Google Hacking for Penetration Testers
from the google-thyself dept.
| Google Hacking for Penetration Testers | |
| author | Johnny Long |
| pages | 448 |
| publisher | Syngress |
| rating | 8 |
| reviewer | Corey Nachreiner |
| ISBN | 1931836361 |
| summary | Google's dark and dork sides exposed; despite the title, useful for everyone who'd like to get the most out of google. |
According to its cover, Johnny Long's book focuses primarily on revealing the "Dark Side" of Google -- a promise it delivers in spades. But I can also heartily recommend Google Hacking to newbies who simply want to learn how to harness Google's full potential.
The first few chapters of the book walk you through Google's interfaces and features, then introduce you to Google's advanced operators and techniques you can use to refine your Google searches. Instead of submitting basic searches that leave you arduously parsing hundreds of results for your desired answer, you quickly learn to submit powerful queries that almost instantly yield the results you intend. Even as an experienced Google user, I learned a lot from Google Hacking's early chapters. For Google neophytes, this alone makes the book worth its price.
However, we all know Slashdotters really want this book in order to learn how hackers misuse Google. Well, you won't be disappointed. As soon as Long has taught you to submit advanced queries, he wastes no time in showing you the techniques l33t Google hax0rs use to exploit the search engine's power. For example, did you know you can use Google as a free proxy server? By submitting a specially-crafted, English-to-English translation query, you can capitalize on Google's translation service to anonymously submit all your Web requests. This simple hack just scratches the surface of Google's malicious potential.
Most Web surfers don't realize the sheer amount of extremely sensitive information available for the harvesting on the Internet. In that sense, Google Hacking is eye-popping. Do you want to find misconfigured Web servers that publicly list their directory contents? A quick Google search does the trick. Or, suppose you found some new exploit code that only works against a particular version of IIS 5.0. Submit a quick Google query for a helpful list of possible targets. Do you want to harvest user logins, passwords (for example, mySQL passwords in a connect.inc file), credit card numbers, social security numbers or any other potentially damaging tidbit that Web users and administrators accidentally leak onto the Internet? Google Hacking shows you how, with highly refined searches gleaned from the community contributing to the Google Hacking database (GHDB) found on Long's Web site.
While Long's book discloses these and many other potentially malicious Google searching techniques, it does so responsibly, with the goal of prevention in mind. Only the less damaging search strings are fully revealed. Long saves the juicier (read: more dangerous) hacks for your own discovery. Long even obfuscates the sensitive results of the more damaging search strings in order to protect the innocent incompetents he refers to as "googledorks." After showing you how hackers subvert Google to their malicious intent, Long dedicates a chapter to how Web administrators can configure their Web servers securely in order to prevent sensitive data from making it into a Google Hacker's clutches.
Though I've gushed about the book so far, I will quibble with its inconsistent tone. Some of its chapters target readers having different levels of technical understanding. While the book starts out in a voice easy enough for even the most novice user to understand, some of the later chapters, on topics such as document grinding, database digging, and query automation, jump drastically and use language and techniques that only programmers or Unix power-users would understand. In addition, the humor that made Johnny's live presentation so memorable shows up in his book, but in scant supply; frankly, more jokes would be welcome.
But these negatives are mere nits. Whether you're a penetration tester wanting to exploit Google, a Web administrator wanting to protect yourself from information leaks, or even a newbie wanting to harness Google's full potential, Google Hacking for Penetration Testers makes an excellent resource. If you, too, use Google as a second brain, pick up Johnny Long's book and learn how to exploit this powerful search engine to its full capacity.
Corey Nachreiner, Network Security Analyst for WatchGuard's LiveSecurity Service, writes about network security on the free RSS news feed, WatchGuard Wire (browsable version, RSS feed.) You can purchase Google Hacking for Penetration Testers from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Nice website (Score:3, Informative)
Besides being able to find sensitive files, [google.com] hidden portals, [google.com] and vulnerable servers, [google.com] it is also a good way to get free porn. [google.com]
The exploits are just really advanced searches like the one below.
"http://*:*@www"bangbus
Re:Nice website (Score:5, Interesting)
If you say so. The Samba server exploit only returns one result (which is at members.lycos mind you), the hidden portals are in public domain, and as for the sensitive files bit: it's out there on the Internet anyway (as in public information). It is one thing to hand over the keys to a server (exploit research required), it's another to hand out public information.
Johnny Long? Porn Star? (Score:2, Funny)
Heh (Score:3, Funny)
(http://www.electricstate.com/ | Last Journal: Friday May 05 2006, @03:08PM)
In that sense, Google Hacking is eye-popping
That's what she said!
</rimshot>
You're not alone!!! (Score:3, Funny)
Re:You're not alone!!! (Score:5, Funny)
I know I do.
