Kaip naudotis google?

Tvarkingos temos
Skelbti atsakymą
Žinutė
Autorius
Vartotojo avataras
GODhack
profesionalas
profesionalas
Pranešimai: 4469
Užsiregistravo: 2005 03 18 21:13
Susisiekti:

Kaip naudotis google?

#1 Standartinė GODhack » 2005 04 20 21:17

tingejau i LT verst ir taip turiu ka veik, bet paskaityt verta
ipac tiem kas google nemoka naudotis CHI CHI

Introduction

Google is world’s most popular and powerful search engine which has the ability to accept pre-defined commands as input and produce unbelievable results. This enables malicious users like hackers, crackers, and script kiddies etc to use Google search engine extensively to gather confidential or sensitive information which is not visible through common searches.

In this paper I shall cover the below given points that an administrators or security professionals must take into account to prevent such information disclosures:

Google’s Advance Search Query Syntaxes
Querying for vulnerable sites or servers using Google’s advance syntaxes
Securing servers or sites from Google’s invasion

Google’s Advance Search Query Syntaxes

Below discussed are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for critical information digging.

[ intitle: ]

The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title. For example, “intitle: login password” (without quotes) will return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.

Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title. For example using “intitle: login intitle: password” is same as querying “allintitle: login password”.


[ inurl: ]

The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have "passwd" in the URL.

Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it. For example: “allinurl: etc/passwd“ will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.


[ site: ]

The “site:” syntax restricts Google to query for certain keywords in a particular site or domain. For example: “exploits site:hackingspirits.com” (without quotes) will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.


[ filetype: ]

This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc). For example: “filetype:doc site:gov confidential” (without quotes) will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.


[ link: ]

“link:” syntax will list down webpages that have links to the specified webpage. For Example: “link:www.securityfocus.com” will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the "link:" and the web page url.


[ related: ]

The “related:” will list web pages that are "similar" to a specified web page. For Example: “related:www.securityfocus.com” will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the "related:" and the web page url.


[ cache: ]

The query “cache:” will show the version of the web page that Google has in its cache. For Example: “cache:www.hackingspirits.com” will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.

If you include other words in the query, Google will highlight those words within the cached document. For Example: “cache:www.hackingspirits.com guest” will show the cached content with the word "guest" highlighted.


[ intext: ]

The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles. For example: “intext:exploits” (without quotes) will return only links to those web pages that has the search keyword "exploits" in its webpage.


[ phonebook: ]

“phonebook” searches for U.S. street address and phone number information. For Example: “phonebook:Lisa+CA” will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.

Querying for vulnerable sites or servers using Google’s advance syntaxes

Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.

Now Google being so intelligent search engine, malicious users don’t mind exploiting its ability to dig confidential and secret information from internet which has got restricted access. Now I shall discuss those techniques in details how malicious user dig information from internet using Google as a tool.


Using “Index of ” syntax to find sites enabled with Index browsing

A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. Here I shall discuss how one can use “index of” syntax to get a list links to webserver which has got directory browsing enabled. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.

Index of /admin
Index of /passwd
Index of /password
Index of /mail

"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess

"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"

Looking for vulnerable sites or servers using “inurl:” or “allinurl:”

Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and are able to execute it then you can go ahead in further escalating your privileges over the server and compromise it.


Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:
http://www.securiteam.com/exploits/2BUQ4S0SAW.html


Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.


Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials. For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following links:
http://www.securiteam.com/securitynews/6M00H2K5PG.html


Other similar search using “inurl:” or “allinurl:” combined with other syntaxs

inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php

inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto

Looking for vulnerable sites or servers using “intitle:” or “allintitle:”

Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.


Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.



Other similar search using “intitle:” or “allintitle:” combined with other syntaxs

intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

Other interesting Search Queries

To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php


To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php



Securing servers or sites from Google’s invasion

Below given are the security measures which system administrators and security professionals must take into account to secure critical information available online, falling into wrong hands:

Install latest security patches available till date for the applications and as well as the operating system running on the servers.

Don’t put critical and sensitive information on servers without any proper authentication system which can be directly accessible to anyone on internet.

Disable directory browsing on the webserver. Directory browsing should be enabled for those web-folders for which you want to give access to anyone on internet.

