SlideShare una empresa de Scribd logo

Kiran karnad rtc2014 ghdb-final

Romania Testing
Romania Testing

The document discusses how to use Google searches and operators to find sensitive information that could be useful for hackers. Some key points discussed include using intitle and inurl operators to find login portals and server configuration files containing passwords. Examples are given of searches to find passwords, credit card numbers, software serial numbers, and even live video feeds from unsecured cameras. The document warns that exploiting any found vulnerabilities would be unethical.

Tecnología
1 de 65
Descargar para leer sin conexión
The Google Hacking Database Security Testing Team – Kiran Karnad, KPI Soft A Key Resource to exposing vulnerabilities
Disclaimer
Disclaimer
Google & Bing Basics - OSINT Basic, Phrase, Advanced Search What’s Google Hacks All About? Sample Hacks Python Script for OS INT What’s This All About?
In the Recent Past If you are not hacked, you are not important!
What all can be hacked Network Hardware hacking Wireless Social Engineering Mobile Lock Picking Web hacking
What you don’t know might hurt…
OSINT – Let’s define Intelligence collected from public sources • Google • Social Engines • Details on next slide OSINT Communities • Government – FBI, CBI etc • Military – Defence Intel Agency • Homeland Security • Business – Commercial, Competitor INT, BI • Anonymous & LulzSec– shodan, GHDB
OSINT – Some methods
It’s what you expose
How Google Works
Search Types Supported Basic Search Phrase Search Advanced Operators
Repeating what we’ve been doing all this while
Search Types General Search • Not cAsE seNSitiVE • No more than 10 keywords in a search • Google ignores “a”, 5w1h, this, to, we • AND is always implied • Date of birth of Hugh Jackman Phrase Search • “Use quotes” • Use + to force a term and – to exclude • No space follows these signs • See the SERPs for with and without quotes
So InSenSItiVe
5W 1H – Google doesn’t mind
Mark my Ten Words, that’s it
The reason for the previous results…
* Avoiding * 10-word limitation *
And I’m Always There
Now, try this… +the * *
“More shrewd searches”
“Is there a difference?”
Force The Plus, Exclude The Minus
OR vs. AND
OR | or
A quick Recap Operators • Logical • OR – case sensitive • Mathematical • + (must) and – (not) have special meaning • No Stemming • OK: “It’s the end of the * as we know it” • KO: “American Psycho*” – wont give psychology or psychophysics • * represents a word, not the completion of a word • Period is a single character wild card • Let’s try some
Stop No More!
Know Thy Web Page
Advanced Operators = advanced queries Operator:search_term – no space after and before the : List of most used Advanced operators • Intitle: • Inurl: • Intext: • Inanchor: • Filetype: • Continued…
Advanced Operators contd… Try a space between the operator and the term and see the results count More Advanced Operators • Numrange: • Daterange: • Site: • Related: • Cache: • Link:
Intitle:index.of server.at
So What? • What can a hacker do with this info? ▫ Go to http://www.cvedetails.com ▫ Check vulnerabilities for Apache 2.2.16 ▫ Trigger Metasploit
Intitle:index.of server.at site:aol.com Files on AOL server. Files on MIT server.
Hyped Music Try directory traversal from any page, you can download tons of music! Their business is selling music online! Query is: Intitle:index.of name size Check out the site hypem.com in SERPS
Summary Directory Listings Show server version information Useful for an attacker intitle:index.of server.at intitle:index.of server.at site:aol.com Finding Directory Listings intitle:index.of "parent directory" intitle:index.of name size
Piracy – MP3s Intitle:index.of mp3 jackson AND iso kaspersky Remember, Google stems!
Piracy – MP3s • Intitle:index.of mp3 jackson ▫ Yields 20+ pages of songs in mp3 format ▫ No need to wait for website instructions! ▫ Remember, Google stems! • Intitle:index.of iso kaspersky ▫ Gets the AV installers from various websites ▫ Most of them with professional key or cracks ▫ Even beta versions are available
More Piracy – ISO • Inurl:microsoft intitle:index.of filetype:iso ▫ Get MS ISO files from everywhere!
Johnny’s Disclaimer “Note that actual exploitation of a found vulnerability crosses the ethical line, and is not considered mere web searching.”
Listing all the subdomains
HR Intranet with details on… inurl:intranet intitle:intranet +intext:"human resources" Some details a hacker can get from here: • HR Forms and Policies • New Staff Info • Consultation • Health Benefits • Salary packaging • Contact Person • Office and Meeting Room Layout • Emails and Phones • Training • Pay Calculation
PuTTY SSH Logs with juicy info
Let’s get rolling Combining operators does the magic Inurl:microsoft.com –inurl:www.microsoft.com Inurl:intranet intitle:intranet +intext:”human resource” Filetype:log username putty inurl:admin intext:username= AND email= AND password= OR pass= filetype:xls Let’s see “intitle:index.of inurl:admin“ “Filetype:php inurl:id=“
