Long - Google hacking for penetration testers. / Volume 2

Google Hacking for Penetration Testers Volume 2

Johnny Long

Syngress

Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively Makers) of this book (the Work) do not guarantee or warrant the results to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.

Syngress Media Syngress Career Advancement Through Skill Enhancement Ask the Author UPDATE and Hack Proofing are registered trademarks of Elsevier, Inc. Syngress: The Definition of a Serious Security Library, Mission Critical and The Only Way to Stop a Hacker is to Think Like One are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.

KEY SERIAL NUMBER 001 HJIRTCV764 002 PO9873D5FG 003 829KM8NJH2 004 TYK428MML8 005 CVPLQ6WQ23 006 VBP965T5T5 007 HJJJ863WD3E 008 2987GVTWMK 009 629MP5SDJT 010 IMWQ295T6T

PUBLISHED BY Syngress Publishing, Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803

Google Hacking for Penetration Testers, Volume 2

Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN 13:978-1-59749-176-1

Publisher: Amorette Pedersen Acquisitions Editor: Andrew Williams Cover Designer: Michael Kavish

Page Layout and Art: Patricia Lupien Copy Editor: Judy Eby Indexer: J. Edmund Rush

For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights, at Syngress Publishing; email .

Acknowledgments

There are many people to thank this time around, and I wont get to them all. But Ill give it my best shot. First and foremost, thanks to God for the many blessings in my life. Christ for the Living example, and the Spirit of God that encourages me to live each day with real purpose. Thanks to my wife and three wonderful children. Words cant express how much you mean to me. Thanks for putting up with the real j0hnny

Thanks to the book team: CP, Seth Fogie, Jeffball55, L0om, pdp, RoelofTemmingh, Rar, Zanthas. Thanks to my friends Nathan, Mike Corn Chaney, Seth Fogie, Arun, @tlas and Apu. Thanks to my many confidants and supporters in the Shmoo group, the ihackcharities volunteers and supporters, Malcolm Mead and Pat, The Predestined (David, Em, Isaac, Josh, Steve, Vanessa), The Tushabe family, Dennis and all of the AOET family.

I would also like to take this opportunity to thank the members of the Google Hacking Community. The following have made the book and the movement of Google Hacking what it is. They are listed below, sorted by number of contributions to the GHDB.

Jimmy Neutron (107), rgod (104), murfie (74), golfo (54), Klouw (52), CP (48), L0om (32), stonersavant (32), cybercide (27), jeffball55 (23), Fr0zen (22), wolveso (22), yeseins (22), Rar (21), ThePsyko (20), MacUk (18), crash_monkey (17), MILKMAN (17), zoro25 (15), digital.revolution (15), Cesar (15), sfd (14), hermes (13), mlynch (13), Renegade334 (12), urban (12), deadlink (11), Butt-Pipe (11), FiZiX (10), webby_guy (10), jeffball55+CP (8), James (7), Z!nCh (7), xlockex (6), ShadowSpoof (6), noAcces (5), vipsta (5), injection33 (5), Fr0zen+MacUK (5), John (5), Peefy (4), sac (4), sylex (4), dtire (4), Deakster (4), jorokin (4), Fr0zen rgod (4), zurik6am (4), brasileiro (4), miss.Handle (4), golfo42 (3), romosapien (3), klouw (3), MERLiiN (3), Darksun (3), Deeper (3), jeffball55+klouw (3), ComSec (3), Wasabi (3), THX (3), putsCTO (3)

The following made two additions to the GHDB: HaVoC88, ToFu, Digital_Spirit, CP and golfo, ceasar2, namenone, youmolo, MacUK / CP / Klouw, 242, golfo, CP and jeff, golfo and CP, Solereaper cp, nuc, bigwreck_3705, ericf, ximum, /iachilles, MacUK , murk, klouw & sylex, NRoberts, X-Ravin, ZyMoTiCo, dc0, Fr0zen jeffball55, Rar CP, rgod jeffball55, vsl400, pitt2k, John Farr, Kartik, QuadsteR, serverl, rar klouw, Steve Campbell

