Matt Payne - Google hacking CSF-Jun2005.pdf

(624 KB) Pobierz
Google Hacking 101
Google Hacking 101
Edited by Matt Payne, CISSP
15 June 2005
http://MattPayne.org/talks/gh
1
403130197.003.png
Outline
• Google Bombing
• Schneier in Secrets and Lies
– Attack at a distance
Emergent behavior
– Automation
• Google as a mirror
• “Interesting Searches”
– Software versions
– Passwords, credit card numbers, ISOs
• CGI Scanning
– Vulnerable software
• Defense against Google Hacking
2
403130197.004.png
Google Bombing
!=
Google Hacking
• http://en.wikipedia.org/wiki/Google_bomb
• A Google bomb or Google wash is an
attempt to influence the ranking of a given
site in results returned by the Google
search engine. Due to the way that
Google's Page Rank algorithm works, a
website will be ranked higher if the sites that
link to that page all use consistent anchor
text.
3
403130197.005.png
So What Determines Page
Relevance and Rating?
• Exact Phrase: are your keywords found as
an exact phrase in any pages?
• Adjacency: how close are your keywords to
each other?
• Weighting: how many times do the
keywords appear in the page?
• PageRank/Links: How many links point to
the page? How many links are actually in
the page?
4
From: Google 201, Advanced Googology - Patrick Crispen, CSU
Equation: (Exact Phrase Hit)+(AdjacencyFactor)+(Weight) * (PageRank/Links)
403130197.006.png 403130197.001.png
Simply Put
• “Google allows for a great deal of target
reconnaissance that results in little or no
exposure for the attacker.” – Johnny Long
• Using Google as a “mirror” searches find:
– Google searches for Credit Card and SS #s
– Google searches for passwords
– CGI (active content) scanning
5
403130197.002.png

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin