15-12-2010, 08:40 AM
Speaking of search engines Google is undoubtedly the leader with 80% share in search market. Google is world’s most popular and powerful search engine which has the ability to accept pre-defined commands as inputs and produce unbelievable results. As a result of this, Google search engine is being made use of by hackers, crackers, and script kiddies to gather secret and confidential information. These information may not appear in the common search but can be gathered by using the advanced search queries.
A little advanced knowledge on the Google Search parameters, operators and constructs is enough to perform searches and pinpoint the information on the web. posting XSS exploit scripts, damaging databases, misusing bandwidth etc are the common exploits that can be launched with the information that is gathered in this way.
Some of the common attacks include:
-Finding the web server:
many webmasters and administrators just leave their default configuration of their webserver after installation. If the attacker finds the web server version , he can intrude using the default configuration.
Example Google Query:
"Microsoft-IIS/6.0 Server at" intitle:index.of
-web statistics pages:
This queries can bring out common default configurations.
Example Google Query:
"Generated by phpSystem"
intitle:"Sysinfo * " intext:"Generated by Sysinfo *"
-HTTP error pages and messages :
They sometimes provide critical system information.
-Storing FTP passwords in FTP clients:
The .ini files can be crawled and the passwords can be stolen.
-email and contact harvesting:
Simple queries containing the keywords: "name" "email" "phonenumber" etc can bring out a lot of information for spammers
get the report here:
Demystifying Google Hacks.pdf (Size: 74.76 KB / Downloads: 155)
also see:
http://www.todlehoppl/blog/view/id_855