Pulp Google Hacking:The Next Generation Search Engine .

2y ago
78 Views
5 Downloads
7.66 MB
72 Pages
Last View : 7d ago
Last Download : 2m ago
Upload by : Halle Mcleod
Transcription

Pulp Google HackingThe Next Generation Search Engine Hacking Arsenal3 August 2011 – Black Hat 2011 – Las Vegas, NVPresented by:Francis BrownRob RaganStach & Liu, LLCwww.stachliu.com

AgendaOVERVIEW Introduction/Background Advanced Attacks Google/Bing Hacking - Core Tools NEW Diggity Attack Tools Advanced Defenses Google/Bing Hacking Alert RSS Feeds NEW Diggity Alert Feeds and Updates NEW Diggity Alert RSS Feed Client Tools Future Directions2

Introduction/BackgroundGETTING UP TO SPEED3

Open Source IntelligenceSEARCHING PUBLIC SOURCESOSINT – is a form of intelligencecollection management that involvesfinding, selecting, and acquiringinformation from publicly availablesources and analyzing it to produceactionable intelligence.4

Google/Bing HackingSEARCH ENGINE ATTACKS5

Google/Bing HackingSEARCH ENGINE ATTACKSBing's source leaked!class Bing {public static string Search(stringquery){return Google.Search(query);}}6

Attack TargetsGOOGLE HACKING DATABASE Advisories and Vulnerabilities (215) Error Messages (58) Files containing juicy info (230) Files containing passwords (135) Files containing usernames (15) Footholds (21) Pages containing login portals (232) Pages containing network orvulnerability data (59) Sensitive Directories (61) Sensitive Online Shopping Info (9) Various Online Devices (201) Vulnerable Files (57) Vulnerable Servers (48) Web Server Detection (72)7

Google Hacking LulzREAL WORLD THREATLulzSec and Anonymous believed to useGoogle Hacking as a primary means ofidentifying vulnerable targets.Their releases have nothing to do with their goalsor their lulz. It's purely based on whatever theyfind with their "google hacking" queries and thenrelease it.-- A-Team, 28 June 20118

Google Hacking LulzREAL WORLD THREAT22:14 @kayla Sooooo.using the link above and the google hack string.!Host *.* intext:enc UserPassword * ext:pcf Take your pick of VPNs youwant access too. Ugghh. Aaron Barr CEO HBGary Federal Inc.22:15 @kayla download the pcf file22:16 @kayla then use http://www.unix-ag.unikl.de/ massar/bin/cisco-decode?enc to clear text it22:16 @kayla free VPN9

Quick HistoryGOOGLE HACKING RECAPDatesEvent2004Google Hacking Database (GHDB) beginsMay 2004Foundstone SiteDigger v1 releasedJan 2005Foundstone SiteDigger v2 releasedFeb 13, 2005Google Hack Honeypot first releaseFeb 20, 2005Google Hacking v1 released by Johnny LongJan 10, 2006MSNPawn v1.0 released by NetSquareDec 5, 2006Google stops issuing Google SOAP API keysMar 2007Bing disables inurl: link: and linkdomain:Nov 2, 2007Google Hacking v2 released10

Quick History cont.GOOGLE HACKING RECAPDatesEventMar 2008cDc Goolag - gui tool releasedSept 7, 2009Google shuts down SOAP Search APINov 2009Binging tool released by BlueinfyDec 1, 2009FoundStone SiteDigger v 3.0 released2010Googlag.org disappearsApril 21, 2010 Google Hacking Diggity Project initial releasesNov 1, 2010Google AJAX API slated for retirementNov 9, 2010GHDB Reborn Announced – Exploit-db.comJuly 2011Bing ceases ‘&format rss’ support11

Advanced AttacksWHAT YOU SHOULD KNOW12

Diggity Core ToolsSTACH & LIU TOOLSGoogle Diggity Uses Google JSON/ATOM API Not blocked by Google bot detection Does not violate Terms of Service Required to useBing Diggity Uses Bing 2.0 SOAP API Company/Webapp Profiling Enumerate: URLs, IP-to-virtual hosts, etc. Bing Hacking Database (BHDB) Vulnerability search queries in Bing format13

New FeaturesDIGGITY CORE TOOLSGoogle Diggity - New API Updated to use Google JSON/ATOM API Due to deprecated Google AJAX APIMisc. Feature Uprades Auto-update for dictionaries Output export formats Now also XLS and HTML Help File – chm file added14

