How to Google hack Windows servers
In my previous tip
, I discussed how Google.com can be used to perform security scans against your public-facing servers -- Windows, IIS, Apache and (heaven forbid) SQL Server. You can profile servers, find files containing sensitive information and detect "hidden" login pages, server log files and a whole lot more. In this tip, I will describe some neat Google tools and basic queries to help you ferret out the sensitive information that, although you may not realize it, is accessible to the public.
Use the following table of contents to navigate to each section of this tips series.
TABLE OF CONTENTSWhy use Google to scan for security vulnerabilities
Google tools for automated hacking tests
Google queries for manual hacking tests
Four steps to safeguard Windows data from Google hackers
About the author: Kevin Beaver is an independent information security consultant, author and speaker with Atlanta-based Principle Logic, LLC, where he specializes in information security assessments for those who take security seriously and incident response for those who don't. He is author of the book Hacking For Dummies and co-author of the upcoming book Hacking Wireless For Dummies, both by Wiley Publishing. Send your ethical hacking questions to Kevin today.
More information from SearchWindowsSecurity.com
Tip: Get a sampling of the information you can find with Google
Tip: Learn how to scan Windows machines against specific patches
Topic: Research Windows product flaws and vulnerabilities
This was first published in May 2005
Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.