Re: Google Hacking

["Greene, Allen" <Allen.Greene () ROCHESTER EDU>]

Thanks everyone for the great tips, really appreciate them!

Allen Greene | Security Analyst Senior
University of Rochester | University IT Security and Policy
Office:  (585) 275-7335 | Allen.Greene () Rochester edu 



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Keller, 
Alex
Sent: Wednesday, November 19, 2014 5:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google Hacking

Great topic. I recommend testing and tuning your Pastebin alert search strings, too general and the results may include 
extraneous posts and will likely exceed the free account limits which I believe is 10 total alerts, after which the 
alerts are disabled; clearly an encouragement to upgrade to the PRO version (quite affordable) which removes such 
limitations.

If you want to deep dive on search based vulnerability discovery and pen testing, check out the awesome SearchDiggity 
tool:
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.bishopfox.com_resources_tools_google-2Dhacking-2Ddiggity_attack-2Dtools_&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=OKRp2z-cQNyCS5VAOMZOdilgwpvPT3JnpN1MZxdQCuE&e=
 

No discussion of this topic would be complete without recognizing the contributions of Johnny "I hack stuff" Long who 
wrote the seminal book on the subject and founded the Google Hacking Database (GHDB) now hosted by the Offensive 
Security team at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.exploit-2Ddb.com_google-2Ddorks_&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=cpMHKeFLqKSk5VBCz-LuL3JeYhe1yb-dYlzb4FC7iTE&e=
 .

Best,
alex

Alex Keller
Information Technology
Stanford School of Engineering
axkeller () stanford edu  
(650) 736-6421


From: The EDUCAUSE Security Constituent Group Listserv 
[https://urldefense.proofpoint.com/v2/url?u=http-3A__mailto-3ASECURITY-40LISTSERV.EDUCAUSE.EDU&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=U_K0elUCMaBN5q0_u3rtwaT-d0_AxWciH5DT4fDtEPI&e=
 ] On Behalf Of Jason Todd
Sent: Wednesday, November 19, 2014 1:50 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google Hacking

 We've had Pastebin alerting for a while with great success. One thing to keep in mind is sometimes the pastes are 
removed so you need to respond quickly to the notifications.
 
Jason
 
Jason Todd
Network Security Officer
Western University of Health Sciences 
________________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of David James 
Anderson <David.Anderson () NAU EDU>
Sent: Wednesday, November 19, 2014 13:30
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google Hacking 
 
+1 on Pastebin alerts, they've helped us immensely.
--
-David.


David Anderson
Information Security Analyst, Senior
Information Technology Services
Northern Arizona University
(928) 523-1225

On Nov 19, 2014, at 2:20 PM, Greene, Allen <Allen.Greene () ROCHESTER EDU> wrote:


Great tip, wasn't aware that Pastebin had similar alerts.  Thanks!
 
Allen Greene | Security Analyst Senior
University of Rochester | University IT Security and Policy
Office:  (585) 275-7335 | Allen.Greene () Rochester edu
 
<image002.png>
 
From: The EDUCAUSE Security Constituent Group Listserv 
[https://urldefense.proofpoint.com/v2/url?u=http-3A__mailto-3ASECURITY-40LISTSERV.EDUCAUSE.EDU&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=U_K0elUCMaBN5q0_u3rtwaT-d0_AxWciH5DT4fDtEPI&e=
 ] On Behalf Of Brad Judy
Sent: Wednesday, November 19, 2014 4:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google Hacking
 
One caveat is that as Google has gotten more into advanced and customized search algorithms, the results may no longer 
be comprehensive.  In particular, if you set up a Google alert under a Google account, it runs the search under the 
tailored context of that account and I (and others) have seen many misses of Google indexed content because the 
tailoring ignores those items. 
 
If you want to do Google hacking, make sure it uses a context with no Google account or Google cookies.  Or, try to 
keep a clean Google account that is only ever used for the Google alerts (it can be tricky to totally avoid Google's 
user metadata vacuum). 
 
I highly recommend setting up Pastebin alerts as well if you haven't looked into it.  It can give you quick 
notification of a dump of credentials that includes individuals from your school. 
 
One Google hack to consider is a search like:
 
Site:school.edu Filetype:xls SSN  (or other words like "social security" "student ID", etc.)
 
 
Brad Judy
 
Director of UIS Security
University Information Systems
University of Colorado 
1800 Grant Street, Suite 300
Denver, CO  80203
Office: (303) 860-4293
Fax: (303) 860-4302
www.cu.edu
 
<image003.jpg>
 
 
 
From: The EDUCAUSE Security Constituent Group Listserv 
[https://urldefense.proofpoint.com/v2/url?u=http-3A__mailto-3ASECURITY-40LISTSERV.EDUCAUSE.EDU&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=U_K0elUCMaBN5q0_u3rtwaT-d0_AxWciH5DT4fDtEPI&e=
 ] On Behalf Of Greene, Allen
Sent: Wednesday, November 19, 2014 8:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Google Hacking
 
Greetings All,
 
We're looking at expanding our information disclosure program into Google Hacking.  I'm wondering if someone else out 
there is currently utilizing this method or developed a program around unauthorized information disclosure?  I've done 
a good deal of research on this already, I'm curious how other institutions may have already implemented this and any 
feedback on their experience.
 
Thanks & Happy Holidays!
Allen
 
Allen Greene | Security Analyst Senior
University of Rochester | University IT Security and Policy
Office:  (585) 275-7335 | Allen.Greene () Rochester edu
 
<image004.png>