| |
By Darren Miller
You may reprint or publish this article free of charge as long as the bylines are included.
Original URL (The Web version of the article)
------------
http://www.defendingthenet.com/newsletters/HackingWithGoogle.htm
Title
-----
Hacking With The Google Search Engine
Google: Yes, You Can Find Just About Anything
----------------------------
Hackers and security experts use various custom and open source tools to complete their tasks. In fact, one of the tools they use you probably use every time you browse the web, the Google Search Engine.
I remember the first time I used the Google Search Engine years ago. I was amazed at how quickly it fulfilled my search request. Google's huge index of systems / information and it's ability to perform complex searches have evolved over the years. When we performed security assessments and penetration test, we regularly use Google to locate information that organizations typically want to keep private and confidential.
The reason for me writing this article is to give you several examples of basic and complex Google search terms and queries. As a disclaimer, it is not my intention that you use this information to invade the privacy of someone else or access data and files on systems that do not belong to you. It is strictly educational information and a way to make people more aware of what kind of information they may be exposing to the rest of the world.
Using Google To Locate Password Files
--------------------------
One of the most common remote web authoring tools is Microsoft's Front Page. Front page extensions and WebDav, the services on the web server that allow you to remotely connect and author web pages, can be configured with a certain degree of security. However, in certain configurations, the userID and password are stored in local files on the server. Using a Google query, you can easily locate thousands of these files and dump the contents.
The query form is quite simple: "inurl:(filename).pwd", where (filename) is the name of the .pwd file. This query can be expanded to be very specific and target a specific site by using a command to search for a specific site or domain. The results of a specific search like this would list hundreds if not thousands of these files that would contain something like "# -FrontPage- dmiller:I1KEaH1TZqxEw". Basically dumping the userID and password.
This type of basic query can be used to find all kinds of interesting information such as using the "intitle:"index of" (name of directory you want to locate)" which not only reveals many web directory structures of "index of/", it also reveals how many web servers on the Internet do not have even the most basic forms of permissions and directory security. You will find that once you access a particular directory, that you can then move up the directory tree and you never know what you may find.
More Complex Search Queries
--------------------------------------------------
The Google Search Engine supports very complex query types. For instance, if you were to construct a query like ""parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums", the query would result in lists upon list of systems that have a /Gamez directory off the root of the "parent directory" of the web server. Or, to locate music files of type mp3 you could issue a query like "intitle:index.of mp3 (name of band/song)".
The bottom line here is that it is possible to locate very specific types of files. It is also possible to perform queries for inline passwords from various search engines by performing a query similar to "http://*:*@www".
What Else Can Be Found With Google Search Queries
----------------------------
One of the things we do when we are performing a security assessment is perform a quick review of the various web servers to determine what types of scripting is being used. For instance, a lot of people use PHP code to create dynamic content. Many people install PHP example code and administrative tools to help them manage their site. Unfortunately, most of the time these files are not secured and contain login ID's and passwords. We then use Google search queries to locate these specific files on the servers in question. I'd say we are successful in finding files like these that help us gain access to systems approximately 60% of the time.
We recently learned of a financial institution that was taking credit card information from one of their partners using a web based upload service on their primary web server. The problem was this file was being indexed by the Microsoft Index Service, the information was being spidered by search engines, and the file itself did not have effective security permissions on it. The result, the file was indexed by Google and someone performing a Google query found it and was able to open it in the browser, revealing hundreds of credit card numbers, names, and other personal information. This happens all the time.
Conclusion
----------
The Google Search Engine is a powerful tool that can be used by people with ill intentions just as it can be used for basic web searching. If you are setting up a web server at home or the office, you need to understand that you may be publishing information on the web that no one but you should see. This could include financial files, credit card information, and other private / personal information. There is a lot more to setting up a "secure" site than just following the Microsoft setup wizards.
About
the author
Darren Miller is an Information Security Consultant with over seventeen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at Darren.Miller@defendingthenet.com. If you would like to know more about computer security please visit us at http://www.defendingthenet.com .
About
Top Traffic Wholesaler
website
Increase website traffic from a guaranteed Targeted Website Traffic leader, Top Traffic Wholesaler. We offer a unmatched system to increase website visitors at the most competitive rates. Let us drive targeted visitors to your website today!
Other Useful Articles
| |
Mr SEO's suggestions for getting out of the sandbox faster.
What is the Google sandbox? Some people may disagree that there is such a thing, but the Google sandbox does exist.. Here I will talk about what the Google sandbox is and ways to help avoid it, or, at the very least, shorten your time in it.
What is the Google Sand box?
...
Read
this article
Internet. Business. Profit. To fully integrate all of these words into a
successful merging you will need another word, traffic. Every article that you
read about making your site or company successful will always include the
importance of generating traffic...
Therefore, we all know that in the core of it all, traffic is one of the most
essential items to a successful internet based business. Aside from ensuring
that you have a great product to sell, and you have your company’s internal
organization well taken core of, it would be time to get to the essentials of
things, traffic generation.
To help you out in generating more traffic for your site, here are seven assured
ways to increase your traffic.
1. Invest in good advertising with the major search engines and indexed
sites....
Read
this article
There are several very effective ways to advertise your business without having to pay a fortune. It can in fact be done for free, with incredible results. Even if you have a large budget available for paid advertising, the free methods should still be utilized because they are so affective.
There are some methods of free advertising that work like a charm, other free methods fall flat and are useless. If you are fairly new to the internet business, you will not know which one's work and which one's don't....
Read
this article
|
TopTrafficWholeSaler.com
Greatest Place To Choose - Lowest Price To Get
Contact
us
Online Web Site Advertising
Website Targeted Traffic Service
Search
Engine Submission Service
|
