Slashdot Mirror
Google Hacking for Penetration Testers
According to its cover, Johnny Long's book focuses primarily on revealing the "Dark Side" of Google -- a promise it delivers in spades. But I can also heartily recommend Google Hacking to newbies who simply want to learn how to harness Google's full potential.
The first few chapters of the book walk you through Google's interfaces and features, then introduce you to Google's advanced operators and techniques you can use to refine your Google searches. Instead of submitting basic searches that leave you arduously parsing hundreds of results for your desired answer, you quickly learn to submit powerful queries that almost instantly yield the results you intend. Even as an experienced Google user, I learned a lot from Google Hacking's early chapters. For Google neophytes, this alone makes the book worth its price.
However, we all know Slashdotters really want this book in order to learn how hackers misuse Google. Well, you won't be disappointed. As soon as Long has taught you to submit advanced queries, he wastes no time in showing you the techniques l33t Google hax0rs use to exploit the search engine's power. For example, did you know you can use Google as a free proxy server? By submitting a specially-crafted, English-to-English translation query, you can capitalize on Google's translation service to anonymously submit all your Web requests. This simple hack just scratches the surface of Google's malicious potential.
Most Web surfers don't realize the sheer amount of extremely sensitive information available for the harvesting on the Internet. In that sense, Google Hacking is eye-popping. Do you want to find misconfigured Web servers that publicly list their directory contents? A quick Google search does the trick. Or, suppose you found some new exploit code that only works against a particular version of IIS 5.0. Submit a quick Google query for a helpful list of possible targets. Do you want to harvest user logins, passwords (for example, mySQL passwords in a connect.inc file), credit card numbers, social security numbers or any other potentially damaging tidbit that Web users and administrators accidentally leak onto the Internet? Google Hacking shows you how, with highly refined searches gleaned from the community contributing to the Google Hacking database (GHDB) found on Long's Web site.
While Long's book discloses these and many other potentially malicious Google searching techniques, it does so responsibly, with the goal of prevention in mind. Only the less damaging search strings are fully revealed. Long saves the juicier (read: more dangerous) hacks for your own discovery. Long even obfuscates the sensitive results of the more damaging search strings in order to protect the innocent incompetents he refers to as "googledorks." After showing you how hackers subvert Google to their malicious intent, Long dedicates a chapter to how Web administrators can configure their Web servers securely in order to prevent sensitive data from making it into a Google Hacker's clutches.
Though I've gushed about the book so far, I will quibble with its inconsistent tone. Some of its chapters target readers having different levels of technical understanding. While the book starts out in a voice easy enough for even the most novice user to understand, some of the later chapters, on topics such as document grinding, database digging, and query automation, jump drastically and use language and techniques that only programmers or Unix power-users would understand. In addition, the humor that made Johnny's live presentation so memorable shows up in his book, but in scant supply; frankly, more jokes would be welcome.
But these negatives are mere nits. Whether you're a penetration tester wanting to exploit Google, a Web administrator wanting to protect yourself from information leaks, or even a newbie wanting to harness Google's full potential, Google Hacking for Penetration Testers makes an excellent resource. If you, too, use Google as a second brain, pick up Johnny Long's book and learn how to exploit this powerful search engine to its full capacity.
Corey Nachreiner, Network Security Analyst for WatchGuard's LiveSecurity Service, writes about network security on the free RSS news feed, WatchGuard Wire (browsable version, RSS feed.) You can purchase Google Hacking for Penetration Testers from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Personally I've been using his site for a while now. It is great site with user submitted hacks and a community review. It really is amazing what is on Google and knew a book was coming to exploit it.
Besides being able to find sensitive files, hidden portals, and vulnerable servers, it is also a good way to get free porn.
The exploits are just really advanced searches like the one below.
"http://*:*@www"bangbus
I'm a virgo and on Slashdot. Coincidence? Yes.
With a name like that, he should be!
Penetration testing?
In that sense, Google Hacking is eye-popping
That's what she said!
</rimshot>
concrete5: a cms made for marketing, but strong enough for geeks.
Mes apologies! Mod me redundant.... I just realized the submitter linked to the snopes myth buster for the urban myth. Color me embarrassed.
Yes, you are not alone. Many, amd more especially here at slashdot think [and believe] they know more than they actually do!
Which is why author linked to Snopes...
yes, but you apparently only use 10% of your brain. you failed to notice the submitter linked to the snopes article in his write-up.
Instead of submitting basic searches that leave you arduously parsing hundreds of results for your desired answer
Dude, stop searching for porn. I usually feel really lucky if my search produces more than a single page of results.
