So we showed you how powerful a good Google search could be this week. Time to turn to the dark side and give you some examples of how hackers can use these skills to get to some pretty scary things. To create a dangerous situation where the wrong information can fall into the wrong hands, you need 2 ingredients. Somebody who is stupid enough to put it online, and somebody who is clever enough to find it. Below are some pretty creepy examples of how some Google dorks spill some information that was supposed to be private.
Some juicy searches.
Some people write down their domain registration information in a .doc file .. and then put it on the internet. Whoever can put two and two together .. can steal their domain.
filetype:docx Domain Registrar $user $pass
How about finding product licence files for the Avast antivirus program ? Some of them are just up for grabs.
How about we go searching for a randomly published list of phonenumbers.
- allinurl:phonenumbers filetype:xls
Search for random resume’s that candidates (or their employees) put online.
- inurl:Curriculum Vitae filetype:pdf
How about some “Confidential Salary” documents that people put online. (we stood in awe at the first hit )
- ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential
Or take a peek at people’s random downloaded hotmail emails.
- inurl:getmsg.html intitle:hotmail
Its a little bit of history .. but how about a random netscape browser history file. (we giggled at THIS one)
And when combining this generic search query for root directories of certain FTP servers with a certain domain .. you can find out a lot. If you use it as listed below .. its just an interesting way to browse random file directories.
- intitle:”FTP root at”
Msn messenger does not exist anymore, but there are plenty of contact lists well stocked with juicy email addresses up for grabs.
- filetype:ctt “msn”
And the list goes on and on and on. Now, standing by themselves the Google searches above are quite harmless. They are too generic to do any harm and are only good for a chuckle. The dangerous part begins when these queries are targeted at a certain person, site our domain. Armed with ONLY their browser and an internet connection, the wrong people can find out all the right things they need to know to make you / your company / your website have a really bad day. Knowledge is power and it is also ambivalent. It can be used for good and for evil… So are you SURE that there is not digital flotsam with your username/passwords floating around on the internet ? Because once Google indexes it .. anybody with the right skills can find it.
Today on our Google Hacking week, we continue to use the Google search engine as a source for interesting information. In our previous posts we talked about finding and downloading certain kinds of files but today we are on the lookout for “juicy devices”.
The theory is quite simple : Most appliances like webcams, routers, copiers and more have web interfaces. A lot of different applications and services can also be controlled by a web interface. It’s easy and convenient when you can use the browser on your computer to configure and watch your webcam or change settings on your router while on your local lan. But what if those devices are hooked up directly to the internet ?
Any device that gets connected directly to the internet is at some point scanned and indexed by Google and if you enter the right search term you will be able to find it. The way we are looking for those devices and services today is by using the INURL option. Some web interfaces (to your router or webcam) have a very specific way their URL looks. By searching for those specific url types with the INURL option.. you can find some very cool stuff. If people have done their homework most of these services will be blocked by a unique login or password. But some people just use the default password … or even none at all.
Let us take you an a walk through the net with some very specific INURL Google Dorks.
- This one will get you some interesting webcams (some you can even control with your mouse). Look around and see if you can find the Giraffe Cam.
- More network camera’s here. This one is in some dorm/college. You can control the zoom and the direction of the camera.
- inurl:”:10000″ intext:”webmin”
- Remember we talked about WEBMIN ? This will give you a list of all webmin servers connected directly to the internet. most of them are protected by a password (we hope) .. but common usernames like ROOT and some generic passwords might get you in.
- This will get you a list of PLEX media servers where people can store music and movies to watch on any device (even across the internet). Most of them are locked down with a login/password. Some of them … are not. Happy streaming.
So you see : there are quite a few webservices out there that are inadvertently open to the indexing power of Google. Some clever searching and you can find them.
We close off by going by to our camera in the student dorm. Where is this ? A simple ping of the url gives us the following IP : 220.127.116.11 and by going to Whereisthisip.net we find out that its Sydney Australia. Its THAT simple.
