 |
|
| Recent
Articles |
Information Security Leaders
This was written soon after having listened to both the CISO of Cisco, and one of the primary think tank leaders from Gartner Group in December of 2005. The idea of the conversations was that business and IT need to...
The Passive Interface Command And OSPF
To pass the BSCI exam and become a CCNP, you have to be aware of the proper use of passive interfaces. You learned about passive interfaces in your CCNA studies...
IGRP And Equal Cost Load Balancing
To pass the CCNA exam, you've got to know the role of the bandwidth command with IGRP and EIGRP and when to use it. In this tutorial, we'll configure IGRP over a frame relay hub-and-spoke network using the...
DNS And The IP Name-Server Command
DNS behaviors of a Cisco router are important topics for both the CCNA exam and real-world production networks, and you probably didn't know there were so many...
Why Do We Need Private Address Ranges?
When you're studying to pass the CCNA, you're introduced to "private addresses", the address ranges formally referred to as RFC 1918 Private Addresses. (RFC stands for Request For Comment; to see a...
|
 |
|
04.12.07
Security Pen Testing - Google Hacking
 By
Dan Morrill
If you are a security pen tester, you should know about the Google Hacking Database over at Johnny I Hack Stuff.
There are a number of sites that deal with search engines and using them to discover vulnerabilities in systems and services that the site owners might not even be aware of.
The first and Primary one is the Johnny I hack stuff web site, while others like Billy I Hack Stuff are knock offs with their own spin on how Google hacking translates over to MSN/Live, Yahoo, Ask and Clusty. In general though, if you are not "Google hacking" your own site, then you should be.
The command set is fairly easy type in your hack and limit it by site:something.com or your domain name. For example filetype:xls site:Someone.com will look up all the spreadsheets that are on the site someone.com.
In general this is a vital skill for security pen testers to know because the bad folks are already doing this and have been doing it for years. The entire process is so well known that for the security team not to know this puts the company at a disadvantage in terms of finding out what is on the web server.
Some simple scripts are:
Find all files ending in torrent, with the name Microsoft at the pirate bay would look like this
http://www.google.com/search?source=ig&hl=en&q=microsoft+
filetype%3Atorrent+site%3Athepiratebay.org
Or finding all the flash swf files on myspace would look like this: filetype:swf site:myspace.com
http://www.google.com/search?hl=en&q=filetype
%3Aswf+site%3Amyspace.com
Another fun one is the inurl:confidential intitle:personnel to find confidential personnel iforamtion and it looks something like this:
http://www.google.com/search?hl=en&q=inurl
%3Aconfidential+intitle%3Apersonnel
Variation on the theme is the in text:Confidential in text: copyright looking for confidential copyrighted text files
http://www.google.com/search?hl=en&q=in+text
%3AConfidential+in+text%3A+copyright
These are the kinds of things that people are looking for all the time on Google and other search engines. Well worth checking out this kind of recon, because it can include your companies camera security network, files, tax information, personnel information, sales information, and a host of other information that was not properly secured.
It is a neat trick that all security engineers and security pen testers should be doing when they do their quarterly audits of their companies web sites. You never know what you will find. It is also better that you find it rather than someone else finding it.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
