Project 1-2: Use Google Reconnaissance
Objectives:
Just as Google can be used to locate almost anything stored on web servers, it can also be used by attackers in order to uncover unprotected information or information that can be used in an attack. This is sometimes called “Google reconnaissance.” In this project you will perform Google reconnaissance.
Advanced Search page with search keywords filled in
Page of results displayed.
One example of results that contain user login names and passwords
One example of result that contain only blank spreadsheets that had headings “login:” and “password=”.
Pages of results displayed for a text file that contains a list of passwords in clear text
Reflection:
Through this hands-on project I learnt that Google is not only a search engine for common internet users but also a tool for attackers. As studied from ISE chapter 1, one of the difficulties in defending against attack is the simplicity of attack tools, even a common search engine could be a tool of attack tell us that attacks no longer limited to highly skilled attackers.
This project teach me 2 keywords that attacker used, and I did not success in the second one, which is to find a text file that contains a list of passwords in clear text. Most of the result returned was WebPages that teaches people how to do Google hacking. I think it might be due to Google hacking is widely known nowadays, people are aware that passwords might leak out if they continue to put in such a way. Thus, changes might have been made, so the older search keywords such as "index.of passlist" are no longer useful. I’ve visited the link (http://www.duniapassword.com/2009/02/stealing-password-with-google-hack.html) and saw abundant keywords that allow internet user to “search” passwords. This is a bit shocking to me but I doubt the usefulness since I encountered problem with "index.of passlist". I would try some out and report later.Labels: Hands-on Project, Practical01
林小颍's work ^—^V
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)