What is Google Hacking

Google Hacking :

Google hacking is a technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use. It involves using advanced operators in goggle search engine to locate specific text/file within search result . There are generally two types of vulnerabilities to be found on the Web: software vulnerabilities and misconfigurations . Although there are some sophisticated intruders who target a specific system and try to discover vulnerabilities that will allow them access, the vast majority of intruders start out with a specific software vulnerability or common user misconfiguration that they already know how to exploit, and simply try to find or scan for systems that have this vulnerability. Google is of limited use to the first attacker, but invaluable to the second.

Today there are scanners that automatically query IP addresses to see what proxy for exploits. A proxy is an intermediary system that an attacker can use to disguise his or her identity.

The following search query would locate all web pages that particular test contained within them . It is normal for default installation of applications to include their running version in every page they serve , eg. , “ Powered by XOOPS 2.2.3 Final “ .

Google hacking aims to find the things on web which can be useful for hackers .  Hackers mainly focus on these juicy information :

     

Error Message : Really retarded error message that say WAY TOO MUCH . Eroor messages  Like Error: No user found with name mike+AND+ , Microsoft OLE DB Provider for ODBC Drivers error '80040e37'

Advisories and Vulnerabilities : The search locate vulnerable servers . These serches are often generated by the various advisory ports and in many case are product or version specific .

File containing important information : No username password but these files contain interesting stuff 

File containing Password : Passwords , For Love ! Google found password 

File containing username : These file contain Usernames , but no password still Google finding username on web site . 

Footholds : Examples of queries that can help a hacker gain a foothold into web server .

Page containing login portals : These are the login pages for the various services . Consider them the front door of website's more sensitive function . 

Pages containing network or vulnerability data : These pages contain such things as firewall logs , honey pot logs , network information , IDS logs  all sorts of functions .

Sensitive directories : Google's collection of web site sharing sensitive directories , 

the file contained in here will vary from sensitive to uber - secret . 

Sensitive online shopping information : Example of queries that can reveal online shopping info like containing customer data , suppliers order , credit card no . , credit card info , etc . 

Web server detection : These links demonstrate Google ability to profile web servers .  

Vulnerable files : Hundred of Vulnerable files that Google can search on web site . 

Posted in: Hack Data , Security Holes in Google , Vulnerable Data on Google