Puzzling information together.
This might all look like fun and games, but badly secured devices are dangerous. Whether you have weirdo’s peeking through your accidentally-publicly-connected Ip camera, or random people printing out documents on your www-connected printer.. its never good. Using the Domain name, the IP and the registration information of the domain people can quickly find out where and even WHO you are. If you skip good security and don’t use passwords (or default passwords) .. it does not bode well for you. Hackers even use the INURL search to find specific webservers/services with vulnerabilities. All they then need to do is run some code to take advantage of the exploit .. and they are in. Hackers don’t NEED to search for your open Webmin server with the buggy (and vulnerable) version of the http code .. Google did it for them.
In day two of our Google Hacking Week we are going to combine an interesting Google search query (or Google Dork) with a command line command to find AND download any file type you want.
Find the storage room in the back of the store.
Websites on the net consist of more then just webpages with information. They also links to files and folders containting interesting information like PDF’s MP3’s and more. Most of the time these files aren’t ‘visible’ when you visit a specific site but our little friends, the Google Search Bots, DO index them. All you need is the right string to find them.
- intitle: “index of” <filetypehere> <title/genre/artist>
This search query will tell Google to go look for pages with the title “index of”. These pages usually don’t contain a lot of text, but instead contain links to folders and files. Since you are looking for a specific type of file (like for example mp3’s, Pdf’s or something else) you also can add this to the query. Finally you might be looking for mp3’s of Hanna Montana or Tango’s (I don’t know what you like) : That can also be added to the search string. In the end it will look something like this.
- intitle: “index of” mp3 acdc
- intitle: “index of” pdf bookkeeping
- intitle: “index of” epub scott sigler
So using these queries you might find a real treasure-trove of files and info to download. Some of them might even be behind a login/password page (or even a pay wall) but when the web masters don’t do their homework right .. you can find the ‘good stuff’ this way.
So download them one by one ?
If you are just looking for one specific file you can use your browser to find and download it. If you want to download the ENTIRE collection of files on that page .. you need the power of a command line tool called WGET.
Wget can be found on the command line of both Linux, Mac and even Windows machines. Not all the advanced ‘switches’ we give you in this command below might work on Windows, but you can give it a try. The command is
- wget -r -l1 -H -t1 -nd -N -np -A.<.filetype> -erobots=off <url of website>
Replace <filetype> with the type of file you want to download ( .mp3, .pdf, .epub) and <url of website> with the website’s url you found using the Google search. Completed the command might look something like this.
- wget -r -l1 -H -t1 -nd -N -np -A.<.mp3> -erobots=off http://tiobiloute59.free.fr/tiesto/
The download is RECURSIVE, so it “deep dives” into all the folders. Beware : This can get you a LOT of data. So make sure you have the bandwidth and the storage capacity before you start sucking down the internet. Good Luck !
This week it’s ‘Google hacking week’ on Knightwise.com where we are going to show you some fun and interesting things you can do with Google. We sometimes forget that Google’s main mission is to “index the information of the world” and this means that the Google “bots” (little search and index programs) constantly crawl the internet in their never ending quest to gather information and index it in the massive Google database.
The end result is that if you type stuff into Google’s search bar like ” My Little Pownie ” it will cross reference your search with its massive database and bring back some results you can click on. Although searches like these make up 99% of what Google needs to do all day long .. its only the tip of the iceberg of what Google can REALLY do.
If you play your cards right and ask Google the right questions you can find out a whole lot more. And sometimes you will even find stuff that was not meant to be found. You would be amazed at what people throw online (and forget about). Google quietly indexes it all and you have just one thing to do … ask the right questions.
This weeks articles have nothing to do with “Hacking Google” (good luck with that if you want to try) It’s more about realising the power of the biggest search engine in the world … and the blatant disregard for security that people can have when they put stuff online that was never supposed to be found. Stand by as we teach you some interesting Google Search ‘operators’ as they are called.
