So we showed you how powerful a good Google search could be this week. Time to turn to the dark side and give you some examples of how hackers can use these skills to get to some pretty scary things. To create a dangerous situation where the wrong information can fall into the wrong hands, you need 2 ingredients. Somebody who is stupid enough to put it online, and somebody who is clever enough to find it. Below are some pretty creepy examples of how some Google dorks spill some information that was supposed to be private.
Some juicy searches.
Some people write down their domain registration information in a .doc file .. and then put it on the internet. Whoever can put two and two together .. can steal their domain.
filetype:docx Domain Registrar $user $pass
How about finding product licence files for the Avast antivirus program ? Some of them are just up for grabs.
How about we go searching for a randomly published list of phonenumbers.
Search for random resume’s that candidates (or their employees) put online.
inurl:Curriculum Vitae filetype:pdf
How about some “Confidential Salary” documents that people put online. (we stood in awe at the first hit )
Or take a peek at people’s random downloaded hotmail emails.
Its a little bit of history .. but how about a random netscape browser history file. (we giggled at THIS one)
And when combining this generic search query for root directories of certain FTP servers with a certain domain .. you can find out a lot. If you use it as listed below .. its just an interesting way to browse random file directories.
intitle:”FTP root at”
Msn messenger does not exist anymore, but there are plenty of contact lists well stocked with juicy email addresses up for grabs.
And the list goes on and on and on. Now, standing by themselves the Google searches above are quite harmless. They are too generic to do any harm and are only good for a chuckle. The dangerous part begins when these queries are targeted at a certain person, site our domain. Armed with ONLY their browser and an internet connection, the wrong people can find out all the right things they need to know to make you / your company / your website have a really bad day. Knowledge is power and it is also ambivalent. It can be used for good and for evil… So are you SURE that there is not digital flotsam with your username/passwords floating around on the internet ? Because once Google indexes it .. anybody with the right skills can find it.
Today on our Google Hacking week, we continue to use the Google search engine as a source for interesting information. In our previous posts we talked about finding and downloading certain kinds of files but today we are on the lookout for “juicy devices”.
The theory is quite simple : Most appliances like webcams, routers, copiers and more have web interfaces. A lot of different applications and services can also be controlled by a web interface. It’s easy and convenient when you can use the browser on your computer to configure and watch your webcam or change settings on your router while on your local lan. But what if those devices are hooked up directly to the internet ?
Any device that gets connected directly to the internet is at some point scanned and indexed by Google and if you enter the right search term you will be able to find it. The way we are looking for those devices and services today is by using the INURL option. Some web interfaces (to your router or webcam) have a very specific way their URL looks. By searching for those specific url types with the INURL option.. you can find some very cool stuff. If people have done their homework most of these services will be blocked by a unique login or password. But some people just use the default password … or even none at all.
Let us take you an a walk through the net with some very specific INURL Google Dorks.
This one will get you some interesting webcams (some you can even control with your mouse). Look around and see if you can find the Giraffe Cam.
More network camera’s here. This one is in some dorm/college. You can control the zoom and the direction of the camera.
Remember we talked about WEBMIN ? This will give you a list of all webmin servers connected directly to the internet. most of them are protected by a password (we hope) .. but common usernames like ROOT and some generic passwords might get you in.
This will get you a list of PLEX media servers where people can store music and movies to watch on any device (even across the internet). Most of them are locked down with a login/password. Some of them … are not. Happy streaming.
So you see : there are quite a few webservices out there that are inadvertently open to the indexing power of Google. Some clever searching and you can find them.
We close off by going by to our camera in the student dorm. Where is this ? A simple ping of the url gives us the following IP : 18.104.22.168 and by going to Whereisthisip.net we find out that its Sydney Australia. Its THAT simple.
Puzzling information together.
This might all look like fun and games, but badly secured devices are dangerous. Whether you have weirdo’s peeking through your accidentally-publicly-connected Ip camera, or random people printing out documents on your www-connected printer.. its never good. Using the Domain name, the IP and the registration information of the domain people can quickly find out where and even WHO you are. If you skip good security and don’t use passwords (or default passwords) .. it does not bode well for you. Hackers even use the INURL search to find specific webservers/services with vulnerabilities. All they then need to do is run some code to take advantage of the exploit .. and they are in. Hackers don’t NEED to search for your open Webmin server with the buggy (and vulnerable) version of the http code .. Google did it for them.
This week it’s ‘Google hacking week’ on Knightwise.com where we are going to show you some fun and interesting things you can do with Google. We sometimes forget that Google’s main mission is to “index the information of the world” and this means that the Google “bots” (little search and index programs) constantly crawl the internet in their never ending quest to gather information and index it in the massive Google database.
The end result is that if you type stuff into Google’s search bar like ” My Little Pownie ” it will cross reference your search with its massive database and bring back some results you can click on. Although searches like these make up 99% of what Google needs to do all day long .. its only the tip of the iceberg of what Google can REALLY do.
If you play your cards right and ask Google the right questions you can find out a whole lot more. And sometimes you will even find stuff that was not meant to be found. You would be amazed at what people throw online (and forget about). Google quietly indexes it all and you have just one thing to do … ask the right questions.