Continuing to roll “filetype:phps mysql_connect” filetype:xls "username | password“ inurl:"passes" OR inurl:"passwords" OR inurl:"credentials" -search -download -techsupt -git -games -gz -bypass -exe filetype:txt @yahoo.com OR @gmail OR @hotmail OR @rediff
Must Tries Hacked websites  inurl:”r00t.php” Hacked logs  allintext:”fs-admin.php” Finding login for portals  intitle:admin intitle:login SSH usernames  filetype:log username putty Getting user list  Inurl:admin inurl:userlist Passwords!  filetype:pass pass intext:userid SQL Passwords  filetype:sql password Usernames  inurl:admin filetype:xls Passwords  inurl:password filetype:xls More!!  inurl:passwd filetype:xls (pdf, doc, mdb)
More Stuff! intitle:"Index of" passwords modified allinurl:auth_user_file.txt "access denied for user" "using password“ "A syntax error has occurred" filetype:ihtml allinurl: admin mdb "ORA-00921: unexpected end of SQL command“ inurl:passlist.txt "Index of /backup“ "Chatologica MetaSearch" "stack tracking:"
Credit Cards!! Number Ranges to find Credit Card, SSN, Account Numbers Numbers Amex: (15 digits) 300000000000000..399999999999 999 MC: (16 digits) 5178000000000000..51789999999999 99 4356000000000000..435699999999 9999 Visa : (16 digits)
Listings of what you want Change the word after the parent directory to what you want "parent directory " DVDRip -xxx -html -htm -php -shtml opendivx -md5 -md5sums "parent directory "Xvid -xxx -html -htm -php -shtml opendivx -md5 -md5sums "parent directory " Gamez -xxx -html -htm -php -shtml opendivx -md5 -md5sums "parent directory " MP3 -xxx -html -htm -php -shtml opendivx -md5 -md5sums "parent directory " Name of Singer or album” -xxx –html htm -php -shtml - opendivx -md5 -md5sums
CGI Scanner Google can be used as a CGI scanner. The index.of or inurl searchs are good tools to find vulnerable targets. For example, a Google search for this: allinurl:/random_banner/index.cgi Hurray! There are only four two now… the broken random_banner program will cough up any file on that web server, including the password file…
Passwords "# -FrontPage-" inurl:service.pwd FrontPage passwords.. very nice clean search results listing !! "AutoCreate=TRUE password=*" This searches the password for "Website Access Analyzer", a Japanese software that creates web statistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/ "http://*:*@www" domainname This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the domain name without the .com or .net "http://*:*@www" gamespy or http://*:*@www”gamespy Another way is by just typing "http://bob:bob@www"
More Passwords – IRC and Access "sets mode: +k" This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs. eggdrop filetype:user user These are eggdrop config files. Avoiding a fullblown discussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users. allinurl: admin mdb Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
MySQL Passwords & ETC directory intitle:"Index of" config.php This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. intitle:index.of.etc This search gets you access to the etc directory, where many, many, many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!
Passwords in backup files filetype:bak inurl:"htaccess|passwd|shadow|htusers" This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extension of a file on a web server can have ugly consequences.
Serial Numbers Let's pretend you need a serial number for Windows XP Pro. In the Google search bar type in just like this - "Windows XP Professional" 94FBR the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' sites (usually pornography) that trick you. Or if you want to find the serial for WinZip 8.1 - "WinZip 8.1" 94FBR
And Finally inurl:LvAppl intitle:liveapplet inurl:"viewerframe?mode=motion" intitle:"Live View / - AXIS" intitle:"snc-rz30 home" inurl:indexFrame.shtml "Axis Video Server“ So where is the database? http://www.exploit-db.com/google-dorks/
Securing ourselves from Google Hackers
Additional Info
How Vulnerability Scanners work
Scanner Limitations If the DB doesn’t have it, it won’t detect it – purely signature based Authentication by scanner is not trust-worthy Lacks IDS detection bypass No realistic fuzzing possible Cant replace manual SQL Injection No intelligence in detecting attack vectors and surfaces Working with custom apps is a limitation Can identify points of weakness but can’t anticipate complex attack schemes Cant handle asynchronous & offline attack vectors Limitations should be clearly understood Can’t detect logic flaws, weak cryptographic functions, information leakage etc
So, who are these hackers?
Real-life hacker categories
About the Presenter Thank You!
Kiran karnad rtc2014 ghdb-final

