docGoogle Hacking (Kind of)
download 
Report Transcription
Google Hacking (Kind of)
Google Hacking (Kind of) and Other Cool Searches But first a warning GRAMMAR MATTERS Agenda Google Introduction Features and Magic (Maybe) Google Search Technique Google Basic Operators Google Advanced Operators Facebook Search Technique (and why) Google Hacking Digging for “vulnerability gold” Identifying operating systems Vulnerability scanning Proxying Protect your information from Google / Facebook • • Google Hacking Google Search Technique − • Just put the word and run the search You need to audit your Internet presence − One database, Google almost has it all! • One of the most powerful databases in the world • Consolidate a lot of info • Usage: − Student … − Business … − Al’Qaeda … • One stop shop for attack, maps, addresses, photos, technical information • • Google Hacking Google Search - Variations on a Theme − Image Search − Variations on an Image Search − Academic − Maps − Translate − Calculations – type into search − Conversions – type into search • • Google Hacking Google Advanced Search − A little more sophisticated …… − But first .... − Parameters − ..... what’s a parameter? − Settings • Google Hacking • Google Operators: − • Operators are used to refine the results and to maximize the search value. They are your tools as well as hackers’ weapons Basic Operators: +, -, ~ , ., *, “”, |, OR Advanced Operators: − allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange • Google Hacking Basic Operators (+) force inclusion of word (No longer works this way. - B****cks!) (-) exclude a search term Example: apple –red (Still works. But with added magic – wait ) • • Google Hacking Basic Operators − (~) search synonym: Example: ~food − Return the results about food as well as recipe, nutrition and cooking information − ( . ) a single-character wildcard: Example: m.trix Return the results of M@trix, matrix, metrix……. − (No longer works. B****cks) Remember this for other data searches (e.g. Perl) − ( * ) any word/wildcard − at least this still works • Google Hacking − Google uses a maximum of 32 words/terms in a search (used to be 10) − Google ignores common words by default − Google usually ignores punctuation and special characters ! ? , . ; [ ] @ / # < > − Try AROUND e.g. computer AROUND(5) forensics − (“) use quotes around a search term to search exact phrases: − Search: eventually out of the windows. Between them they were never, ever lost for words, but this one had run them pretty close. 4,800,000 results • Google Hacking Remember the + - @ # from the last two slides - Heres what happens now • Facebook Hacking • • And now for something completely different − Almost Facebook has recently introduced Graph Search – it may or may not be enabled for your account • It has a different search method to Google • It is very scary • The numbers are staggering ... • • • Facebook Hacking 651,835,100 million active users 900 million objects ( pages, groups, events etc.) > 250 million users accessing through their mobile devices Average user has 130 friends - is connected to 80 pages, groups and events - creates 90 pieces of content each month > 30 billion pieces of content (web links, news stories, blog posts, notes, photo albums, etc.) shared each month. Entrepreneurs and developers from more than 190 countries build with Facebook Platform • People on Facebook install 20 million applications every day • 10,000 new websites integrate with Facebook every day • > 2.5 million websites have integrated with Facebook • Mobile users are twice as non-mobile users. • 200 mobile operators in 60 countries working to deploy and promote Facebook mobile products • • Facebook Hacking Facebook Users Top 10 Largest Countries 1. United States 150,055,580 2. Indonesia 36,358,100 3. United Kingdom 29,894,820 4. Turkey 27,315,800 5. India 24,028,940 6. Philippines 23,169,300 7. Mexico 22,858,440 8. France 21,887,780 9. Italy 19,171,180 10. Germany 18,198,720 • Facebook Users Male / Female Usage Statistic (USA) • Female Users % 56.2 • Male Users % 43.8 http://howmanyarethere.net/how-many-facebook-users-are-there/ • Facebook Hacking High-profile public figure in Hong Kong hired Trustwave to test if its experts could get his passwords. •They turned to Facebook. •Man gave Trustwave's team no-holds barred permission to try and snatch his data, a so-called "Red Team" test. •"We found out through Facebook who his wife was," .. "We found out through her likes -- her public likes -that she ran a pilates studio. We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring." • • • • • Facebook Hacking The man's wife opened an email with a video demonstration of the bogus job candidate conducting a class. The malicious attachment infected her computer with malware, which gave analysts access, known as a spear-phishing attack. The computer she was using was a hand-me-down from her husband. The passwords he wished to protect were in the Apple computer's keychain, so the hacking exercise "turned out to be a lot easier than we otherwise expected,”. http://www.infoworld.com/d/security/facebook-stalker-tool-uses-graph-search-powerful-datamining-229063 • Facebook Hacking Traditional Search Need to know who or what you are looking for • Facebook Hacking • Facebook Hacking Designed by