hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting : Hacking with Google
Reply

Forum Jump

Hacking with Google

Reply Post New Thread In Web Hosting Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 07-25-2004, 02:05 AM
dftchris dftchris is offline
Aspiring Evangelist
 
Join Date: Jun 2003
Location: Indy
Posts: 379

Hacking with Google


Hi. I just read this document that was about different ways people hack using Google. After reading this document I really see how powerful Google is. It is actually kind of scary how powerful it is. I don't think I can use much of the tips in it since I am on a shared server, but I was wondering how many of you who run servers know of the different vulnerabilities that could be accessed with Google? Most of them seem like common sense things that people shouldn't have access to, but I searched for some of the examples it gives and was amazed by how many sites actually are vulnerable. I am not comfortable giving a link to the document here because I think it is geared more toward the actual hacker than to people trying to prevent hackers, I don't want to help any hackers out.

I just want to know how many people are aware of these hacking methods by using Google, and are they really a big threat or am I just being paranoid?



Sponsored Links
  #2  
Old 07-25-2004, 02:08 AM
cywkevin cywkevin is offline
Predatory Poster
 
Join Date: Jul 2003
Location: Goleta, CA
Posts: 5,550
Technology is a blessing and a curse. We just have to learn to live and adjust to the problems it causes while still enjoying the many benefits it provides.

__________________
Patron: I'd like my free lunch please.
Cafe Manager: Free lunch? Did you read the fine print stating it was an April Fool's joke.
Patron: I read the same way I listen, I ignore the parts I don't agree with. I'm suing you for false advertising.
Cafe Owner: Is our lawyer still working pro bono?

  #3  
Old 07-25-2004, 02:17 AM
mp3sattack mp3sattack is offline
Web Hosting Evangelist
 
Join Date: Feb 2004
Posts: 465
would like to know more to what you refer

Sponsored Links
  #4  
Old 07-25-2004, 02:33 AM
dftchris dftchris is offline
Aspiring Evangelist
 
Join Date: Jun 2003
Location: Indy
Posts: 379
Well, I'll try to give some examples without being too specific.

Basically the document explains Google's various advanced syntaxes and ways you can use them to get access to thing you really shouldn't have access to. These are all things that are just unsecured and are accessible anyway, it just helps you find them. It surprised me how many people had these types of things exposed with no type of security.

A few examples:

There is a certain syntax and query you can use to find exposed bash_history files, which, according to the article sometimes have encrypted unix passwords hashes in them and also tells you how to crack them.

Most of them are just ways to search for open indexes and certain files in them. There is also certain syntaxes to use to find vulnerable windows servers that have, for example, the system32 open to the public. I tried this syntax and the first result actually had that folder unsecured and also the cmd.exe unsecured.

I could send this document to a moderator and have them check it over to see if it is postable, or maybe takes some parts out of it. I really don't think it would be approved though because it is VERY specific about these hacking methods.

Edit: I tried clicking on the cmd.exe because I know that I couldn't really do any damage just clciking it in IE, it would just try to download it. Well I got a 403 error so maybe it's not as unsecure as I thought. It is still alarming to find that directory has index enabled though.


Last edited by dftchris; 07-25-2004 at 02:37 AM.
  #5  
Old 07-25-2004, 02:49 AM
Imago Imago is offline
Web Hosting Master
 
Join Date: Feb 2004
Location: Sofia
Posts: 1,349
Google is a great exposer. After 5 years peaceful co-existence, I am more than sure that the first thing Google will index on my site are all my errors and omissions, not my new pages. And what is more interesting, Google is giving those erratic pages a higher PR, so they appear on the first results page.

__________________
:: :: :: :: :: ::
:: VDSP.Net :: Directory of virtual and dedi serv providers by location and price

  #6  
Old 07-25-2004, 02:54 AM
dftchris dftchris is offline
Aspiring Evangelist
 
Join Date: Jun 2003
Location: Indy
Posts: 379
After trying some more examples I have found that that syntaxes given don't really work very well, they may be outdated. One synyax is for only searching in the url of the website, well it was returning the search term anywhere in the site. I went into advanced search and selected the search only in url option and it still found things in other parts of the site. It still does find the vulnerable files, but you have to go through more results.

Reply

Related posts from TheWhir.com
Title Type Date Posted
Google Announces General Availability of Cloud Endpoints, Updates Mobile Backend Starter Web Hosting News 2013-11-11 12:14:49
60 Percent of Internet Devices Go through Google Servers Each Day Web Hosting News 2013-07-24 17:04:56
Google Offers 15GB of Free Storage Across Cloud Services Web Hosting News 2013-05-13 15:00:03
Why You Should Embrace Google Plus Blog 2013-03-08 09:18:17
Google Expected to Launch IaaS at I/O Developers Conference this Week Web Hosting News 2012-06-28 14:38:03


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?