Stop using porn keywords. (Score:5, Funny)
Dude, stop searching for porn. I usually feel really lucky if my search produces more than a single page of results.
apache.leakage.org on the list (Score:2)
I didn't think that was possible;)
Re:apache.leakage.org on the list (Score:4, Informative)
This is ironic (Score:5, Interesting)
(Last Journal: Thursday December 08 2005, @11:00PM)
One of the first links I checked out from the google results he lists is apparantly some ddos [dc.spec.pl] perpetrator's weapons list page.
Go Figure.
GeoCamming (Score:5, Interesting)
I like to find interesting cameras and then use NeoTrace [neotrace.com] to trace the addresses to find out exactly where the camera is. It's quite fun.
amazon link (Score:2, Informative)
Penetration testing (Score:5, Funny)
(http://www.hiris.com/ | Last Journal: Saturday April 09 2005, @09:38AM)
How did someone come up with this name for a profession anyways?
I also found this interesting ... (Score:3, Informative)
Google Proxy server (Score:4, Informative)
(http://www.dreamhost.com/r.cgi?objekt)
Too bad Google doesn't translate graphics, which some web pages are full of.
We all know` (Score:4, Funny)
obvious (Score:2, Redundant)
(http://slashdot.org/ | Last Journal: Wednesday April 16 2003, @07:07AM)
Interesting, but... (Score:2, Funny)
Penetration Tester (Score:3, Funny)
Penetration Tester (Score:5, Funny)
(http://www.civic-minded.com/)
Yes, but... (Score:2, Funny)
Johnny is a great presenter (Score:2, Informative)
I'd imagine his book is just as lively, informative, and insightful. I'm buying to when I get home. I've had it in my saved list for a while now.
apache.leakage.org (Score:2)
(http://example.com/ | Last Journal: Sunday January 30 2005, @05:19PM)
*boogle*
Google as a proxy... (Score:3, Insightful)
Also, I don't think Google translates the hyperlinks to work within the translation-page does it? So you would have to copy out any URL's that you wanted to go to and re-enter them into your translation query.
Can someone please tell me what's so special about this l33t "specially formed English-to-English translation" method? I mean, how much better can it be than just typing in the URL you want and choosing "Korean to English" in the drop-down?
Original Book Title (Score:1)
(http://www.cgisecurity.com/)
google proxy (Score:5, Informative)
(http://quickwired.com/)
When doing a google translation proxy, remember two things:
1) The images that you load from the target page do *not* use the proxy. So if they want to track you down, all they have to do is look for the next few image loads following the google load for the main page.
2) en|en translations stand out in the logs, since it's not a normal translation option. You should use (for example) de|en. It'll fail on every german word and show the original word, which is english.
another article (Score:2, Interesting)
(http://slashdot.org/)
Legal Liabilities... (Score:2)
(Last Journal: Saturday February 21 2004, @08:07PM)
Since there is so much potential for abuse, I wonder if soon government will "wiretap" google, waiting for certain kinds of searches and then zeroing in the person who did the search. For example, what if some teen in highschool did a search for "anarchist cookbook". Would that be enough to have the police go talk with him, or watch him, or get a search warrent? What if they then find gasoline, and *gasp* styrofome cups in his garadge?? Can they charge him with conspiracy to make napalm? Or worse, what if I want a chem lab in my basement, do I have a right to it, to conduct my own research?
It would be like what the city of chicago is going. First they banned all guns in the city. Then they sued the gun manufacturers whenever a gun was used for a crime in their city limits. The City of Chicago argues "hey, we banned it, and you keep selling it to people who do illegal things in chicago, you have no safegaurds".
I wonder if there is a search engine out there that is opt-in only, does not link to spam or places that don't sell stuff but only link to places that sell (deceptivly I might add too). Maybe some search engine where users can moderate returns, like we do at slashdot. When you search for "baseball", with each hit you get to moderate how good of a search return it is. I have alot of ideas. Maybe I should not post them here, maybe I should talk to a patent lawyer first.
wiretap google? (Score:4, Funny)
What makes you think they haven't already?
Free porn??? (Score:3, Insightful)
(http://www.petedavis.net/)
crazy! (Score:2, Interesting)
Which is why author linked to Snopes... (Score:2, Funny)
Re:10 percent Google yes, your brain, no. (Score:1, Funny)
Re:Of course you may use only 10% of your brain (Score:1)
Re:Of course you may use only 10% of your brain (Score:1, Redundant)
Re:Of course you may use only 10% of your brain (Score:1)
Re:I wanna be a tester (Score:2, Interesting)
Re:It's not fair (Score:1)
(Last Journal: Friday February 11 2005, @11:52AM)
Isn't that an oxymoron?
Re:Sounds fun. (Score:1)
(http://www.madebylanemedia.com/)