Recomendados

Dangerous Google searching for secrets
Dangerous Google searching for secretsDangerous Google searching for secrets
Dangerous Google searching for secrets
Pim Piepers
 
The Google Hacking Database: A Key Resource to Exposing Vulnerabilities
The Google Hacking Database: A Key Resource to Exposing VulnerabilitiesThe Google Hacking Database: A Key Resource to Exposing Vulnerabilities
The Google Hacking Database: A Key Resource to Exposing Vulnerabilities
TechWell
 
Google Dorks and SQL Injection
Google Dorks and SQL InjectionGoogle Dorks and SQL Injection
Google Dorks and SQL Injection
Mudassir Hassan Khan
 
Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi
Driton Haliti
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
Adhoura Academy
 
Google
GoogleGoogle
Google
sunil sharma
 
Demystifying google hacks
Demystifying google hacksDemystifying google hacks
Demystifying google hacks
darwinah retno
 
google dork.pdf
google dork.pdfgoogle dork.pdf
google dork.pdf
Mahesh Pradhan
 

Recomendados

Dangerous Google searching for secrets
Dangerous Google searching for secretsDangerous Google searching for secrets
Dangerous Google searching for secrets
Pim Piepers
 
The Google Hacking Database: A Key Resource to Exposing Vulnerabilities
The Google Hacking Database: A Key Resource to Exposing VulnerabilitiesThe Google Hacking Database: A Key Resource to Exposing Vulnerabilities
The Google Hacking Database: A Key Resource to Exposing Vulnerabilities
TechWell
 
Google Dorks and SQL Injection
Google Dorks and SQL InjectionGoogle Dorks and SQL Injection
Google Dorks and SQL Injection
Mudassir Hassan Khan
 
Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi
Driton Haliti
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
Adhoura Academy
 
Google
GoogleGoogle
Google
sunil sharma
 
Demystifying google hacks
Demystifying google hacksDemystifying google hacks
Demystifying google hacks
darwinah retno
 
google dork.pdf
google dork.pdfgoogle dork.pdf
google dork.pdf
Mahesh Pradhan
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
Sais Abdelkrim
 
CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google Hacking
Prathan Phongthiproek
 
Google Hacking by Ali Jahangiri
Google Hacking by Ali JahangiriGoogle Hacking by Ali Jahangiri
Google Hacking by Ali Jahangiri
Devetol
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
amiable_indian
 
