揭秘谷歌

admin管理员组

文章数量:1530955

2024年7月11日发(作者：)

Demystifying Google Hacks揭秘谷歌黑客

揭秘谷歌黑客

通过

Debasis Mohanty（奥里萨邦，印度）

介绍

谷歌是世界上最流行和最强大的搜索引擎，它有能力接受预先定义的命令作为输入，并产生

令人难以置信的结果。这使得恶意用户如黑客，饼干，和脚本小子等广泛使用谷歌搜索引擎

搜集机密或敏感的信息，通过普通的搜索是不可见的。

在本文中，我将覆盖管理员或安全专业人员必须考虑到下面的点，以防止这些信息披露：

谷歌的高级搜索Query Syntaxes

查询易受攻击的网站或服务器使用谷歌的前进的语法

-保护服务器或网站从谷歌的入侵

谷歌的高级搜索Query Syntaxes

下面讨论的是各种谷歌的特殊命令，我将简单地解释每个命令，并将显示它如何可以用于关

键信息挖掘。

标题：[ ]

“intitle：”语法帮助谷歌限制搜索结果包含在标题词的页面。例如，“标题：登录密码”（没

有引号）将返回链接到这些页面，“登录”的称号，和“密码”在页面的任何地方。

同样，如果一个查询在当时那种情况”词语的网页标题超过一个字：“可以用来代替“intitle”

获得包含在标题列表页的那些话。使用“intitle例如：登录密码为：“相同”的词语：查询

登录密码”。

【inurl: ]

“inurl：”语法限制搜索结果的URL包含搜索关键词。例如：“inurl:指令”（没有引号）将只

返回链接到这些页面，有“passwd”URL。

同样，如果一个查询多个单词在一个URL，那么在这种情况下”的词语是“可以用来代替“inurl”

得到含有所有这些搜索关键词在URL列表。例如：“词语是等/密码”将寻找网址含有“等”

和“passwd”。斜线（“/”）之间的话将被忽略谷歌。

[地点]

“站点：”语法限制谷歌查询特定站点或域中的某些关键字。例如：“漏洞的网站：

hackingspirits .com”（没有引号）将寻找关键词“漏洞”在这些页面在域“hackingspirits所

有环节的礼物。“。“站点”和“域名”之间不应该有任何空格。

[文件类型]

这种“filetype:”句法限制谷歌搜索与特定的扩展Internet文件（即DOC，PDF和PPT等）。

例如：“filetype: DOC网站：政府机密”（没有引号）将文件“文件”在政府各领域”的延伸。

gov”的延伸，包含“机密”在页或“.doc”文件。即结果将包含链接到所有机密的Word文

档文件在政府网站。

[链接]

“链接：”语法将列出链接到指定网页的网页。例如：“链接：tyfocus .com”会列

出链接指向主页的网页的安全。注意“链接”和网页URL之间不能有空格。

【相关：】

“相关”：将列出与指定网页相似的网页。例如：“有关：tyfocus .com”将列出类

似的安全网页，网页。注意：“相关”和“网页”URL之间不能有空格。

凡科链接：/

[缓存]

查询“缓存”将显示谷歌在其缓存中的网页的版本。例如：“缓存：gspirits .com”

将显示谷歌的缓存的谷歌主页。注意：“缓存”和网页URL之间不能有空格。

如果在查询中包含其他单词，谷歌将在缓存文档中突出这些单词。例如：“缓存：

客”将显示缓存的内容与“客人”凸显。

【intext: ]

“intext：“在一个特定的网站搜索词的语法。它忽略链接或网址和网页标题。例如：“intext：

漏洞”（没有引号）将这些网页，搜索关键词“漏洞”的网页链接。

电话簿：[ ]

“电话簿”为美国街道地址和电话号码信息搜索。例如：“电话簿：丽莎+钙”将列出所有名

字的人有“丽莎”的名字，位于加利福尼亚（CA）”。这可以作为一个伟大的工具，黑客，

当有人想做社会工程挖掘个人信息。

查询易受攻击的网站或服务器使用谷歌的前进的语法

嗯，谷歌的查询语法的讨论

by

Debasis Mohanty (Orissa, India)

Introduction

Google is world’s most popular and powerful search engine which has the ability to accept

pre-defined commands as input and produce unbelievable results. This enables malicious users

like hackers, crackers, and script kiddies etc to use Google search engine extensively to gather

confidential or sensitive information which is not visible through common searches.

