Google hacking is not really a new thing. At the time, it didn't pay much attention to this
technology
, and thought that webshell is not very practical. Google hacking is not so simple...
Simple implementation of google hacking
Using some grammar in google can provide us with more information (of course also for those who are used to attack More of what they want), here are some common syntaxes.
intext:
This is to use a character in the body of the web page as a search condition, for example, enter in google: intext: dynamic network. will return all in the body of the page
.allintext:
The usage method is similar to intext.
intitle:
Similar to the above intext, search the webpage Is there a character in the title that we are looking for, such as search: intitle: security angel. It will return all pages with "security angel" in the title of the page. The same as allintitle: also similar to intitle.
cache:
Search google for some content cache, sometimes you may find some good things.
define:
Search for a certain the definition of words, search for: define: hacker, the hacker will return to the definition of
filetype:.
that I want to focus recommend, both net attacks or say behind us Search for the specified type of file. For example, type: filetype:doc. will return all URLs ending with doc. Of course, if you find .bak,. Mdb or .inc is also possible, the information obtained may be more abundant
info:
Find some basic information of the specified site.
inurl:
Search for the character we specified exists in the URL. For example, enter: inurl:admin, which will return N connections like this: http://www.xxx.com/xxx/admin
, The URL to find the administrator login is good. Allinurl is similar to inurl and can specify multiple characters.
link:
For example: inurl:www.4ngel.ne t can return all URLs that have been linked to www.4ngel.Net.
site:
This is also useful, for example: site:www.4ngel.net. will return all and 4ngel .Net this site related URL.
google hacking is not really a new thing, did not pay attention to this technology
, that webshell or something, there is not much practical use. Google hacking is not so simple...
Simple implementation of google hacking
Using some grammar in google can provide us with more information (of course also for those who are used to attack More of what they want), here are some common syntaxes.
intext:
This is to use a character in the body of the web page as a search condition, for example, enter in google: intext: dynamic network. will return all in the body of the page
.allintext:
The usage method is similar to intext.
intitle:
Similar to the above intext, search the webpage Is there a character in the title that we are looking for, such as search: intitle: security angel. It will return all pages with "security angel" in the title of the page. The same as allintitle: also similar to intitle.
cache:
Search google for some content cache, sometimes you may find some good things.
define:
Search for a certain the definition of words, search for: define: hacker, the hacker will return to the definition of
filetype:.
that I want to focus recommend, both net attacks or say behind us Search for the specified type of file. For example, type: filetype:doc. will return all URLs ending with doc. Of course, if you find .bak,. Mdb or .inc is also possible, the information obtained may be more abundant
info:
Find some basic information of the specified site.
inurl:
Search for the character we specified exists in the URL. For example, enter: inurl:admin, which will return N connections like this: http://www.xxx.com/xxx/admin
, The URL to find the administrator login is good. Allinurl is similar to inurl and can specify multiple characters.
link:
For example: inurl:www.4ngel.ne t can return all URLs that have been linked to www.4ngel.Net.
site:
This is also useful, for example: site:www.4ngel.net. will return all and 4ngel .Net this site related URL.
With google is completely able to collect information and infiltrate a site, below we use google to test a specific site.
First look at some of the basic conditions of this site with google (some details are omitted):
site:xxxx.com
from the information returned, found several departments of the hospital several school name:
http://a1.xxxx.com
http : //a2.xxxx.com
http://a3.xxxx.com
http://a4.xxxx.com
ping the way a bit, it should be on different servers schools usually have a lot of good information, take a look at what good things did
site:. xxxx.com Filetype:doc
Get N good docs.
First look for the management background address of the website:
site:xxxx.com intext: management
site:xxxx.com inurl:login
site :xxxx.com intitle:Manage
Get more than 2 management background addresses:
http://a2.xxxx.com/sys/admin_login.ASP
http://a3.xxxx.com:88/_admin/login_in.ASP
pretty good, take a look at what is running on the server program:
site:a2.xxxx.com filetype:ASP
site:a2.xxxx.com filetype:PHP
site:a2.xxxx.com filetype:ASPx
site:a3.xxxx.com filetype:ASP
site:.......
......
a2 server should be IIS, the above is the whole station program of asp, there is a PHP forum a3 server is also IIS, aspx+ASP. Web applications should be developed by themselves. Have a forum to see if you can meet any public FTP account:
site:a2.xxxx.com intext:FTP://*:*
Nothing found valuable s things. Let's see if there is a vulnerability in the upload:
site:a2.xxxx.com inurl:file
site:a3.xxxx.com inurl:load
found a file upload on a2 page:
http://a2.xxxx.com/sys/uploadfile.ASP
with IE looked at, no authority access. Try injection,
site:a2.xxxx.com filetype:ASP