Google makes it possible to reach not just publicly available Internet resources, but also some that should never have been revealed.The right query can yield some quite remarkable results.In previous Post we discussed about Google advanced search operators. In this article will discuss about how to use them to collect confidential information.
How to use Google to find sources of personal information and other confidential data
Suppose that a vulnerability is discovered in a popular application – let's say it's the Microsoft IIS server version 5.0 – and a hypothetical attacker decides to find a few computers running this software in order to attack them. He could of course use a scanner of some description, but he prefers Google, so he just enters the query "Microsoft-IIS/5.0 Server at" intitle:index.of and obtains links to the servers he needs.
This works because in its standard configuration, IIS adds banners containing its name and version to some dynamically generated pages. It's a typical example of information which seems quite harmless, so is frequently ignored and remains in the standard configuration. Unfortunately, it is also information which in certain circumstances can be most valuable to a potential attacker. More sample Google queries for typical Web servers are given bellow.
Google queries for locating various Web servers
| Query | Server |
|---|---|
| "Apache/1.3.28 Server at" intitle:index.of | Apache 1.3.28 |
| "Apache/* Server at" intitle:index.of | any version of Apache |
| "Microsoft-IIS/6.0 Server at" intitle:index.of | Microsoft Internet Information Services 6.0 |
| "Microsoft-IIS/* Server at" intitle:index.of | any version of Microsoft Internet Information Services |
| "Oracle HTTP Server/* Server at" intitle:index.of | any version of Oracle HTTP Server |
| "IBM _ HTTP _ Server/* * Server at" intitle:index.of | any version of IBM HTTP Server |
| "Red Hat Secure/*" intitle:index.of | any version of the Red Hat Secure server |
| "Netscape/* Server at" intitle:index.of | any version of Netscape Server |
How to find information about vulnerable systems and Web services
Practically all attacks on IT systems require preparatory target reconnaissance, usually involving scanning computers in an attempt to recognise running services, operating systems and specific service software. Network scanners such as Nmap or amap are typically used for this purpose, but another possibility also exists. Many system administrators install Web-based applications which generate system load statistics, show disk space usage or even display system logs.
All this can be valuable information to an intruder. Simply querying Google for statistics generated and signed by the phpSystem application using the query
"Generated by phpSystem"will result in a whole list of pages which are generated by php .
This method offers numerous possibilities - Given Table shows sample queries for finding statistics and other information generated by several popular applications. So if you decide to use Web applications to monitor computer resources, make sure access to them is password-protected.
Querying for application-generated system reports
| Query | Type Of Information |
|---|---|
| "This summary was generated by wwwstat" | web server statistics, system file structure |
| "This report was generated by WebLog" | web server statistics, system file structure |
| inurl:server-info "Apache Server Information" | web server version and configuration, operating system type, system file structure |
| intitle:"ASP Stats Generator *.*" "ASP Stats Generator" | web server activity, lots of visitor information |
| intitle:"Multimon UPS status page" | UPS device performance statistics |
How to locate publicly available network devices using Google.
Many administrator downplay the importance of securing such devices as network printers or webcams. However, an insecure printer can provide an intruder with a foothold that can later be used as a basis for attacking other systems in the same network or even other networks. Webcams are, of course, much less dangerous, so hacking them can only be seen as entertainment, although it's not hard to imagine situations where data from a webcam could be useful (industrial espionage, robberies etc.).
Given table contains sample queries revealing printers and webcams.
| Query | Device |
|---|---|
| "Copyright (c) Tektronix, Inc." "printer status" | PhaserLink printers |
| inurl:"printer/main.html" intext:"settings" | Brother HL printers |
| intitle:"Dell Laser Printer" ewss | Dell printers with EWS technology |
| intext:centreware inurl:status | Xerox Phaser 4500/6250/8200/8400 printers |
| inurl:indexFrame.shtml Axis | Axis webcams |
| allintitle:Brains, Corp. camera | webcams accessible via mmEye |
No comments:
Post a Comment