2020. 3. 1. 13:34ㆍ카테고리 없음
Introduction:We are all aware of Google/Yahoo/Bing Search engines; they need no introduction. We use them every now and then to solve our day-to-day queries.Google and other search engines use automated programs called spiders or crawlers. Also, these search engines have a large index of keywords, and where those words can be found. Powerful crawling and indexing features make these search engines not only powerful but also opens doors for hackers to use for identifying vulnerable targets over the internet. This is called Search Engine Hacking.Search Engine Hacking involves using advanced operator-based searching to identify exploitable targets and sensitive data using the search engines.In this article, we learn to use various Google search operators to identify vulnerable targets over the Internet and also check out a new tool that can be used to automate this process.Special Search Characters:Google search engine provides its users with various special search characters for advanced searching. See a partial list below:.
Asterisk operator.: The asterisk is a computer symbol for a wildcard, which allows the search engine, such as Google, to fill in that space with any text string. You can also use it within double quotes for more precise searches.E.g.
The query “today is. day” will display search results like “today is a good day” or “today is mother’s day”, etc.Basic Searching Techniques:Google search engine provides various operators to customize our search results.The basic syntax of a Google advanced operator isoperator:searchtermThe list below provides some of the key operators useful in creating search queries to retrieve valuable information from the web.
Intitle operator:The query intitle:keyword in the search engine will return pages containing the keyword in the title.E.g. 1: The query intitle:Google will return all the web pages containing Google in the title.E.g. 2: Google Hacking using intitle operatorUsing the query intitle:”Index of” will return all the web pages containing “Index of” in the title. This can be used to identify if Directory Listing (Directory Listing displays a list of the directory contents) is enabled on the web server. Inurl operator:The query inurl:keyword in the search engine will return pages containing the keyword in the URL.E.g. 1 – The query inurl:contactus site:www.MySite.com will search for pages on MySite in the URL containing the word “contactus”.E.g.
2 – Google Hacking – Looking for Admin PortalsThe query inurl:admin.php will search for all the websites that might have admin login pages. These pages attract the hackers and they might brute force the login page to gain access to the admin interface. Cache operator:Google keeps the snapshot of the pages it has crawled.
The query cache:keyword in the search engine displays Google’s cached version of the page.E.g. – The query cache:www.yahoo.com will display cached pages of the website Yahoo.com.
The above directive can be useful in gathering information from the previously cached pages.Another very useful website that can be used to obtain the cached pages isThis websites stores a snapshot of the websites in a calendar format, and can be used to view the pages of any previous date. The screenshot below displays a cached page of Yahoo.com dated 9 Feb 2010. Digging Google for leakage of information though error messages:Information leakage through error messages are very much useful for information gathering and launching further attacks on the websites.
If the application does not have exception/error handling mechanisms, it might leak sensitive details in the error messages like database details, error stack trace details, etc.E.g. A Google query like intitle:”Apache Tomcat” “Error Report” will display search results containing the Apache Tomcat error messages.We discussed a brief on the directives that can be used to carry out search engine hacking. Manually trying out each of these directives can be a cumbersome task.
To automate the process of search engine hacking and retrieving juicy information, we make use of automated tools.Automated tools available for Google Hacking:. Wikto – This is a multipurpose tool developed by Sensepost which can be used for automating Google Hacking.Ref:The above tools provide are useful for Google Hacking. However, let’s look at a new tool called Search Diggity, which provides a graphical user interface and is useful in retrieving lot information from both Bing as well as Google search engine.Search Diggity:It is Stach & Liu’s MS Windows GUI application that serves as a front-end to the most recent versions of the Diggity tools:. GoogleDiggity. BingDiggity.
Bing LinkFromDomainDiggity. CodeSearchDiggity, DLPDiggity. FlashDiggity. MalwareDiggity. PortScanDiggity.
Search Engine Script
SHODANDiggity. BingBinaryMalwareSearch. NotInMyBackYard DiggityMore information on these modules can be found here: Ref:Let’s explore a few of the above key modules of interest to learn about the art of search engine hacking.GoogleDiggity:The Google Diggity tool automates the Google Hacking process. It queries the search engine using the to identify vulnerabilities and information disclosures.The Google Search engine uses a bot detection technique.
Automated Job Portal Script Nulled
As a result querying Google using automated tools for Google hacking. This is overcome with the use of Google JSON/ATOM Custom Search API, which uses an API key.
A user can register for an API key against a valid Gmail account and get a free 100 requests/day. Additional queries are available at a cost (Google charges $5 per 1000 queries).The tool provides a well-structured interface that allows the user to:. Select the search queries from the list. Feed the API key. Specify the target site/domain/IP address. Scan button to kick of the scan, etc.Bing Diggity:Similar to GoogleDiggity, Bing Diggity is a Bing search engine hacking tool.
It utilizes the Bing 2.0 API (The Bing 2.0 API allows 1000 results per query) and the Stach & Liu’s newly developed Bing Hacking Database (BHDB) to find vulnerabilities and sensitive information disclosures related to your organization that are exposed via Microsoft’s Bing search engine.The tool provides a well-structured interface that allows the user to:. Select the search queries specific to Bing search engine from the list. Feed the API key.
Specify the target site/domain/IP address. Scan button to kick of the scan, etc.DLPDiggity:DLPDiggity is a that leverages Google/Bing to identify exposures of sensitive info (e.g.
SSNs, credit card numbers, etc.) via common document formats such as.doc,.xls, and.pdf. First, GoogleDiggity and BingDiggity are used to locate and download files belonging to target domains/sites on the Internet. Then, DLPDiggity is used to analyze those downloaded files for sensitive information disclosures.DLPDiggity utilizes(An IFilter is a that allows the and the newer to index different so that they become searchable) to search through the actual contents of files, as opposed to just the meta-data. Using, DLPDiggity can find almost any type of sensitive data within common document file formats.Over the last few years, there has been a tremendous increase in the volume of office documents that have been indexed and made searchable by Google and Bing.
DLPDiggity taps into that in order to find documents containing sensitive information.The tool provides a well-structured interface that allows the user to:. Select the DLPDiggity search queries from the list that can be used to dig Google/Bing search engine for querying for documents. Select the regular expressions that will be used to search through the documents in the target directory for data leaks of sensitive information such as SSN, credit card numbers. Search button to analyze through the documentsFlashDiggity:FlashDiggity automates Google searching/downloading/decompiling/analysis of to identify Flash vulnerabilities and information disclosures.FlashDiggity first leverages the GoogleDiggity tool in order to identify applications for target domains via Google searches, such as. Next, the tool is used to download all of the SWF files in bulk for analysis.
The SWF files are disassembled back to their original source code, and then analyzed for code-based vulnerabilities.The tool provides a well-structured interface that allows the user to:. Select the FlashDiggity search queries from the list that can be used to dig Google search engine for querying for documents. Select the regular expressions that will be used to search through the ActionScript of decompiled SWF Flash files for code-based vulnerabilities and information disclosures.
Search button to decompile and analyze the SWF files.