Havij dork
Havij dorkHavij dork
Havij dork
iyusrusnadi
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
SecuRing
 
ReadingSEO - Technical SEO at Scale
ReadingSEO - Technical SEO at ScaleReadingSEO - Technical SEO at Scale
ReadingSEO - Technical SEO at Scale
Hayden Roche
 
Command Line Automation for Repetitive Tasks
Command Line Automation for Repetitive TasksCommand Line Automation for Repetitive Tasks
Command Line Automation for Repetitive Tasks
Mike Osolinski
 
Club hack 2011 precon ctf walkthrough
Club hack 2011 precon ctf walkthroughClub hack 2011 precon ctf walkthrough
Club hack 2011 precon ctf walkthrough
n|u - The Open Security Community
 
Build PHP Search Engine
Build PHP Search EngineBuild PHP Search Engine
Build PHP Search Engine
Kiril Iliev
 
.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana Stingu.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana Stingu
Roxana Stingu
 
1428393873 mhkx3 ln
1428393873 mhkx3 ln1428393873 mhkx3 ln
1428393873 mhkx3 ln
WilfredodelaCernaJr
 
London seo master - feb 2020
London seo master - feb 2020London seo master - feb 2020
London seo master - feb 2020
Matt Williamson
 
Hacking Tutorial for Apps
Hacking Tutorial for AppsHacking Tutorial for Apps
Hacking Tutorial for Apps
Grant Eaton
 
Web Techology and google code sh (2014_10_10 08_57_30 utc)
Web Techology and google code sh (2014_10_10 08_57_30 utc)Web Techology and google code sh (2014_10_10 08_57_30 utc)
Web Techology and google code sh (2014_10_10 08_57_30 utc)
Suyash Gupta
 
URLs and Domains (SMX East 2008)
URLs and Domains (SMX East 2008)URLs and Domains (SMX East 2008)
URLs and Domains (SMX East 2008)
Nathan Buggia
 
A Technical Look at Content - PUBCON SFIMA 2017 - Patrick Stox
A Technical Look at Content - PUBCON SFIMA 2017 - Patrick StoxA Technical Look at Content - PUBCON SFIMA 2017 - Patrick Stox
A Technical Look at Content - PUBCON SFIMA 2017 - Patrick Stox
patrickstox
 
secure php
secure phpsecure php
secure php
Riyad Bin Zaman
 
How a Hacker Sees Your Site
How a Hacker Sees Your SiteHow a Hacker Sees Your Site
How a Hacker Sees Your Site
Patrick Laverty
 
Customised Search With Google
Customised Search With GoogleCustomised Search With Google
Customised Search With Google
Dave Briggs
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol
 
ki
kiki
ki
martin
 

Más contenido relacionado

La actualidad más candente

CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google Hacking
Prathan Phongthiproek
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
SecuRing
 
Hacking Tutorial for Apps
Hacking Tutorial for AppsHacking Tutorial for Apps
Hacking Tutorial for Apps
Grant Eaton
 

La actualidad más candente (20)

Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
 
CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google Hacking
 
Google Hacking by Ali Jahangiri
Google Hacking by Ali JahangiriGoogle Hacking by Ali Jahangiri
Google Hacking by Ali Jahangiri
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
 
Havij dork
Havij dorkHavij dork
Havij dork
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
ReadingSEO - Technical SEO at Scale
ReadingSEO - Technical SEO at ScaleReadingSEO - Technical SEO at Scale
ReadingSEO - Technical SEO at Scale
 
Command Line Automation for Repetitive Tasks
Command Line Automation for Repetitive TasksCommand Line Automation for Repetitive Tasks
Command Line Automation for Repetitive Tasks
 
Club hack 2011 precon ctf walkthrough
Club hack 2011 precon ctf walkthroughClub hack 2011 precon ctf walkthrough
Club hack 2011 precon ctf walkthrough
 