I use 90% of my brain to look for aliens.
steampunk web design
You can find out that at the end of episode 3, Quigon becomes yoda's master and teaches him how to become that force ghost thingy.
I see that apache.leakage.org is on the list of misconfigured servers.
I didn't think that was possible;)
If you don't know what AltaVista is (was), get off my lawn.
One of the first links I checked out from the google results he lists is apparantly some ddos perpetrator's weapons list page.
Go Figure.
You are checking your backups, aren't you?
Here is a cool article on Hackaday that describes GeoCamming, another Google exploit.
I like to find interesting cameras and then use NeoTrace to trace the addresses to find out exactly where the camera is. It's quite fun.
Amazon link to the book since the site's slashdotted
My roommate is dating a penetration tester from my work. You should have seen the look on her face when he told her what he does for a living.
How did someone come up with this name for a profession anyways?
Seems like Google itself isn't immune to hacking either ...
Too bad Google doesn't translate graphics, which some web pages are full of.
-- Boycott Shell
100% brainpower and still can't remember correct spelling of hear...
Um, did you click on that link??? It was a link to a urban myth site that debunked the 10% rumor. I guess you use less of your brain than you advertised.
"We need a fourth law of Robotics: Stop Fingering My Wife"
Apparently you need to allocate more of your brain capacity to grammar.
We all know that a male geek's second brain most certainly isn't Google (unless that is a clever nick name he bestowed upon it). I can just imagine wil wheaton shuddering at being linked to this thought as well as all the spam geared towards "natural google enhancement".
"It's difficult to meditate on amphetamines." - Joe Walsh
Server Error
The server encountered an internal error and was unable to complete your request.
JRun closed connection.
Is this the vaunted Java Skippy Cool Enterprise Beanie Weenie I have heard so much about?
Bend over so I can "penetration test" your "security hole."
Not that it's funny enough to burn karma over...
Right now the server is undergoing some severe penetration testing, and from the looks of it, not doing too well...
You must be one of those skull-penetrators.
What I really want to see abused is AskJeeves. That smarmy little morpion really bugs me for some reason.
My new dream job!
Sounds more like a cheesy pickup line to me: "Excuse me Miss, I'm Mr. Jones with the Office of Penetration Testing. You've been scheduled for a security checkup."
... does Google have Double penetration ! In vogue
You're right on track to become the next Star Wars kid...
I've been fortunate to live and work in the same area as Johnny Long, and have heard him locally a couple of times. The most memorable was when he was a guest speaker at a security class while I was working on my masters degree. His demo on pen testing was great. If you ever get the chance, listen to him speak.
I'd imagine his book is just as lively, informative, and insightful. I'm buying to when I get home. I've had it in my saved list for a while now.
An Apache mirror running Microsoft-IIS/6.0.
*boogle*
"The number of Unix installations has grown to ten, with more expected." (Unix Programmer's Manual, 2nd ed.; june 1972)
Be interesting if Google used their spare/idle servers for SETI@Home or something.
Assume I was drunk when I posted this.
Considering how male dominated the computer field is, I'd say they'd be mostly dudes. I'll take a pass on this job.
Did anyone else read this as "Penetration Teasers"?
Don't take life so seriously. No one makes it out alive.
ah man, now all those passwords are dead.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Correct me if I'm wrong, but Google doesn't do anything to the image references -- so that if you want to anonymously browse a website through Google, wouldn't you also have to turn image loading off on your browser? I mean, sure it'll work for text, but I didn't think this was exactly uncommon knowledge?
Also, I don't think Google translates the hyperlinks to work within the translation-page does it? So you would have to copy out any URL's that you wanted to go to and re-enter them into your translation query.
Can someone please tell me what's so special about this l33t "specially formed English-to-English translation" method? I mean, how much better can it be than just typing in the URL you want and choosing "Korean to English" in the drop-down?
'How to be malicious with search engines'. BTW this is nothing new. Google '1997 Simple Nomad hack faq' which explains using search engines (at the time altavista) to do exactly what this 'groundbreaking book' says!
Believe me, if I started murdering people, there would be none of you left.
*** WARNING ***
When doing a google translation proxy, remember two things:
1) The images that you load from the target page do *not* use the proxy. So if they want to track you down, all they have to do is look for the next few image loads following the google load for the main page.
2) en|en translations stand out in the logs, since it's not a normal translation option. You should use (for example) de|en. It'll fail on every german word and show the original word, which is english.
The register had a mirrored article from security focus. It walks you through the basic idea behind the book.
