Here will be posting some hacking tools and materials, including tutorial about hacking. Happy Hacking.
Google: Yes, You Can Find Just About Anything ------------
Hackers and security experts use various custom and open
source tools to complete their tasks. In fact, one of the
tools they use you probably use every time you browse the
web, the Google Search Engine.
I remember the first time I used the Google Search Engine
years ago. I was amazed at how quickly it fulfilled my
search request. Google's huge index of systems /
information and it's ability to perform complex searches
have evolved over the years. When we performed security
assessments and penetration test, we regularly use Google to
locate information that organizations typically want to keep
private and confidential.
The reason for me writing this article is to give you
several examples of basic and complex Google search terms
and queries. As a disclaimer, it is not my intention that
you use this information to invade the privacy of someone
else or access data and files on systems that do not belong
to you. It is strictly educational information and a way to
make people more aware of what kind of information they may
be exposing to the rest of the world.
Using Google To Locate Password Files ------------
One of the most common remote web authoring tools is
Microsoft's Front Page. Front page extensions and WebDav,
the services on the web server that allow you to remotely
connect and author web pages, can be configured with a
certain degree of security. However, in certain
configurations, the userID and password are stored in local
files on the server. Using a Google query, you can easily
locate thousands of these files and dump the contents.
The query form is quite simple: "inurl:(filename).pwd",
where (filename) is the name of the .pwd file. This query
can be expanded to be very specific and target a specific
site by using a command to search for a specific site or
domain. The results of a specific search like this would
list hundreds if not thousands of these files that would
contain something like "# -FrontPage-
dmiller:I1KEaH1TZqxEw". Basically dumping the userID and
password.
This type of basic query can be used to find all kinds of
interesting information such as using the "intitle:"index
of" (name of directory you want to locate)" which not only
reveals many web directory structures of "index of/", it
also reveals how many web servers on the Internet do not
have even the most basic forms of permissions and directory
security. You will find that once you access a particular
directory, that you can then move up the directory tree and
you never know what you may find.
More Complex Search Queries ------------
The Google Search Engine supports very complex query types.
For instance, if you were to construct a query like ""parent
directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5
-md5sums", the query would result in lists upon list of
systems that have a /Gamez directory off the root of the
"parent directory" of the web server. Or, to locate music
files of type mp3 you could issue a query like
"intitle:index.of mp3 (name of band/song)".
The bottom line here is that it is possible to locate very
specific types of files. It is also possible to perform
queries for inline passwords from various search engines by
performing a query similar to "http://*:*@www".
What Else Can Be Found With Google Search Queries ------------
One of the things we do when we are performing a security
assessment is perform a quick review of the various web
servers to determine what types of scripting is being used.
For instance, a lot of people use PHP code to create dynamic
content. Many people install PHP example code and
administrative tools to help them manage their site.
Unfortunately, most of the time these files are not secured
and contain login ID's and passwords. We then use Google
search queries to locate these specific files on the servers
in question. I'd say we are successful in finding files like
these that help us gain access to systems approximately 60%
of the time.
We recently learned of a financial institution that was
taking credit card information from one of their partners
using a web based upload service on their primary web
server. The problem was this file was being indexed by the
Microsoft Index Service, the information was being spidered
by search engines, and the file itself did not have
effective security permissions on it. The result, the file
was indexed by Google and someone performing a Google query
found it and was able to open it in the browser, revealing
hundreds of credit card numbers, names, and other personal
information. This happens all the time.
Conclusion ------------
The Google Search Engine is a powerful tool that can be used
by people with ill intentions just as it can be used for
basic web searching. If you are setting up a web server at
home or the office, you need to understand that you may be
publishing information on the web that no one but you should
see. This could include financial files, credit card
information, and other private / personal information. There
is a lot more to setting up a "secure" site than just
following the Microsoft setup wizards.
No comments:
Post a Comment