Google
is one of several very large companies in the field of internet
business. In addition to being one of the few companies in the
world's largest internet, google also turned out to be one of several
websites that can be said to have a record number of visitors ever,
how not?Everything in connection with the internet now all of them
can be searched through google, from data on common issues, news,
until the technical information.
Speaking
in connection with the sub title of this article, which reads "Taking
Advantage of Technology", in this article I'll discuss a bit
about a hacking technique that uses the services provided rather than
google it yourself.
As
we have seen, that with the advances in technology and the growing
Internet industry, of course also many other things that happened in
connection with the security system. A kind of technological
advances, it will be balanced with technique "to break down"
rather than the system itself. It can be seen in the case of
google.com because it is known that in addition to be useful as a
most powerful search engine with a database of billions in number,
google was not able to cover up the fact that many hackers who use
google.com as a means of committing a "fad"on the internet,
because besides being able to find data data such as MP3, Movies,
Articles, and other google sebagainyam also has the ability to be
able to find data that can be classified as confidential data.
By using a few unique abilities, and of course by using google.com as a means of searching the data, it turns out one can find a lot of sensitive data on the Internet. Data data is sensitive data is data that can be classed as personal data, such as credit card numbers, and passwords.
Using google of course, already is a thing which is not unusual anymore for those who frequently use the internet. Plus, considering the use rather than google.com website itself is very user-friendly, the author feels no need to explain more about the method by using google search. In this article we will discuss more towards basic search methods and the introduction of the string in use at google.com and search for examples of sentences that are very helpful in doing google hacking later.
Basic Search Techniques
The use of strings (+) is used to conduct forcible searches of similar letters. While (-) is used to download does not include a word in the search.
To find a particular wording is very precise, then you need to use string ("")
While the dot (.) Used to perform a text search method one character.
An asterisk represents all letters.
Syntax site: used to instruct Google to make search in specific sites. Web site address can be entered after the colon. (E.g site: www.th0r.name)
Syntax filetype: used to instruct Google to search for the file type specification openly. Types of files to search can be positioned after the colon.
Syntax link: used to instruct Google to only search in certain hyperlinks.
Syntax cache: used to instruct Google to display the version instead of a webpage opened at google. Information on the website address can be added at the end after a colon.
Syntax intitle: google in this case was ordered only to find out based on the title rather than specific documents, in accordance with which we are typing at the end of the syntax after the colon.
Syntax inurl: Google will do the search data in a specific URL syntax is given after the colon.
By using a few unique abilities, and of course by using google.com as a means of searching the data, it turns out one can find a lot of sensitive data on the Internet. Data data is sensitive data is data that can be classed as personal data, such as credit card numbers, and passwords.
Using google of course, already is a thing which is not unusual anymore for those who frequently use the internet. Plus, considering the use rather than google.com website itself is very user-friendly, the author feels no need to explain more about the method by using google search. In this article we will discuss more towards basic search methods and the introduction of the string in use at google.com and search for examples of sentences that are very helpful in doing google hacking later.
Basic Search Techniques
The use of strings (+) is used to conduct forcible searches of similar letters. While (-) is used to download does not include a word in the search.
To find a particular wording is very precise, then you need to use string ("")
While the dot (.) Used to perform a text search method one character.
An asterisk represents all letters.
Syntax site: used to instruct Google to make search in specific sites. Web site address can be entered after the colon. (E.g site: www.th0r.name)
Syntax filetype: used to instruct Google to search for the file type specification openly. Types of files to search can be positioned after the colon.
Syntax link: used to instruct Google to only search in certain hyperlinks.
Syntax cache: used to instruct Google to display the version instead of a webpage opened at google. Information on the website address can be added at the end after a colon.
Syntax intitle: google in this case was ordered only to find out based on the title rather than specific documents, in accordance with which we are typing at the end of the syntax after the colon.
Syntax inurl: Google will do the search data in a specific URL syntax is given after the colon.
Syntax To
learn more about the Google Hacking
After knowing the basic
search method using google.com, now we will turn to the syntax that
can be said to be more specific and more complications than the
syntax given above. Let us now consider the following
syntax:
intitle: "Index of" passwords
modified
allinurl: auth_user_file.txt
"Access
denied for user" "using password"
"A
syntax error has occurred" filetype: ihtml
allinurl:
admin mdb
"ORA-00921: unexpected end of SQL
command"
inurlasslist.txt
"Index of /
backup"
"Chatologica metasearch" "stack
tracking:"Examples of the example given above is an example of the syntax examples that bias is said to be used to find the password or the admin page, and also the bias used to find pages that are not supposed to be opened by a user. The combination of the other combinations can be used to search the other and just need to be modified according to your needs and your target.