In this paper I shall cover the below given points that an administrators or security professionals

must take into account to prevent such information disclosures:

-

-

-

Google’s Advance Search Query Syntaxes

Querying for vulnerable sites or servers using Google’s advance syntaxes

Securing servers or sites from Google’s invasion

Google’s Advance Search Query Syntaxes

Below discussed are various Google’s special commands and I shall be explaining each command

in brief and will show how it can be used for critical information digging.

[ intitle: ]

The “intitle:” syntax helps Google restrict the search results to pages containing that word in the

title. For example, “intitle: login password” (without quotes) will return links to those pages that

凡科链接：/

has the word "login" in their title, and the word "password" anywhere in the page.

Similarly, if one has to query for more than one word in the page title then in that case “allintitle:”

can be used instead of “intitle” to get the list of pages containing all those words in its title. For

example using “intitle: login intitle: password” is same as querying “allintitle: login password”.

[ inurl: ]

The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For

example: “inurl: passwd” (without quotes) will return only links to those pages that have

"passwd" in the URL.

Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be

used instead of “inurl” to get the list of URLs containing all those search keywords in it. For

example: “allinurl: etc/passwd“ will look for the URLs containing “etc” and “passwd”. The slash

(“/”) between the words will be ignored by Google.

[ site: ]

The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.

For example: “exploits site:” (without quotes) will look for the keyword

“exploits” in those pages present in all the links of the domain “”. There should

not be any space between “site:” and the “domain name”.

[ filetype: ]

This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e.

doc, pdf or ppt etc). For example: “filetype:doc site:gov confidential” (without quotes) will look

for files with “.doc” extension in all government domains with “.gov” extension and containing

the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links

to all confidential word document files on the government sites.

[ link: ]

“link:” syntax will list down webpages that have links to the specified webpage. For Example:

“link:” will list webpages that have links pointing to the SecurityFocus

homepage. Note there can be no space between the "link:" and the web page url.

凡科链接：/

[ related: ]

The “related:” will list web pages that are "similar" to a specified web page. For Example:

“related:” will list web pages that are similar to the Securityfocus

homepage. Note there can be no space between the "related:" and the web page url.

[ cache: ]

The query “cache:” will show the version of the web page that Google has in its cache. For

Example: “cache:” will show Google's cache of the Google homepage.

Note there can be no space between the "cache:" and the web page url.

If you include other words in the query, Google will highlight those words within the cached

document. For Example: “cache: guest” will show the cached content

with the word "guest" highlighted.

[ intext: ]

The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page

titles. For example: “intext:exploits” (without quotes) will return only links to those web pages

that has the search keyword "exploits" in its webpage.

[ phonebook: ]

“phonebook” searches for U.S. street address and phone number information. For Example:

“phonebook:Lisa+CA” will list down all names of person having “Lisa” in their names and located

in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig

personal information for social engineering.

Querying for vulnerable sites or servers using Google’s advance syntaxes

Well, the Google’s query syntaxes discussed above can really help people to precise their search

and get what they are exactly looking for.

Now Google being so intelligent search engine, malicious users don’t mind exploiting its ability to

dig confidential and secret information from internet which has got restricted access. Now I shall

discuss those techniques in details how malicious user dig information from internet using

Google as a tool.

凡科链接：/

Using “Index of ” syntax to find sites enabled with Index browsing

A webserver with Index browsing enabled means anyone can browse the webserver directories

like ordinary local directories. Here I shall discuss how one can use “index of” syntax to get a list

links to webserver which has got directory browsing enabled. This becomes an easy source for

information gathering for a hacker. Imagine if the get hold of password files or others sensitive

files which are not normally visible to the internet. Below given are few examples using which

one can get access to many sensitive information much easily.

