So we showed you how powerful a good Google search could be this week. Time to turn to the dark side and give you some examples of how hackers can use these skills to get to some pretty scary things. To create a dangerous situation where the wrong information can fall into the wrong hands, you need 2 ingredients. Somebody who is stupid enough to put it online, and somebody who is clever enough to find it. Below are some pretty creepy examples of how some Google dorks spill some information that was supposed to be private.
Some juicy searches.
Some people write down their domain registration information in a .doc file .. and then put it on the internet. Whoever can put two and two together .. can steal their domain.
filetype:docx Domain Registrar $user $pass
How about finding product licence files for the Avast antivirus program ? Some of them are just up for grabs.
How about we go searching for a randomly published list of phonenumbers.
- allinurl:phonenumbers filetype:xls
Search for random resume’s that candidates (or their employees) put online.
- inurl:Curriculum Vitae filetype:pdf
How about some “Confidential Salary” documents that people put online. (we stood in awe at the first hit )
- ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential
Or take a peek at people’s random downloaded hotmail emails.
- inurl:getmsg.html intitle:hotmail
Its a little bit of history .. but how about a random netscape browser history file. (we giggled at THIS one)
And when combining this generic search query for root directories of certain FTP servers with a certain domain .. you can find out a lot. If you use it as listed below .. its just an interesting way to browse random file directories.
- intitle:”FTP root at”
Msn messenger does not exist anymore, but there are plenty of contact lists well stocked with juicy email addresses up for grabs.
- filetype:ctt “msn”
And the list goes on and on and on. Now, standing by themselves the Google searches above are quite harmless. They are too generic to do any harm and are only good for a chuckle. The dangerous part begins when these queries are targeted at a certain person, site our domain. Armed with ONLY their browser and an internet connection, the wrong people can find out all the right things they need to know to make you / your company / your website have a really bad day. Knowledge is power and it is also ambivalent. It can be used for good and for evil… So are you SURE that there is not digital flotsam with your username/passwords floating around on the internet ? Because once Google indexes it .. anybody with the right skills can find it.
Today on our Google Hacking week, we continue to use the Google search engine as a source for interesting information. In our previous posts we talked about finding and downloading certain kinds of files but today we are on the lookout for “juicy devices”.
The theory is quite simple : Most appliances like webcams, routers, copiers and more have web interfaces. A lot of different applications and services can also be controlled by a web interface. It’s easy and convenient when you can use the browser on your computer to configure and watch your webcam or change settings on your router while on your local lan. But what if those devices are hooked up directly to the internet ?
Any device that gets connected directly to the internet is at some point scanned and indexed by Google and if you enter the right search term you will be able to find it. The way we are looking for those devices and services today is by using the INURL option. Some web interfaces (to your router or webcam) have a very specific way their URL looks. By searching for those specific url types with the INURL option.. you can find some very cool stuff. If people have done their homework most of these services will be blocked by a unique login or password. But some people just use the default password … or even none at all.
Let us take you an a walk through the net with some very specific INURL Google Dorks.
- This one will get you some interesting webcams (some you can even control with your mouse). Look around and see if you can find the Giraffe Cam.
- More network camera’s here. This one is in some dorm/college. You can control the zoom and the direction of the camera.
- inurl:”:10000″ intext:”webmin”
- Remember we talked about WEBMIN ? This will give you a list of all webmin servers connected directly to the internet. most of them are protected by a password (we hope) .. but common usernames like ROOT and some generic passwords might get you in.
- This will get you a list of PLEX media servers where people can store music and movies to watch on any device (even across the internet). Most of them are locked down with a login/password. Some of them … are not. Happy streaming.
So you see : there are quite a few webservices out there that are inadvertently open to the indexing power of Google. Some clever searching and you can find them.
We close off by going by to our camera in the student dorm. Where is this ? A simple ping of the url gives us the following IP : 18.104.22.168 and by going to Whereisthisip.net we find out that its Sydney Australia. Its THAT simple.
Puzzling information together.
This might all look like fun and games, but badly secured devices are dangerous. Whether you have weirdo’s peeking through your accidentally-publicly-connected Ip camera, or random people printing out documents on your www-connected printer.. its never good. Using the Domain name, the IP and the registration information of the domain people can quickly find out where and even WHO you are. If you skip good security and don’t use passwords (or default passwords) .. it does not bode well for you. Hackers even use the INURL search to find specific webservers/services with vulnerabilities. All they then need to do is run some code to take advantage of the exploit .. and they are in. Hackers don’t NEED to search for your open Webmin server with the buggy (and vulnerable) version of the http code .. Google did it for them.
This week it’s ‘Google hacking week’ on Knightwise.com where we are going to show you some fun and interesting things you can do with Google. We sometimes forget that Google’s main mission is to “index the information of the world” and this means that the Google “bots” (little search and index programs) constantly crawl the internet in their never ending quest to gather information and index it in the massive Google database.
The end result is that if you type stuff into Google’s search bar like ” My Little Pownie ” it will cross reference your search with its massive database and bring back some results you can click on. Although searches like these make up 99% of what Google needs to do all day long .. its only the tip of the iceberg of what Google can REALLY do.
If you play your cards right and ask Google the right questions you can find out a whole lot more. And sometimes you will even find stuff that was not meant to be found. You would be amazed at what people throw online (and forget about). Google quietly indexes it all and you have just one thing to do … ask the right questions.
This weeks articles have nothing to do with “Hacking Google” (good luck with that if you want to try) It’s more about realising the power of the biggest search engine in the world … and the blatant disregard for security that people can have when they put stuff online that was never supposed to be found. Stand by as we teach you some interesting Google Search ‘operators’ as they are called.
We are going to kick you off with a nice examples of how you can use a modified Google search string to find some interesting stuff. Later on in the week we will explain the different google “operators” and how you can combine them to find cool stuff.
Here is a very simple one to get you started : Copy and past the search query below into the google search box … and browse random peoples lives by peeking at their iPhone backups. This is not a hack. This is an indexation of information put online BY USERS, indexed by Google .. and found by you.
intitle:”index of” inurl:”iphone”
This week is “Privacy Week” on Knightwise.com where we are going to focus on applications, tips and tricks to keep YOUR data safe from prying eyes. “Why ? ” you might say .. “I have nothing to hide”. Are you sure about that ? Then lets strip the blinds from your bedroom so your neighbours can enjoy the saturday-night “bow-chicka-bowow” action with your spouse .. or since we are at it , remove the doors from ALL public bathrooms … You won’t mind to squat in plain sight, do you .. you had “nothing to hide”.
The point I am trying to make is that privacy is not only a basic human right, “Keeping your privacy” is also becoming a very personal statement in this world where everybody seems to spy on everybody. In this series of articles we won’t teach you how to stay out of reach from the NSA or stuff, but will give you some basic pointers on how to keep your personal information away from script kiddies, nosy network administrators and the small minority of malevolent hackers that might actually be out to get YOU. The fact of the matter is : Getting your hands on other people’s information is just too darn easy these days. What if that nerdy kid in the coffee shop is keeping track of all the url’s you are visiting. What if the stalky network admin at work has an extra special interest in your traffic, what if there is a Pinapple hotspot in operation without you knowing it (Check out the special we did on this interesting device HERE ) “So WHAT ? WHAT can they see ?” you ask ? lets illustrate with a little video here.
So you see : Your privacy is not always guaranteed. Tag along on our privacy week and pick up some pointers on how to keep your privacy .. private.