ebook img

Google Hacking for Penetration Testers PDF

529 Pages·2007·13.67 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Google Hacking for Penetration Testers

315_PTG_FM.qxd 11/22/04 6:50 PM Page i Register for Free Membership to s o l u t i o n s @ s y n g r e s s . c o m Over the last few years, Syngress has published many best-selling and critically acclaimed books, including Tom Shinder’s Configuring ISA Server 2000, Brian Caswell and Jay Beale’s Snort 2.0 Intrusion Detection, and Angela Orebaugh and Gilbert Ramirez’s Ethereal Packet Sniffing. One of the reasons for the success of these books has been our unique [email protected] program. Through this site, we’ve been able to provide readers a real time extension to the printed book. As a registered owner of this book, you will qualify for free access to our members-only [email protected] program. Once you have registered, you will enjoy several benefits, including: (cid:2) Four downloadable e-booklets on topics related to the book. Each booklet is approximately 20-30 pages in Adobe PDF format. They have been selected by our editors from other best-selling Syngress books as providing topic coverage that is directly related to the coverage in this book. (cid:2) A comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page, pro- viding you with the concise, easy to access data you need to perform your job. (cid:2) A “From the Author” Forum that allows the authors of this book to post timely updates links to related sites, or addi- tional topic coverage that may have been requested by readers. Just visit us at www.syngress.com/solutions and follow the simple registration process. You will need to have this book with you when you register. Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there is anything else we can do to make your job easier. 315_PTG_FM.qxd 11/22/04 6:50 PM Page ii 315_PTG_FM.qxd 11/22/04 6:50 PM Page iii Google Hacking F O R P E N E T R AT I O N T E S T E R S Johnny Long FOREWORD BY ED SKOUDIS 315_PTG_FM.qxd 11/22/04 6:50 PM Page iv Syngress Publishing,Inc.,the author(s),and any person or firm involved in the writing,editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind,expressed or implied,regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages,including any loss of profits,lost savings, or other incidental or consequential damages arising out from the Work or its contents.Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages,the above limitation may not apply to you. You should always use reasonable care,including backup and other appropriate precautions, when working with computers,networks,data,and files. Syngress Media®,Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,”and “Hack Proofing®,”are registered trademarks of Syngress Publishing, Inc.“Syngress:The Definition of a Serious Security Library”™,“Mission Critical™,”and “The Only Way to Stop a Hacker is to Think Like One™”are trademarks of Syngress Publishing, Inc.Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 HJIRTCV764 002 PO9873D5FG 003 829KM8NJH2 004 FGDD458876 005 CVPLQ6WQ23 006 VBP965T5T5 007 HJJJ863WD3E 008 2987GVTWMK 009 629MP5SDJT 010 IMWQ295T6T PUBLISHED BY Syngress Publishing,Inc. 800 Hingham Street Rockland,MA 02370 Google Hacking for Penetration Testers Copyright © 2005 by Syngress Publishing,Inc.All rights reserved.Printed in the United States of America.Except as permitted under the Copyright Act of 1976,no part of this publication may be reproduced or distributed in any form or by any means,or stored in a database or retrieval system,without the prior written permission of the publisher,with the exception that the program listings may be entered,stored,and executed in a computer system,but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN:1-931836-36-1 Publisher:Andrew Williams Page Layout and Art:Patricia Lupien Acquisitions Editor:Jaime Quigley Copy Editor:Darlene Bordwell Technical Editor:Alrik “Murf”van Eijkelenborg Indexer:J.Edmund Rush Cover Designer:Michael Kavish Distributed by O’Reilly Media,Inc.in the United States and Canada. For information on rights and translations,contact Matt Pedersen,Director of Sales and Rights, at Syngress Publishing;email [email protected] or fax to 781-681-3585. 315_PTG_FM.qxd 11/22/04 6:50 PM Page v Acknowledgments Syngress would like to acknowledge the following people for their kindness and sup- port in making this book possible. Syngress books are now distributed in the United States and Canada by O’Reilly Media,Inc.The enthusiasm and work ethic at O’Reilly is incredible and we would like to thank everyone there for their time and efforts to bring Syngress books to market:Tim O’Reilly,Laura Baldwin,Mark Brokering,Mike Leonard,Donna Selenko, Bonnie Sheehan,Cindy Davis,Grant Kikkert,Opol Matsutaro,Steve Hazelwood,Mark Wilson,Rick Brown,Leslie Becker,Jill Lothrop,Tim Hinton,Kyle Hart,Sara Winge, C.J.Rayhill,Peter Pardo,Leslie Crandell,Valerie Dow,Regina Aggio,Pascal Honscher, Preston Paull,Susan Thompson,Bruce Stewart,Laura Schmier,Sue Willing,Mark Jacobsen,Betsy Waliszewski,Dawn Mann,Kathryn Barrett,John Chodacki,and Rob Bullington.And a hearty welcome to Aileen Berg—glad to be working with you. The incredibly hard working team at Elsevier Science,including Jonathan Bunkell,Ian Seager,Duncan Enright,David Burton,Rosanna Ramacciotti,Robert Fairbrother, Miguel Sanchez,Klaus Beran,Emma Wyatt,Rosie Moss,Chris Hossack,Mark Hunt, and Krista Leppiko,for making certain that our vision remains worldwide in scope. David Buckland,Marie Chieng,Lucy Chong,Leslie Lim,Audrey Gan,Pang Ai Hua, and Joseph Chan of STP Distributors for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support. David Scott,Tricia Wilden, Marilla Burgess,Annette Scott,Andrew Swaffer, Stephen O’Donoghue, Bec Lowe, and Mark Langley of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands. Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the Philippines. A special thanks to Tim MacLellan and Darci Miller for their eternal patience and expertise. v 315_PTG_FM.qxd 11/22/04 6:50 PM Page vi 315_PTG_FM.qxd 11/22/04 6:50 PM Page vii Author Johnny Long has spoken on network security and Google hacking at several computer security conferences around the world including SANS,Defcon,and the Black Hat Briefings.During his recent career with Computer Sciences Corporation (CSC),a leading global IT services company,he has performed active network and physical security assessments for hundreds of government and commercial clients.His website,currently the Internet’s largest repository of Google hacking techniques,can be found at http://johnny.ihack- stuff.com. Technical Editor Alrik “Murf” van Eijkelenborg is a systems engineer for MBH Automatisering.MBH provides web applications,hardware,hosting, network,firewall,and VPN solutions.His specialties include tech- nical support and consulting on Linux,Novell and Windows net- works. His background includes positions as a network administrator for Multihouse,NTNT,K+V Van Alphen, Oranjewoud and Intersafe Holding.Alrik holds a bachelor’s degree from the Business School of Economics (HES) in Rotterdam,The Netherlands.He is one of the main moderators for the Google Hacking Forums and a key contributor to the Google Hacking Database (GHDB). vii 315_PTG_FM.qxd 11/22/04 6:50 PM Page viii Contributing Authors Steven “The Psyko”Whitacre [MCSE] is a senior network engi- neer with OPT,Inc,a leading provider of networking solutions in the San Francisco Bay Area,providing senior level network adminis- tration and security consulting to companies throughout the greater Bay Area. His specialties include:network design,implementation, administration,data recovery,network reconstruction,system foren- sics,and penetration testing.Stevens consulting background includes work for large universities,financial institutions,local law enforce- ment,and US and foreign government agencies.Steven is a former member of COTSE/Packetderm,and currently volunteers his time as a moderator for one of the largest security related forums on the Internet.Steven resides in San Francisco,CA with his wife and two daughters,and credits his success to their unwavering support. James C. Foster, Fellow,is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation where he is responsible for the vision and development of physical,per- sonnel,and data security solutions.Prior to CSC,Foster was the Director of Research and Development for Foundstone Inc. (acquired by McAfee) and was responsible for all aspects of product, consulting,and corporate R&D initiatives.Prior to joining Foundstone,Foster was an Executive Advisor and Research Scientist with Guardent Inc.(acquired by Verisign) and an adjunct author at Information Security Magazine (acquired by TechTarget),subse- quent to working as Security Research Specialist for the Department of Defense.With his core competencies residing in high-tech remote management,international expansion,application security,protocol analysis,and search algorithm technology,Foster has conducted numerous code reviews for commercial OS compo- nents,Win32 application assessments,and reviews on commercial- grade cryptography implementations. viii 315_PTG_FM.qxd 11/22/04 6:50 PM Page ix Foster is a seasoned speaker and has presented throughout North America at conferences,technology forums,security summits,and research symposiums with highlights at the Microsoft Security Summit,Black Hat USA,Black Hat Windows,MIT Wireless Research Forum,SANS,MilCon,TechGov,InfoSec World 2001, and the Thomson Security Conference.He also is commonly asked to comment on pertinent security issues and has been sited in USAToday,Information Security Magazine,Baseline,Computer World, Secure Computing, and the MIT Technologist. Foster holds an A.S., B.S.,MBA and numerous technology and management certifications and has attended or conducted research at the Yale School of Business,Harvard University,the University of Maryland,and is cur- rently a Fellow at University of Pennsylvania’s Wharton School of Business.Foster is also a well published author with multiple com- mercial and educational papers;and has authored,contributed,or edited for major publications including Snort 2.1 Intrusion Detection (Syngress Publishing,ISBN:1-931836-04-3);Hacking Exposed, Fourth Edition, Anti-Hacker Toolkit,Second Edition;Advanced Intrusion Detection;Hacking the Code:ASP.NET Web Application Security (Syngress,ISBN:1-932266-65-8);Anti-Spam Toolkit; and Google Hacking for Penetration Testers (Syngress,ISBN:1-931836-36-1). Matt Fisher is a Senior Security Engineer for SPI Dynamics, which specializes in automated web application security assessments products for the entire software development lifecycle.As an engi- neer at SPI Dynamics,he has performed hundreds of web applica- tion assessments and consulted to the Fortune 500,Federal Government,and Department of Defense.He has educated thou- sands on web application security through presentations at numerous conferences and workshops both domestically and abroad. Prior to working for SPI Dynamics,he managed large-scale com- plex Fortune 500 websites at Digex.He has held technical certifica- tions from Novell,Checkpoint,Microsoft,ISC2,and SPI Dynamics. ix

Description:
A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I've seen
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.