Forgot your password?
typodupeerror
Google Books Media Businesses Security The Internet Book Reviews

Google Hacking for Penetration Testers 138

Posted by timothy
from the google-thyself dept.
Corey Nachreiner writes "Until recently, I considered myself a Google power-user; so much so that I often call Google my "second brain." Whenever I stumble upon a computing dilemma I can't solve, I submit an advanced query to my second brain, Google, and let it supply the answers. That's why I was So There when Johnny Long released his recent book, Google Hacking for Penetration Testers . I heard Johnny's lively, light-hearted presentation to a packed house at the BlackHat Briefings last summer in Las Vegas. It was the hit of the show, but in one hour he could only present a few of his startling findings about Google hacking. After reading Johnny's book, I've learned a ton more and realized I wasn't quite as Google-savvy as I thought. As with my real brain, I've only been using about ten percent of my Google-brain's capacity." Read on for the rest of Nachreiner's review.
Google Hacking for Penetration Testers
author Johnny Long
pages 448
publisher Syngress
rating 8
reviewer Corey Nachreiner
ISBN 1931836361
summary Google's dark and dork sides exposed; despite the title, useful for everyone who'd like to get the most out of google.

According to its cover, Johnny Long's book focuses primarily on revealing the "Dark Side" of Google -- a promise it delivers in spades. But I can also heartily recommend Google Hacking to newbies who simply want to learn how to harness Google's full potential.

The first few chapters of the book walk you through Google's interfaces and features, then introduce you to Google's advanced operators and techniques you can use to refine your Google searches. Instead of submitting basic searches that leave you arduously parsing hundreds of results for your desired answer, you quickly learn to submit powerful queries that almost instantly yield the results you intend. Even as an experienced Google user, I learned a lot from Google Hacking's early chapters. For Google neophytes, this alone makes the book worth its price.

However, we all know Slashdotters really want this book in order to learn how hackers misuse Google. Well, you won't be disappointed. As soon as Long has taught you to submit advanced queries, he wastes no time in showing you the techniques l33t Google hax0rs use to exploit the search engine's power. For example, did you know you can use Google as a free proxy server? By submitting a specially-crafted, English-to-English translation query, you can capitalize on Google's translation service to anonymously submit all your Web requests. This simple hack just scratches the surface of Google's malicious potential.

Most Web surfers don't realize the sheer amount of extremely sensitive information available for the harvesting on the Internet. In that sense, Google Hacking is eye-popping. Do you want to find misconfigured Web servers that publicly list their directory contents? A quick Google search does the trick. Or, suppose you found some new exploit code that only works against a particular version of IIS 5.0. Submit a quick Google query for a helpful list of possible targets. Do you want to harvest user logins, passwords (for example, mySQL passwords in a connect.inc file), credit card numbers, social security numbers or any other potentially damaging tidbit that Web users and administrators accidentally leak onto the Internet? Google Hacking shows you how, with highly refined searches gleaned from the community contributing to the Google Hacking database (GHDB) found on Long's Web site.

While Long's book discloses these and many other potentially malicious Google searching techniques, it does so responsibly, with the goal of prevention in mind. Only the less damaging search strings are fully revealed. Long saves the juicier (read: more dangerous) hacks for your own discovery. Long even obfuscates the sensitive results of the more damaging search strings in order to protect the innocent incompetents he refers to as "googledorks." After showing you how hackers subvert Google to their malicious intent, Long dedicates a chapter to how Web administrators can configure their Web servers securely in order to prevent sensitive data from making it into a Google Hacker's clutches.

Though I've gushed about the book so far, I will quibble with its inconsistent tone. Some of its chapters target readers having different levels of technical understanding. While the book starts out in a voice easy enough for even the most novice user to understand, some of the later chapters, on topics such as document grinding, database digging, and query automation, jump drastically and use language and techniques that only programmers or Unix power-users would understand. In addition, the humor that made Johnny's live presentation so memorable shows up in his book, but in scant supply; frankly, more jokes would be welcome.

But these negatives are mere nits. Whether you're a penetration tester wanting to exploit Google, a Web administrator wanting to protect yourself from information leaks, or even a newbie wanting to harness Google's full potential, Google Hacking for Penetration Testers makes an excellent resource. If you, too, use Google as a second brain, pick up Johnny Long's book and learn how to exploit this powerful search engine to its full capacity.


Corey Nachreiner, Network Security Analyst for WatchGuard's LiveSecurity Service, writes about network security on the free RSS news feed, WatchGuard Wire (browsable version, RSS feed.) You can purchase Google Hacking for Penetration Testers from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This discussion has been archived. No new comments can be posted.

Google Hacking for Penetration Testers

Comments Filter:
  • Nice website (Score:3, Informative)

    by maotx (765127) <(maotx) (at) (yahoo.com)> on Monday April 11, 2005 @04:21PM (#12204838)
    Personally I've been using his site [ihackstuff.com] for a while now. It is great site with user submitted hacks and a community review. It really is amazing what is on Google and knew a book was coming to exploit it.
    Besides being able to find sensitive files, [google.com] hidden portals, [google.com] and vulnerable servers, [google.com] it is also a good way to get free porn. [google.com]

    The exploits are just really advanced searches like the one below.

    "http://*:*@www"bangbus
    • Wow. I hope you know you just FUBAR'd someones webserver. awesome.
    • "Penetration Testers".... sooo funny :)
    • Free Porn? What are you thinking man? You're stealing from the working-woman here! I mean, out of the words of a porn star: "Everyone thinks being a porn star is easy and glamorous, but it's a lot of hard work!"
    • dead (Score:3, Informative)

      by John Seminal (698722)
      ah man, now all those passwords are dead.
    • Holy ke-rapp... I just did the vulnerable servers search and the SAMBA settings for members.lycos.co.uk showed up! Anyone here care to mess with those crazy Brits*?

      (*No offense intended to the British people in particular. If it had been members.lycos.es I would have said "crazy Hispanics," etc, etc.)
    • especially when you add -gentoo to the search and then find out of the 9 hits out there none of them are interesting.

      I'm all for google hacking, especially where axis webcams are concerned, but that just isn't a useful one.

      There is still of ton of fun stuff out there though. Too bad about ISP's wising up and filtering ports though. Boy did it used to be fun to scan entire networks that had F&P sharing enabled with no firewall or ISP filter in the way. It used to be as simple as fire up your program,
    • Re:Nice website (Score:3, Interesting)

      by ruvreve (216004)
      It's not free, but it's cheap (as in beer) and automated (as in no hands required)

      http://www.pornsnatcher.com/
    • Is it legal? And could google sue him for showing up exploits?
    • and Security webcams [johnbokma.com]
  • by Anonymous Coward
    With a name like that, he should be!
  • Heh (Score:3, Funny)

    by aftk2 (556992) on Monday April 11, 2005 @04:23PM (#12204863) Homepage Journal
    Penetration testing?

    In that sense, Google Hacking is eye-popping

    That's what she said!

    </rimshot>
  • by bogaboga (793279) on Monday April 11, 2005 @04:25PM (#12204894)
    Yes, you are not alone. Many, amd more especially here at slashdot think [and believe] they know more than they actually do!
  • by FreeLinux (555387) on Monday April 11, 2005 @04:28PM (#12204919)
    Instead of submitting basic searches that leave you arduously parsing hundreds of results for your desired answer

    Dude, stop searching for porn. I usually feel really lucky if my search produces more than a single page of results.
    • Dude, stop searching for porn. I usually feel really lucky if my search produces more than a single page of results.

      Hey! I search for porn and feel lucky if I get a single page of results!

      Admittedly I have some fairly "unique" tastes.

      But it's all part of life's rich tapestry innit?
  • I see that apache.leakage.org is on the list of misconfigured servers.

    I didn't think that was possible;)

  • This is ironic (Score:5, Interesting)

    by 955301 (209856) on Monday April 11, 2005 @04:38PM (#12205024) Journal

    One of the first links I checked out from the google results he lists is apparantly some ddos [dc.spec.pl] perpetrator's weapons list page.

    Go Figure.
  • GeoCamming (Score:5, Interesting)

    by Schrockwell (867776) on Monday April 11, 2005 @04:39PM (#12205033)
    Here [hackaday.com] is a cool article on Hackaday that describes GeoCamming, another Google exploit.
    I like to find interesting cameras and then use NeoTrace [neotrace.com] to trace the addresses to find out exactly where the camera is. It's quite fun.
  • amazon link (Score:2, Informative)

    by Anonymous Coward
    • Re:amazon link (Score:2, Informative)

      by Anonymous Coward
      The mod found this "informative," but I find it opportunistic. This is an associate link. Wouldn't be as bad had "gtelnetworks-20" posted it under their own user ID I s'pose, but as it stands, this AC is just looking to make a buck.
      • Re:amazon link (Score:1, Interesting)

        by Anonymous Coward
        I posted the link and I wasn't looking to make a buck. The link is not tied into any affiliate program. Even though the link could be misconstrued as an affiliate, at least it didn't produce a 404.
      • Re:amazon link (Score:1, Interesting)

        by Anonymous Coward
        Why don't you get a life instead of trying to ruin some guy's day of making a little bit of money?

