Upload File

using google to hack your site #pubcon

21
#pubcon @badams Using Google to Hack Your Site Presented by: Barry Adams Polemic Digital

Upload: barry-adams

Post on 07-Jan-2017

3.647 views

Category:

Internet


2 download

Report

TRANSCRIPT

Page 1: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Using Google to Hack Your Site

Presented by:Barry Adams

Polemic Digital

Page 2: Using Google to Hack Your Site #Pubcon

#pubcon@badams

About Barry Adams• Dutchman in Northern Ireland• Founder of Polemic Digital• Co-Chief Editor for StateofDigital.com• Twitter ranter: @badams• Lecturer & educator

Page 3: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Anatomy of a Hack

1. Reconnaissance2. Scanning3. Gaining Access4. Maintaining Access5. Covering Tracks

Page 4: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Prevention is the best cure• Security through obscurity

– Enough to defeat script kiddies & automated tools

• Won’t stop dedicated hackers– But then, few things will…

Page 5: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Becoming invisible…

Page 6: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Wappalyzer

Page 7: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Hide your version numbers

<meta name="generator" content="WordPress 4.6.1"/>

Page 8: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Broadcasting your security in robots.txt

• Don’t put your back-end login folder in your robots.txt– Use meta robots

noindex,nofollow

Page 9: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Using Google to find weaknesses• Google is a hungry beast• It will crawl & index all it can• Even stuff it really shouldn’t …

Advanced search commands allow you to use Google’s insatiable hunger for your own benefit/protection

Page 10: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Google Advanced Search Commands

site:domain.com > only search within that domainext:xxx > only show files with that extensioninurl:xyz > only show pages with ‘xyz’ in the URL-abc > exclude pages that match ‘abc’| > string searches together with pipes

Page 11: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Login folders

Page 12: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Database files

Page 13: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Configuration files

Page 14: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Log Files

Page 15: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Backups

Page 16: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Documents

Page 17: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Social Engineering• Be careful what you publish online!

– Hackers can use personal information to gain confidence and extract more information.

• Even passwords…

Page 18: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Shared Hosting / Shared Sites

SpyOnWeb.com

Page 19: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Subdomains

https://pentest-tools.com/

Page 20: Using Google to Hack Your Site #Pubcon

#pubcon@badams

To summarise• Minimise your online footprint;

– Anything online can and will be used against you

• Don’t give away any clues;– Make your website difficult to reconnoitre

• Educate your staff;– People are your biggest weakness

Page 21: Using Google to Hack Your Site #Pubcon

#pubcon@badams

Thank You

Follow me on Twitter:@badams

Email me your questions: [email protected]


HACKING Google for EducaTIoN - Hack Learning …hacklearning.org/wp-content/uploads/2017/04/HackingGoogleSample... · 4 HACKING GOOGLE FOR EDUCATION uses improve Google’s functionality,

Competitive Intelligence Pubcon Vegas

0604 sys4 google hack

Google My Business - Pubcon 2014

Pubcon Content Creation Strategy

#PUBCON 2017

IMPLEMENTASI GOOGLE HACK FOR PENETRATION …eprints.upnjatim.ac.id/5806/1/file1.pdf · implementasi google hack for penetration testing sebagai add-ons mozila firefox tugas akhir

Pubcon South 09

Orchid Circle - "Hack for Her" project at Google

Pubcon 2011 PUBCON Ecommerce SEO Updated (shhhh!)

Pubcon Vegas 2009

Google Hacking - Dr.Ali Jahangirialijahangiri.org/wp/wp-content/uploads/2012/01/Google-Hacking-by... · Google Hacking Ali Jahangiri ... Google hack, hacking techniques, attack, ethical

Pubcon 2012.10.16 - Multimedia SEO

Pubcon south2010

Pubcon Content Presentation 2012

Google+ Pubcon Presentation

PubCon South Dallas

GOOGLE HACKING - index-of.co.ukindex-of.co.uk/Google/Krishna_GOOGLE HACKING.pdf · - System email id lists - Medical records ... (Google Hack Honeypot, ... “ Google Hacking” ,

PubCon April 2013

Pubcon Vegas - Link Building

Pubcon Google+ Google Plus and Author Markup Panel by Rob Garner

GOOGLE HACKING - Home - IT- · PDF file- System email id lists - Medical records ... (Google Hack Honeypot, ... “ Google Hacking” , Retrieved on 10/28/07

Pubcon 2010

Google Hack

Pubcon Content Strategies

Pubcon - Targeting on the Google Display Network

Hack Using Google

Is there an awesome Google Authorship photo? #pubcon

Google TV hack

Hack the Hood one of four Google Bay Area Impact Challenge winners

Pubcon WordPress SEO

Introduction to Google AMP - Accelerated Mobile Pages #Pubcon

Pubcon Vegas 2012: Google+ One Year Later - A Case Study

#pubcon @ashnallawalla Lateral Keywords for Writers ( When the Google Keyword Planner isn’t enough) Presented by: Ash Nallawalla

Tactics for Dealing with the Latest Google Algorithm Updates - Pubcon New Orleans 2013