Cenzic 232 Patent
Paid Advertising
web application security lab
« IP to Virtualhost Lookup
JavaScript Malware Talk at Blackhat is a Success »

Google Dork Indexes Malware

Blad3 sent me an interesting Google dork the other day that I thought would be good to post to the board. In case you aren’t already aware of what a Google dork is, it is something that malicious users write to find vulnerable machines. Google puts a stop to it by what is affectionately known as a Google Dork Defense System (GDDS) by displaying an error or is simply pulled from the index. Well here’s another dork for you (no longer works):

(intitle:r57shell | intitle:c99shell) +uname

When this worked it would help you find machines that are currently vulnerable to attack. Many of them were no longer valid when it worked, but you get the idea. Google has come to start indexing some awefully interesting things, like malware executables. In surfing around I found some interesting sites, like this tool, which is now since password protected. Indexing executables sounds like a bad idea to me, but there you have it.

This entry was posted on Thursday, August 3rd, 2006 at 9:05 am and is filed under Webappsec, Random Security. Responses are currently closed, but you can trackback from your own site.

4 Responses to “Google Dork Indexes Malware”

  1. v-wall Says:
    August 3rd, 2006 at 9:27 am

    I had looked into this a while back now an was pritty much on the same topic an method “intitle:phpRemoteView filetype:php” (with out the “” )was the dork string i was useing, i had alos put together a few other drok strings with common well know phpshell titles an such that brough back alot of reuslts to,

    I also did a short post about over at awarenetwork take a look if you want

    http://www.awarenetwork.org/forum/viewtopic.php?t=292&highlight=

  2. RSnake Says:
    August 3rd, 2006 at 10:01 am

    Those are good… in general I have not been super into google dorks, but recently they have been getting better and better practical applications. Especially for finding XSS, or vulnerable applications. That was actually one way I found some vulnerable looking glass scripts.

  3. v-wall Says:
    August 3rd, 2006 at 10:11 am

    Well its all due to the fact the poeple who use these scripts leav tham as there are out the box (because they know they work so why would they want to make changes) so in turn they are leaving the tel tel trail behind them, well

    The dorks have been good for a while i think, it was just a case of alot of the set out for the strings an methods allowed such as allinurl:, inurl:, “index of” index.of intitle:, intext:, filetype: was not known an what was known there was still not a great amount known about it, as more people have made this a public thing i think the dorks have become alot slimmer for results, there was a time when you would get page after pager etc etc etc of results you wanted now most the time you will find papers that contain the dork string you are looking for a few odd sites an mayb a few sites that was hacked useing that very method

  4. hassan Says:
    April 13th, 2007 at 10:48 am

    i wanna c99shell.php