        It doesn't cost anyone else extra to buy it referred and it was helpful to people who fucking wanted to book

        You jackoff
  • by ehiris (214677) on Monday April 11, 2005 @04:41PM (#12205057) Homepage
    My roommate is dating a penetration tester from my work. You should have seen the look on her face when he told her what he does for a living.

    How did someone come up with this name for a profession anyways?
    • That's like when I worked in offset printing. The guys who set the film up are called "strippers."

      I'd gotten so used to the term that whenever I'd refer to "the strippers in the back, at work..." it'd catch me offguard when people would say "you've got stippers at work? where do you work again?"

      Too bad all the strippers were guys. it woulda been nice to have a female stripper there.
      • In the 3D animation industry, setting up a character for animation involves creating invisible bones and defining joint parameters that animators use to drive the animation. This step used to be called "boning" the character, but has come to be called "rigging."

        Legend has it that one too many studio executives overheard some guy in VFX talking about spending the last few days "boning $ACTRESS."

      • I once had a prof ask if everyone had a stripper. Of course he ment a wire stripper as it was an electronics lab class.
    • How did someone come up with this name for a profession anyways?

      Well for one thing the author is called "Johnny Long". I figure he used to work in porn and just brought his lexicon with him to his new profession.

      Probably coined the phrase "back door exploit" too...

  • by Anonymous Coward on Monday April 11, 2005 @04:43PM (#12205075)
    Seems like Google itself isn't immune to hacking [gregduffy.com] either ...
  • Google Proxy server (Score:4, Informative)

    by objekt (232270) on Monday April 11, 2005 @04:44PM (#12205094) Homepage
    For example, did you know you can use Google as a free proxy server? By submitting a specially-crafted, English-to-English translation query, you can capitalize on Google's translation service to anonymously submit all your Web requests.

    Too bad Google doesn't translate graphics, which some web pages are full of.

    • That, and they send this "x-forwarded-for" header. In my case, my IP followed by my ISP (non-anonymous) proxy's IP, followed by "unknown", all delimited using commas.

      Yeah, that's real anonymous there...

      Hmm... Google also responds with a Content-Location: header, causing Firefox to go directly to the actual page the second time.

      I'm testing with this site [ericgiguere.com] (random Google result for "HTTP header viewer").
      • I remember three or four years ago back in H.S. when I had to deal with a proxy server that blocked all the neat stuff on the internet. Altavista's translator was a big help for that, not anonymous at all but useful when you're stuck behind some sort of idiotic filtering program.
  • by KSobby (833882) on Monday April 11, 2005 @04:47PM (#12205130)
    We all know that a male geek's second brain most certainly isn't Google (unless that is a clever nick name he bestowed upon it). I can just imagine wil wheaton shuddering at being linked to this thought as well as all the spam geared towards "natural google enhancement".
  • obvious (Score:2, Redundant)

    by Quixote (154172) *
    Right now the server [ihackstuff.com] is undergoing some severe penetration testing, and from the looks of it, not doing too well...
  • What I really want to see abused is AskJeeves. That smarmy little morpion really bugs me for some reason.
  • by cccpkgb (793118) on Monday April 11, 2005 @04:59PM (#12205275)
    My new dream job!
  • by DarkHand (608301) on Monday April 11, 2005 @04:59PM (#12205277)
    Sounds more like a cheesy pickup line to me: "Excuse me Miss, I'm Mr. Jones with the Office of Penetration Testing. You've been scheduled for a security checkup."
  • Yes, but... (Score:2, Funny)

    by Schrockwell (867776)
    ... does Google have Double penetration ! In vogue [spamusement.com]
  • by Anonymous Coward
    I've been fortunate to live and work in the same area as Johnny Long, and have heard him locally a couple of times. The most memorable was when he was a guest speaker at a security class while I was working on my masters degree. His demo on pen testing was great. If you ever get the chance, listen to him speak.

    I'd imagine his book is just as lively, informative, and insightful. I'm buying to when I get home. I've had it in my saved list for a while now.
  • An Apache mirror running Microsoft-IIS/6.0.