New FeaturesDOWNLOAD BUTTONDownload Buttons for Google/Bing Diggity Download actual files from Google/Bing search results Downloads to default: C:\DiggityDownloads\ Used by other tools for file download/analysis: FlashDiggity, DLP Diggity, MalwareDiggity, 15

New FeaturesAUTO-UPDATESSLDB Updates in Progress Example: SharePoint Google Dictionary -hacking-diggityproject/#SharePoint – GoogleDiggity Dictionary File16

Google DiggityDIGGITY CORE TOOLS17

Bing DiggityDIGGITY CORE TOOLS18

Bing Hacking DatabaseSTACH & LIU TOOLSBHDB – Bing Hacking Data Base First ever Bing hacking database Bing hacking limitations Disabled inurl:, link: and linkdomain:directives in March 2007Example - Bing vulnerability search: GHDB query "allintitle:Netscape FastTrack Server Home Page" BHDB version intitle:”Netscape FastTrack Server Home Page" No support for ext:, allintitle:, allinurl: Limited filetype: functionality Only 12 extensions supported19

Hacking CSE’sALL TOP LEVEL DOMAINS20

NEW GOOGLE HACKING TOOLSCode Search Diggity21

Google Code SearchVULNS IN OPEN SOURCE CODE Regex search for vulnerabilities in indexedpublic code, including popular open sourcecode repositories: Example: SQL Injection in ASP querystring select.*from.*request\.QUERYSTRING22

CodeSearch DiggityAMAZON CLOUD SECRET KEYS23

NEW GOOGLE HACKING TOOLSBing LinkFromDomainDiggity24

Bing LinkFromDomainDIGGITY TOOLKIT25

Bing LinkFromDomainFOOTPRINTING LARGE ORGANIZATIONS26

NEW GOOGLE HACKING TOOLSMalware Diggity27

MalwareDiggityDIGGITY TOOLKIT1. Leverages Bing’s linkfromdomain: search directiveto find off-site links of target applications/domains2. Runs off-site links against Google’s Safe Browsing APIto determine if any are malware distribution sites3. Return results that identify malware sites that your webapplications are directly linking to28

Mass Injection AttacksMALWARE GONE WILDMalware Distribution Woes – WSJ.com – June2010 Popular websites victimized, become malware distribution sites to their owncustomers29

Mass Injection AttacksMALWARE GONE WILDMalware Distribution Woes – LizaMoon – April2011 Popular websites victimized, become malware distribution sites to their owncustomers30

Mass Injection AttacksMALWARE GONE WILDMalware Distribution Woes – willysy.com - August2011 Popular websites victimized, become malware distribution sites to their owncustomers31

Malware DiggityDIGGITY TOOLKIT32

Malware DiggityDIGGITY TOOLKIT33

Malware DiggityDIAGNOSTICS IN RESULTS34

NEW GOOGLE HACKING TOOLSDLP Diggity35

DLP DiggityLOTS OF FILES TO DATA MINE36

DLP DiggityMORE DATA SEARCHABLE EVERY YEARGoogle Results for Common ,00020071,720,0002004TXT37

DLP DiggityDIGGITY TOOLKIT38

NEW GOOGLE HACKING TOOLSFlashDiggity39

Flash DiggityDIGGITY TOOLKIT Google for SWF files on target domains Example search: filetype:swf site:example.com Download SWF files to C:\DiggityDownloads\ Disassemble SWF files and analyze for Flash vulnerabilities40

NEW GOOGLE HACKING TOOLSDEMO41

GoogleScrape DiggityDIGGITY TOOLKITGoogleScrape Diggity Uses Google mobile interface Light-weight, no advertisements Violates Terms of Service Bot detection avoidance Distributed via proxies Spoofs User-agent and Refererheaders Random &userip value Across Google servers42

NEW GOOGLE HACKING TOOLSBaidu Diggity43

BaiduDiggityCHINA SEARCH ENGINE Fighting back44

Advanced DefensesPROTECT YO NECK45

Traditional DefensesGOOGLE HACKING DEFENSES “Google Hack yourself” organization Employ tools and techniques used by hackers Remove info leaks from Google cache Using Google Webmaster Tools Regularly update your robots.txt. Or robots meta tags for individual page exclusion Data Loss Prevention/Extrusion Prevention Systems Free Tools: OpenDLP, Senf Policy and Legal Restrictions46

Existing Defenses“H A C K Y O U R S E L F” Tools exist Convenient Real-time updates Multi-engine results Historical archived data Multi-domain searching47