Amex
Numbers: 300000000000000 .. 399999999999999
MC Numbers:
5178000000000000 .. 5178999999999999
visa 4356000000000000
.. 4356999999999999
While the above syntax is used to find
credit card numbers of people using google.comSyntax Surgery
After seeing some of the more complex syntax above, let us discuss a bit what the syntax of existing syntax below.
"Parent directory" / appz /-xxx-html-htm-php-shtml-opendivx-md5-md5sums
"Parent directory" DVDRip-xxx-html-htm-php-shtml-opendivx-md5-md5sums
"Parent directory" Xvid-xxx-html-htm-php-shtml-opendivx-md5-md5sums
"Parent directory" Gamez-xxx-html-htm-php-shtml-opendivx-md5-md5sums
"Parent directory" MP3-xxx-html-htm-php-shtml-opendivx-md5-md5sums
"Parent directory" Name of Singer or album-xxx-html-htm-php-shtml-opendivx-md5-md5sums
As you can see from the whole syntax. The part that was replaced just always on the section after the word "Parent Directory". Why? Once we learned earlier section of this article was that the syntax ("") is used to search for certain words, and (-) is used to download do not want to include a search word in the whole sentence. So that in this syntax we can also interpret roughly as follows:
"Parent Directory" seekers are conducting a search for the word Parent Directory certainty and not be scattered (Parent Directory own and his own)
Seekers who want to put what he was looking for.(Example: / appz / is the application. And MP3, means he's looking for on this MP3)
Seeker-xxx do not want any xxx content in the search.
Seeker-html not want any html content in the search.
Htm -seekers do not want any content htm in the search.
php-seekers do not want any php content in the search.
And so forth.
List Syntax, as well as combinations
After discussing the search method, the syntax is quite different from the meaning of complications to syntax, in the previous section.In this section we will discuss about the combination of syntax and how it functions, as well as how to read the meaning of the syntax.
Inurl: Microsoft filetype: iso
You will find on each URL smelling Microsoft word to all files of type iso. You can change the URL and Filetype be whatever according to your needs.
"#-FrontPage-" inurl: service.pwd
By using this syntax, you tell google to find a password for your frontpage.
"Http:// *: * @ www" <domain name>
Syntax above is used to perform the search password on your url line. In this case you are looking for a user and password are writing anything, in a particular domain name. (Enter the domain name without the. Com. Net /. Org) - (Example: "http:// *: * @ www" neotek)
Another way to use this syntax in a form that berkesebalikan is by writing the syntax like this:
"Http://th0r:th0r @ www" <domain name> in this case you are looking for a username and password th0r on the website which will you input the address on the back.
"Sets mode + k"
It seems like IRC? It's true. There are also many rooms on IRC that using a key to perform the join into the room and by using this syntax, you will be able to find some key conversations recorded in the log channel / room.
Allinrul: admin mdb
You will find many web pages with respect to the system administrator page.
Intitle: "Index Of" config.php
With the syntax above, you will be given a pile of data on the web site that has the file config.php
Even google can also be used as a platform to seek warez serial code. Say you membutukan Windows XP Pro serial number. You only need to open http://www.google.com and type the following syntax:
"Windows XP Professional" 94FBR
What can we also interpret as the search word in the Windows XP Professional without separating. While 94FBR itself is a code that is often incorporated into part of the registration code available on most Microsoft software. By than because of it, use 94FBR code may be helpful in searching the serial code. However, things can still be modified in accordance with the wishes and your needs.
So this time my short story about Google Hacking. Keep in mind that how the level of success in using google hacking this is 100% dependent than your own ideas and creativity in combining syntax and customize the data you know about a particular target. But what I need to explain here, that google hacking is one technique that is quite terrifying if you can use it very well. This also supported by the fact that most of the world's security experts have put the Google Hacking as one of the parallel technique and as dangerous as SQL Injection, Cross-Site Scripting and Remote Command Execution.
Credit and Special Thanks To: Johnny Long With His Book Named as "Google Hacking"
I also do not forget to thank Epel (thanks yoo = P), Ignes (Which has nemenin lg chat time for this article), Cindy (Which also has nemenin talking until finished article) Hehehe, also Jeffry and Nico. As well as some of my other friends.
Finally, I just wanted to say. Developing technology for the exploitation of the functions and benefits. If you exploit the natural wealth that is wrong, exploiting technology funsi is a good thing can be said. By the therefore, continue to seek profit rather than use of the system itself.
BY THIS ARTICLE MAY BEUSEFUL SCIENCE.
Tidak ada komentar:
Posting Komentar