team led by Lars Rasmussen (Google Maps designer) and Tom Stocky (designer on several Google products) Completely new approach to retrieving data Dynamically creates web pages based on search criteria Makes use of the basic objects (people, places, events, groups, likes, comments, photos etc.) Does not rely on indexes (think Google, Yahoo, DuckDuckGo type searching) Does not permit not/negative/exclusive searches • Facebook Hacking https://www.facebook.com/search/115063718504722/ users-religious-view/113009932047080/likers/intersect • • Facebook Hacking • Facebook Hacking • Facebook Hacking • Facebook Hacking • Facebook Hacking • Facebook Hacking • FQL – Facebook Query Language "SELECT name, url, pic FROM profile WHERE id IN (SELECT uid FROM (SELECT uid, rsvp_status FROM event_member WHERE eid=12345678 )“ • Tables album app_role application apprequest checkin column comment comments_info connection cookies developer domain domain_admin event event_member family friend friend_request friendlist friendlist_member group group_member insights like link link_image_src link_stat location_post mailbox_folder message note notification object_url offer page page_admin page_blocked_user page_fan page_global_brand_child page_milestone permissions permissions_info photo photo_src photo_tag place privacy privacy_setting profile profile_pic profile_tab profile_view question question_option question_option_votes review score square_profile_pic square_profile_pic_size standard_friend_info standard_user_info status stream stream_filter stream_tag subscription table thread translation unified_message unified_message_count unified_message_sync unified_thread unified_thread_action unified_thread_count unified_thread_sync url_like user video video_tag Currently only app developers • Google Hacking • Back to Google • : “Site:” Advanced Operators − Site: Domain_name − Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain − Examples: site:ca site:hackme.ca site:www.hackme.ca • 4. Google Hacking • • Google Hacking • • Advanced Operators: “Filetype:” − Filetype: extension_type − Find documents with specified extensions − The supported extensions are: - HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Adobe PostScript (ps) - Microsoft Word (doc) - Microsoft Works (wks, wps, wdb) - Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku) -Microsoft Excel (xls) ( - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans, txt) Note: We actually can search asp, php and cgi, pl files as long as it is textcompatible. • Google Hacking • • Advanced Operators − A budget file we found ……. − Example: Budget filetype: xls • Google Hacking • • Advanced Operators “Intitle:” − Intitle: search_term − Find search term within the title of a Webpage − Allintitle: search_term1 search_term2 search_term3 − Find multiple search terms in the Web pages with the title that includes all these words − These operators are specifically useful to find the directory lists − Example: Find directory list: Intitle: Index.of “parent directory” • Google Hacking • • Advanced Operators “Inurl:” − Inurl: search_term − Find search term in a Web address − Allinurl: search_term1 search_term2 search_term3 − Find multiple search terms in a Web address − Examples: Inurl: cgi-bin Allinurl: cgi-bin password • Google Hacking • • Advanced Operators “Intext;” − Intext: search_term − Find search term in the text body of a document. − Allintext: search_term1 search_term2 search_term3 − Find multiple search terms in the text body of a document. − Examples: Intext: Administrator login Allintext: Administrator login • Google Hacking • • Advanced Operators: “Cache:” − Cache: URL − Find the old version of Website in Google cache − Sometimes, even if the site has already been updated, the old information might be found in cache − Examples: Cache: www.hackme.com • Google Hacking • • Advanced Operators − <number1>..<number2> − Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents − Examples: Computer $500..1000 DVD player $250..350 • Google Hacking • • Advanced Operators: “Daterange:” − Daterange: <start_date>-<end date> − Find the Web pages between start date and end date − Note: start_date and end date use the Julian date − The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122 − Examples: 2004.07.10=2453196 2004.08.10=2453258 − Vulnerabilities date range: 2453196-2453258 • Google Hacking • • Advanced Operators “Link:” − Link: URL − Find the Web pages having a link to the specified URL − Related: URL − Find the Web pages that are “similar” to the specified Web page − info: URL − Present some information that Google has about that Web page − Define: search_term − Provide a definition of the words gathered from various online sources − Examples: Link: hackme.ca Related: hackme.ca Info: hackme.ca Define: Network security • • Google Hacking Let’s put some of it together Wireless Security Webcams intitle:HtmlAnvView:D7B039C1 Plex Media Servers inurl:32400/web/index.html Printers using "Web Image Monitor" control inurl:32400/web/index.html Plugin errors in wordpress websites intext:"Fatal error: Class 'Red_Action' not found in" This will never work enable password|secret "current configuration" -intext:the -inurl:cisco Nobody is that stupid. Are they? filetype:xls user||username pass||pwd||passwd||password
