Results 1 to 6 of 6
  1. #1
    Join Date
    Jun 2003
    Location
    Indy
    Posts
    379

    Hacking with Google

    Hi. I just read this document that was about different ways people hack using Google. After reading this document I really see how powerful Google is. It is actually kind of scary how powerful it is. I don't think I can use much of the tips in it since I am on a shared server, but I was wondering how many of you who run servers know of the different vulnerabilities that could be accessed with Google? Most of them seem like common sense things that people shouldn't have access to, but I searched for some of the examples it gives and was amazed by how many sites actually are vulnerable. I am not comfortable giving a link to the document here because I think it is geared more toward the actual hacker than to people trying to prevent hackers, I don't want to help any hackers out.

    I just want to know how many people are aware of these hacking methods by using Google, and are they really a big threat or am I just being paranoid?

  2. #2
    Join Date
    Jul 2003
    Location
    Goleta, CA
    Posts
    5,550
    Technology is a blessing and a curse. We just have to learn to live and adjust to the problems it causes while still enjoying the many benefits it provides.
    Patron: I'd like my free lunch please.
    Cafe Manager: Free lunch? Did you read the fine print stating it was an April Fool's joke.
    Patron: I read the same way I listen, I ignore the parts I don't agree with. I'm suing you for false advertising.
    Cafe Owner: Is our lawyer still working pro bono?

  3. #3
    Join Date
    Feb 2004
    Posts
    465
    would like to know more to what you refer

  4. #4
    Join Date
    Jun 2003
    Location
    Indy
    Posts
    379
    Well, I'll try to give some examples without being too specific.

    Basically the document explains Google's various advanced syntaxes and ways you can use them to get access to thing you really shouldn't have access to. These are all things that are just unsecured and are accessible anyway, it just helps you find them. It surprised me how many people had these types of things exposed with no type of security.

    A few examples:

    There is a certain syntax and query you can use to find exposed bash_history files, which, according to the article sometimes have encrypted unix passwords hashes in them and also tells you how to crack them.

    Most of them are just ways to search for open indexes and certain files in them. There is also certain syntaxes to use to find vulnerable windows servers that have, for example, the system32 open to the public. I tried this syntax and the first result actually had that folder unsecured and also the cmd.exe unsecured.

    I could send this document to a moderator and have them check it over to see if it is postable, or maybe takes some parts out of it. I really don't think it would be approved though because it is VERY specific about these hacking methods.

    Edit: I tried clicking on the cmd.exe because I know that I couldn't really do any damage just clciking it in IE, it would just try to download it. Well I got a 403 error so maybe it's not as unsecure as I thought. It is still alarming to find that directory has index enabled though.
    Last edited by dftchris; 07-25-2004 at 02:37 AM.

  5. #5
    Join Date
    Feb 2004
    Location
    Sofia
    Posts
    1,349
    Google is a great exposer. After 5 years peaceful co-existence, I am more than sure that the first thing Google will index on my site are all my errors and omissions, not my new pages. And what is more interesting, Google is giving those erratic pages a higher PR, so they appear on the first results page.
    :: :: :: :: :: ::
    :: VDSP.Net :: Directory of virtual and dedi serv providers by location and price

  6. #6
    Join Date
    Jun 2003
    Location
    Indy
    Posts
    379
    After trying some more examples I have found that that syntaxes given don't really work very well, they may be outdated. One synyax is for only searching in the url of the website, well it was returning the search term anywhere in the site. I went into advanced search and selected the search only in url option and it still found things in other parts of the site. It still does find the vulnerable files, but you have to go through more results.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •