Prior to an attack, I spend some time browsing the web and looking for background information about the organization I’m about to attack. First, I usually browse the organizational website and look for general information such as contact information, phone and fax numbers, emails, company structure, and so on. I also usually look for sites that link to the target site or for organizational emails floating around the web. Sometimes the small details give you the most information: how well designed is the target website? How clean is their HTML code? This might give you a clue about their budget when they erected their site, from which, in turn, you may intuit their budget to secure it.Google has proven to be one of the best and most comprehensive search engines to date. Google will violently spider websites, inadvertently exposing sensitive information on that web site due to various web server misconfigurations (such as directory indexing). Such exposure results in huge amounts of data leaking into the web and, even worse, leaking into the Google cache.
In early 2000 this gave birth to a new field, Google Hacking. Google hacking was first introduced by Johnny Long, who has since published a couple of books about it— a “must read” for any serious Googlenaut. Johnny Long’s book, “Google Hacking For Penetration Testers” can be found on Amazon at: http://www.amzn.com/1931836361.
The general idea behind Google hacking is to use special search operators in Google to narrow down search results and find very specific files, usually with a known format. You can find basic usage information here: http://www.google.com/help/basics.html
Advanced Google Operators The advanced search operators allow you to narrow down your searches even more, and to pinpoint target searches to exactly what you are looking for. A list of Google operators can be found at http://www.google.com/help/operators.html. Using these operators you can search for specific information that might be of value during a pen test.
As a web server owner, I can strongly relate to the following example. I often make backups of my MySQL database because I am a prudent web server owner. The MySQL dumps usually have a .sql suffix, and they usually have the string MySQL dump at the top of the
file. mysql dump filetype:sql
This search reveals all the exposed MySQL backups that have been subjected to Google, and often these dumps contain juicy information like usernames, passwords, emails, credit card numbers, and the like. This information may just be the handle you need to gain access to the server/network.
There are literally hundreds (if not thousands) of interesting searches that can be made, and most of them are listed in the “Google Hacking” section of the Exploit Database. The GHDB organizes these searches into categories such as usernames and passwords, and even rates each search by popularity.`
0 comments:
Post a Comment