Post on 17-Mar-2018
Google Hacking (Kind of)
and Other Cool Searches
But first a warning
GRAMMAR MATTERS
Agenda
Google Introduction Features and Magic (Maybe) Google Search Technique Google Basic Operators Google Advanced Operators Facebook Search Technique (and why) Google Hacking Digging for ldquovulnerability goldrdquo Identifying operating systems Vulnerability scanning Proxying
Protect your information from Google Facebook
bull Google Search Technique minus Just put the word and run the search
bull You need to audit your Internet presence minus One database Google almost has it all
bull One of the most powerful databases in the world bull Consolidate a lot of info bull Usage
minus Student hellip minus Business hellip minus AlrsquoQaeda hellip
bull One stop shop for attack maps addresses photos technical information
bullGoogle Hacking
bull Google Search - Variations on a Theme
minus Image Search minus Variations on an Image Search minus Academic minus Maps minus Translate minus Calculations ndash type into search minus Conversions ndash type into search
bullGoogle Hacking
bull Google Advanced Search
minus A little more sophisticated helliphellip minus But first
minus Parameters minus whatrsquos a parameter
minus Settings
bullGoogle Hacking
bull Google Operators minus Operators are used to refine the results and to maximize the
search value They are your tools as well as hackersrsquo weapons bull Basic Operators + - ~ ldquordquo | OR
Advanced Operators minus allintext allintitle allinurl bphonebook cache define
filetype info intext intitle inurl link phonebook related rphonebook site numrange daterange
bullGoogle Hacking
Basic Operators
(+) force inclusion of word
(No longer works this way - Bcks)
(-) exclude a search term Example apple ndashred
(Still works But with added magic ndash wait )
bullGoogle Hacking
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
But first a warning
GRAMMAR MATTERS
Agenda
Google Introduction Features and Magic (Maybe) Google Search Technique Google Basic Operators Google Advanced Operators Facebook Search Technique (and why) Google Hacking Digging for ldquovulnerability goldrdquo Identifying operating systems Vulnerability scanning Proxying
Protect your information from Google Facebook
bull Google Search Technique minus Just put the word and run the search
bull You need to audit your Internet presence minus One database Google almost has it all
bull One of the most powerful databases in the world bull Consolidate a lot of info bull Usage
minus Student hellip minus Business hellip minus AlrsquoQaeda hellip
bull One stop shop for attack maps addresses photos technical information
bullGoogle Hacking
bull Google Search - Variations on a Theme
minus Image Search minus Variations on an Image Search minus Academic minus Maps minus Translate minus Calculations ndash type into search minus Conversions ndash type into search
bullGoogle Hacking
bull Google Advanced Search
minus A little more sophisticated helliphellip minus But first
minus Parameters minus whatrsquos a parameter
minus Settings
bullGoogle Hacking
bull Google Operators minus Operators are used to refine the results and to maximize the
search value They are your tools as well as hackersrsquo weapons bull Basic Operators + - ~ ldquordquo | OR
Advanced Operators minus allintext allintitle allinurl bphonebook cache define
filetype info intext intitle inurl link phonebook related rphonebook site numrange daterange
bullGoogle Hacking
Basic Operators
(+) force inclusion of word
(No longer works this way - Bcks)
(-) exclude a search term Example apple ndashred
(Still works But with added magic ndash wait )
bullGoogle Hacking
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
GRAMMAR MATTERS
Agenda
Google Introduction Features and Magic (Maybe) Google Search Technique Google Basic Operators Google Advanced Operators Facebook Search Technique (and why) Google Hacking Digging for ldquovulnerability goldrdquo Identifying operating systems Vulnerability scanning Proxying
Protect your information from Google Facebook
bull Google Search Technique minus Just put the word and run the search
bull You need to audit your Internet presence minus One database Google almost has it all
bull One of the most powerful databases in the world bull Consolidate a lot of info bull Usage
minus Student hellip minus Business hellip minus AlrsquoQaeda hellip
bull One stop shop for attack maps addresses photos technical information
bullGoogle Hacking
bull Google Search - Variations on a Theme
minus Image Search minus Variations on an Image Search minus Academic minus Maps minus Translate minus Calculations ndash type into search minus Conversions ndash type into search
bullGoogle Hacking
bull Google Advanced Search
minus A little more sophisticated helliphellip minus But first
minus Parameters minus whatrsquos a parameter
minus Settings
bullGoogle Hacking
bull Google Operators minus Operators are used to refine the results and to maximize the
search value They are your tools as well as hackersrsquo weapons bull Basic Operators + - ~ ldquordquo | OR
Advanced Operators minus allintext allintitle allinurl bphonebook cache define
filetype info intext intitle inurl link phonebook related rphonebook site numrange daterange
