admin管理员组文章数量:1568354
2024年7月11日发(作者:)
Demystifying Google Hacks揭秘谷歌黑客
揭秘谷歌黑客
通过
Debasis Mohanty(奥里萨邦,印度)
介绍
谷歌是世界上最流行和最强大的搜索引擎,它有能力接受预先定义的命令作为输入,并产生
令人难以置信的结果。这使得恶意用户如黑客,饼干,和脚本小子等广泛使用谷歌搜索引擎
搜集机密或敏感的信息,通过普通的搜索是不可见的。
在本文中,我将覆盖管理员或安全专业人员必须考虑到下面的点,以防止这些信息披露:
谷歌的高级搜索Query Syntaxes
查询易受攻击的网站或服务器使用谷歌的前进的语法
-保护服务器或网站从谷歌的入侵
谷歌的高级搜索Query Syntaxes
下面讨论的是各种谷歌的特殊命令,我将简单地解释每个命令,并将显示它如何可以用于关
键信息挖掘。
标题:[ ]
“intitle:”语法帮助谷歌限制搜索结果包含在标题词的页面。例如,“标题:登录密码”(没
有引号)将返回链接到这些页面,“登录”的称号,和“密码”在页面的任何地方。
同样,如果一个查询在当时那种情况”词语的网页标题超过一个字:“可以用来代替“intitle”
获得包含在标题列表页的那些话。使用“intitle例如:登录密码为:“相同”的词语:查询
登录密码”。
【inurl: ]
“inurl:”语法限制搜索结果的URL包含搜索关键词。例如:“inurl:指令”(没有引号)将只
返回链接到这些页面,有“passwd”URL。
同样,如果一个查询多个单词在一个URL,那么在这种情况下”的词语是“可以用来代替“inurl”
得到含有所有这些搜索关键词在URL列表。例如:“词语是等/密码”将寻找网址含有“等”
和“passwd”。斜线(“/”)之间的话将被忽略谷歌。
[地点]
“站点:”语法限制谷歌查询特定站点或域中的某些关键字。例如:“漏洞的网站:
hackingspirits .com”(没有引号)将寻找关键词“漏洞”在这些页面在域“hackingspirits所
有环节的礼物。“。“站点”和“域名”之间不应该有任何空格。
[文件类型]
这种“filetype:”句法限制谷歌搜索与特定的扩展Internet文件(即DOC,PDF和PPT等)。
例如:“filetype: DOC网站:政府机密”(没有引号)将文件“文件”在政府各领域”的延伸。
gov”的延伸,包含“机密”在页或“.doc”文件。即结果将包含链接到所有机密的Word文
档文件在政府网站。
[链接]
“链接:”语法将列出链接到指定网页的网页。例如:“链接:tyfocus .com”会列
出链接指向主页的网页的安全。注意“链接”和网页URL之间不能有空格。
【相关:】
“相关”:将列出与指定网页相似的网页。例如:“有关:tyfocus .com”将列出类
似的安全网页,网页。注意:“相关”和“网页”URL之间不能有空格。
凡科链接:/
[缓存]
查询“缓存”将显示谷歌在其缓存中的网页的版本。例如:“缓存:gspirits .com”
将显示谷歌的缓存的谷歌主页。注意:“缓存”和网页URL之间不能有空格。
如果在查询中包含其他单词,谷歌将在缓存文档中突出这些单词。例如:“缓存:
客”将显示缓存的内容与“客人”凸显。
【intext: ]
“intext:“在一个特定的网站搜索词的语法。它忽略链接或网址和网页标题。例如:“intext:
漏洞”(没有引号)将这些网页,搜索关键词“漏洞”的网页链接。
电话簿:[ ]
“电话簿”为美国街道地址和电话号码信息搜索。例如:“电话簿:丽莎+钙”将列出所有名
字的人有“丽莎”的名字,位于加利福尼亚(CA)”。这可以作为一个伟大的工具,黑客,
当有人想做社会工程挖掘个人信息。
查询易受攻击的网站或服务器使用谷歌的前进的语法
嗯,谷歌的查询语法的讨论
by
Debasis Mohanty (Orissa, India)
Introduction
Google is world’s most popular and powerful search engine which has the ability to accept
pre-defined commands as input and produce unbelievable results. This enables malicious users
like hackers, crackers, and script kiddies etc to use Google search engine extensively to gather
confidential or sensitive information which is not visible through common searches.
In this paper I shall cover the below given points that an administrators or security professionals
must take into account to prevent such information disclosures:
-
-
-
Google’s Advance Search Query Syntaxes
Querying for vulnerable sites or servers using Google’s advance syntaxes
Securing servers or sites from Google’s invasion
Google’s Advance Search Query Syntaxes
Below discussed are various Google’s special commands and I shall be explaining each command
in brief and will show how it can be used for critical information digging.
[ intitle: ]
The “intitle:” syntax helps Google restrict the search results to pages containing that word in the
title. For example, “intitle: login password” (without quotes) will return links to those pages that
凡科链接:/
has the word "login" in their title, and the word "password" anywhere in the page.
Similarly, if one has to query for more than one word in the page title then in that case “allintitle:”
can be used instead of “intitle” to get the list of pages containing all those words in its title. For
example using “intitle: login intitle: password” is same as querying “allintitle: login password”.
[ inurl: ]
The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For
example: “inurl: passwd” (without quotes) will return only links to those pages that have
"passwd" in the URL.
Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be
used instead of “inurl” to get the list of URLs containing all those search keywords in it. For
example: “allinurl: etc/passwd“ will look for the URLs containing “etc” and “passwd”. The slash
(“/”) between the words will be ignored by Google.