Build PHP Search Engine
Build PHP Search EngineBuild PHP Search Engine
Build PHP Search Engine
 
.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana Stingu.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana Stingu
 
1428393873 mhkx3 ln
1428393873 mhkx3 ln1428393873 mhkx3 ln
1428393873 mhkx3 ln
 
London seo master - feb 2020
London seo master - feb 2020London seo master - feb 2020
London seo master - feb 2020
 
Hacking Tutorial for Apps
Hacking Tutorial for AppsHacking Tutorial for Apps
Hacking Tutorial for Apps
 
Web Techology and google code sh (2014_10_10 08_57_30 utc)
Web Techology and google code sh (2014_10_10 08_57_30 utc)Web Techology and google code sh (2014_10_10 08_57_30 utc)
Web Techology and google code sh (2014_10_10 08_57_30 utc)
 
URLs and Domains (SMX East 2008)
URLs and Domains (SMX East 2008)URLs and Domains (SMX East 2008)
URLs and Domains (SMX East 2008)
 
A Technical Look at Content - PUBCON SFIMA 2017 - Patrick Stox
A Technical Look at Content - PUBCON SFIMA 2017 - Patrick StoxA Technical Look at Content - PUBCON SFIMA 2017 - Patrick Stox
A Technical Look at Content - PUBCON SFIMA 2017 - Patrick Stox
 
secure php
secure phpsecure php
secure php
 
How a Hacker Sees Your Site
How a Hacker Sees Your SiteHow a Hacker Sees Your Site
How a Hacker Sees Your Site
 
Customised Search With Google
Customised Search With GoogleCustomised Search With Google
Customised Search With Google
 

Similar a Kiran karnad rtc2014 ghdb-final

Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
Maximiliano Soler
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With Google
Zero Science Lab
 
Basic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 sessionBasic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 session
Rob Dunn
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
Priyanka Aash
 
Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009
ClubHack
 

Similar a Kiran karnad rtc2014 ghdb-final (20)

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
ki
kiki
ki
 
Google Hacking Basic
Google Hacking BasicGoogle Hacking Basic
Google Hacking Basic
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With Google
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
Advanced googling
Advanced googlingAdvanced googling
Advanced googling
 
Google Hacking
Google HackingGoogle Hacking
Google Hacking
 
Introduction to google hacking database
Introduction to google hacking databaseIntroduction to google hacking database
Introduction to google hacking database
 
Splunk bsides
Splunk bsidesSplunk bsides
Splunk bsides
 
Web hacking
Web hackingWeb hacking
Web hacking
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 
Basic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 sessionBasic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 session
 
FarisAloulSlides.ppt
FarisAloulSlides.pptFarisAloulSlides.ppt
FarisAloulSlides.ppt
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan null
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
STIX Patterning: Viva la revolución!
STIX Patterning: Viva la revolución!STIX Patterning: Viva la revolución!
STIX Patterning: Viva la revolución!
 
Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
Playing with shodan
Playing with shodanPlaying with shodan
Playing with shodan
 

Más de Romania Testing

Baris sarialioglu testing on the move, mobile testing
Baris sarialioglu testing on the move, mobile testingBaris sarialioglu testing on the move, mobile testing
Baris sarialioglu testing on the move, mobile testing
Romania Testing
 
Jan jaap TMMi facts and figures v2
Jan jaap TMMi facts and figures v2Jan jaap TMMi facts and figures v2
Jan jaap TMMi facts and figures v2
Romania Testing
 
Luis fraile exploratory testing myths ro
Luis fraile exploratory testing myths roLuis fraile exploratory testing myths ro
Luis fraile exploratory testing myths ro
Romania Testing
 
Stephen janaway mobile testing - that's just a smaller screen, right
Stephen janaway mobile testing - that's just a smaller screen, rightStephen janaway mobile testing - that's just a smaller screen, right
Stephen janaway mobile testing - that's just a smaller screen, right
Romania Testing
 