bullGoogle Hacking
Basic Operators
(+) force inclusion of word
(No longer works this way - Bcks)
(-) exclude a search term Example apple ndashred
(Still works But with added magic ndash wait )
bullGoogle Hacking
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
Agenda
Google Introduction Features and Magic (Maybe) Google Search Technique Google Basic Operators Google Advanced Operators Facebook Search Technique (and why) Google Hacking Digging for ldquovulnerability goldrdquo Identifying operating systems Vulnerability scanning Proxying
Protect your information from Google Facebook
bull Google Search Technique minus Just put the word and run the search
bull You need to audit your Internet presence minus One database Google almost has it all
bull One of the most powerful databases in the world bull Consolidate a lot of info bull Usage
minus Student hellip minus Business hellip minus AlrsquoQaeda hellip
bull One stop shop for attack maps addresses photos technical information
bullGoogle Hacking
bull Google Search - Variations on a Theme
minus Image Search minus Variations on an Image Search minus Academic minus Maps minus Translate minus Calculations ndash type into search minus Conversions ndash type into search
bullGoogle Hacking
bull Google Advanced Search
minus A little more sophisticated helliphellip minus But first
minus Parameters minus whatrsquos a parameter
minus Settings
bullGoogle Hacking
bull Google Operators minus Operators are used to refine the results and to maximize the
search value They are your tools as well as hackersrsquo weapons bull Basic Operators + - ~ ldquordquo | OR
Advanced Operators minus allintext allintitle allinurl bphonebook cache define
filetype info intext intitle inurl link phonebook related rphonebook site numrange daterange
bullGoogle Hacking
Basic Operators
(+) force inclusion of word
(No longer works this way - Bcks)
(-) exclude a search term Example apple ndashred
(Still works But with added magic ndash wait )
bullGoogle Hacking
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Google Search Technique minus Just put the word and run the search
bull You need to audit your Internet presence minus One database Google almost has it all
bull One of the most powerful databases in the world bull Consolidate a lot of info bull Usage
minus Student hellip minus Business hellip minus AlrsquoQaeda hellip
bull One stop shop for attack maps addresses photos technical information
bullGoogle Hacking
bull Google Search - Variations on a Theme
minus Image Search minus Variations on an Image Search minus Academic minus Maps minus Translate minus Calculations ndash type into search minus Conversions ndash type into search
bullGoogle Hacking
bull Google Advanced Search
minus A little more sophisticated helliphellip minus But first
minus Parameters minus whatrsquos a parameter
minus Settings
bullGoogle Hacking
bull Google Operators minus Operators are used to refine the results and to maximize the
search value They are your tools as well as hackersrsquo weapons bull Basic Operators + - ~ ldquordquo | OR
Advanced Operators minus allintext allintitle allinurl bphonebook cache define
filetype info intext intitle inurl link phonebook related rphonebook site numrange daterange
bullGoogle Hacking
Basic Operators
(+) force inclusion of word
(No longer works this way - Bcks)
(-) exclude a search term Example apple ndashred
(Still works But with added magic ndash wait )
bullGoogle Hacking
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Google Search - Variations on a Theme
minus Image Search minus Variations on an Image Search minus Academic minus Maps minus Translate minus Calculations ndash type into search minus Conversions ndash type into search
bullGoogle Hacking
bull Google Advanced Search
minus A little more sophisticated helliphellip minus But first
minus Parameters minus whatrsquos a parameter
minus Settings
bullGoogle Hacking
bull Google Operators minus Operators are used to refine the results and to maximize the
search value They are your tools as well as hackersrsquo weapons bull Basic Operators + - ~ ldquordquo | OR
Advanced Operators minus allintext allintitle allinurl bphonebook cache define
filetype info intext intitle inurl link phonebook related rphonebook site numrange daterange
bullGoogle Hacking
Basic Operators
(+) force inclusion of word
(No longer works this way - Bcks)
(-) exclude a search term Example apple ndashred
(Still works But with added magic ndash wait )
bullGoogle Hacking
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Google Advanced Search
minus A little more sophisticated helliphellip minus But first
minus Parameters minus whatrsquos a parameter
minus Settings
bullGoogle Hacking
bull Google Operators minus Operators are used to refine the results and to maximize the
search value They are your tools as well as hackersrsquo weapons bull Basic Operators + - ~ ldquordquo | OR
Advanced Operators minus allintext allintitle allinurl bphonebook cache define
filetype info intext intitle inurl link phonebook related rphonebook site numrange daterange
bullGoogle Hacking
Basic Operators
(+) force inclusion of word
(No longer works this way - Bcks)
(-) exclude a search term Example apple ndashred
(Still works But with added magic ndash wait )