[ site: ]
The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.
For example: “exploits site:” (without quotes) will look for the keyword
“exploits” in those pages present in all the links of the domain “”. There should
not be any space between “site:” and the “domain name”.
[ filetype: ]
This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e.
doc, pdf or ppt etc). For example: “filetype:doc site:gov confidential” (without quotes) will look
for files with “.doc” extension in all government domains with “.gov” extension and containing
the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links
to all confidential word document files on the government sites.
[ link: ]
“link:” syntax will list down webpages that have links to the specified webpage. For Example:
“link:” will list webpages that have links pointing to the SecurityFocus
homepage. Note there can be no space between the "link:" and the web page url.
凡科链接:/
[ related: ]
The “related:” will list web pages that are "similar" to a specified web page. For Example:
“related:” will list web pages that are similar to the Securityfocus
homepage. Note there can be no space between the "related:" and the web page url.
[ cache: ]
The query “cache:” will show the version of the web page that Google has in its cache. For
Example: “cache:” will show Google's cache of the Google homepage.
Note there can be no space between the "cache:" and the web page url.
If you include other words in the query, Google will highlight those words within the cached
document. For Example: “cache: guest” will show the cached content
with the word "guest" highlighted.
[ intext: ]
The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page
titles. For example: “intext:exploits” (without quotes) will return only links to those web pages
that has the search keyword "exploits" in its webpage.
[ phonebook: ]
“phonebook” searches for U.S. street address and phone number information. For Example:
“phonebook:Lisa+CA” will list down all names of person having “Lisa” in their names and located
in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig
personal information for social engineering.
Querying for vulnerable sites or servers using Google’s advance syntaxes
Well, the Google’s query syntaxes discussed above can really help people to precise their search
and get what they are exactly looking for.
Now Google being so intelligent search engine, malicious users don’t mind exploiting its ability to
dig confidential and secret information from internet which has got restricted access. Now I shall
discuss those techniques in details how malicious user dig information from internet using
Google as a tool.
凡科链接:/
Using “Index of ” syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse the webserver directories
like ordinary local directories. Here I shall discuss how one can use “index of” syntax to get a list
links to webserver which has got directory browsing enabled. This becomes an easy source for
information gathering for a hacker. Imagine if the get hold of password files or others sensitive
files which are not normally visible to the internet. Below given are few examples using which
one can get access to many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server
which gives access to restricted directories like “system32” through web. If you are lucky enough
then you might get access to the in the “system32” directory. Once you have the access
to “” and are able to execute it then you can go ahead in further escalating your
privileges over the server and compromise it.
b. Using “allinurl:wwwboard/”(without quotes) in the Google search will list down
all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know
more about this vulnerability you can have a look at the following link:
/exploits/
c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which
gives access to “.bash_history” file through web. This is a command history file. This file includes
凡科链接:/
the list of command executed by the administrator, and sometimes includes sensitive information
such as password typed in by the administrator. If this file is compromised and if contains the
encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.
d. Using “inurl:” (without quotes) will list down all the links to the servers which gives
access to “” file through web. This file contains sensitive information, including the hash
value of the administrative password and database authentication credentials. For Example:
Ingenium Learning Management System is a Web-based application for Windows based systems
developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1
stores sensitive information insecurely in the file. For more information refer the
following links:
/securitynews/
Other similar search using “inurl:” or “allinurl:” combined with other syntaxs
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_
inurl:
inurl:"wwwroot/*."
inurl:
inurl:
inurl:file_
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
a. Using [allintitle: "index of /root”+ (without brackets) will list down the links to the web server
which gives access to restricted directories like “root” through web. This directory sometimes
contains sensitive information which can be easily retrieved through simple web requests.
b. Using *allintitle: "index of /admin”+ (without brackets) will list down the links to the websites
which has got index browsing enabled for restricted directories like “admin” through web. Most
of the web application sometimes uses names like “admin” to store admin credentials in it. This
凡科链接:/
directory sometimes contains sensitive information which can be easily retrieved through simple
web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntaxs
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of"
intitle:"index of"
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of"
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/
allinurl:/CuteNews/show_
allinurl:/
To search for sites vulnerable to SQL Injection attacks:
allinurl:/
allinurl:/
Securing servers or sites from Google’s invasion
Below given are the security measures which system administrators and security professionals
must take into account to secure critical information available online, falling into wrong hands:
凡科链接:/
-
Install latest security patches available till date for the applications and as well as the
operating system running on the servers.
- Don’t put critical and sensitive information on servers without any proper authentication
system which can be directly accessible to anyone on internet.
-
-
Disable directory browsing on the webserver. Directory browsing should be enabled for
those web-folders for which you want to give access to anyone on internet.
If you find any links to your restricted server or sites in Google search result then it should
be removed. Visit the following link for more details:
/
-
-
Conclusion
Sometimes increase in sophistication in the systems creates new problems. Google being so
sophisticated can be used by any Tom, Dick & Harry on internet to dig sensitive information
which is normally neither visible nor reachable to anyone.
The only options left for the security professionals and systems administrators are to secure and
harden their systems from such un-authorized invasion.
About Me
To know more about me visit
Debasis Mohanty
Email: debasis_mty@
I can also be found at:
/group/Ring-of-Fire
Comments and suggestion are invited in debasis_mty@.
凡科链接:/
Disable anonymous access in the webserver through internet to restricted systems directory.
Install filtering tools like URLScan for servers running IIS as webserver.
版权声明:本文标题:揭秘谷歌 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/xitong/1720707897a838883.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论