The following made one addition to the GHDB: Richie Wolk, baxter_jb, D3ADLiN3, accesspwdl, darkwalk, bungerScorpio, Liqdfire, pmedinua, WarriorClown, murfie & webbyguy, stonersavant, klouw, thereallinuxinit, arrested, Milkman & Vipsta, Jamuse and Wolveso, FiZiX and c0wz, spreafd, blaqueworm, HackerBlaster, FiZiX and klouw, Capboyll8, Mac & CP, philY, CP and MacUK, rye, jeffball55 MacUK CP9, rgod + CP, maveric, rar, CP, rgod + jeffball55, norocosul_alex R00t, Solereaper, Daniel Bates, Kevin LAcroix, ThrowedOff, Apoc, mastakillahjuventini, plaztic, Abder, hevensnt, yeseins & klouw, bsdman & klouw & mil, digital.ronin, harry-aac, none90810, donjoel45, toxic-snipe, shadowsliv, golfo and klouw, MacUK / Klouw, Carnage, pulverized, Demogorgo, guardian, golfo, macuk, klouw,, Cylos, nihil2006, anonymous, murfie and rgod, D. Garcia, offset, average joe, Sebastian, mikem, Andrew A. Vladimirov, bullmoose, effexca, kammo, burhansk, cybercide cybercide, Meohaw, ponds, blackasinc, mr.smoot, digital_revolution, freeeak, zawa, rolf, cykyc, golfo wolveso, sfd wolveso, shellcoder,Jether, jochem, MacUK / df, tikbalang, mysteryman0122, irn-bru, blue_matrix, dopefish, muts, filbert, adsl3000, FiNaLBeTa, draino, bARDO, Z!nCh & vs1400, abinidi, klouw & murfie, wwooww, stonersavant, jimmyn, linuxinit, url, dragg, pedro#, jon335, sfd cseven, russ, kg1, greenflame, vyom, EviL_Phreak, golfo, CP, klouw,, rar murfie, Golem, rgod +murfie, Madness!, de Mephisteau, gEnTi, murfie & wolveso, DxM, l0om wolveso, olviTar, digitus, stamhaney, serenh, NaAcces, Kai, good-virus, barabas, fasullo, ghooli, digitalanimal, Ophidian, MacUK / CP / Jeffb, NightHacker, BinaryGenius, Mindframe, TechStep, rgod +jeffball55 +cp, Fusion, Phil Carmody, johnny, laughing_clown, joenorris, peefy & joenorris, bugged, xxCOBRAxx, Klouw & Renegade334, Front242, Klouw & digital.revo, yomero, Siress, wolves, DonnyC, toadflax, mojo.jojo, cseven, mamba n*p, mynewuser, Ringo, Mac / CP, MacUK / golfo, trinkett, jazzy786, paulfaz, Ronald MacDonald, .-DioXin-., jerry c, robertserr, norbert.schuler, zoro25 / golfo, cyber_, PhatKahr4u2c, hyp3r, offtopic, jJimmyNeutron, Counterhack, ziggy1621, Demonic_Angel, XTCA2S, m00d, marco-media, codehunter007, AnArmyOfNone, MegaHz, Maerim, xyberpix, D-jump Fizix, D-jump, Flight Lieutenant Co, windsor_rob, Mac, TPSMC, Navaho Gunleg, EviL Phreak, sfusion, paulfaz, Jeffball55, rgod + cp clean +, stokaz, Revan-th, Don, xewan, Blackdata, wifimuthafucka, chadom, ujen, bunker, Klouw & Jimmy Neutro, JimmyNeutron & murfi, amafui, battletux, lester, rippa, hexsus, jounin, Stealth05, WarChylde, demonio, plazmo, golfo42 & deeper, jeffball55 with cle, MacUK / CP / Klou, Staplerkid, firefalconx, ffenix, hypetech, ARollingStone, kicktd, Solereaper Rar, rgod + webby_guy, googler.

Lastly, I would like to reiterate my thanks to everyone mentioned in the first edition, all of which are still relevant to me:

Thanks to Mom and Dad for letting me stay up all hours as I fed my digital addiction. Thanks to the book team, Alrik Murfvan Eijkelenborg, James Foster, Steve, Matt, Pete and Roelof. Mr. Cooper, Mrs. Elliott, Athy C, Vince Ritts, Jim Chappie, Topher H, Mike Schiffman, Dominique Brezinski and rain.forest.puppy all stopped what they were doing to help shape my future. I couldnt make it without the help of close friends to help me through life: Nathan B, Sujay S, Stephen S. Thanks to Mark Norman for keeping it real. The Google Masters from the Google Hacking forums made many contributions to the forums and the GHDB, and Im honored to list them here in descending post total order:murfie, jimmyneutron, klouw, l0om, ThePsyko, MILKMAN, cybercide, stonersavant, Deadlink, crash_monkey zoro25, Renegade334, wasabi, urban, mlynch, digital.revolution, Peefy, brasileiro, John, Z!nCh, ComSec, yeseins, sfd, sylex, wolveso, xlockex, injection33, Murk. A special thanks to Murf for keeping the site afloat while I wrote this book, and also to mod team: ThePsyko, l0om, wasabi, and jimmyneutron.