We are going to kick you off with a nice examples of how you can use a modified Google search string to find some interesting stuff. Later on in the week we will explain the different google “operators” and how you can combine them to find cool stuff.
Here is a very simple one to get you started : Copy and past the search query below into the google search box … and browse random peoples lives by peeking at their iPhone backups. This is not a hack. This is an indexation of information put online BY USERS, indexed by Google .. and found by you.
intitle:”index of” inurl:”iphone”
So here’s to the fanboys.
At the end of switch week, where we gave you a series of articles on how to “move out” of the Apple walled garden and onto a more open and cross platform plain, its time for a good old fashion rant against all brand fanboys. Knightwise.com is a website whose core belief is in a cross platform technology world. We are geared towards those who do not acknowledge the word ‘OR’ when it comes to the choice between one technological solution versus the other. As a result our audience consists of smart people who centre their technological lifestyle around their own needs and believe that multiple brands, operating systems, devices and technological solutions can make up their techno-space. Thus I have the privilege of interacting with a broad scope communities spread out over a wide range of operating systems, platforms and brands. Needless to say : Not all members of those community have the same broad-minded approach to a cross platform lifestyle. To each his own I say .. but next time you encounter one of those people, you might want to steal a couple of random thoughts that I have in my head when I encounter .. the fanboys.
To those who have one option on their multiple choice shopping list. (The Mono-Choosers)
Dear Apple/Samsung/Hp/Lenovo/Linux/… enthusiast who ONLY buys one specific brand or vouches to buy/use NOTHING ELSE in the future.
First of all : I applaud you. For your loyalty, your consistency and your ability to see into the future. As I patiently hear you wax nostalgically about the first time you bought a product from brand X it reminds me of people who have just encountered a near death experience. Whatever happened at the checkout counter of that store when you purchased your first product of brand X, must have clearly overshadowed all other milestones in your life. Forget the miraculous birth of your first born on the hard shoulder of the snowed in free way, never mind the day you met the love of your life and lets not start about the day you got married. They all pale in comparison to that life changing moment where an everlasting bond was forged between you and your favourite brand. Ever since you have answered every possible technological question with a product from your favourite brand. Never mind if it would actually do what you wanted it to do or required 15 workarounds : You chose your brand for there is nothing better ! I admire your skill of doing a broad market analyses of all competing products and (seemingly at the speed of light) reach the conclusion that they all suck donkey balls in comparison to ‘your precious’. But not only am I bedazzled by your loyalty (you buy EVERYTHING product X produces whether or not you use/need it) and your ability to declare product/brand X victorious over everything else in a flash .. there is more : You appear to be a visionary who can clearly see into a fast moving industries future as you prophesize that you ” Will never need buy anything else ” then product/brand X because it is and will always be superior. I kneel down before you in pure admiration and point you towards the high spires of wall street .. for your vision of the market is the one true vision and should inspire all stockbrokers to buy all the stocks of your product X. Since your unwavering devotion in purchasing it, your assessment of its superiority and your visions of its ever ruling victory .. shall lead them all to infinite wealth.
To those who who post crap about any other operating system/brand/product aside from their own. (The Rediculators)
To those who think that a wallpaper of a Penguin peeing on a Windows logo is cool. For those of you who love to compare unfounded arguments about the vulnerability of operating system X with equally unfounded arguments about total and complete stability/security of your system of choice. To those who still feel the urge to snicker like 10 year olds when saying “Winblows” and to the others equally juvenile. I wish I could call you Trolls. Trolls troll the internet (that’s why we call them trolls) with one purpose : To piss people off for the sheer joy of it. With you it is different. Your attempts at brand/product/system propaganda remind us of our days in kindergarten where witty wordplay like ‘Knightwise – Sheitwise’ was still considered the absolute pinnacle in classroom politics. I resist the urge to ask you if you ever CONSIDERED using/investigating the ‘competition’. I am afraid you will make funny posters of me being sodomised by your favourite brands avatar.
