
Internet Information Server (IIS), 139
Money, 167
web-based mail portal, 162
web data administrator software package, 68
Microsoft Access documents, 67
Microsoft FrontPage support files, 164
Microsoft-IIS/5.0, 142
Microsoft-IIS/7.0 server at, 139
Microsoft Office documents, 30
Microsoft outlook web access portal, 162
Microsoft Works, 67
MillerSmiles.co.uk, 165
Moderate SafeSearch, 4
Mozilla browsers, 216
MRTG configuration file, 63
MSN Messenger, 168
MsSQL, 173
Multimillion-dollar security system, 161
mysql_connect function, 68
MySQL database, 187
N
Nessus security scanner, 168
Netcat, uses of, 91
Netscape, 157
Network-connected device, 157
Network hardware, location, 157–158
Network query tool (NQT), 151
code, 153
functions, 151
HTML code, 155
installations of, 151
server, 155
Network reports, location, 156
Network server, 179
NIKTO tool, 215
NOT operator, 17
nqtfile.txt program, 154
Ntop program, 156
Number crunching, 82
O
Office document, 67
Open network devices, 179–186
Operator syntax, 22–23
ORed, 32
OR operator, 17
Outlook web access portal, 150
P
Page-scraping techniques, 120
Paranoid system administrator, 177
Parent directory, 52
Passcode, 171
cracking utility, 164
data, 163
information, 164
protected mechanisms, 213–214
protected page, 214
searching for, 163–165
PBX product, 202
Penetration (pen) testers, 137
Pen test, See Conventional security assessments
People, 85–86
Perl script, 72
Personal finance programs, 167
Personal financial data, 167
Phishing scams, 167
Phone card (calling card) numbers, 165
PHP.BAK file, 57
phpMyAdmin installation, 187
Phrack Web server, 49
Phreaker, 198
Ping tool, 176
Pivot Web log, 187
Point-and-click script novice, 186
Portable document format (PDF), 30
document, 134
extension, 132
Portscans, 177
Postprocessing, 109–112
beyond snippets, 112
presenting results, 112
sorting results by relevance, 109–112
type of, 112
Power, 203–206
PowerPoint, 67
Preferences screen, 6
80/20 principle, 107
Private intranets, 135
Private networks, 135
Professional hackers, 137
Proxy API, 102
IP address, 50
Public access area, 150
Public directory, 163
Public exploit code, 119
Public web application exploit announcement, 123
Public web server, 210
R
Radar, 137
Rain Forest Puppy (RFP), 56
Ranking technology, 9
Recent religion work, 183
Reduction techniques, 65
Referrals, 117–118
Regular expressions, 72
Related linux, 38
Related operator, 38
Remote exploit, 119
Restrict variable, 17
Results window setting, 6
$result variable, 96
Robots.txt file, 211
rotator.php file, 155
Rotator program, 155
RSS feed reader, 171
S
SafeSearch filtering, 5
Sample database files, 68
Sample files, 13
Scraping, 89
hacking forums, 175
users, 82
Searching techniques, 21
Search reduction techniques, 11
Search script, 15
Search techniques, 1
Secret Service, 206
Secure sockets layer (SSL), 93
Secure Sockets Layer (SSL)-enabled connection, 156
Security assessment, 125
Security expert, 171
Security person, 162
Security searches, 125–136
ADMIN#ADMINISTRATOR, 130–132
error # warning, 126–128
–EXT:HTML–EXT:HTM–EXT:SHTML–EXT:ASP–EXT:PHP, 132–134
Intitle:index.of, 126
INTRANET#HELP.DESK, 134–135
introduction, 125
INURL:TEMP# INURL:TMP#INURL: BACKUP#INURL.BAK, 134
login # logon, 128–129
PASSWORD#PASSCODE“your password is”, 129–130
site, 125–126
USERNAME#USERID#EMPLOYEE.ID“your username is”, 129
Security systems, 128
“Self-help” documentation, 128
Self-respecting hacker, 176
Sensitive info, 206–207
Sensitive information, 47
