Sunday, May 23, 2010
Project 1-2: Use Google Reconnaissance
Google can be used to locate mostly anything and attackers uses this feature to get unprotected information to be used in an attack. This is sometimes called "Google Reconnaissance".Firstly, we could go to Google advance search by going to "http://www.google.com" and click on "Advance Search". Next under
"Find web pages that have ... all these words:"
type in "login:*" "password=*"
Under "File Type:"
Select "Microsoft Excel(.xls)"
the asterisk(*) stands for wildcard which means any document which contains any word in "login:(word)" & "password=(word)" will all be found
below is a example of the Google Advance search screenshot.
One of the result i found was the following:
this time we are going to search for a text file that contains a list of passwords in cleartext.
Firstly, in the text box
"Find web pages that have ... all these words:"
type in ""
Under "File Type:"
Select "Any format"
Below is a screenshot of what I found
In the folders above there may contain some username and passwords inside.
Reflection of Project 1-2
In this project, I have learnt that other then google being a good search engine, other people could use it to access some private information. On this project, I did a bit more research and I found lots of types of codes that you can type into Google and access unprotected information and devices(e.g webcams)
During this project, I learnt that we should protect any information of files that are posted on the net as even they may be hidden, they could also be located using a search engine if not properly protected.