To those who turn it into a religion. (The Flock)
I resist the urge to vomit when I hear that you have spent a whole day of your holiday overseas to visit the “store” of your favourite brand in city XYZ. I’m puzzled what you would actually DO there since you have already purchased every possible item of brand X a long time ago. Clearly a sceptical visit to the store with the intention of possibly buying or comparing a product was not on your agenda. To me it seemed like it was more of a religious experience. As you dribble enthusiastically about brand/platform X, I classify your as a “mono-chooser” (see rant above) and forgo the urge to argue. Your enthusiasm however does not end there. Mere (distorted) reality is just a stepping stone for your next enthusiastic rant about the near divinity of your products creator. History always agrees with the victors but your view on the past history of your favourite brand seems to be very very much tainted in its favour. While your face starts to flush red, your tirade seems to become that of a TV-preacher on a Sunday morning. The drops of your spittle lash out as you condemn all non-consumers of your beloved brand to digital purgatory. You scare me as you swing your devoted product around in your right hand like some kind of holy scripture. Desperate not to see you have a cardiac arrest halfway through your sermon, I raise my finger and try to point out that “It’s a store : not a church. Its a product, not a religion”‘. Your eyes narrow and I can clearly smell that fire and brimstone is upon me. The last words I can comprehend are “Blasphemy” and “Non-believer” before I escape into the digital atheism called ‘freedom of choice’.
To those who think technology is fashion. (The Cattle)
Remember the 90’s ? When you walked around in those cool buffalo shoes with the platform soles ? Yes : You looked like a total idiot and nearly broke your neck while rushing downstairs to open the front door .. but you were cool .. right ? Its good to see you have not changed and still run along happily with the herd. Now you clutch your phone/laptop/tablet from brand X to your chest not as a result of an informed decision but rather because “all the cool kids have them”. Aside from playing Flappy bird your expensive smartphone has no specific purpose aside from sending text messages. You still have your default out-of-the-box ringtones and the option to turn of keyboard sounds appears to elude you. In short : You are not in touch with the technology you own for you see it only as a fashion accessory. The 1500 dollar Facebook machine you call a laptop has not even spiked above 10% cpu usage but it DOES gets you in line with all the cool kids at Starbucks. Fashion is however fickle and pretty soon the cool crowd will move to another brand/product/platform and then the geeks will have their sweet revenge. I predict you will need to offload your overpowered machine onto craigslist and get a ridiculously low offer. I also know that you will take it : Because the followers of fashion don’t know anything about the technology they are using.. even if their life depended on it. Fools and their money must be parted.
To those who don’t have a clue. (The Clueless)
My heart bleeds as I see you browse the shelves of the local department store. Your eyes glazed over as you look upon rows and rows of boxes of all the different brands and products that make up the world of consumer technology today. You are out shopping for your first smartphone because you accidentally dropped your Nokia 3220 on the sidewalk yesterday. Construction workers are currently patching up the massive hole in said sidewalk (your Nokia is fine) and you still need to find a new smartphone. Brands, specifications, screensizes … it could have been written in Klingon for all you care. You do not have a clue.. but at least .. you have a choice.
To those with a brain.
What those who are clueless and what those who are ‘in the know’ have in common is this : You have the freedom of choice. Try to see yourself, your requirements, your personal taste and your budget as the very pinnacle of your technological existence. You are wise (or ignorant) enough to realise that you can choose anything you want to. You choose with your dollars and let brands and products fight and compete for the highest amount of value for the lowest price. You have no shame to switch back from an Android phone to a Windows Tablet. You even have been known to mix it up. To find technological solutions across different brands and platforms and integrate them in your life. You have come to the point that your terms are not dicated by brands or advertising .. you make your own choice to a a “cross platform geek” who loves to slide from brand to brand and from OS to OS. You have a choice .. and you are smart. (and that is exactly why you are reading this blog 🙂 )