![Page 1: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/1.jpg)
Google Hacking
Web 安全系列 ·Part 1
By 程亚飞
![Page 2: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/2.jpg)
What is Google Hacking?
How we do that?
Let’s analyze it!
Try
Protect Your Data !
Note
Google Hacking是什么?
我们该怎么做
分 析并
尝 试
保 护数 据
![Page 3: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/3.jpg)
Part 1:Google hacking 是什么?
Google 黑客 绝对不是 入侵 Google!! !
面对海纳百川的 internet ,你该如何开始你的漫漫 web 攻击 [ 白帽子 ] 之路 ?!
goolge 是 $&*^%&~%... 所以在准备入侵目标 , 或者检查自身漏洞之前可以通过google 强大的搜索功能充分掌握目标的相关信息。
或者 , 当网上发布了某个最新漏洞之后,也可以利用 goolge 来搜索有漏洞的网站。或者也可以直接搜索别人留下的后门和 webshell ,或者 ...... ,因为 google[ 爬虫 ] 是如此的强大!
所以 google hacking 呢。也就是指将 google 强大的搜索功能应用到 hack 攻击之中 !
Google Hacking 新技术
![Page 4: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/4.jpg)
基 本操 作
https://www.google.com
Everybody know it
![Page 5: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/5.jpg)
高 级操 作
https://www.google.com.hk/advanced_search
![Page 6: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/6.jpg)
谁创 造GH
Site: http://johnny.ihackstuff.com/
书籍下载地址 :http://www.verycd.com/topics/2939802/
![Page 7: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/7.jpg)
Part 2: How we do that
+ 把 google 可能忽略的字列如查询范围 【已弃用】 - 把某个字忽略 ~ 同意词 OR 或 [ 大写 ]
* 通配符,补全搜索字词 “ " 精确查询
操作符 ->
![Page 8: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/8.jpg)
Part 2: How we do that
site 搜索一个特定站点的详细内容 intitle 搜索网页标题中的某个特定字符串 inurl 搜索网页 URL 地址中的某个特定字符串 filetype 搜索指定类型的文件 link 搜索和某个站点做了链接的所有 URL
intext 搜索网页面正文内容中的某个特定字符串 info 搜索指定站点的一些基本信息 all 所有关键字前都加上 all 可以得到更加精确详细的信息
关键词搜索 ->
![Page 9: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/9.jpg)
Part 2: How we do that
For 前端的童鞋们:情景:有一个专题,编辑需要维护,可是,可是时间间隔太久,有些不记得链接,肿么办?【你可以这样:】
插曲
![Page 10: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/10.jpg)
Part 3: Let’s analyze it
关键词: site
Example:佳能 site:pchome,net
![Page 11: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/11.jpg)
Part 3: Let’s analyze it
关键词: intitle inurl
组合他们!
Example:国外程序员 伯乐在线
![Page 12: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/12.jpg)
Part 3: Let’s analyze it
关键词:
Example:filetype:pdf inurl:event.pchome.net
![Page 13: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/13.jpg)
彩 蛋
"Disallow:" filetype:txt
大家可以看到,我们找到了很多知名网站的robots.txt
![Page 14: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/14.jpg)
彩 蛋
filetype:doc site:xxxYou will see…
![Page 15: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/15.jpg)
彩 蛋
Index of
You will see…
![Page 16: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/16.jpg)
彩 蛋
intitle:"index of" passwd
You will see…
![Page 17: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/17.jpg)
Part 4: Try
Tips:
案例 1 :PhpMyAdmin
案例 2 :sql injection 案例
案例 3 :文件安全案例
简要展示下,这些搜索对于某些 web 应用的影响。
详细的入侵方式和具体方法【知己知彼才能安全】,后续会详细介绍到!
![Page 18: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/18.jpg)
Part 4: Try
1 :Phpmyadmin
![Page 19: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/19.jpg)
Part 4: Try
2.1 :SqlInjection
![Page 20: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/20.jpg)
Part 4: Try
2.2 :SqlInjection
![Page 21: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/21.jpg)
Part 4: Try
2.3 :SqlInjection
![Page 22: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/22.jpg)
Part 4: Try
2.4 :SqlInjection
![Page 23: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/23.jpg)
Part 4: Try
2.5 :SqlInjection
![Page 24: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/24.jpg)
Part 4: Try
2.6 :SqlInjection
![Page 25: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/25.jpg)
Part 4: Try
2.7 :SqlInjection
![Page 26: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/26.jpg)
Part 4: Try
2.8 :SqlInjection
![Page 27: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/27.jpg)
Part 4: Try
2.9 :SqlInjection
![Page 28: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/28.jpg)
Part 4: Try
3. :文件 》 1
![Page 29: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/29.jpg)
Part 4: Try
3. :文件 》 2
![Page 30: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/30.jpg)
Part 4: Try
3. :文件 》 3
![Page 31: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/31.jpg)
Part 5: Protect Your Data
针对谷歌:1 : robots.txt [ 有利有弊 ]2 : google webmaster
http://support.google.com/webmasters/?hl=zh-Hans3 :?
针对应用:1 : web 服务器安全设置 [ 目录,权限… ..]2 : 程序漏洞检测【攻击你自己的站点】3 : ?
![Page 32: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/32.jpg)
Note:
![Page 33: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/33.jpg)
Recommended
![[Kerference] Naver Web Security - 허규(NAVER)](https://img.pdfslide.tips/doc/110x75/58700c321a28ab427f8b74a3/kerference-naver-web-security-naver.jpg)
