请输入您要查询的百科知识:

 

词条 Google hacking
释义

  1. Basics

  2. Advanced operators

  3. History of Google Hacking

  4. References

  5. External links

{{distinguish|Google Hacks}}

Google hacking, also named Google dorking,[1][2] is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.

Basics

Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. A search query with intitle: admbook intitle: Fversion filetype: php would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final".

One can even retrieve the username and password list from Microsoft FrontPage servers by inputting the given microscript in Google search field:

 "#-Frontpage-" inurl: administrators.pwd or filetype: log inurl password login

Devices connected to the Internet can be found. A search string such as inurl: "ViewerFrame?Mode=" will find public web cameras.

Another useful search is following intitle: index.of followed by a search keyword. This can give a list of files on the servers. For example, intitle: index.of mp3 will give all the MP3 files available on various servers.

Advanced operators

There are many similar advanced operators which can be used to exploit insecure websites:

Operator Purpose Mixes with Other Operators? Can be used Alone? Web Images Groups News
intitleSearch page Titleyesyesyesyesyesyes
allintitle[3]Search page titlenoyesyesyesyesyes
inurlSearch URLyesyesyesyesnot reallylike intitle
allinurlSearch URLnoyesyesyesyeslike intitle
filetypespecific filesyes|yesyesnonot really
intextSearch text of page onlyyesyesyesyesyesyes
allintextSearch text of page only reallyyesyesyesyesyes
siteSearch specific siteyesyesyesyesnonot really
linkSearch for links to pagesyesyesyesnononot really
inanchorSearch link anchor textyesyesyesyesnot reallyyes
numrangeLocate numberyesyesyesyesyesnot really
daterangeSearch in date rangeyesyesyesnot reallynot reallynot really
authorGroup author searchyesyesnonoyesnot really
groupGroup name search reallyyesnoyesyesnot really
insubjectGroup subject searchyesyeslike intitlelike intitleyeslike intitle
msgidGroup msgid searchnoyesnot reallynot reallyyes really

The "link:" search operator that Google used to have, has been turned off by now (2017).[4]

History of Google Hacking

{{see also|Johnny Long#Google hacking}}

The concept of "Google Hacking" dates back to 2002, when Johnny Long began to collect Google search queries that uncovered vulnerable systems and/or sensitive information disclosures - labeling them googleDorks.[5]

The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.[6][7]

Since its heyday, the concepts explored in Google Hacking have been extended to other search engines, such as Bing[8] and Shodan.[9] Automated attack tools[10] use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.[11]

References

1. ^Term Of The Day: Google Dorking - Business Insider
2. ^Google dork query, techtarget.com
3. ^{{cite web|last1=Karch|first1=Marziah|title=Allintitle Definition|url=http://google.about.com/od/a/g/allintitledef.htm|website=About.com|publisher=About.com|accessdate=6 September 2015}}
4. ^{{Cite news|url=https://twitter.com/JohnMu/status/819209116694548480|title=John Mueller, Webmaster Trends Analyst at Google|newspaper=Twitter|language=en|access-date=2017-01-28}}
5. ^{{cite web|url=http://johnny.ihackstuff.com/security/googleDorks.shtml |title=googleDorks created by Johnny Long |publisher=Johnny Long |accessdate=8 December 2002 |deadurl=yes |archiveurl=https://web.archive.org/web/20021208144443/http://johnny.ihackstuff.com/security/googleDorks.shtml |archivedate=8 December 2002 |df= }}
6. ^{{cite web|url=http://johnny.ihackstuff.com/blog/my-blog-like-thing/google-hacking-database.html |title=Google Hacking Database (GHDB) in 2004 |publisher=Johnny Long |accessdate=5 October 2004 |deadurl=yes |archiveurl=https://web.archive.org/web/20070707185932/http://johnny.ihackstuff.com/blog/my-blog-like-thing/google-hacking-database.html |archivedate=7 July 2007 |df= }}
7. ^{{cite web |url=https://www.amazon.com/Google-Hacking-Penetration-Testers-1/dp/1931836361 |title=Google Hacking for Penetration Testers, Volume 1 |publisher=Johnny Long |accessdate=20 February 2005 }}
8. ^{{cite web |url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#bing-hacking-database---bhdb-v2 |title=Bing Hacking Database (BHDB) v2 |publisher=Bishop Fox |accessdate=27 August 2014 }}
9. ^{{cite web |url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#shodan-hacking-database---shdb |title=Shodan Hacking Database (SHDB) - Part of SearchDiggity tool suite |publisher=Bishop Fox |accessdate=21 June 2013 }}
10. ^{{cite web |url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/#searchdiggity |title=SearchDiggity - Search Engine Attack Tool Suite |publisher=Bishop Fox |accessdate=27 August 2014 }}
11. ^{{cite web |url=http://www.bishopfox.com/resources/tools/google-hacking-diggity/google-hacking-history/ |title=Google Hacking History |publisher=Bishop Fox |accessdate=27 August 2014 }}

External links

  • Google Hacking Diggity Project - Bishop Fox – a research and development initiative dedicated to investigating the latest techniques that leverage search engines (such as Google, Bing, and Shodan) to quickly identify vulnerable systems and sensitive data on public networks. An arsenal of free attack and defense tools related to search engine hacking are available for download.
  • Google Hacking Database (GHDB) - REBORN - 09Nov2010 – Exploit-db.com folks picked up the effort of maintaining and adding to the original GHDB JohnnyIHackStuff.com created by Johnny Long.
  • "Google Hacking: .pdf Document", boris-koch.de (printable, .pdf)
  • "Google Hacking: .pdf Document", boris-koch.de (printable, .pdf)
  • [https://www.google.com/help/cheatsheet.html "Google Help: Cheat Sheet"], Google (printable)
  • [https://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf Google Hacking for Penetration] - Using Google as a Security Testing Tool, Introduction by Johnny Long
{{Google Inc.}}

2 : Computer security procedures|Google Search
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/12 11:04:36