Google Hacking for Penetration Testers - 1st Edition - ISBN: 9781597491761, 9780080484266

Google Hacking for Penetration Testers

1st Edition

Authors: Johnny Long Bill Gardner Justin Brown
eBook ISBN: 9780080484266
Paperback ISBN: 9781597491761
Imprint: Syngress
Published Date: 7th November 2007
Page Count: 560
Sales tax will be calculated at check-out Price includes VAT/GST
30.99
49.95
38.95
Unavailable
Price includes VAT/GST
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Support Center

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

This book helps people find sensitive information on the Web.

Google is one of the 5 most popular sites on the internet with more than 380 million unique users per month (Nielsen/NetRatings 8/05). But, Google’s search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web including: social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers Volume 2 shows the art of manipulating Google used by security professionals and system administrators to find this sensitive information and “self-police” their own organizations.

Readers will learn how Google Maps and Google Earth provide pinpoint military accuracy, see how bad guys can manipulate Google to create super worms, and see how they can "mash up" Google with MySpace, LinkedIn, and more for passive reconaissance.

Key Features

• Learn Google Searching Basics Explore Google’s Web-based Interface, build Google queries, and work with Google URLs. • Use Advanced Operators to Perform Advanced Queries Combine advanced operators and learn about colliding operators and bad search-fu. • Learn the Ways of the Google Hacker See how to use caches for anonymity and review directory listings and traversal techniques. • Review Document Grinding and Database Digging See the ways to use Google to locate documents and then search within the documents to locate information. • Understand Google’s Part in an Information Collection Framework Learn the principles of automating searches and the applications of data mining. • Locate Exploits and Finding Targets Locate exploit code and then vulnerable targets. • See Ten Simple Security Searches Learn a few searches that give good results just about every time and are good for a security assessment. • Track Down Web Servers Locate and profile web servers, login portals, network hardware and utilities. • See How Bad Guys Troll for Data Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information. • Hack Google Services Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.

Readership

Security professionals, system administrators, and power users using Google’s powerful, and at times complex, search features to find sensitive information that should NOT be publicly available on the Web.

Table of Contents

Instructions for online access

Acknowledgments

Lead Author

Contributing Authors

Chapter 1: Google Searching Basics

Introduction

Exploring Google’s Web-based Interface

Language Tools

Building Google Queries

Working With Google URLs

URL Syntax

Summary

Solutions Fast Track

Links to Sites

Frequently Asked Questions

Chapter 2: Advanced Operators

Introduction

Operator Syntax

Troubleshooting Your Syntax

Introducing Google’s Advanced Operators

Allintext: Locate a String Within the Text of a Page

Inurl and Allinurl: Finding Text in a URL

Site: Narrow Search to Specific Sites

Filetype: Search for Files of a Specific Type

Link: Search for Links to a Page

Inanchor: Locate Text Within Link Text

Cache: Show the Cached Version of a Page

Numrange: Search for a Number

Daterange: Search for Pages Published Within a Certain Date Range

Info: Show Google’s Summary Information

Related: Show Related Sites

Author: Search Groups for an Author of a Newsgroup Post

Group: Search Group Titles

Insubject: Search Google Groups Subject Lines

Msgid: Locate a Group Post by Message ID

Stocks: Search for Stock Information

Define: Show the Definition of a Term

Phonebook: Search Phone Listings

Colliding Operators and Bad Search-Fu

Summary

Solutions Fast Track

Links to Sites

Frequently Asked Questions

Chapter 3: Google Hacking Basics

Introduction

Anonymity with Caches

Directory Listings

Locating Directory Listings

Finding Specific Directories

Finding Specific Files

Server Versioning

Going Out on a Limb: Traversal Techniques

Incremental Substitution

Extension Walking

Summary

Solutions Fast Track

Links to Sites

Frequently Asked Questions

Chapter 4: Document Grinding and Database Digging

Introduction

Configuration Files

Log Files

Office Documents

Database Digging

Login Portals

Support Files

Error Messages

Database Dumps

Actual Database Files

Automated Grinding

Google Desktop Search

Summary

Solutions Fast Track

Links to Sites

Frequently Asked Questions

Chapter 5: Google's Part in an Information Collection Framework

Introduction

The Principles of Automating Searches

The Original Search Term

Expanding Search Terms

Getting the Data From the Source

Parsing the Data

Post Processing

Applications of Data Mining

Most Interesting

Collecting Search Terms

On the Web

Spying on Your Own

Honey Words

Referrals

Summary

Chapter 6: Locating Exploits and Finding Targets

Introduction

Locating Exploit Code

Locating Public Exploit Sites

Locating Exploits Via Common Code Strings

Locating Code with Google Code Search

Locating Malware and Executables

Locating Vulnerable Targets

Locating Targets Via Demonstration Pages

Locating Targets Via Source Code

Locating Targets Via CGI Scanning

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7: Ten Simple Security Searches That Work

Introduction

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8: Tracking Down Web Servers, Login Portals, and Network Hardware

Introduction

Locating and Profiling Web Servers

Default Pages

Default Documentation

Sample Programs

Locating Login Portals

Using and Locating Various Web Utilities

Targeting Web-Enabled Network Devices

Locating Various Network Reports

Locating Network Hardware

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9: Usernames, Passwords, and Secret Stuff, Oh My!

Introduction

Searching for Usernames

Searching for Passwords

Searching for Credit Card Numbers, Social Security Numbers, and More

Social Security Numbers

Personal Financial Data

Searching for Other Juicy Info

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 10: Hacking Google Services

AJAX Search API

Calendar

Blogger and Google’s Blog Search

Signaling Alerts

Google Co-op

Google Code

Chapter 11: Google Hacking Showcase

Introduction

Geek Stuff

Cameras

Telco Gear

Power

Sensitive Info

Social Security Numbers

Beyond Google

Summary

Chapter 12: Protecting Yourself from Google Hackers

Introduction

A Good, Solid Security Policy

Web Server Safeguards

Hacking Your Own Site

Getting Help from Google

Summary

Solutions Fast Track

Links to Sites

Frequently Asked Questions

Index

Details

No. of pages:
560
Language:
English
Copyright:
© Syngress 2007
Published:
Imprint:
Syngress
eBook ISBN:
9780080484266
Paperback ISBN:
9781597491761

About the Author

Johnny Long

Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.

Affiliations and Expertise

Security Researcher

Bill Gardner

Bill Gardner is an Assistant Professor at Marshall University, where he teaches information security and foundational technology courses in the Department of Integrated Science and Technology. He is also President and Principal Security Consultant at BlackRock Consulting. In addition, Bill is Vice President and Information Security Chair at the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement officers and information security practitioners in the private sector. Prior to joining the faculty at Marshall, Bill co-founded the Hack3rCon convention, and co-founded 304blogs, and he continues to serve as Vice President of 304Geeks. In addition, Bill is a founding member of the Security Awareness Training Framework, which will be a prime target audience for this book.

Affiliations and Expertise

Bill Gardner OSCP, i-Net+, Security+, Asst. Prof. at Marshall University

Justin Brown

Justin Brown (@spridel11) is an Information Assurance Analyst at a large financial institution. Previously, Justin worked for as a consultant specializing in Open Source Intelligence. Through Google Hacking and dorks Justin has uncovered numerous troves of information leaks regarding his clients. Justin can usually be found at conferences volunteering with Hackers for Charity.

Affiliations and Expertise

Information Security Professional at One Worlds Lab

Ratings and Reviews

Request Quote

Tax Exemption

We cannot process tax exempt orders online. If you wish to place a tax exempt order please contact us.