bullGoogle Hacking
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Google Operators minus Operators are used to refine the results and to maximize the
search value They are your tools as well as hackersrsquo weapons bull Basic Operators + - ~ ldquordquo | OR
Advanced Operators minus allintext allintitle allinurl bphonebook cache define
filetype info intext intitle inurl link phonebook related rphonebook site numrange daterange
bullGoogle Hacking
Basic Operators
(+) force inclusion of word
(No longer works this way - Bcks)
(-) exclude a search term Example apple ndashred
(Still works But with added magic ndash wait )
bullGoogle Hacking
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
Basic Operators
(+) force inclusion of word
(No longer works this way - Bcks)
(-) exclude a search term Example apple ndashred
(Still works But with added magic ndash wait )
bullGoogle Hacking
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Basic Operators minus (~) search synonym
Example ~food
minus Return the results about food as well as recipe nutrition and cooking information
minus ( ) a single-character wildcard Example mtrix Return the results of Mtrix matrix metrixhelliphellip
minus (No longer works Bcks) Remember this for other data searches (eg Perl)
minus ( ) any wordwildcard minus at least this still works
bullGoogle Hacking
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
minus Google uses a maximum of 32 wordsterms in a search (used to be 10)
minus Google ignores common words by default minus Google usually ignores punctuation and special characters
[ ] lt gt minus Try AROUND eg computer AROUND(5) forensics minus (ldquo) use quotes around a search term to search exact phrases minus Search
eventually out of the windows Between them they were never ever lost for words but this one had run them pretty close - 4800000 results
bullGoogle Hacking
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullGoogle Hacking
Remember the + - from the last two slides - Heres what happens now
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull And now for something completely different minus Almost
bull Facebook has recently introduced Graph Search ndash it
may or may not be enabled for your account bull It has a different search method to Google bull It is very scary bull The numbers are staggering
bullFacebook Hacking
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull 651835100 million active users 900 million objects ( pages groups events etc) gt 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages groups and events - creates 90 pieces of content each month gt 30 billion pieces of content (web links news stories blog posts notes photo albums etc) shared each month
bull Entrepreneurs and developers from more than 190 countries build with Facebook Platform
bull People on Facebook install 20 million applications every day bull 10000 new websites integrate with Facebook every day bull gt 25 million websites have integrated with Facebook bull Mobile users are twice as non-mobile users bull 200 mobile operators in 60 countries working to deploy and
promote Facebook mobile products
bullFacebook Hacking
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Facebook Users Top 10 Largest Countries 1 United States 150055580 2 Indonesia 36358100 3 United Kingdom 29894820 4 Turkey 27315800 5 India 24028940 6 Philippines 23169300 7 Mexico 22858440 8 France 21887780 9 Italy 19171180 10 Germany 18198720
bull Facebook Users Male Female Usage Statistic (USA) bull Female Users 562 bull Male Users 438 httphowmanyaretherenethow-many-facebook-users-are-there
bullFacebook Hacking
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking
bullHigh-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords bullThey turned to Facebook bullMan gave Trustwaves team no-holds barred permission to try and snatch his data a so-called Red Team test bullWe found out through Facebook who his wife was We found out through her likes -- her public likes -- that she ran a pilates studio We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull The mans wife opened an email with a video demonstration of the bogus job candidate conducting a class The malicious attachment infected her computer with malware which gave analysts access known as a spear-phishing attack
bull The computer she was using was a hand-me-down from her husband The passwords he wished to protect were in the Apple computers keychain so the hacking exercise turned out to be a lot easier than we otherwise expectedrdquo
bull httpwwwinfoworldcomdsecurityfacebook-stalker-tool-uses-graph-search-powerful-data-
mining-229063
bullFacebook Hacking
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
Traditional Search
Need to know who or what you are looking for
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products)
Completely new approach to retrieving data
Dynamically creates web pages based on search criteria
Makes use of the basic objects (people places events groups likes comments photos etc)
Does not rely on indexes (think Google Yahoo DuckDuckGo type searching)
Does not permit notnegativeexclusive searches
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking bullhttpswwwfacebookcomsearch115063718504722users-religious-view113009932047080likersintersect
