Google Hacking

Ahmad Radaideh

Abstract Introduction Google Cached Content GOOGLE HACKING Procedures Google Advance Operators Google hacking Result Categories Directories and documents Browsing Google Hacking Countermeasure Conclusion

outline

as long as we have a cached content of any site inside Google cache server and if we were able to access to this cached contents including the documents, logs, files this will be so usefully and valuable to any hacker plus hacking attempts to access these data will not be logged on the real host server that contain the information, or even we don’t care that this server is still working or offline

Google Hacking is the term of how to use Google search box to get some sensitive Information about users or organization

Abstract:

When a site administrator attempt to add his site to Google search engine to be available for search in special term query, Google use automated spider or Google boters to crawl this site to Google cache server (find the documents, files, code pages copy all these information to Google search engine server) this cached page will contain the site name , the site URL ,the site content that match your search query and this cached page is what we see in the result page of our search and when the user click on any of these cached pages he or she will be redirected to the host server that really contain these pages.

Introduction:

The search result are cached content inside Google servers, when the user click on the cached content he or she will be redirected to the real hosting server of

these contents

Google Cached Content

1- Hack throw search Google URL When you click on any cached content in

your search result you will be redirected to the host throw special URL generated by Google

2-Using Google Advance Operators inside Google search box such as Intitle, inurl, file Type, site and Link

GOOGLE HACKING Procedures

Google Advance Operators

1-Error message Error message contains rich data , which

can be used to gain access to the server.

2-Directories browsing This makes you able to navigate inside the

directories that contain the hosted website

Google hacking Result Categories:

3-File Browsing In case we have access to website directory

then we are free to access to any document that founded inside this directory such as word document, excel separate sheets, access DB, WS-FTP logs, and source Code

Google hacking Result Categories:cont.

Directories and documents Browsing

4- Network device Such as printers, webcams, and network

routers that mainly give the hacker away to control the behavior of these devices

5-Personal information gathering Search using @ symbol will return all the

pages that contain email addresses in the cached content site, which allow spammers to send mail to all this mails

Google hacking Result Categories:cont.

The Site administrator should Make sure host and network security basics are in place construct/publish security

The Site administrator should be aware of security policies specially Google hacking procedures

Determine which files should be placed on the site directory.

Administrator should test Google hacked procedure before he or she added there site to Google search engine.

Create share standard strategy. Classify entrance locations and gather necessary

artifacts.

Google Hacking Countermeasure

Know all regulatory pressures and unify approach.

Classify personally identifiable information obligations.

Present awareness training. Generate security standards. Execute security characteristic review. Classify software defects originate in operations

monitoring and feed them back to growth. Exploit automated tools along with physical

evaluation.

Google Hacking Countermeasure cont.

Good defense always start throw understanding your opponent’s offense.

Google hacking provide access to so sensitive private information related to users or organization by different means, these means are so clear and occurred in easy scenarios so the safest way to prevent this thread is by studying these means and test our sites against these threads Is our safest way to make before we link our site to Google search engine

Conclusion

Lancor, L. and Workman, R., Using Google Hacking to Enhance Defense Strategies. SIGCSE Bull. 39, 1 (Mar. 2007), 491-495. DOI= http://doi.acm.org/10.1145/1227504.1227475.

Billig, J., Danilchenko, Y. & Frank, C.E. (2008). Evaluation of Google Hacking. Proceedings of InfoSecCD Conference‘08, p. 27-32, September 26-27, 2008, Kennesaw, GA, USA.

M Lubis, N Yaacob, H Reh, M Abdulghani ,” A STUDY ON IMPLEMENTATION AND IMPACT OF GOOGLE HACKING TO INTERNET SECURITY”.

Long, J. (2007). The Google Hacker‘s Guide: Understanding and Defending against the Google Hacker. Retrieved January 20, 2010, from encription website: http://www.encription.co.uk/downloads/The_Google_Hackers_Guide_v1.0.pdf.

Long, J. & Skoudis, E. (2005), Google Hacking for Penetration Testers. Syngress.

Wikipedia Google Hacking Web Site, http://en.wikipedia.org/wiki/Google_Hacking.

References

Thank you