Just as Google can be used to locate almost anything stored on web servers, it can also be used by attackers in order to uncover unprotected information or information that can be used in an attack. This is sometimes called “Google reconnaissance.” Thus, we will perform Google reconnaissance.
1) Open your Web browser and enter the URL http://www.google.com/.
2) Click Advanced Search to display the cool Advanced Search screen.
3) First you will search for any Microsoft Excel spreadsheet that contains the words login: and
password=. In the text box “Find web pages that have . . . all these words:” enter “login:*”
“password=*” (be sure to include the quotation marks).
4) Under File type click the down arrow and select Microsoft Excel (.xls).
.png)
5) Click Advanced Search. The pages of results will be displayed. Open selected documents and view
their contents. Note that some of the results are only blank spreadsheets that had headings
“Login:” and “Password=”. However, other documents actually contain user login names and passwords.
Return back to the Google Advanced Search page.
6) This time you will look for a text file that contains a list of passwords in cleartext. In the text box
“Find web pages that have . . . all these words.” erase any content and replace it with “index.of
passlist” (be sure to include the quotation marks). Under File type click the down arrow and select any
format.
.png)
7) Click Advanced Search. The pages of results will be displayed. Open selected documents and view their
contents. Return to the Google Advanced Search page.
8) Google and other search engines are aware of these attempts by attackers to use their search engines for
malicious means. Because of this, the search engines now will filter and deny requests for specific types of
searches. For example, one type of search that attackers used was to look for a range of credit card
numbers that might be available. In the text box “Find web pages that have. . . all these words.” erase any
content and replace it with visa 4356000000000000.. 4356999999999999. Note how Google denies
this request.
.png)
.png)
9) Close your Web browser.
Reflection
After doing this project, I finally know how the attackers use this simple search tool to search for unprotected information and password. In future, whenever I put my information or password online, I will make sure that they are protected so that the attackers can’t access to it.
I hope to see more post from you. Thank you for sharing this post. Your blog posts are more interesting and impressive
ReplyDeleteUmeed Career Portal
Your blog is filled with unique good articles! I was impressed how well you express your thoughts.
ReplyDeleteUltimatix App TCS | Ultimatix App Download