Slashdot Mirror
Google Hacking for Penetration Testers
Google Hacking for Penetration Testers (Google Hacking for short) is Johnny Long and company's tome on the subject of using what is widely considered to be the web's only worthwhile search engine and the myriad of ways that you can get very specific information out of it. Not just for web pages, you can find Excel spreadsheets, Word documents, and all sorts of information that the owners thought was hidden. This is what makes Google hacking, as an activity, so interesting.
The Google Hacking book starts with Google search basics, which is usually way more than most people do in a given week of using Google. With nary a pause, Chapter 2 covers advanced Google search operators, such as exclusions, file types, and restrictions like "inurl:" and "phonebook:". By this point, you should be sufficiently armed to do some serious Google hacking. Together with the skills and the imagination to phrase what it is you're looking for, you can mine the web.
Chapter 3 provides a simple, fast-paced introduction to using Google to do more than find porn and stalk potential mates. You can dig around in sites to find, for example, backup scripts (which may expose database parameters, useful for SQL injections later on) and eve use Google to hide your tracks as a proxy server (note this only partially works).
The next few chapters focus on the Penetration Testers portion of the title. Chapter 4 starts with the preassessment of the target (of your pen-test), including digging around for information left by employees (ie mails that reveal employee lists), information about the company leaked in job postings (which may include technologies used), and all the kind of stuff you want to know before you start knocking around. Chapter 5 shows you how to use Google and a few other sites to map the target. After all, Google's indexed their site, why not use the data they gathered. Chapter 6 has some real meat in it, including how to find vulnerable CGI programs via Google queries (ie looking for formmail.cgi scripts).
Chapter 7, which is described as "Ten Simple Security Searches That Work", is surprisingly succinct and effective. It basically helps you map the restrictions you learned earlier into queries and data to help you penetrate a target's security without ever leaving Google. Chapters 8 and 9 help you understand how to use Google to enumerate what you can about resources and authentication credentials, and Chapter 10 describes how to pull up documents for your perusal, some of which may be real gems.
Chapter 11 is another interesting chapter, where you learn how to use these same techniques on your own site to determine what kinds of exposures you have. This can include private communications, confidential memos, and even internal configuration information. What doesn't get stressed too clearly at all is that some sites don't respect "robots.txt", for example, and will archive pages indefinitely even if they weren't supposed to. As such, even if you are protected from Google you may not be entirely protected. Now is a good time to learn how to use other major search engines.
I liked where Chapter 12 is headed with automated Google searches via the API and page scraping, but I think more could have been done here to show better, more useful code. As it stands, you'll have to expend some more elbow grease to translate a lot of what you learned earlier into a useful tool for yourself (if you want to write your own). The two appendices on "Professional Security Testing" and "An Introduction to Web Application Security" seem out of place, though, and could have been bridged into the whole book much more cleanly.
Overall I'm not as thrilled with this book as I would have liked to have been for a few key reasons. First, I found the presentation of the book, specifically organization, language and screenshot displays, to be only average. The organization of the book itself seems to jump around sometimes, going from recon work to attacks and then back to basic outside recon work. This becomes a burden when you want to refer back to the book to find a useful portion or to understand the progression of an idea.
Secondly, I found the writing to be heavy with all kinds of 'Leet Hacker' types of references, which get old pretty quickly and only drown out useful information. At over 500 pages, you'd think this book was truly bursting at the seams with information, but a lot of it is redundant or hidden under excess fluff.
Finally, a number of the screenshots are full screens when they could have been only pieces of a screen or a window to achieve an improved effect. This matters because the halftone printing process leaves the images blurry, and a large window or screen is blurry at the book's printing resolution. This is something I've found in common between a bunch of Syngress books, and I hope they'll address it shortly by reviewing their screenshot design.
In conclusion, there's nothing too significantly special about Google hacking. With a bit of elbow grease, some example code for the Google API, reading Google's own docs, and some experimentation you can find yourself at the same level you'd be at with the book, and about $40 heavier, too. However, Long and co-authors have assembled a good number of Google methods together, and if you're the kind of person who prefers to get right to productive work with a book, it's probably the best book I've seen on using Google for more than simple searches.
You can purchase Google Hacking from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Begin the penetration jokes now.
Or did something bad come to mind when the words "Penetration Testers" came on the screen? I was thinking, oh wow, google sure is powerful now. There's a hack for everything!
A review of a book about hacking, without a lengthy diatribe about the misuse of the word "hacking" to precede it. It's as if the reviewer realizes that his target audience has already attained a certain level of proficiency in the technological lexicon.
sign me up.
