This article is I collect through the on-line collation. If there are loopholes and not comprehensive place also please advise!
Google hacking is not really a new thing, at that time did not attach importance to this technology, think Webshell something, and not much practical use. Google hacking is actually not
So simple ...
The simple implementation of Google hacking
Using some of the syntax in Google can provide us with more information (and, of course, for those who are used to attacking more than they want.), here are some common syntax.
Intext:
This is a page in the body content of a character as a search criteria. For example, in Google Input: intext: Moving the net. will return all Web pages in the body part of the Web page containing the "moving Web"
. Allintext: The use method is similar to Intext.
Intitle:
Like the intext above, search the title of the page for the characters we're looking for. For example: intitle: Safe Angel. Will return the web with "Safe Angel" in all page titles
Page. Allintitle: Similar to intitle.
Cache
Search Google for some content in the cache, sometimes may find some good things oh.
Define
Search for the definition of a word, search: Define:hacker, and return a definition of hacker.
FileType
This I would like to highlight the recommendation, whether it is a cast-net attack or we have to say after the special prospecting Gao Bank ⑹ accounted for -ping rose straw chiselled? Searches for files of the specified type. For example, enter
: Filetype:doc. All file URLs that end with Doc are returned. Of course, if you're looking for. bak,. mdb or. Inc is also possible, the information may be more abundant
Info
Find some basic information about a specific site.
Inurl:
Search to see if the character we specified exists in the URL. For example, input: Inurl:admin, will return n similar to this connection: Http://www.xxx.com/xxx/admin, to find the administrator login
The land URL is good. Allinurl is similar to inurl and can specify more than one character.
Link
For example search: Inurl:www.4ngel.net can return all URLs that are linked to www.4ngel.net.
Site
This is also useful, for example: site:www.4ngel.net. All URLs associated with 4ngel.net This station will be returned.
Yes, and some of the * characters are also useful:
+ List of words that Google may ignore, such as query scope
-Ignore a word
~ Consent Word
. A single wildcard character
* Wildcard characters that can represent multiple letters
The exact query
Let's start with the actual application.
The following is a search on Google, and for a malicious attacker, it may be that he is most interested in the password file. And Google, because of its powerful search capabilities, often
Disclose some sensitive information to them. Search by Google for the following:
Intitle: "Index of" etc
intitle: "Index of". Sh_history
intitle: "Index of". Bash_history
Intitle: "Index of" passwd
Intitle: "Index of" People.lst
Intitle: "Index of" pwd.db
Intitle: "Index of" Etc/shadow
Intitle: "Index of" spwd
Intitle: "Index of" master.passwd
Intitle: "Index of" htpasswd
"#-frontpage-" Inurl:service.pwd
Sometimes, because of various reasons, some important password files are exposed to the network unprotected, if the people with ulterior motives, then the harm is very great
Google can also be used to search for a number of vulnerable programs, such as Zeroboard before the discovery of a file code leak vulnerability, you can use Google to find online use of this program station
Point:
Intext:zeroboard filetype:php
or use:
Inurlutlogin.php?_zb_path= site:.jp
To find the page we need. phpMyAdmin is a powerful database * for software, some sites due to configuration errors, we can not use the password directly to the phpMyAdmin
Yes, we can use Google to search for a program URL with this vulnerability:
Intitle:phpmyadmin intext:create New Database
Do you remember http://www.xxx.com/_vti_bin/..%5 ... ystem32/cmd.exe?dir? Google, you may still find a lot
Antique-grade machines. Again, we can use this to look for pages with other CGI vulnerabilities. Allinurl:winnt System32
It's easy to say that you can use Google to search for database files, and use some syntax to pinpoint what you can get more (Access's database, MSSQL, MySQL connection files
And so on). Give an example:
Allinurl:bbs data
Filetype:mdb Inurl:database
Filetype:inc Conn
Inurl:data Filetype:mdb
Intitle: "Index of" data//is often the case on some improperly configured Apache+win32 servers, and as the principle above, we can use Google to find
Console.
The use of Google is completely can be a site for information collection and infiltration, we use Google to test a specific site.
First use Google to look at some of the basics of this site (some of the details are omitted):
Site:xxxx.com
From the returned information, find the domain names of several of the school's faculties:
Http://a1.xxxx.com
Http://a2.xxxx.com
Http://a3.xxxx.com
Http://a4.xxxx.com
By the way, it should be on a different server. Schools usually have a lot of good information, first see what good things do not
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