Sensitive security-related information, 168
Server administrator, 149
Server-generated file extension, 132
Server software, 54
Server tags, 54
Server versioning technique, 53–55
Set-Cookie, 114
Shiny event cells, 172
“ & ” sign, 89
Signaling alerts, 172–173
Simple Mail Transfer Protocol (SMTP), 84
Simple reduction techniques, 126
Sipura SPA software, 198
Site:com site:edu, 42
Site:phrack.org, 50
Smoothwall personal firewalls, 180
Sniffing, 113
Snippet, 213
Snort intrusion detection system, 185
SOAP API key, 215
Social-engineering attack, 168
searching for, 165–167
Sound security policy, 209
“Special” operators, 87–88
Specific directories, finding of, 52–53
Specific files, finding of, 53
SpeedStream router, 179
SPI Dynamic’s WebInspect excel, 147
Spot transparent proxy, 116–117
Spying, 113–116
Squid proxy, 115
Stickers, 196
Stocks operator, 38–39
Stop words, 8
Straight-up site search, 125
“Student enrollment” systems, 178
Student ID number, 167
Subdirectory names, 134
Subdomains, 107–108
Subscription-based news service, 213
Syntax, troubleshooting, 23–24
System password file, 56
T
Targets, 119–123
introduction, 119
locating targets via source code, 122
locating vulnerable targets, 122
via vulnerability disclosures, 122
network, 135
summary, 122–123
Tcpdump, 49
Telco gear, 198–203
Telephone conferences, 171
Telnet, 90
TITLE HTML tag, 25
TITLE variable, 144
Traditional network fixture, 185
TCP/Internet Protocol (IP), 91
Transparent proxy, 114
network configuration, 115
Traversal techniques, 121
going out on limb, 55–58
directory traversal, 55–56
extension walking, 57–58
incremental substitutions, 56–57
Traversing, 47
U
“Ugly” web pages, 47
beginning of, 27
parameter, 58
short for, 27
structure, 1
syntax, 15
Uninterruptible power system (UPS), 203
monitoring page, 203
UNIX
based operating system, 54
program’s configuration file, 64
server, 138
terminal, 90
users, 8
USENET community, 3
USENET newsgroups, 3
User-agent, 92
Usernames, 129
password, 67
searching for, 162–163
V
Valid queries
examples of, 22
View source, 57
VNC server, 188
Voice over IP (VOIP) service, 198
digging, 198
Vulnerability assessment, 150
Vulnerable exploit, 119
Vulnerable servers, 67
W
Warning, 128
Webalizer program, 162
assessment tools, 149
Web assessment tools, 147
Web-based administrative interfaces, 179
Web-based database, 67
Web-based discussion forums, 3
Web-based networking tools, 159
Web-based network statistics package, 156
Web-based statistical programs, 162
Web-based targets, 122
Web cam, See Web camera
queries, 191
Web crawler, 210
Web crawlers, 212
Web data, 48
Web directories, 149
Web-enabled network devices, targeting, 156
Web hackers, 165
Web image monitor, 183
Web scanning tool, See Wikto
Web search, 3
engines, 9
Web searchers, 82
locating and profiling, 138–149
application software error messages, 147–148
default pages, 148–149
directory listings in, 138–139
software error messages, 139–146
apache web servers, 142–146
microsoft IIS, 139–142
version tag, 55
google exposure, 209
Web space, 157
Web surfer, 157
Web utilities, using and locating, 151–155
Wget, 92
WhipMaster, 112
WHOIS lookups, 151
WHOIS queries, 151
Wikto tool, 215–216
Wildcards, 8
character, 8
searching, 163
Windows platforms, 84
Windows registry, 162
Woodie, 196
Worm-based spam campaign, 162
WS_FTP log files, 53
WS_FTP program, 62
Y
“@yahoo.com” email, 71
Z
Zebra.conf files, 11
Zero day, 119
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.