Beat 'Em and Eat 'Em
This is no secret- One of the best sources for salespeople to prospect is google. If you type in a company name and title, a lot of times you will find out the name- but not from the company site, from an alumni newsletter or the like. A lot of times you can find password protected lists of professional society rosters too....
I think the moral here is, if you don't want people looking at it, don't hang it out unprotected.... Unprotected penetration can lead to unexpected dialation... Oh wait, thats health class
And All I Ask is a Tall Ship And a Star to Steer Her By
.... when I first read this I thought Google was hiring "penetration testers".... they weren't very amused when I called them to apply :`(
If by "f" you mean fifth, yeah.
It is no longer uncommon to be uncommon.
http://ask.slashdot.org/article.pl?sid=04/02/20/18 23206&mode=thread&tid=126&tid=133&tid=186&tid=95
Free XBox, PS2
for law enforcement.
John Scmidt
johnschmidt.dk
since its a book...what will be the best way to search through it? paperback describing a paperless environment; kinda ironic, wouldnt you think?
Why is there a book google hacking, if they only comprise 36% of the market, and not a book search engine hacking.
Or did somebody lie on their market penetration percentage test?
Anyway, being pretty googlable myself, I know it also takes a lot of determination to get to all the data. So technique is one, sheer determination stays necessary (google speeds up the proces a lot though)
My wife's sketchblog Blob[p]: Gastrono-me
Okay, let's get the "this is a dupe" comments out of the way. This book (ISBN 1931836361) was already reviewed on slashdot. It seems like it's the same editor (timothy) in both cases. Then again, the two reviews are different, so I suppose it's not an exact duplication?
Oh, and I found the previous slashdot story by searching "slashdot google hacking for penetration testers" on Google. It's the first hit. Some people may find that ironic.
Welcome to 1996 and hotbot. I have been using search engines for many years. Its amazing how something becomes a "spalsh" when the mainstream picks it up.
????
oh, man. I'm a dork.
Okay, you got it. No more italics.
A headline with the word "penetration" is just bound to be the "butt" of jokes.
No no no, it's not "bound", it's "begging" to be the butt of jokes!
By allowing some of their internals to be more public than other search engines they gain an edge by in most cases having the webmasters who already run Google Ads on their site try and climb there way to the top. If they can't get you to pay for your web site advertising, they can at least make sure you have a way to have their Ads on more top pages of keywords. Hey, what more could you ask for?
Black Gray White Hats Unite to protect http://testing.OnlyTheRightAnswers.com
Tell me this isn't some kind of pr0n joke.
"Google Hacking" isn't a book, it's a web site.
Those who haven't checked out the site, will find the Google Hacking Database (GHDB) very interesting and somewhat scary. The things people put online and the security of certain systems is mind-boggling.
Seriously though, that hanging italics tag appears to be messing with the main page. While the headlines appear fine, all the "Read More" lines all the way down the page are now italicized.
"do more than find porn"
But that means I have to take time out of my porn-finding!
Absolutely hilarious....Now this is news for nerds.. And stuff that really matters... All with a bag of cheetos...
It's been slashdotted :-(
When you consider the kind of information this independent group has shown can be found using Google, consider what the engineers at Google who designed the various search systems and web-bots can garner from it, for all we know, the data that can be gleaned from this book may only be a glimpse of the restricted information Google could potentially gather, kept from the web-surfing masses.
We hear about blackmail cases involving compromised data occuring all the time, and coupled with corperate espionage, a group like google could stand to see far greater profits then mere 'advertising'
for those preparing to mod me down, consider this:
Knowledge is Power, and as far as everyone is Conserned, Google is probably at this moment, the source of more human knowlege then has ever been compiled before, all cached on their wonderful servers, and through their extensive knowledge of where any data they may need to see in the future resides.
Absolute Power corrupts absolutely: in a case where such secret information is availiable, no person or group is every above the incentive to gain from this power, including Google, or if not that, inticed individual employees
people really need to start analizing the Power Google has over information and take its immense position seriously. at least books like this can only open more light on this growing problem
is that google hacking was more of a shocker than penetration testing....?
The only way to get rid of a temptation is to yield to it.
-Oscar Wilde
..for the warezed, scanned-in copy that will probably end up converted to PDF and indexed on Google itself. Mind-blowing, and searchable!
I didn't even have to rip some scripts from an fserve xftp warez dump XXX site in russia to get this to work, I mean, what, how !l33t is that.