Roland van leusden mobile performance testing rtc 2014 v0.6
Roland van leusden mobile performance testing rtc 2014 v0.6Roland van leusden mobile performance testing rtc 2014 v0.6
Roland van leusden mobile performance testing rtc 2014 v0.6
Romania Testing
 
Rene tuinhout passionate dating for testers and vice versa
Rene tuinhout passionate dating for testers and vice versaRene tuinhout passionate dating for testers and vice versa
Rene tuinhout passionate dating for testers and vice versa
Romania Testing
 
Georgi hristov continuous integration-for mobile test automation
Georgi hristov continuous integration-for mobile test automationGeorgi hristov continuous integration-for mobile test automation
Georgi hristov continuous integration-for mobile test automation
Romania Testing
 
Gabriel carabat a healthy approach for test automation
Gabriel carabat a healthy approach for test automationGabriel carabat a healthy approach for test automation
Gabriel carabat a healthy approach for test automation
Romania Testing
 
Daniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxDaniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolbox
Romania Testing
 
Codruta bunea establishing a test approach for a private cloud environment
Codruta bunea establishing a test approach for a private cloud environmentCodruta bunea establishing a test approach for a private cloud environment
Codruta bunea establishing a test approach for a private cloud environment
Romania Testing
 
Ciprian balea automated performance-testing
Ciprian balea automated performance-testingCiprian balea automated performance-testing
Ciprian balea automated performance-testing
Romania Testing
 
Andy glover - Artist within everyone
Andy glover - Artist within everyoneAndy glover - Artist within everyone
Andy glover - Artist within everyone
Romania Testing
 
Andy glover - Visual Testing Workshop
Andy glover - Visual Testing WorkshopAndy glover - Visual Testing Workshop
Andy glover - Visual Testing Workshop
Romania Testing
 
Ady beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdeliveryAdy beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdelivery
Romania Testing
 
Adrian bolboaca sherlock holmesandpairing-adibolboaca
Adrian bolboaca sherlock holmesandpairing-adibolboacaAdrian bolboaca sherlock holmesandpairing-adibolboaca
Adrian bolboaca sherlock holmesandpairing-adibolboaca
Romania Testing
 
Stephen blower inspiring testers - rtc2014
Stephen blower inspiring testers - rtc2014Stephen blower inspiring testers - rtc2014
Stephen blower inspiring testers - rtc2014
Romania Testing
 
Testing-as-a-service on demand
Testing-as-a-service on demandTesting-as-a-service on demand
Testing-as-a-service on demand
Romania Testing
 
10 Lessons learned in test automation
10 Lessons learned in test automation10 Lessons learned in test automation
10 Lessons learned in test automation
Romania Testing
 
Programming skills for test automation
Programming skills for test automationProgramming skills for test automation
Programming skills for test automation
Romania Testing
 
Mentoring embedded testing
Mentoring embedded testingMentoring embedded testing
Mentoring embedded testing
Romania Testing
 

Más de Romania Testing (20)

Baris sarialioglu testing on the move, mobile testing
Baris sarialioglu testing on the move, mobile testingBaris sarialioglu testing on the move, mobile testing
Baris sarialioglu testing on the move, mobile testing
 
Jan jaap TMMi facts and figures v2
Jan jaap TMMi facts and figures v2Jan jaap TMMi facts and figures v2
Jan jaap TMMi facts and figures v2
 
Luis fraile exploratory testing myths ro
Luis fraile exploratory testing myths roLuis fraile exploratory testing myths ro
Luis fraile exploratory testing myths ro
 
Stephen janaway mobile testing - that's just a smaller screen, right
Stephen janaway mobile testing - that's just a smaller screen, rightStephen janaway mobile testing - that's just a smaller screen, right
Stephen janaway mobile testing - that's just a smaller screen, right
 
Roland van leusden mobile performance testing rtc 2014 v0.6
Roland van leusden mobile performance testing rtc 2014 v0.6Roland van leusden mobile performance testing rtc 2014 v0.6
Roland van leusden mobile performance testing rtc 2014 v0.6
 
