Google as a tool for crackers



Google is a search tool which I use literally every day. Sometimes it’s multiple times per day. Sometimes I can’t imagine how I would function without being able to do a quick google search. There are some features that I don’t often use and in some ways have promised myself to use more in an attempt to hone in on just that piece of information I’m looking for, but those features can also be turned against a site owner.

OK. Let me be blunt. I don’t endorse you or anyone attempting to exploit a security weakness at any site unless you have complete control and express permission of the site owner to do a security audit. It’s useful to know the tools of attack to get an idea of how to defend. Further… the term hacker gets thrown around quite a bit, usually with negative connotations. “hackers today broke into the …. site…” for instance. Personally, a hacker is anyone who is interested in tinkering with hardware/technology and perhaps putting it to uses not intended, at least experimenting with the uses that are intended and the implications of that. In other words someone interested in making technology work for them to the fullest. Crackers on the other hand are individuals that attempt to break into systems for various purposes, which is illegal. So, someone that rebuilds their dvd player for better picture quality is a hacker, someone that looks for and exploits websites is a cracker.

Anyway, there are specific search tags that can be added to google searches to make your search more specific. Just typing site:myaddress.com (being sure to fill in the site that you’re searching.) Is one way to get just results from that specific site. One other tip with this is to leave off the www (or other subdomain) from in front of the domain name unless it helps winnow down results further. A good example would be searching ( site:support.microsoft.com exception 0e )to find all knowledge base entries at Microsoft that contain exception 0e.

Of course, you probably already know that there’s a difference between searching for ( exception 0e ) and ( “exception 0e” ). The later of the two searches for pages that have those words in that specific order. (All of the search terms I’m using are enclosed in parenthesis with a space before and after the search term to try to avoid confusion.

Ok, let’s take on another tool, the inurl: tag. Let’s say we have a file on our site called 1782.txt (which I do, it’s a 1782 Rutherford county, NC tax list transcription.) we could find it specifically by searching like this. ( site:averyjparker.com inurl:1782.txt ) 1 match, the relevant file.

Ok, well how is this going to help a cracker? Let’s see. My last site was based on ezcontents and like most php based tools for page management, they have a “powered by ezcontents” tag on every page, so for starters maybe they could do a simple ( “powered by ezcontents” ) search. Well that casts a wide net still, some of these sites are probably newer, patched versions that aren’t susceptible to known vulnerabilities. But ezcontents usually announces it’s version in the same tag, so a maybe a search for a vulnerable version ( “powered by ezcontents” 2.4.0 ) for instance, or even ( “powered by ezcontents version 2.4.0″ ). (The version number has been changed, but you’re starting to see the idea.)

So you’ve seen one way that a specific person can be targeted just by using google to find an older version of the software. Ok, well, a specific vulnerable file can be targeted as well. Let’s say there’s a buggy script out there called cgiemail.cgi a search like ( inurl:cgiemail.cgi ) could be fruitful. Or if you’re intent on a specific site, use ( inurl:cgiemail.cgi site:targetdomain ). It doesn’t take too much imagination to see how scary a prospect this can be for someone that uses a workstation that for some reason happens to be directly connected to the web as a webserver as well.

There are a couple of links that I’d like to mention here for reference.

Let me make this blunt. Do not use this information to crack into systems or for any other illegal or unethical ends. Use this information to arm yourself with knowledge as to what is possible, verify that your own site is not at risk and to protect yourself from crackers.
Johnny at johnny.ihackstuff.com has a forum where there is a huge catalog of various google searches. Some are specific searches for vulnerable software. Don’t be stupid and use this to break into systems, you’re life will be very unhappy.

The other link is a great article at InformIT about various google hacks Including some of the same advanced search options I’ve mentioned, they cover a few more though.

Related Posts

Blog Traffic Exchange Related Posts
  • Ranking for a Search Phrase in Google I guess by now you've noticed that I'm not keeping up with the 1 post a week rate that I had for a while there. I've been thinking that at this point I'm going to be getting in one a month or so. More if the mood strikes, but from......
  • Google Sitemaps continue to improve I've noticed that the information in Google Sitemaps continues to improve. For instance in the list of search terms and the average top position which is something that previously was quite tedious to figure out (search and then click until you find your page referenced...) It also gives content analysis......
  • Page banned from Google? So for the past month and a half I've been puzzling over northcarolinagenealogy.net and it's mysterious sudden disappearance from google. I mean... let's see, there are a couple hundred posts there. It uses the same template as this and the South Carolina genealogy site do. Nothing really different than the......
Blog Traffic Exchange Related Websites
  • Wordpress as a Website: 4 Great Reasons When you think of Wordpress you probably think of blogging. That's how most people use it. They sign up for a free blog and start posting about a variety of things. Some blogs are very specific and targeted while others are just general every day kind of blogs. You might......
  • Website Optimization Optimises The Seeker For Top Status This can be a program that helps in searching your message which might be desired in exchange of your specific keywords used by the owner. When the keywords are do the search boxes then because of this a collection of various documents are produced, the place where all such data......
  • 13 Reasons Why Palm Pixi is Better than the Apple iPhone [/caption]The Palm Pixi is coming out in less than a week. With that in mind we thought we'd highlight some of the advantages that the Pixi has over the iPhone. Keep in mind that Pixi is aimed to be a cheaper, low-end device, so it's intentionally missing some features found......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Google as a tool for crackers”

  1. Avery J. Parker - Web site hosting and computer service Says:


    [...] [...]


Switch to our mobile site