.bat file in 16 bit DOS, then renaming an exe file to COWBOY_NEAL_GOATSE_TACO_PROJECTILE_FEACES.exe and emailing it to google ad sense marketing execs.
Real google hacks involve running at least 1
That is real mens hacking. Or at least using google in leet language mode.
Does anyone think the use of real dictionary terms makes the whole automated human test a bit weaker?
photon
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Not really much of a book when you consider the same stuff is on his forum or other forums or could be found out for free. It's just hollow opportunism by the author who has nothing better to do than make money off the back of others.
Most of the hacks get old real quick; index.of.secret, etc/passwd and so on. There is a lot Google doesn't catch as well because it won't hammer a form. Google may as well hammer databases with brute force requests and cache the results, the so called 'dark internet'
Yes, bring back the couch!!!
Awhile ago I thought "how hard is this to do"?
.. after reading an article about how easy it was to find them. Turned out to be damn easy, 'cause Google has a way to search for a number range. After a bit of finagling with that I found several credit card lists, including one that included peoples home addresses and social security numbers.
So I wanted to find credit card numbers
Here's hoping this book will wake up a few dim bulbs thinking their credit card numbers are safe - or merchants thinking that their customer data is safe from disclosure.
Oh, and while I'm here, doesn't it bother you that drupal puts the database password in a file that's readable as a URL?
...that the book is titled Google Hacking for Penetration Testers and the author's name is Johnny Long?
Coincidence... I think not.
If you're looking here for something insightful or thought provoking, you're probably looking in the wrong place.
Looks like the problem is fixed.
What is this Slashdot obsession with "penetration", especially of the anal type? There seems to be a very persistent undercurrent of homoeroticism going on here that suggests an unfulfilled desire among many of the Slashdot crowd.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
You know, I've read through every entry/reply there, and I'd have to say just this post is a lot more informative.
the sun is god
this has been out well over a year, so long that in fact my favourite googledork ( filetype:LvAppl ) has been blocked by google heres a tip for anyone who likes this sort of thing though, nmap -sP -iR 250 -p 80 well, it's worked a couple of times to find interestin things
http://books.slashdot.org/article.pl?sid=05/04/11/ 1750217&tid=217&tid=172&tid=6/
I wish I could delete it. :(
As in doing something clever with a tool (the tool being Google in this case). All previous diatribes are directed against the perceived misuse of "hacking".
Moby Dick was a sperm whale. I think we have yet another clever author
Access Denied
Access to the requested URL is prohibited by firm policy. The URL points to a website which is known to install software on your computer which may affect the reliability and performance of the firm's computers.
The "who's Johnny" link at "ihackstuff.com" site tries to install something.
It is only matter of time when vertical search engine(s) will prevail. Google's froogle failed, Google's news failed, Google's scholar hehehhe LOL
:-)
Well I wonder will they offer jobs soon like yahoo did (and that yahoo thing is so poor).
Gigaglast announced that searches over 500,000 vertical search engines use DMOZ as starting point to define verticals but that is pathetic try and not real verticals cluster!
Many people like zoominfo.com, become.com, and many others are researching new concepts. Alexa allso has something to show, SNAP.com is actually Google hacks for dummies approach...
I think PageRank, (sorting web by importance), is hacked thing and last 6 - 7 years Google is fighting with SPAM only.
The only way out of this situation is quantum change and that could be done not trough keyword+PageRank approach (like MSN and AllTheWeb aka Yahoo did also). New technology with advanced API, many verticals, strong semantic, AI etc. will show up and blow out google like google have blown out Altavista and others long time ago.
Why google with 2000 phd's cant make technology like that? Larry is my personal idol but he is surrounded with bunch of idiots and byirocracy so he can't do anything. He should leave Google and join a startup
until some company uses these techniques to discover that google has cached some confidential info and then sues the pants off google?
I refuse to engage in a duel of wits with the unarmed.
Save yourself more than FOUR BUCKS by buying it here: Google Hacking for Penetration Testers
Actually, I found it an interesting site. In plain English, I enjoyed reading it. THAT is what counts in writing, not necessarily how informative it is, though that's always nice.
"Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."
i was completely wrong earlier, because i got bored of this months ago, and forgot the command , the best search, for the sweetest camera is (i can't be arsed to do the link ) inurl:LvAppl stick that in google and have fun
I couldn't find the short nice definition word for
"That guy's a *bleep bleep*, he just repeats the same shit over and over.
Two things he's got:
1) Founders are selling their stock. Ok. That sounds reasonable.
2) Non-annoying ads make people click on them, because people think they're part of the site.