Rene tuinhout passionate dating for testers and vice versa
Rene tuinhout passionate dating for testers and vice versaRene tuinhout passionate dating for testers and vice versa
Rene tuinhout passionate dating for testers and vice versa
 
Georgi hristov continuous integration-for mobile test automation
Georgi hristov continuous integration-for mobile test automationGeorgi hristov continuous integration-for mobile test automation
Georgi hristov continuous integration-for mobile test automation
 
Gabriel carabat a healthy approach for test automation
Gabriel carabat a healthy approach for test automationGabriel carabat a healthy approach for test automation
Gabriel carabat a healthy approach for test automation
 
Daniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxDaniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolbox
 
Codruta bunea establishing a test approach for a private cloud environment
Codruta bunea establishing a test approach for a private cloud environmentCodruta bunea establishing a test approach for a private cloud environment
Codruta bunea establishing a test approach for a private cloud environment
 
Ciprian balea automated performance-testing
Ciprian balea automated performance-testingCiprian balea automated performance-testing
Ciprian balea automated performance-testing
 
Andy glover - Artist within everyone
Andy glover - Artist within everyoneAndy glover - Artist within everyone
Andy glover - Artist within everyone
 
Andy glover - Visual Testing Workshop
Andy glover - Visual Testing WorkshopAndy glover - Visual Testing Workshop
Andy glover - Visual Testing Workshop
 
Ady beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdeliveryAdy beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdelivery
 
Adrian bolboaca sherlock holmesandpairing-adibolboaca
Adrian bolboaca sherlock holmesandpairing-adibolboacaAdrian bolboaca sherlock holmesandpairing-adibolboaca
Adrian bolboaca sherlock holmesandpairing-adibolboaca
 
Stephen blower inspiring testers - rtc2014
Stephen blower inspiring testers - rtc2014Stephen blower inspiring testers - rtc2014
Stephen blower inspiring testers - rtc2014
 
Testing-as-a-service on demand
Testing-as-a-service on demandTesting-as-a-service on demand
Testing-as-a-service on demand
 
10 Lessons learned in test automation
10 Lessons learned in test automation10 Lessons learned in test automation
10 Lessons learned in test automation
 
Programming skills for test automation
Programming skills for test automationProgramming skills for test automation
Programming skills for test automation
 
Mentoring embedded testing
Mentoring embedded testingMentoring embedded testing
Mentoring embedded testing
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Kiran karnad rtc2014 ghdb-final

