Johnny iHackStuff -the google hacking.

So, im browsing through hack articles as usual & i came across this story & this guy called "Johnny ihack" .....anyhoo -it discusses how this Google hacking started out as a joke, but turned into something "worthy & WOW"....below are some excerpts from the article & "johnny ihack's" site.  It's very interesting what he found & the info he provides.  He has many tricks up his sleeves & he provides downloads, databases etc. for others to see & explore.  Anyhoo -it peaked my interest, so i thought i'd share ;)

 

Here's part of the article & his site name is:  johnny.ihackstuff.com  in his side menu, you will see a link for The Google Hacking, thats where his work is. 

Johnny Long says he has never met a Google employee. And yet he is at the center of a community of security experts and search engine enthusiasts that might be developing some of the most interesting uses of Google technology today.

For the past 10 years, Long has made his living as a penetration tester, a "white hat" hacker who is asked to break into computer systems to test their security vulnerabilities.

 

His johnny.ihackstuff.com Web site is the starting point for anyone looking to turn Google into a hacker's tool. At its heart is a repository of sneaky queries called the Google Hacking Database, which got its start nearly six years ago, when Long posted a few of what he refers to as "funny, or interesting, or dangerous," Google queries in the Internet.

Initially, Long, who goes by the name Johnny Hax, did not expect the idea of using Google to break into computer networks to attract any kind of serious study.

"It was sort of a joke actually," he says. "The whole Google hacking thing was supposed to be tongue-in-cheek, because I knew that the real hackers would get their feathers all ruffled."

Instead of being bent out of shape, the hackers were intrigued, and Long's Google hacking community now boasts nearly 60,000 members.

At the recent Black Hat security conference in Las Vegas, Long's talk on Google hacking was a standing-room-only affair, and the Google Hacking Database now stands at about 1,500 queries.

"It evolved into this very visible thing," says Long, a researcher with Computer Sciences Corp. and author of Google Hacking for Penetration Testers. "The sheer weight and breadth of the stuff that we dug up just made people go, 'Wow.'"

Long, who talks about his Google hacks with a comic's timing and a laid-back style, says that he has always been a hacker at heart. He claims to have legitimately broken into hundreds of computer networks in his capacity as a professional security researcher, a job he came to only after abandoning his "wear a stupid suit and climb the corporate ladder phase."

Hackers also use Google for reconnaissance. One of the most basic techniques is to wait for a major security bulletin and then use Google to search for Web sites that are "powered by" the buggy software. Attackers can also map out computer networks using Google's database, making it impossible for the networks' administrators to block the snooper.

Often, this kind of information comes in the form of apparently nonsensical information, something that Long calls "Google turds." For example, because there is no such thing as a Web site with the URL "nasa," a Google search for the query "site:nasa" should turn up zero results. Instead, it turns up what appears to be a list of servers, offering an insight into the structure of NASA's internal network, he says.

But some of the most interesting hacks occur when Google's servers are tricked into doing work for the hackers, Long says. A recent trend has been to create Web pages with thousands of fake links that trick Google into doing hacker reconnaissance work. The technique works on Web sites that require URLs with embedded user names and passwords for access to some areas.

"You load up this page so it has the same user name, but you try a bunch of different passwords in the links," Long says. "Then the search engine picks up those links and tries to follow them all, but only caches the one that works. So then you go back and pick up your results, and you've actually got the search engine doing your dirty work."

 

   

   

Comments

If is the middle word in L"if"e.

I've been to his site a couple of time. He's smart .. but I'm not, lol so I don't understand his hacks, but whatever.

i cant see the 1st line after the 1st sentence......;(  were you showing me his source code? i want to see it now ;) 

--.  And remember, no matter where you go, there you are . --

I got that link from a friends friend who I've never talked too prior but had seen his myspace on my friends top 8.... he posted it as


which, if you look at the source code for you see,


sly little hacker there....

"To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages."     -from that link you sent

 

eeeeks. 

 

--. And remember, no matter where you go, there you are . --

I pasted this out of one my earlier posts...back when I joined the GuG. Maybe you'll like it. <edit: one link doesn't function anymore>

How to be a hacker

"A man can stand anything except a succession of ordinary days."
-Johann Wolfgang von Goethe

*hmpf* .....i never knew. 

 

--. And remember, no matter where you go, there you are . --

One of the most basic techniques is to wait for a major security bulletin and then use Google to search for Web sites that are "powered by" the buggy software

The latest form of hacking, wait for the security flaw to be posted and hope you beat the target's IT staff before they update.

Crude, but effective...and a real problem. 

"A man can stand anything except a succession of ordinary days."
-Johann Wolfgang von Goethe

oh no!  i dont want to spill any beans.  i barely understand that stuff & thought maybe some of you would ;)

 

--. And remember, no matter where you go, there you are . --

Dude...

You're totally spilling the beans.

Wink

"A man can stand anything except a succession of ordinary days."
-Johann Wolfgang von Goethe

I never realized what kinds of stuff you can find on google. This has entertained me all 2nd period. Thanks jleo_35 You always blog the kewlest stuff.

Add new comment