    *boogle*
  • by HanClinto (621615) <<moc.liamg> <ta> <otnilcnah>> on Monday April 11, 2005 @05:34PM (#12205637)
    Correct me if I'm wrong, but Google doesn't do anything to the image references -- so that if you want to anonymously browse a website through Google, wouldn't you also have to turn image loading off on your browser? I mean, sure it'll work for text, but I didn't think this was exactly uncommon knowledge?

    Also, I don't think Google translates the hyperlinks to work within the translation-page does it? So you would have to copy out any URL's that you wanted to go to and re-enter them into your translation query.

    Can someone please tell me what's so special about this l33t "specially formed English-to-English translation" method? I mean, how much better can it be than just typing in the URL you want and choosing "Korean to English" in the drop-down?
  • 'How to be malicious with search engines'. BTW this is nothing new. Google '1997 Simple Nomad hack faq' which explains using search engines (at the time altavista) to do exactly what this 'groundbreaking book' says!
  • google proxy (Score:5, Informative)

    by Kallahar (227430) <kallahar@quickwired.com> on Monday April 11, 2005 @05:37PM (#12205677) Homepage
    *** WARNING ***
    When doing a google translation proxy, remember two things:
    1) The images that you load from the target page do *not* use the proxy. So if they want to track you down, all they have to do is look for the next few image loads following the google load for the main page.
    2) en|en translations stand out in the logs, since it's not a normal translation option. You should use (for example) de|en. It'll fail on every german word and show the original word, which is english.
    • Re:google proxy (Score:2, Informative)

      by wwwrench (464274)
      Why not just use tor [eff.org] for anonymous internet use (browsing, sshing etc.). It's free and doesn't place full trust in a single node.
  • another article (Score:2, Interesting)

    by zanthas (550256)
    The register had a mirrored [theregister.co.uk] article from security focus. It walks you through the basic idea behind the book.
  • I wonder what the legal ramifications are if someone uses google to break into a website? Or is google has a cache of a website that does not want a cache to exist?? For example, google has since done away with it, but when news.google went public, you could get a cache to any newspaper you wanted, even if the newspaper required a subscription. I wonder what would happen if google stuck to their guns, said we are keeping all content cached, and the newspapers sued. Who would win?

    Since there is so much pot

    • The site was insecure to begin with. Google just makes it easier to find.
    • by bani (467531) on Monday April 11, 2005 @06:17PM (#12206060)
      I wonder if soon government will "wiretap" google

      What makes you think they haven't already?
    • "what if some teen in high school did a search for "anarchist cookbook""

      I was a senior in high school who had a copy of that infamous volume, at a poor time to be caught with it '73. I was lucky in that I had loaned it to a friend the day before the FBI searched my locker. Yes The FBI, In civics class we all got to fill out civil service forms which were sent in for processing, mine got me investigated. One of the questions on the form asked something along this line - do you belong to or support any org
      • I was a senior in high school who had a copy of that infamous volume, at a poor time to be caught with it '73. I was lucky in that I had loaned it to a friend the day before the FBI searched my locker. Yes The FBI, In civics class we all got to fill out civil service forms which were sent in for processing, mine got me investigated. One of the questions on the form asked something along this line - do you belong to or support any organization or group that advocated the overthrow of the United States Govern
        • "I wonder what they could have done to you if they found the book in your locker. Would it have been enough to get you in trouble? Or is it freedom of thought, your right to read whatever you want?? I have been seeing a trend of less freedom, at least it feels like a trend. But you said this was '73. I was reading in the papers some elementary school kids got arrested because one painted a picture of classmates getting shot. I guess after columbine, that's the way it is. I just had a funny thought. You kno
  • Free porn??? (Score:3, Insightful)

    by Pedrito (94783) on Monday April 11, 2005 @08:43PM (#12207257) Homepage
    You need to use "Google hacking" to find free porn? I know a lot of hacking techniques for all kinds of things, but I can't remember the last time I had to use any of them to find more free porn than I can possibly look at in a hundred lifetimes.
  • crazy! (Score:2, Interesting)

    by kreativemind (872620)
    These hacks are just the beginning and i can't wait to see how far Google will allow such queries to go on. I probably think that Google will limit special or *hacking technique queries search anytime soon, if not expect big brother or corporate giants to interfere with search engines and take actions against these small but powerful methods of hacking thru 'search engines'.

The person who's taking you to lunch has no intention of paying.

Working...