This weeks articles have nothing to do with “Hacking Google” (good luck with that if you want to try) It’s more about realising the power of the biggest search engine in the world … and the blatant disregard for security that people can have when they put stuff online that was never supposed to be found. Stand by as we teach you some interesting Google Search ‘operators’ as they are called.
We are going to kick you off with a nice examples of how you can use a modified Google search string to find some interesting stuff. Later on in the week we will explain the different google “operators” and how you can combine them to find cool stuff.
Here is a very simple one to get you started : Copy and past the search query below into the google search box … and browse random peoples lives by peeking at their iPhone backups. This is not a hack. This is an indexation of information put online BY USERS, indexed by Google .. and found by you.
This week is “Privacy Week” on Knightwise.com where we are going to focus on applications, tips and tricks to keep YOUR data safe from prying eyes. “Why ? ” you might say .. “I have nothing to hide”. Are you sure about that ? Then lets strip the blinds from your bedroom so your neighbours can enjoy the saturday-night “bow-chicka-bowow” action with your spouse .. or since we are at it , remove the doors from ALL public bathrooms … You won’t mind to squat in plain sight, do you .. you had “nothing to hide”.
The point I am trying to make is that privacy is not only a basic human right, “Keeping your privacy” is also becoming a very personal statement in this world where everybody seems to spy on everybody. In this series of articles we won’t teach you how to stay out of reach from the NSA or stuff, but will give you some basic pointers on how to keep your personal information away from script kiddies, nosy network administrators and the small minority of malevolent hackers that might actually be out to get YOU. The fact of the matter is : Getting your hands on other people’s information is just too darn easy these days. What if that nerdy kid in the coffee shop is keeping track of all the url’s you are visiting. What if the stalky network admin at work has an extra special interest in your traffic, what if there is a Pinapple hotspot in operation without you knowing it (Check out the special we did on this interesting device HERE ) “So WHAT ? WHAT can they see ?” you ask ? lets illustrate with a little video here.
So you see : Your privacy is not always guaranteed. Tag along on our privacy week and pick up some pointers on how to keep your privacy .. private.
We start off season 8 with a great topic on Cross platform security. Many of us think that we are safe from mall ware or viruses because we don’t use vulnerable operating systems. Good friend of the show Emmet Steward is here to tell us, that this is not the case. We talk about cross-platform security hazards and, more importantly, how to protect your system and be safe.
Emmet also talks about a great course called ‘Hackitplus’ where you can enrol to be a white hat hacker and learn all about penetration testing, security and … ethical hacking.
We also have Konrad Dwojaks weekly photography tip : This time on keeping your gear safe in cold weather.
All in all : a great show to kick off season 8 of Knightwise.com
There is no way to summarise Hacker Public Radio in just one word. It isn’t even “one” podcast but an endless slew of individual podcast episodes by many many different hosts on a great variety of topics. All topics (mostly) center about hacking and technology … but sometimes there is just somebody on there who tells you what its like to stay in a mental institution as she suffers from schizophrenia. Not every show has top notch audio quality and some are a little chaotic .. But the awesome thing about HPR is that it is something DIFFERENT ever day. I feel like the proverbial Forrest Gump who points at his box of chocolates and is unable to correctly prophesize the content, texture and flavour of the next piece of chocolate. “You never know what you are gonna get” is exactly what sums up Hacker Public Radio. The only guarantees (except the speed of light) is that it is going to be related to technology and its going to be interesting.. And if not ? Skip a show and listen the next day.
We walk the hackers walk this week and show you how to accumulate your own database of Wireless access points in your area using nothing more but your smartphone. And if that is not enough we take it a step further and teach you how to find an open wifi hotspot anywhere on the planet. Listener Thor swings by and tells you to connect to the Knightwise.com Mumble server using your Android device.
Time to raise the hairs on the neck of all Wifi-enabled laptop and mobile phone users in this interesting interview with Gerjon McVries ( @mcvries on Twitter) about “The pineapple” and its awesome (and malevolent) potential when it comes to exploiting basic flaws in Wifi enabled devices. If you were worried about the NSA sniffing your traffic in the Prism debacle, then try not to realise that a 14 year old scriptkiddie with a paypall account could buy this awesome toy and sniff every bit you transmit.
If there is one blog you should check out on a regular basis : Try “Hackaday” (thanx listener @sharky for the heads up). Its a great site with .. hacks. Whenever you like to turn your microwave into a sonic screwdriver, your doorbell into a dna-scanner or your inlaws into low orbiting space debree .. Hackaday will probably not be of any use to you … or will they ? At least they will manage to entertain you. Recently they asked their community what the ten best hacking movies/videos were .. of all time. Forget Angela Jolie in Hackers, forget computers that go bleeepediebloop whenever you touch them .. Forget Hollywood. Here is the real deal.
You can find a list of all the movies mentioned on their site. Unfortunately there are no links to where you can watch some of these online. So Geek points for ANY Knightwise.com wiseguy/wisegirl that can come up with links to youtube, vimeo or internet archive copies of these 10 films .. in the comments section.