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bullFacebook Hacking
bullFQL ndash Facebook Query Language SELECT name url pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid rsvp_status FROM event_member WHERE eid=12345678 )ldquo bullTables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag
Currently only app developers
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Back to Google bull Advanced Operators ldquoSiterdquo
minus Site Domain_name minus Find Web pages only on the specified domain If we search
a specific site usually we get the Web structure of the domain
minus Examples siteca sitehackmeca sitewwwhackmeca
bullGoogle Hacking
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull bull4 Google Hacking
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Advanced Operators ldquoFiletyperdquo minus Filetype extension_type minus Find documents with specified extensions minus The supported extensions are
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks wps wdb) - Lotus 1-2-3 (wk1 wk2 wk3 wk4 wk5 wki wks wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans txt)
Note We actually can search asp php and cgi pl files as long as it is text-compatible
bull bullGoogle Hacking
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Advanced Operators minus A budget file we found helliphellip minus Example Budget filetype xls
bull bullGoogle Hacking
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Advanced Operators ldquoIntitlerdquo minus Intitle search_term minus Find search term within the title of a Webpage minus Allintitle search_term1 search_term2 search_term3 minus Find multiple search terms in the Web pages with the title that
includes all these words minus These operators are specifically useful to find the directory lists minus Example
Find directory list Intitle Indexof ldquoparent directoryrdquo
bull bullGoogle Hacking
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Advanced Operators ldquoInurlrdquo minus Inurl search_term minus Find search term in a Web address minus Allinurl search_term1 search_term2 search_term3 minus Find multiple search terms in a Web address minus Examples
Inurl cgi-bin Allinurl cgi-bin password
bull bullGoogle Hacking
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Advanced Operators ldquoIntextrdquo minus Intext search_term minus Find search term in the text body of a document minus Allintext search_term1 search_term2 search_term3 minus Find multiple search terms in the text body of a document minus Examples
Intext Administrator login Allintext Administrator login
bull bullGoogle Hacking
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Advanced Operators ldquoCacherdquo minus Cache URL minus Find the old version of Website in Google cache minus Sometimes even if the site has already been updated the old
information might be found in cache minus Examples
Cache wwwhackmecom
bull bullGoogle Hacking
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Advanced Operators minus ltnumber1gtltnumber2gt minus Conduct a number range search by specifying two numbers
separated by two periods with no spaces Be sure to specify a unit of measure or some other indicator of what the number range represents
minus Examples Computer $5001000 DVD player $250350
bull bullGoogle Hacking
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Advanced Operators ldquoDaterangerdquo minus Daterange ltstart_dategt-ltend dategt minus Find the Web pages between start date and end date minus Note start_date and end date use the Julian date minus The Julian date is calculated by the number of days since
January 1 4713 BC For example the Julian date for August 1 2001 is 2452122
minus Examples 20040710=2453196
20040810=2453258
minus Vulnerabilities date range 2453196-2453258
bull bullGoogle Hacking
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Advanced Operators ldquoLinkrdquo minus Link URL minus Find the Web pages having a link to the specified URL minus Related URL minus Find the Web pages that are ldquosimilarrdquo to the specified Web page minus info URL minus Present some information that Google has about that Web page minus Define search_term minus Provide a definition of the words gathered from various online sources minus Examples
Link hackmeca Related hackmeca Info hackmeca Define Network security
bull bullGoogle Hacking
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
bull Letrsquos put some of it together
bullGoogle Hacking
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
Wireless Security Webcams intitleHtmlAnvViewD7B039C1
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
Plex Media Servers inurl32400webindexhtml
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
Printers using Web Image Monitor control inurl32400webindexhtml
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
Plugin errors in wordpress websites intextFatal error Class Red_Action not found in
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
This will never work
enable password|secret current configuration -intextthe -inurlcisco
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they
filetypexls user||username pass||pwd||passwd||password
Nobody is that stupid Are they