Since there is so much potential for abuse, I wonder if soon government will "wiretap" google, waiting for certain kinds of searches and then zeroing in the person who did the search. For example, what if some teen in highschool did a search for "anarchist cookbook". Would that be enough to have the police go talk with him, or watch him, or get a search warrent? What if they then find gasoline, and *gasp* styrofome cups in his garadge?? Can they charge him with conspiracy to make napalm? Or worse, what if I want a chem lab in my basement, do I have a right to it, to conduct my own research?
It would be like what the city of chicago is going. First they banned all guns in the city. Then they sued the gun manufacturers whenever a gun was used for a crime in their city limits. The City of Chicago argues "hey, we banned it, and you keep selling it to people who do illegal things in chicago, you have no safegaurds".
I wonder if there is a search engine out there that is opt-in only, does not link to spam or places that don't sell stuff but only link to places that sell (deceptivly I might add too). Maybe some search engine where users can moderate returns, like we do at slashdot. When you search for "baseball", with each hit you get to moderate how good of a search return it is. I have alot of ideas. Maybe I should not post them here, maybe I should talk to a patent lawyer first.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Poor ValuJet. He just wanted a laugh not to be branded a troll. What humorless jerk modded him down? Oh yes, a humorless, sexless jerk on Slashdot. Perhaps it was a lesbian. Laugh once in a while!
I remember when I worked at a bank, we were told of penetration tests that happened there. The whole concept of being payed to sneak around and try to gain access to what your not supposed to have seems like a fun concept to me.
In undeveloped countries, the consumer controls the market. In capitalist America, the market controls you.
Wait .... Girls read slashdot??
<i>Now what sites can I visit??</i>
I don't know what to say anymore.
especially when you add -gentoo to the search and then find out of the 9 hits out there none of them are interesting.
I'm all for google hacking, especially where axis webcams are concerned, but that just isn't a useful one.
There is still of ton of fun stuff out there though. Too bad about ISP's wising up and filtering ports though. Boy did it used to be fun to scan entire networks that had F&P sharing enabled with no firewall or ISP filter in the way. It used to be as simple as fire up your program, pick and range or IPs, and laugh as 1,000s of boxes we directly open to the Internet.
If you wanna get rich, you know that payback is a bitch
Has anyone noticed that the snopes article tends to use the terms "brains" and "minds" interchangably?
I wonder if soon government will "wiretap" google
What makes you think they haven't already?
Come on guys give me a chance. Your using up all the bandwidth by the time i get to the decent pron sites :(
Compared with the (imo rather poor) info given in the book review, I think the parent post is well informed and shows a 'hackish' mindset.
1) Google cache + translation may be used to fetch pages without querying the real server yourself, but images (and probably css and javascript URIs) will point to the original server. Why not use an anonymous http (or socks) proxy in one of the 'usual' countries? Or one of proxy networks built around onion-routing? Anyone skilled in 'the craft' certainly could.
2) If you leave traces in logfiles, be sure that they don't stand out like shell-code in an apache log. The proposed way of using a 'sensible' translation request which would fail and fallback to the original words is way better than en|en. Why didn't the author of the book write about that? This (fallback) behaviour can't be that secret; I knew about it and hardly use google translation.
3) I don't know the book, but judging from the review it seems to spend quite some time listing queries for server status/directory pages and certain file names. Is this really worth being printed on dead trees?
Nah, he should just change his sig. Period.
In my field of work, we also have strippers some of which are pictured on the web.
Some of my coworkers even passed around a pair of dikes.
You need to use "Google hacking" to find free porn? I know a lot of hacking techniques for all kinds of things, but I can't remember the last time I had to use any of them to find more free porn than I can possibly look at in a hundred lifetimes.
Hmm, I always referred to my penis as my "second brain".
ed2k link : ed2k://|file|Syngress-%20Google%20Hacking%20for%20 Penetration%20Testers.pdf|33793996|EDAE45502ED00CF 60AB413C5940B428A|/
These hacks are just the beginning and i can't wait to see how far Google will allow such queries to go on. I probably think that Google will limit special or *hacking technique queries search anytime soon, if not expect big brother or corporate giants to interfere with search engines and take actions against these small but powerful methods of hacking thru 'search engines'.
I can't fint www.altavista.com where is it?
Sincerly,
Grandmother
I remember three or four years ago back in H.S. when I had to deal with a proxy server that blocked all the neat stuff on the internet. Altavista's translator was a big help for that, not anonymous at all but useful when you're stuck behind some sort of idiotic filtering program.
All thr pr0n operators have now scrubbed their user db using this search!
This will be know as 'blue tuesday'