If you find any links to your restricted server or sites in Google search result then it should be removed. Visit the following link for more details:
http://www.google.com/remove.html

Disable anonymous access in the webserver through internet to restricted systems directory.

Install filtering tools like URLScan for servers running IIS as webserver.



Conclusion

Sometimes increase in sophistication in the systems creates new problems. Google being so sophisticated can be used by any Tom, Dick & Harry on internet to dig sensitive information which is normally neither visible nor reachable to anyone.

The only options left for the security professionals and systems administrators are to secure and harden their systems from such un-authorized invasion.

Vartotojo avataras
M-i-n-d-u-x
garbės narys
garbės narys
Pranešimai: 236
Užsiregistravo: 2005 01 23 15:04
Miestas: Kėdainiai

#2 Standartinė M-i-n-d-u-x » 2005 06 02 20:05

Kazi kas nemoka naudotis :?: :lol: :?:

brain5ide
profesionalas
profesionalas
Pranešimai: 2030
Užsiregistravo: 2004 12 01 19:05

#3 Standartinė brain5ide » 2005 06 02 21:19

Gerai strukturizuotas paieskas labai nedaug kas moka atlikt ;)
beje:
Paveikslėlis
Never argue with an idiot. They bring you down to their level and beat you with experience.

Vartotojo avataras
Šaras
mega dalyvis
mega dalyvis
Pranešimai: 965
Užsiregistravo: 2005 06 28 12:54
Miestas: Kedainiai

#4 Standartinė Šaras » 2005 07 31 11:40

MInduxs tu situ komandu tikraj nezinojai LOL :lol: :lol: :lol:
Paveikslėlis
Paveikslėlis

Vartotojo avataras
DF
profesionalas
profesionalas
Pranešimai: 2979
Užsiregistravo: 2005 08 14 10:54

#5 Standartinė DF » 2005 11 29 21:39

Nu vo tikrai god hack sake kad yra sukuręs šia temą apie google. :)
Kai bobu nera - Buna blogai, Bet kai bobu yra - buna dar blogiau..Ishvadas daryk pats.

Vartotojo avataras
GODhack
profesionalas
profesionalas
Pranešimai: 4469
Užsiregistravo: 2005 03 18 21:13
Susisiekti:

#6 Standartinė GODhack » 2005 12 30 20:10

Va kaip google kovoja su hakintojais:
Google
Error
We're sorry...

... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.

We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.

We apologize for the inconvenience, and hope we'll see you again on Google.
Nepatikti blogiems - girtinas dalykas. SENEKA
__________________________________________
progenic.com
library.2ya.com
Paveikslėlis

Vartotojo avataras
DF
profesionalas
profesionalas
Pranešimai: 2979
Užsiregistravo: 2005 08 14 10:54

#7 Standartinė DF » 2006 01 11 21:35

GODhack rašė:Va kaip google kovoja su hakintojais:
Google
Error
We're sorry...

... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.

We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.

We apologize for the inconvenience, and hope we'll see you again on Google.
BEt kažkaip galima apeiti ta nesamoninga žinutę kaip pvz ieskai 2.0.6v php forumu ir ismeta ta nesamone...ar tiesiog ieskoti per yahoo.com ar yanexa :roll:
Kai bobu nera - Buna blogai, Bet kai bobu yra - buna dar blogiau..Ishvadas daryk pats.

Vartotojo avataras
GODhack
profesionalas
profesionalas
Pranešimai: 4469
Užsiregistravo: 2005 03 18 21:13
Susisiekti:

#8 Standartinė GODhack » 2006 01 11 22:41

As tai nekvarsinu galvos ir ieskau per yahoo tada. Gali pabandyt uzklausos parametrus kaskaip keist, bet tada iesko ne visai to ko norejai: irgi blogai.
Nepatikti blogiems - girtinas dalykas. SENEKA
__________________________________________
progenic.com
library.2ya.com
Paveikslėlis

Vartotojo avataras
DF
profesionalas
profesionalas
Pranešimai: 2979
Užsiregistravo: 2005 08 14 10:54

#9 Standartinė DF » 2006 01 28 21:00

GODhack rašė:As tai nekvarsinu galvos ir ieskau per yahoo tada. Gali pabandyt uzklausos parametrus kaskaip keist, bet tada iesko ne visai to ko norejai: irgi blogai.
Na aš ne yahoo naudoju db o yandex.ru :)
Kai bobu nera - Buna blogai, Bet kai bobu yra - buna dar blogiau..Ishvadas daryk pats.

