gHacks technology news » google hacks

Doing some real google hacking

Martin — Fri, 21 Oct 2005 14:14:47 +0000

Until now we have concentrated our efforts on simple file finding methods using the google search engine and certain search commands.

Our goal now is to give you a wider understanding of a thing called “google hacking”. This time we will give you a basic understanding of whats possible and how to achieve this.

Before we start with the essay I want you to make sure that you understand that every move you make on the internet leaves traces that can be used to identify you. I will write a tutorial about “anonymous surfing” soon. This article encourages no one to hack into servers that you don´t own or have the permission to hack.

Lets start by asking some questions. Besides Google and the knowledge of search commands – what do you need to do some hacking with google ?

The answer is simple, you need a vulnerability that you can search for. There are lots of sites that posts vulnerabilities, also known as exploits. I will name two that you can use as a start, you know how to use google to find more.

Packetstormsecurity.org
Securiteam.com

Lets use the packetstorm site as an example. When you open it you see lots of tables starting with filename ending with MD5 Checksum. Whats interesting to us is a) the filename and b) the description.

The description gives a short exerpt of what this exploit is about. Interessing for google hacking are only eploits that are web based or web connected. That means the first exploit for winrar 3.5 is not what we are looking for. The second in the list is more of our liking.

The description read “e107 content management system versions 0.617, 0.6171, 0.6172 resetcore.php utility SQL Injection, login bypass, remote code execution, and cross site scripting exploit.”

When we click the filename we see a textfile with lots of information about this exploit. I won´t give you information about the type of exploit (sql injection) because this time I only explain how you find new exploits and search for them using google.

The interesting line for us atm is “move to http://[target]/[path]/e107/e107_files/resetcore.php” and “e107 0.617 stable/ 0.6171 / 0.6172″

we see a filename and some folder names. in the first one and release numbers in the second one.

Using this information we open up google and enter one of the following strings, think of more if you like.

inurl:resetcore.php
“e107 powered website v0.617″

If you search for the first line make sure you check the version of the script first, second line automatically looks for the script that is vulnerable, you will have to navigate manually to the resetcore.php file

Thats all there is to do, you know now where to look for new vulnerabilities and how to use google to find vulnerable files.

There are other ways of looking for exploits, but those are for the advanced users, they find their own, for example by looking at the source code files.

If you really want to learn more try to find some sites with other exploits using google. You can also lookup what SQL Injection for instance means.

let me know if you have any problems following this article or comments about it.

Tags: google hacking, google hacks, google tips

O’Reilly Google Hacks Code Online

Martin — Mon, 17 Oct 2005 15:47:58 +0000

O’Reilly makes available 100 of their Google Hacks. They sorted them out in categories like Advanced Web, Images, News and Groups, Add-Ons and Gmail.

Most of the hacks are pretty basic stuff, for example hack 6 “Check Your Spelling”, and the explanation “Google sometimes takes the liberty of “correcting” what it perceives is a spelling error in your query” Not such a great hack if you ask me.

Most of the hacks published there are probably not hacks but advices. The advanced user should know most of them if he uses that services, so nothing new for us.

The new user has the chance to learn some new concepts, but he might receive the same level of insight from googles help pages.

Tags: google codes, google hacking, google hacks, o reilly

Using Google to find Movies

Martin — Tue, 11 Oct 2005 10:44:03 +0000

Some days ago i told you how to use the google search to find Mp3 files and Ebooks. Today I will describe how to use similar searches to find movies using google searches.

To achieve this we will borrow some of the operators from the Mp3 Search, namely -inurl:htm -inurl:html intitle:”index of”

You could also add “-inurl:php” to avoid those nasty index.php files as well.

Now we could simply add the known movie file extensions like mpg, avi, wmv to the search and look at the first results.

We probably want to find special movies, like tv commercials, movies with a special actor in it, adult movies aso. What you do is to simply add what you are looking for to the search. For example movies with Claudia Schiffer would be found with the following search

-inurl:htm -inurl:html -inurl:php intitle:”index of�? (mpg|avi|wmv) “Claudia Schiffer”

The (mpg|avi|wmv) operator can also be written (mpg or avi or wmv).

Tags: Google, google hacks, google movie search

Using Google to find free Ebooks

Martin — Sun, 09 Oct 2005 13:57:03 +0000

By using the knowledge we gained from previous articles on how to find mp3 files using the google search engine we will be able to easily find other files as well using almost the same search techniques.

The main ebook format is .pdf, but ebooks also are delivered as .chm, doc and even .txt format. That means we will have to include at least pdf, doc and chm to get good results in our searches. Ebooks are unfortunatly sometimes packed, that means you probably would like to include zip and rar as well to your search

(pdf|chm|doc|txt|zip|rar)

To get good results we need to exclude the following -inurl:htm -inurl:html

To search for directories that contain ebooks you use the following search string.

You should really add another keyword, a title, author or publisher to get better results than that general search. Simply add the keyword at the end of your search using +”keyword”

Technorati Tags: google, tutorial, find, ebook, ebooks, free, search

Tags: Google, google ebook search, google hacks

Using Google to find Free Mp3 files 2

Martin — Sat, 08 Oct 2005 08:28:43 +0000

Two days ago i gave you some basics on how to find mp3 files using the Google search engine. Today i will use the basic concept to enhance the searches even more and get rid of some of the false hits that are still displayed while we search for mp3 files.

The search string that we constructed looked like the following:

-inurl:htm -inurl:html “index of mp3 “Oct-2005″ “Fresh Fantasy Dizzy Singers

There are more filetypes that we should exclude from our searches to get better results, those are:

php, asp, doc, pdf, shtml and txt

To exclude these as well we use the following search string:

-inurl:htm -inurl:html -inurl:php -inurl:asp -inurl:doc -inurl:pdf -inurl:shtml -inurl:txt “index of mp3 “Oct-2005″ “Fresh Fantasy Dizzy Singers

We also don´t want the following results to appear in our search results:

ringtones, lyric and playlists

That means we exclude those as well and get:

-inurl:htm -inurl:html -inurl:php -inurl:asp -inurl:doc -inurl:pdf -inurl:shtml -inurl:txt “index of mp3 -ringtone -lyric -playlist “Oct-2005″ “Fresh Fantasy Dizzy Singers/code>


The last step is to add more possibly words that appear in the directory structure, those are
"parent of" and "last modified"
Our final searchstring now looks like this:
-inurl:htm -inurl:html -inurl:php -inurl:asp -inurl:doc -inurl:pdf -inurl:shtml -inurl:txt AND (“index of|"last modified"|"parent of") AND mp3 -ringtone -lyric -playlist AND “Oct-2005″ AND “dizzy singers
You can of course exclude more search types from your searches, this depends on the circumstances, maybe you don´t want audiobooks to be displayed, or only audiobooks..

I think you have the basic understanding now to enhance the searches yourself and get pretty good results using google.

	Tags: Google, google hacks, google mp3 search, google search


	Related posts
	
	Why Google Search Results Can Be Different (4)
	Using Google to find Movies (41)
	Using Google to find free Ebooks (6)
	Two New Google Trends Features (0)
	Test Google’s Next-Generation Search Engine Infrastructure (3)