Google Hacking for Penetration
Testers Book Review
Google Hacking for Penetration
Testers
Book Review
 By
Dale Farris, Vice PresidentGolden Triangle PC Club January 2005 General Overview Google Hacking for Penetration Testers explores the explosive growth of a technique known as "Google Hacking." This simple tool can be bent by hackers and those with malicious intents to find hidden information, break into sites, and access supposedly secure information. Borrowing the techniques pioneered by malicious "Google hackers," this book aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage. The sophistication and functionality of Google searches has resulted in several publications boasting Google's superiority to other search engines, providing tips, tricks and even hacks for novice, intermediate, and advanced Internet users. However few of these publications even mention security, and none are written with the IT professional's security tasks in mind. This book not only explores the more obscure and compound features of Google, but it educates the reader how to protect himself against the hacking muscle that this supreme search engine has become. The www.google.com domain continues to distance itself from the competition and has reached an all-time high in U.S. search referral market share. As of March 23, 2004, Google.com posted a U.S. search referral percentage of nearly 41 percent. Second place competitor and former leading search referral domain, Yahoo.com, posted a referral percentage of 27.40%. Google's market dominance is due in large part to the detail, sophistication, and accuracy of the results it provides. These same factors that make Google so useful to the everyday Web surfer are the same ones that make it so dangerous in the hands of a malicious hacker. Google has been a strong force in Internet culture since its 1998 upstart. Since then, the engine has evolved from a simple search instrument to an innovative authority of information. As the sophistication of Google grows, so do the hacking hazards that the engine entertains. Approaches to hacking are forever-changing, and this book covers the risks and precautions that administrators need to be aware of during this explosive phase of Google Hacking. Google, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users don’t realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hacker’s search. Are you the type of person who needs to know how to torque Google to detect SQL injection points and login portals, execute port scans, and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target? Then, Google Hacking for Penetration Testers is for you. By reverse engineering the techniques of malicious Google hackers, this book shows security practitioners how to properly protect their servers from this often overlooked and dangerous form of information leakage. Hacks Discussed in the Book Online unprotected e-books Outlook web access public folders and the exchange address books Axis netcams live view Live Panasonic network cameras Live Sony NC RZ30 web cameras Live Toshiba network cameras Xerox printers on the web Digital camera photo dumps Table of Contents The twelve (12) chapters include the following: Ch 1: Google Searching Basics Ch 2: Advanced Operators Ch 3: Google Hacking Basics Ch 4: Preassessment Ch 5: Network Mapping Ch 6: Locating Exploits and Finding Targets Ch 7: Ten Simple Security Searches That Work Ch 8: Tracking Down Web Servers, Login Portals, and Network Hardware Ch 9: Usernames, Passwords, and Secret Stuff, Oh My! Ch 10: Document Grinding and Database Digging Ch 11: Protecting Yourself From Google Hackers Ch 12: Automating Google Searches Appendix A - Professional Security Testing Appendix B - An Introduction to Web Application Security Appendix C - Google Hacking Database Target Readers Author Johnny Long shows you how to maximize the value of your interactions with Google. With the skills he covers in the book, your Google kung fu will dramatically improve, making you a far better penetration tester and security practitioner. If you go to Google and ask the right questions using the techniques from this book, you will be more thoroughly armed with the information that you need to live successfully. The author has written this book so you can learn to ask Google for the really juicy stuff, secrets about the security vulnerabilities of web sites. Using his advice, you will be able to find and fix potentially massive problems, before the bad guys show up and give you a very bad day. He has gathered his best tricks, added a plethora of new ideas, and wrapped the information in a comprehensive methodology for penetration testing and ethical hacking. With a good investigation, using the techniques the author shares in this book, your penetration-testing regimen will get started right. The summary and the FAQs at the end of each chapter will help novices and experts examine a treasure trove of information. Book Contents 528 pages; paperbound; acknowledgements; foreword by Ed Skoudis, Intelguardians Cofounder and SANS Instructor; figures; tables; tips; sample code; appendices; index Author Johnny Long Technical Editor Alrik "Murf" van Eijkelenborg Contributing Authors Steven "The Psyko" Whitacre, MCSE James C. Foster Matt Fisher Pete Herzog, OPST, OPSA, HHST About the Author and Technical Editor Johnny Long has spoken on network security and Google hacking at SANS and other computer security conferences nationwide, including the Black Hat Briefings. In addition, he has presented before several government entities. In his recent career with Computer Sciences Corporation (CSC), a leading global IT services company, he performed active network and physical security assessments for hundreds of government and commercial clients. He is a Black Hat featured speaker this year, and his website can be found at http://johnny.ihackstuff.com. Alrik "Murf" van Eijkelenborg is a system engineer for MBH Automatisering. MBH provides web applications, hardware, hosting, network, firewall, and VPN solutions. His specialties include technical support and consulting on Linux, Novell, and Windows networks. His background includes positions as a network administrator for Multihouse, NTNT, K+V Van Alphen, Oranjewoud, and Intersafe Holding. Alrik holds a bachelor's degree from the Business School of Economics (HES) in Rotterdam, The Netherlands. He is one of the main moderators for the Google Hacking Forums and a key contributor to the Google Hacking Database (GHDB). ISBN December 2004 - First Edition 1-931836-36-1 List Price $44.95 $65.95 CAN About Syngress Publishing Syngress Publishing (www.syngress.com), headquartered in Rockland, Massachusetts, is an independent publisher of print and electronic reference materials for Information Technology professionals seeking skill enhancement and career advancement. Distributed throughout Europe, Asia, the U.S., and Canada, Syngress titles have been translated into twenty languages. The Company's pioneering customer support program, solutions@syngress.com, extends the value of every Syngress title with regular information updates and customer-driven author forums. Syngress books are distributed in the United States by O'Reilly & Associates. Amy Pedersen Syngress Publishing 800 Hingham Street Rockland, Massachusetts 02370 781-681-5151 amy@syngress.com About O'Reilly Media O'Reilly Media is the premier information source for leading-edge computer technologies. The company's books, conferences, and web sites bring to light the knowledge of technology innovators. O'Reilly books, known for the animals on their covers, occupy a treasured place on the shelves of the developers building the next generation of software. O'Reilly conferences and summits bring alpha geeks and forward-thinking business leaders together to shape the revolutionary ideas that spark new industries. From the Internet to XML, open source, .NET, Java, and web services, O'Reilly puts technologies on the map. O'Reilly Media creates products that they
want to use. Whatever form it takes--book, conference, online product--they
want anything produced with the O'Reilly name to be useful, interesting, and
truthful. And O'Reilly Media believes that there are plenty of intelligent,
discriminating people in the world who value those qualities as deeply as
they do. |