Vartotojo avataras
GODhack
profesionalas
profesionalas
Pranešimai: 4469
Užsiregistravo: 2005 03 18 21:13
Susisiekti:

#10 Standartinė GODhack » 2006 02 04 16:02

Na cia tutorialas angliskas ir galbut nevisiem ikandamas. Taigi naujajam saitui galbut pameginsiu parasyt pats kaska tokio lietuviskai......
```````````
Hakijimo per google paslaptys

http://www.google.lt/
Google

Tai didziule paieskos internete sistema siulanti ne tik paieskos bet ir vertimo paslaugas, naujienu grupes, knygu, paveiksleliu paieska ir dar daug daugiau.
Be to google yra labai paprasta naudoti ir ji zinoma ir suprantama net tiems kurie zegia pirmus zingsnius PC technologiju pasaulyje. Uz sio paprastumo ir dideliu standartiniu galimybiu slepiasi ir tai ko google kurejai ne visai numate.
Meniskai kuriant ir atliekant uzklausas i google jus galbut sugebesite rasti tai ko kitas neras nulauzes ir bacdorin es desimtis serveriu. Kas svarbiausia nuo google hakijimo nera jokiu security updeitu ir panasaus slamsto, kas tikrai patiks hakijimo pradedantiesiems kuriu netenkina, kad is 1000 ataku pasiseks tik kelios.
Mokant taip hakint jum pravers ir visur kitur kadangi jus daznai ir LABAI greitai sugebesit internete rast tai ko neranda kiti arba jei ir randa tai perverte simtus linku.

1) Taigi pradedam googlint.

Paprasciausi pvz:
bananas - ieskos bet ko su "bananas" simboliu seka
bulve - ieskos bet ko su "bulve" simboliu seka
bulve bananas - ieskos bet ko su "bulve" ir "bananas" seka

+ panaudojimas:
bananas and - ieskos bet ko su "bananas"simboliu seka!
"and" nieko nekeicia, nes jis yra visur praktiskai ir google jo niesko. Bet mes galim tai pakeisti:
bananas +and - va dabar jau ieskos bet ko su "bananas" ir "and" simboliu seka

Panasiu principu veikia ir -:
bananas -bulve - va dabar ieskos bet ko su "bananas" bet nerodys VISISKAI nieko apie bulves.
Tai naudinga jei kasko ieskant ismeta kalnus liku su kaskuo kitu turinciu panasu pavadinima. Arba taip galima atmesti tai kas perziureta ir nekankint peles ratuko.

" panaudojimas:
"bananas bulve" - ieskos siu zodziu kaip vienos frazes, vieno salia kito ir jokiu budu ne atskirai. Pastebekit kad be kabuciu ismeta daugybe linku kur vienam puslapio gale bananas, o kitam bulve, tai su kabutem radama beveik nieko ir jei kas ir randama tai butent abu zodziai greta.

Viska galim derint:
bananas -bulve +ir "man 5387455542 metu" - pameginkit nuspet ko ieskos.

2) Dar sudetingesnes paieskos

Bendras principas:
operatorius:paiekos_zodis kiti_argumentai dar_kiti

site ir filetype operatoriai reikalauja kad butu kiti_argumentai, o like operatoriai to nereikalauja ir nekils erorr jei juos naudosit ir be papildomu argumentu.

site panaudojimas:
site:www.gamezone.lt diskusijos - ieskos tik gamezone.lt puslapyje "diskusijos" simboliu sekos. Tai labai pravercia visiem kai koks puslapiukas neturi nuosavos paieskos sistemos, o per linku miska nardyt neturit laiko.

filetype panaudojimas:
filetype:pdf nitroglycerine - ieskos nitroglycerine tik pdf formato duokumentuose, kas gerai nes is kart galesit ir spauzdint. Vel tauposi laikas. Na tikriausiai jau apsidziauget per daug, tai turiu nuliudint, kad google isiesko tik labai ribota failu formatu skaiciu, kokie tie failu tipai isieskomi siuo metu kai jus skaitot sita teksta yra galit pasitikrint http://www.google.lt/help/faq_filetypes.html

link panaudojimas:
link:www.gamezone.lt - rodo puslapius kuriu kode yra nuoroda i gamezone.lt, nieko gero ypac del to kad neiesko pilnu url su / simbliais. taigi link:www.gamezone.lt/diskusijos neduos jokio rezultato, kaip ir kiti panausios konstrukcijos uzklausimai.

cache panaudojimas:
cache:www.gamezone.lt - rodo gamezone kuri nuokopinta ir pahostinta googles hoste pries keleta dienu. SITA FUNCIJA YPAC GERA kai koks nors jusu megatamas saitas "uzsiverte" o jum mirtinai reik dar kaskokia info is jo isgaut. Tagi ne viskas prarasta, cache dar gali padet. Jei pavyko tuoj pat viska seivinkit pas save i harda. Nes kai googlei per daug prisikaupia to cache ji dali jo istrina resursu taupymo sumetimais.

intitle ir allintitle panaudojimas:
intitle:gamezone - ieskos puslapiu su seka "gamezone" antrasteje.
allintitle tas pats tik gali ieskot ir keliu zodziu derinio

inurl ir allinurl panaudojimas:
inurl:password - ieskos bet kokiu linku i kuriuos itraukta simboliu seka "password". Taip galima suderinus su kitomis paieskomis galima rast slaptazodzius tiesiog per google.
allinurl tas pat tik iesko keliu zodziu seku

3) Kaip tai pritaikyti?

Paziurekim:
site:critical.lt intitle:index.of name size
Tagi radom diretorijos isklotine, kartais taip gali metytis kokie svarbus failiukai kurie mums praverst gali toliau hakijant. Deja as pamatau tik kelis paveiksliukus kurie regis nieko naudingo.Ne jei pamatysit kieno tai saitas tai galbut ir netsitiktinumas kad mazai ka pesem :) taciau jei imsimies kokio lenvesnio kasnelio jau bus idomiau:
site:www.mintis.lt intitle:index.of name size
Na stai kalnas linku ir paziurekit "darbai asmeniniai" ir kitas sh kuris nezinia ar visiem skaityti skirtas, na net tingiu gilintis nes sita tutoriala rasau dabar tik paspauzdiu pati pirma duota linka ir matau apacioj:
"Apache Server at www.mintis.lt Port 80"
Taip net ir neskenavus portu suzinom koks servas ir koks portas, na portas ir taip menka naujiena kad 80, bet apache tai jau pravers jei toliau hakisim.
Jei butume tureje dar daugiau sekmes butu pamate ir kokia apacio versija.

O dabar turim tarkim koki "Apache 1.3" negyvai susenusi exploita ir nezinom ka cia nuhakint. Pabandom ant keliu garsiu saitu ir sh gaunas nes jie updeitinti bet tai menka beda.
intitle:index.of "Apache 1.3.0 server at"
turim pilna pasirinkima is kalno puslapiu.


Dar idomesniu rezultatu turesim:
allintitle:welcome to windows internet services
Taip rasim IIS default puslapiu ir juos galesim nuhakint ir padaryt normalius saitus. Tik IIS 5 jei norim rast po vindows irasom dar ir 2000.

Ir dar daugybe visko galim prigalvot is ankciau minetu komandu tik reik turet fantazijos.


```````````````````
nu va
```````````
tikiuosi patiks ir idesit i saita :)
Nepatikti blogiems - girtinas dalykas. SENEKA
__________________________________________
progenic.com
library.2ya.com
Paveikslėlis

Vartotojo avataras
Mr. X
senbuvis
senbuvis
Pranešimai: 160
Užsiregistravo: 2005 05 03 23:20
Miestas: The Void
Susisiekti:

#11 Standartinė Mr. X » 2006 02 04 19:47


xauxi99
Pranešimai: 1
Užsiregistravo: 2009 09 04 11:15

Re: Kaip naudotis google?

#12 Standartinė xauxi99 » 2009 09 04 11:17

Marked! I will come back to check this soon!thanks a lot.:-)
simulation taux credit immobilier de France calcul pret courtier outil de simulation crédit immobilier dont les plus utiles sont : le calcul simulation taux credit immobilier de France calcul pret courtier

Skelbti atsakymą

Grįžti į

Dabar prisijungę

Vartotojai naršantys šį forumą: 0 ir 0 svečių