Index of /admin

Index of /passwd

Index of /password

Index of /mail

"Index of /" +passwd

"Index of /" +

"Index of /" +.htaccess

"Index of /secret"

"Index of /confidential"

"Index of /root"

"Index of /cgi-bin"

"Index of /credit-card"

"Index of /logs"

"Index of /config"

Looking for vulnerable sites or servers using “inurl:” or “allinurl:”

a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server

which gives access to restricted directories like “system32” through web. If you are lucky enough

then you might get access to the in the “system32” directory. Once you have the access

to “” and are able to execute it then you can go ahead in further escalating your

privileges over the server and compromise it.

b. Using “allinurl:wwwboard/”(without quotes) in the Google search will list down

all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know

more about this vulnerability you can have a look at the following link:

/exploits/

c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which

gives access to “.bash_history” file through web. This is a command history file. This file includes

凡科链接：/

the list of command executed by the administrator, and sometimes includes sensitive information

such as password typed in by the administrator. If this file is compromised and if contains the

encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.

d. Using “inurl:” (without quotes) will list down all the links to the servers which gives

access to “” file through web. This file contains sensitive information, including the hash

value of the administrative password and database authentication credentials. For Example:

Ingenium Learning Management System is a Web-based application for Windows based systems

developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1

stores sensitive information insecurely in the file. For more information refer the

following links:

/securitynews/

Other similar search using “inurl:” or “allinurl:” combined with other syntaxs

inurl:admin filetype:txt

inurl:admin filetype:db

inurl:admin filetype:cfg

inurl:mysql filetype:cfg

inurl:passwd filetype:txt

inurl:iisadmin

inurl:auth_user_

inurl:

inurl:"wwwroot/*."

inurl:

inurl:

inurl:file_

inurl:gov filetype:xls "restricted"

index of ftp +.mdb allinurl:/cgi-bin/ +mailto

Looking for vulnerable sites or servers using “intitle:” or “allintitle:”

a. Using [allintitle: "index of /root”+ (without brackets) will list down the links to the web server

which gives access to restricted directories like “root” through web. This directory sometimes

contains sensitive information which can be easily retrieved through simple web requests.

b. Using *allintitle: "index of /admin”+ (without brackets) will list down the links to the websites

which has got index browsing enabled for restricted directories like “admin” through web. Most

of the web application sometimes uses names like “admin” to store admin credentials in it. This

凡科链接：/

directory sometimes contains sensitive information which can be easily retrieved through simple

web requests.

Other similar search using “intitle:” or “allintitle:” combined with other syntaxs

intitle:"Index of" .sh_history

intitle:"Index of" .bash_history

intitle:"index of" passwd

intitle:"index of"

intitle:"index of"

intitle:"index of" etc/shadow

intitle:"index of" spwd

intitle:"index of"

intitle:"index of" htpasswd

intitle:"index of" members OR accounts

intitle:"index of" user_carts OR user_cart

allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov

Other interesting Search Queries

To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:

allinurl:/scripts/

allinurl:/CuteNews/show_

allinurl:/

To search for sites vulnerable to SQL Injection attacks:

allinurl:/

allinurl:/

Securing servers or sites from Google’s invasion

Below given are the security measures which system administrators and security professionals

must take into account to secure critical information available online, falling into wrong hands:

凡科链接：/

-

Install latest security patches available till date for the applications and as well as the

operating system running on the servers.

- Don’t put critical and sensitive information on servers without any proper authentication

system which can be directly accessible to anyone on internet.

-

-

Disable directory browsing on the webserver. Directory browsing should be enabled for

those web-folders for which you want to give access to anyone on internet.

If you find any links to your restricted server or sites in Google search result then it should

be removed. Visit the following link for more details:

/

-

-

Conclusion

Sometimes increase in sophistication in the systems creates new problems. Google being so

sophisticated can be used by any Tom, Dick & Harry on internet to dig sensitive information

which is normally neither visible nor reachable to anyone.

The only options left for the security professionals and systems administrators are to secure and

harden their systems from such un-authorized invasion.

About Me

To know more about me visit

Debasis Mohanty

Email: debasis_mty@

I can also be found at:

/group/Ring-of-Fire

Comments and suggestion are invited in debasis_mty@.

凡科链接：/

Disable anonymous access in the webserver through internet to restricted systems directory.

Install filtering tools like URLScan for servers running IIS as webserver.

本文标签： 网页例如搜索链接包含