This book helps people find sensitive information on the Web.
Google is one of the 5 most popular sites on the internet with more than 380 million unique users per month (Nielsen/NetRatings 8/05). But, Google's search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web including: social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers Volume 2 shows the art of manipulating Google used by security professionals and system administrators to find this sensitive information and "self-police their own organizations.
Readers will learn how Google Maps and Google Earth provide pinpoint military accuracy, see how bad guys can manipulate Google to create super worms, and see how they can "mash up" Google with MySpace, LinkedIn, and more for passive reconaissance.
. Learn Google Searching Basics
Explore Google's Web-based Interface, build Google queries, and work with Google URLs.
. Use Advanced Operators to Perform Advanced Queries
Combine advanced operators and learn about colliding operators and bad search-fu.
. Learn the Ways of the Google Hacker
See how to use caches for anonymity and review directory listings and traversal techniques.
. Review Document Grinding and Database Digging
See the ways to use Google to locate documents and then search within the documents to locate information.
. Understand Google's Part in an Information Collection Framework
Learn the principles of automating searches and the applications of data mining.
. Locate Exploits and Finding Targets
Locate exploit code and then vulnerable targets.
. See Ten Simple Security Searches
Learn a few searches that give good results just about every time and are good for a security assessment.
. Track Down Web Servers
Locate and profile web servers, login portals, network hardware and utilities.
. See How Bad Guys Troll for Data
Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.
. Hack Google Services
Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.
Inhaltsverzeichnis
1;Front Cover;1 2;Google Hacking for Penetration Testers, Volume 2;4 3;Copyright Page;5 4;Contents;14 5;Chapter 1. Google Searching Basics;22 5.1;Introduction;23 5.2;Exploring Google's Web-based Interface;23 5.3;Building Google Queries;34 5.4;Working With Google URLs;43 5.5;Summary;65 5.6;Solutions Fast Track;65 5.7;Links to Sites;66 5.8;Frequently Asked Questions;67 6;Chapter 2. Advanced Operators;70 6.1;Introduction;71 6.2;Operator Syntax;72 6.3;Introducing Google's Advanced Operators;74 6.4;Colliding Operators and Bad Search-Fu;102 6.5;Summary;107 6.6;Solutions Fast Track;107 6.7;Links to Sites;111 6.8;Frequently Asked Questions;112 7;Chapter 3. Google Hacking Basics;114 7.1;Introduction;115 7.2;Anonymity with Caches;115 7.3;Directory Listings;121 7.4;Going Out on a Limb: Traversal Techniques;131 7.5;Summary;137 7.6;Solutions Fast Track;137 7.7;Links to Sites;139 7.8;Frequently Asked Questions;139 8;Chapter 4. Document Grinding and Database Digging.;142 8.1;Introduction;143 8.2;Configuration Files;144 8.3;Log Files;151 8.4;Database Digging;155 8.5;Automated Grinding;171 8.6;Google Desktop Search;174 8.7;Summary;177 8.8;Solutions Fast Track;177 8.9;Links to Sites;178 8.10;Frequently Asked Questions;179 9;Chapter 5. Google's Part in an Information Collection Framework;182 9.1;Introduction;183 9.2;The Principles of Automating Searches;183 9.3;Applications of Data Mining;217 9.4;Collecting Search Terms;233 9.5;Summary;243 10;Chapter 6. Locating Exploits and Finding Targets;244 10.1;Introduction;245 10.2;Locating Exploit Code;245 10.3;Locating Exploits Via Common Code Strings;247 10.4;Locating Code with Google Code Search;248 10.5;Locating Malware and Executables;251 10.6;Locating Vulnerable Targets;255 10.7;Summary;281 10.8;Solutions Fast Track;281 10.9;Links to Sites;282 10.10;Frequently Asked Questions;283 11;Chapter 7. Ten Simple Security Searches That Work;284 11.1;Introduction;285 11.2;site;285 11.3;intitle:index, of;286 11.4;error | warning;286 11.5;login | log
on;288 11.6;username | userid I employee.ID I "your username is " ;289 11.7;password I passcode I "your password is";289 11.8;admin I administrator;290 11.9;-ext:html -ext:htm -ext:shtml -ext:asp -ext:php;292 11.10;inurl:temp I inurl:tmp | inurl:backup | inurl:bak;296 11.11;intranet | help.desk;296 11.12;Summary;298 11.13;Solutions Fast Track;298 11.14;Frequently Asked Questions;300 12;Chapter 8. Tracking Down Web Servers, Login Portals, and Network Hardware;302 12.1;Introduction;303 12.2;Locating and Profiling Web Servers;303 12.3;Locating Login Portals;330 12.4;Targeting Web-Enabled Network Devices;347 12.5;Locating Various Network Reports;348 12.6;Locating Network Hardware;351 12.7;Summary;361 12.8;Solutions Fast Track;361 12.9;Frequently Asked Questions;363 13;Chapter 9. Usernames, Passwords, and Secret Stuff, Oh My!;366 13.1;Introduction;367 13.2;Searching for Usernames;367 13.3;Searching for Passwords;373 13.4;Searching for Credit Card Numbers, Social Security Numbers, and More;382 13.5;Searching for Other Juicy Info;386 13.6;Summary;390 13.7;Solutions Fast Track;390 13.8;Frequently Asked Questions;391 14;Chapter 10. Hacking Google Services;394 14.1;AJAX Search API;395 14.2;Calendar;410 14.3;Blogger and Google's Blog Search;413 14.4;Signaling Alerts;423 14.5;Google Co-op;425 14.6;Google Code;431 15;Chapter 11. Google Hacking Showcase;440 15.1;Introduction;441 15.2;Geek Stuff;442 15.3;Cameras;459 15.4;Telco Gear;467 15.5;Power;472 15.6;Sensitive Info;476 15.7;Social Security Numbers;485 15.8;Beyond Google;493 15.9;Summary;498 16;Chapter 12. Protecting Yourself from Google Hackers;500 16.1;Introduction;501 16.2;A Good, Solid Security Policy;501 16.3;Web Server Safeguards;502 16.4;HackingYour Own Site;509 16.5;Getting Help from Google;536 16.6;Summary;538 16.7;Solutions Fast Track;538 16.8;Links to Sites;539 16.9;Frequently Asked Questions;540 17;Index;542