Advanced DefensesNEW HOT SIZZLEStach & Liu now proudly presents: Google and Bing Hacking Alerts SharePoint Hacking Alerts – 118 dorks SHODAN Hacking Alerts – 26 dorks Diggity Alerts FUNdle Bundles Consolidated alerts into 1 RSS feed Alert Client Tools Alert Diggity – Windows systray notifications iDiggity Alerts – iPhone notification app48

Google Hacking AlertsADVANCED DEFENSESGoogle Hacking Alerts All hacking database queries using Real-time vuln updates to 2400 hack queries via RSS Organized and available viaimportable file49

Google Hacking AlertsADVANCED DEFENSES50

Bing Hacking AlertsADVANCED DEFENSESBing Hacking Alerts Bing searches with regexs from BHDB Leverages http://api.bing.com/rss.aspx Real-time vuln updates to 900 Bing hack queries via RSS51

Bing/Google AlertsLIVE VULNERABILITY FEEDSWorld’s Largest Live Vulnerability Repository Daily updates of 3000 new hits per day52

Diggity AlertsOne Feed to Rule Them AllADVANCED DEFENSE TOOLSDiggity Alert Fundle Bundle53

FUNdle BundleADVANCED DEFENSES54

FUNdle BundleADVANCED DEFENSES55

FUNdle BundleMOBILE FRIENDLY56

ADVANCED DEFENSE TOOLSSHODAN Alerts57

SHODAN AlertsFINDING SCADA SYSTEMS58

SHODAN AlertsSHODAN RSS FEEDS59

Bing/Google AlertsTHICK CLIENTS TOOLSGoogle/Bing Hacking Alert Thick Clients Google/Bing Alerts RSS feeds as input Allow user to set one or more filters e.g. “yourcompany.com” in the URL Several thick clients being released: Windows Systray App Droid app (coming soon) iPhone app60

ADVANCED DEFENSE TOOLSAlert Diggity61

Alerts DiggityADVANCED DEFENSES62

iDiggity AlertsADVANCED DEFENSE TOOLSiDiggity Alerts63

iDiggity AlertsADVANCED DEFENSES64

iDiggity AlertsADVANCED DEFENSES65

New Defenses“G O O G L E / B I N G H A C K A L E R T S” Tools exist Convenient Real-time updates Multi-engine results Historical archived data Multi-domain searching66

Future DirectionIS NOW67

Diggity Alert DBDATA MINING VULNSDiggity AlertsDatabase68

Dictionary Updates3RD P A R T Y I N T E G R A T I O NNew maintainers of the GHDB – 09 Nov 2010 reborn/69

Special ThanksOscar “The Bull” SalazarBrad “BeSickWittIt” SicklesNick “King Luscious” HarbinPrajakta “The Flasher” JagdaleRuihai “Ninja” FangJason “Blk-majik” Lash

Questions?Ask us somethingWe’ll try to answer it.For more info:Email: contact@stachliu.comProject: diggity@stachliu.comStach & Liu, LLCwww.stachliu.com

Thank YouStach & Liu Google Hacking Diggity Project ools/google-hacking-diggity-project/72

Google Hacking Lulz . 8 . LulzSec and Anonymous believed to use Google Hacking as a primary means of identifying vulnerable targets. Their releases have nothing to do with their goals or their lulz. It's purely based on whatever they find with their "google hacking" queries and then releas

Related Documents:

May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)

Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .

On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.

̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions

Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have

Hacking Concepts 1.10 What is Hacking? 1.11Who is a Hacker? 1.12 Hacker Classes 1.13 Hacking Phases o Reconnaissance o Scanning o Gaining Access o Maintaining Access o Clearing Tracks Ethical Hacking Concepts 1.14 What is Ethical Hacking? 1.15 Why Ethical Hacking is Necessary 1.16 Scope and Limitations of Ethical Hacking

with calcium hydroxide was slower than that of MTA, both materials were successful for pulp capping in human teeth. (J Endod 2008;34:1-6) Key Words Biocompatibility, calcium hydroxide, human pulp, min-eral trioxide aggregate, pulp capping, pulp therapy T he aim of conservative pulp therapy is to maintain the coronal and radicular pulp

Advanced Engineering Mathematics Dr. Elisabeth Brown c 2019 1. Mathematics 2of37 Fundamentals of Engineering (FE) Other Disciplines Computer-Based Test (CBT) Exam Specifications. Mathematics 3of37 1. What is the value of x in the equation given by log 3 2x 4 log 3 x2 1? (a) 10 (b) 1(c)3(d)5 E. Brown . Mathematics 4of37 2. Consider the sets X and Y given by X {5, 7,9} and Y { ,} and the .