Ahmad Radaideh









Abstract
Introduction
Google Cached Content
GOOGLE HACKING Procedures
Google Advance Operators
Google hacking Result Categories
Directories and documents Browsing
Google Hacking Countermeasure
Conclusion


as long as we have a cached content of any site
inside Google cache server and if we were able to
access to this cached contents including the
documents, logs, files this will be so usefully and
valuable to any hacker plus hacking attempts to
access these data will not be logged on the real
host server that contain the information, or even
we don’t care that this server is still working or
offline
Google Hacking is the term of how to use Google
search box to get some sensitive Information
about users or organization

When a site administrator attempt to add his site
to Google search engine to be available for
search in special term query, Google use
automated spider or Google boters to crawl this
site to Google cache server (find the documents,
files, code pages copy all these information to
Google search engine server) this cached page
will contain the site name , the site URL ,the site
content that match your search query and this
cached page is what we see in the result page of
our search and when the user click on any of
these cached pages he or she will be redirected
to the host server that really contain these pages.
Google Cached Content
The search result are cached content inside Google servers, when the user click
on the cached content he or she will be redirected to the real hosting server of
these contents
1- Hack throw search Google URL
When you click on any cached content in your
search result you will be redirected to the
host throw special URL generated by Google
2-Using Google Advance Operators inside
Google search box such as Intitle, inurl, file
Type, site and Link
Google Advance Operators


1-Error message
Error message contains rich data , which can
be used to gain access to the server.
2-Directories browsing
This makes you able to navigate inside the
directories that contain the hosted website
3-File Browsing
In case we have access to website directory
then we are free to access to any document
that founded inside this directory such as
word document, excel separate sheets,
access DB, WS-FTP logs, and source Code
Directories and documents Browsing


4- Network device
Such as printers, webcams, and network
routers that mainly give the hacker away to
control the behavior of these devices
5-Personal information gathering
Search using @ symbol will return all the
pages that contain email addresses in the
cached content site, which allow spammers to
send mail to all this mails






The Site administrator should Make sure host and
network security basics are in place construct/publish
security
The Site administrator should be aware of security
policies specially Google hacking procedures
Determine which files should be placed on the site
directory.
Administrator should test Google hacked procedure
before he or she added there site to Google search
engine.
Create share standard strategy.
Classify entrance locations and gather necessary
artifacts.







Know all regulatory pressures and unify
approach.
Classify personally identifiable information
obligations.
Present awareness training.
Generate security standards.
Execute security characteristic review.
Classify software defects originate in operations
monitoring and feed them back to growth.
Exploit automated tools along with physical
evaluation.


Good defense always start throw
understanding your opponent’s offense.
Google hacking provide access to so sensitive
private information related to users or
organization by different means, these means
are so clear and occurred in easy scenarios so
the safest way to prevent this thread is by
studying these means and test our sites
against these threads Is our safest way to
make before we link our site to Google search
engine






Lancor, L. and Workman, R., Using Google Hacking to Enhance
Defense Strategies. SIGCSE Bull. 39, 1 (Mar. 2007), 491-495.
DOI= http://doi.acm.org/10.1145/1227504.1227475.
Billig, J., Danilchenko, Y. & Frank, C.E. (2008). Evaluation of
Google Hacking. Proceedings of InfoSecCD Conference‘08, p.
27-32, September 26-27, 2008, Kennesaw, GA, USA.
M Lubis, N Yaacob, H Reh, M Abdulghani ,” A STUDY ON
IMPLEMENTATION AND IMPACT OF GOOGLE HACKING TO
INTERNET SECURITY”.
Long, J. (2007). The Google Hacker‘s Guide: Understanding and
Defending against the Google Hacker. Retrieved January 20,
2010, from encription website:
http://www.encription.co.uk/downloads/The_Google_Hackers_G
uide_v1.0.pdf.
Long, J. & Skoudis, E. (2005), Google Hacking for Penetration
Testers. Syngress.
Wikipedia Google Hacking Web Site,
http://en.wikipedia.org/wiki/Google_Hacking.

Thank you