Scribd Logo
Upload

Welcome to Scribd!

  • Black Hat

    Uploaded by

    Ronan Gabriel
    63 views18 pages
    Google attacks - Black Hat

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Google attacks - Black Hat

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    63 views18 pages

    Black Hat

    Uploaded by

    Ronan Gabriel
    Google attacks - Black Hat

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    Google attacks

    We’re in Vegas, right ?

    Patrick Chambet
    Edelweb – ON-X Group
    patrick.chambet@edelweb.fr
    EdelWeb http://www.edelweb.fr
    http://www.chambet.com
    Planning
    u General points

    u Some examples

    u Recommendations

    u Conclusion

    Patrick Chambet Google attacks Page 2


    General Points
    u Information gathering is the first step
    during a pen-test (or a real attack)
    u A search engine is an obvious and common
    pen test tool
    Ø Passive
    Ø Stealth
    Ø Uses the huge “memory” of the Net
    Ø Google cache
    Ø Google groups
    Ø www.archive.org

    Patrick Chambet Google attacks Page 3


    Typical pen-test process
    Information gathering
    about the target

    Vulnerabilities identification

    Vulnerabilities exploitation

    Go further !

    Patrick Chambet Google attacks Page 4


    Planning
    u General points

    Some examples

    u Recommendations

    u Conclusion

    Patrick Chambet Google attacks Page 5


    Some examples (1/7)
    u Passive Web server identification
    u Invisible corporate HTTP and FTP
    outgoing proxies detection
    u SMTP headers
    Ø No need to send a fake mail to a non
    existent user any more !
    u Sensitive files gone offline but still
    present in Google cache
    u Ex-employees, now in competing
    companies

    Patrick Chambet Google attacks Page 6


    Some examples (2/7)
    u Google How To
    Ø Special chars
    Ø "foo1.foo2" +foo –bar

    Ø Useful Google keywords


    Ø filetype:abc
    Ø site:foo.com
    Ø intext:foo
    Ø [all]intitle:footitle
    Ø [all]inurl:foo
    Ø link:www.foo.com
    Ø cache:www.foo.com/bar.html
    Ø related:www.foo.com/bar.html
    Ø phonebook:Bill Gates+WA
    Ø define:foo
    Patrick Chambet Google attacks Page 7
    Some examples (3/7)
    u Browsing a site “offline”
    Ø site:foo.com foo -> returns every cached
    page on the site
    Ø Stealth CGI scanner

    u Passwords
    Ø "Index of" htpasswd / passwd
    Ø filetype:xls username password email
    Ø "WS_FTP.LOG"
    Ø "config.php"
    Ø allinurl: admin mdb
    Ø service filetype:pwd (FrontPage)

    Patrick Chambet Google attacks Page 8


    Some examples (4/7)

    Patrick Chambet Google attacks Page 9


    Some examples (5/7)
    u Sensitive files / interesting attack data
    Ø "robots.txt" "Disallow:" filetype:txt
    Ø inurl:_vti_cnf (FrontPage files)
    Ø allinurl:winnt/system32/
    Ø allinurl:/msadc/Samples/selector/showcode
    .asp
    Ø allinurl:/examples/jsp/snp/snoop.jsp
    Ø allinurl:phpinfo.php
    Ø ipsec filetype:conf
    Ø intitle:"error occurred" ODBC request
    WHERE (SELECT|INSERT)
    Ø "mydomain.com" nessus report
    Ø "report generated by"

    Patrick Chambet Google attacks Page 10


    Some examples (6/7)
    u “Help me !” messages
    “I have the net-to-net configuration:

    x.x.x.202 x.x.x.31
    Localhost================Router================Remotehost
    x.x.x.205 x.x.x.32

    I work on Linux Red Hat 2.4.18 with x509 patched freeswan


    1.99. I have updated my ipsec.conf configuration file
    with:
    "conn net-to-net
    left=x.x.x.x
    (...)
    "
    The password is: (just kidding)
    My problem is the following: (…)
    Please, help me quickly !
    Thanks a lot,
    Jack”

    Patrick Chambet Google attacks Page 11


    Some examples (7/7)
    u The cache can be used to cover one's
    tracks
    u Search terms can be crafted to include
    known exploits in them

    u Social engineering
    Ø Personal information about administrators
    and users
    Ø Hobbies
    Ø Skills
    Ø Expertise and motivation level
    Ø Friends
    Ø Etc.
    Patrick Chambet Google attacks Page 12
    Planning
    u General points

    u Some examples

    Recommendations

    u Conclusion

    Patrick Chambet Google attacks Page 13


    Recommendations (1/2)
    u On your webservers
    Ø Apply latest security patches and secure the
    server
    Ø Disable directory browsing
    Ø Don’t put sensitive information without
    authentication
    Ø Do not rely on scripts/Java/ActiveX URL
    obfuscation
    Ø Analyze Google queries that conducted to
    sensitive data on your site (HTTP logs) and
    modify your site
    Ø Web-based honeypots and honeytokens

    Patrick Chambet Google attacks Page 14


    Recommendations (2/2)
    u Control Google content
    Ø Information about your company
    Ø Information about your users and
    employees
    Ø Links pointing to your Web sites
    Ø Organize a regular watch

    u Ask Google to delete some search


    results from its cache
    Ø http://www.google.com/remove.html

    Patrick Chambet Google attacks Page 15


    Conclusion
    uGoogle is the pen-tester’s best friend
    Ø And also the attacker’s

    uYou have to pay attention to information


    leakage on the Web about you
    ØA regular watch is necessary

    uDo not hesitate to ask for modification


    or deletion of information about your
    company

    Patrick Chambet Google attacks Page 16


    Links
    u Google
    Ø Google APIs: http://www.google.com/apis/
    Ø Remove results: http://www.google.com/remove.html

    u http://www.hackingspirits.com/eth-hac/papers/
    Demystifying%20Google%20Hacks.pdf

    u “Googledorks”
    Ø http://johnny.ihackstuff.com/index.php?module=prodreviews

    u http://www.searchlores.org/

    u http://www.theregister.co.uk/2001/11/28/the_google_attack
    _engine/

    u Athena tool
    Ø http://www.buyukada.co.uk/projects/athena/

    Patrick Chambet Google attacks Page 17


    Questions & Answers

    Patrick Chambet Google attacks Page 18

    You might also like