Alright. So if the ads aren't integrated, they're mostly annoying, they stand out, then I notice them more, even so much I'm unable to concentrate on the site content. Which either make me not go to the site any more, or try to get more and more stuff to remove the ads"
Hmm. That sounded more clever in my head. He mentioned "clickable white-space" not being on the google site, but everywhere else. Checking I see it doesn't have so on the side ones, but does on the upper ads. I can't see why that wouldn't be good idea though, instead of just having to home in on the underlined text?
Oh. And as for ad and annoyance removal (lets make every other word a link!), the best I've found is just copying/pasting the text to notepad. That makes me wonder why evil websites haven't put all content in flash...
Maybe I should reply to the text up there? Yeah! I imagine people who truly think good writing is insta-definable read instruction manuals all day.
the sun is god
"Hi I'm Johnny Long. Penetration tester."
http://scoogle.net/
You may very well be right about folks who read technical manuals not understanding the other functions of language. As for your 2), I often click on ads on the Google search page, though NEVER on those on webpages. And no, I do not mistake them for actual results, though they have gotten harder to distinguish since they started putting them in the same column. "BAD Google!"
And is their stock overpriced and highly bubblized and have they lost track of their original focus to the point where I might expect them next to create a porn search feature? Yes, indeedy. But that seems to be a function of the current tone in Washington that seems to think it's alright for a corporation to do anything that improves their bottom line, no matter how nefarious and underhanded and just plain immoral. But that's a matter for the ballot box and, like everything evil, will eventually pass and we will all kick ourselves and ask how it could possibly have happened.
"Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."
On the topic of pen testing with google, it'll scan your site looking for common vulnerabilities with the help of google.
http://www.scoogle.ca/
If this topic (or alcohol) interests you,
Johnny Long will be giving a talk about it at Defcon in Las Vegas this weekend. Go!
Google Hacking For Penetration Testers
-- The Funk, The Whole Funk, And Nothing But The Funk
well, well,
/goolge hackers/
.
I had a couple of very misleading posts here, where the (illustrous, frequend, gov sponsored???!!!???) poster disseminated false information:
here about
It is not hacking to use search engines to find out what's out there, indexed, ready at your fingertips, anywhere.
The only 'skill' here is to follow _any bogous_ link and scavenge _any dry trashcan_
What's new: the minor window peeker has now a home delivery system!
Go ahead , slimeball!
Well, sure you can hack the url drupal.org/sites/default/settings.php into your browser. If the directory hadn't been shut through htaccess you'd even get some content delivered. An empty file. Now what?
Nothing about the google hack honeypot...
http://ghh.sf.net/
http://www.battlefield.ru/guns/defin_1.html reads that the more velocity your comp has when thrown against the target comp, the more chances it has to penetrate it. Other things seem to be involved as well.
Parent is right. I liken Google to a big open source intelligence collector. It just sits there and gathers vast sums of information. That information when analysed by certain people then becomes actionable intelligence - that is when knowledge becomes power.
I believe Joseph S. Nye put down the 3 different types of information in the information age:
1. flows of data such as news or statistics
2. information used for advantage in competitive situations. That is analysed information or intelligence and;
3. strategic information - knowledge of the enemy's game plan.
The most important strategic information of all, where you know your targets intents and motivations, probably won't be found on the web and is beyond the scope of Google (unless they have a google mindsearch in 2100).
It is also worth noting that in wartime information is always intertwined with security and deception. Take that as a hint to whoever your target on google. They may be putting false information out on the web and the savvy people/groups won't put their pertinent info out there for us to peruse.
Isn't this a duplicate story?
DEATH TO COMMANDER TACO
Search engines hack you!
:(
Oh. wait... nevermind
Knowledge may well sometimes be used to gain a position of power, but:
6. You can make money without doing evil.
is listed on Google's philosophy page
"Google's ability to beat MSN in unveiling maps, new search and e-mail functions has helped boost its market share. Google now has 55 percent of the market for search queries, up from 47 percent a year ago, according to Internet researcher ComScore Networks Inc. "
So I would say Google is becoming ever more dominant.
http://books.slashdot.org/article.pl?sid=05/04/11/ 1750217&from=rss
Do not search google images for honeypot or penetration while at work...
And All I Ask is a Tall Ship And a Star to Steer Her By
Soda has posted two tutorials about it on AntiOnline. An older one @ http://www.antionline.com/showthread.php?s=&thread id=266049/
A newer one @
http://www.antionline.com/showthread.php?s=&thread id=269669/
Enjoy!
when you've already paid.
or rain, on your wedding day?