  • 1.
  • 2. The Google Hacking Database Security Testing Team – Kiran Karnad, KPI Soft A Key Resource to exposing vulnerabilities
  • 5. Google & Bing Basics - OSINT Basic, Phrase, Advanced Search What’s Google Hacks All About? Sample Hacks Python Script for OS INT What’s This All About?
  • 6. In the Recent Past If you are not hacked, you are not important!
  • 7. What all can be hacked Network Hardware hacking Wireless Social Engineering Mobile Lock Picking Web hacking
  • 8. What you don’t know might hurt…
  • 9. OSINT – Let’s define Intelligence collected from public sources • Google • Social Engines • Details on next slide OSINT Communities • Government – FBI, CBI etc • Military – Defence Intel Agency • Homeland Security • Business – Commercial, Competitor INT, BI • Anonymous & LulzSec– shodan, GHDB
  • 10. OSINT – Some methods
  • 11. It’s what you expose
  • 13. Search Types Supported Basic Search Phrase Search Advanced Operators
  • 14. Repeating what we’ve been doing all this while
  • 15. Search Types General Search • Not cAsE seNSitiVE • No more than 10 keywords in a search • Google ignores “a”, 5w1h, this, to, we • AND is always implied • Date of birth of Hugh Jackman Phrase Search • “Use quotes” • Use + to force a term and – to exclude • No space follows these signs • See the SERPs for with and without quotes
  • 17. 5W 1H – Google doesn’t mind
  • 18. Mark my Ten Words, that’s it
  • 19. The reason for the previous results…
  • 20. * Avoiding * 10-word limitation *
  • 22. Now, try this… +the * *
  • 24. “Is there a difference?”
  • 25. Force The Plus, Exclude The Minus
  • 28. A quick Recap Operators • Logical • OR – case sensitive • Mathematical • + (must) and – (not) have special meaning • No Stemming • OK: “It’s the end of the * as we know it” • KO: “American Psycho*” – wont give psychology or psychophysics • * represents a word, not the completion of a word • Period is a single character wild card • Let’s try some
  • 30. Know Thy Web Page
  • 31. Advanced Operators = advanced queries Operator:search_term – no space after and before the : List of most used Advanced operators • Intitle: • Inurl: • Intext: • Inanchor: • Filetype: • Continued…
  • 32. Advanced Operators contd… Try a space between the operator and the term and see the results count More Advanced Operators • Numrange: • Daterange: • Site: • Related: • Cache: • Link:
  • 34. So What? • What can a hacker do with this info? ▫ Go to http://www.cvedetails.com ▫ Check vulnerabilities for Apache 2.2.16 ▫ Trigger Metasploit
  • 35. Intitle:index.of server.at site:aol.com Files on AOL server. Files on MIT server.
  • 36. Hyped Music Try directory traversal from any page, you can download tons of music! Their business is selling music online! Query is: Intitle:index.of name size Check out the site hypem.com in SERPS
  • 37. Summary Directory Listings Show server version information Useful for an attacker intitle:index.of server.at intitle:index.of server.at site:aol.com Finding Directory Listings intitle:index.of "parent directory" intitle:index.of name size
  • 38. Piracy – MP3s Intitle:index.of mp3 jackson AND iso kaspersky Remember, Google stems!
  • 39. Piracy – MP3s • Intitle:index.of mp3 jackson ▫ Yields 20+ pages of songs in mp3 format ▫ No need to wait for website instructions! ▫ Remember, Google stems! • Intitle:index.of iso kaspersky ▫ Gets the AV installers from various websites ▫ Most of them with professional key or cracks ▫ Even beta versions are available
  • 40. More Piracy – ISO • Inurl:microsoft intitle:index.of filetype:iso ▫ Get MS ISO files from everywhere!
  • 41. Johnny’s Disclaimer “Note that actual exploitation of a found vulnerability crosses the ethical line, and is not considered mere web searching.”
  • 42. Listing all the subdomains
  • 43. HR Intranet with details on… inurl:intranet intitle:intranet +intext:"human resources" Some details a hacker can get from here: • HR Forms and Policies • New Staff Info • Consultation • Health Benefits • Salary packaging • Contact Person • Office and Meeting Room Layout • Emails and Phones • Training • Pay Calculation
  • 44. PuTTY SSH Logs with juicy info
  • 45. Let’s get rolling Combining operators does the magic Inurl:microsoft.com –inurl:www.microsoft.com Inurl:intranet intitle:intranet +intext:”human resource” Filetype:log username putty inurl:admin intext:username= AND email= AND password= OR pass= filetype:xls Let’s see “intitle:index.of inurl:admin“ “Filetype:php inurl:id=“
  • 46. Continuing to roll “filetype:phps mysql_connect” filetype:xls "username | password“ inurl:"passes" OR inurl:"passwords" OR inurl:"credentials" -search -download -techsupt -git -games -gz -bypass -exe filetype:txt @yahoo.com OR @gmail OR @hotmail OR @rediff
  • 47. Must Tries Hacked websites  inurl:”r00t.php” Hacked logs  allintext:”fs-admin.php” Finding login for portals  intitle:admin intitle:login SSH usernames  filetype:log username putty Getting user list  Inurl:admin inurl:userlist Passwords!  filetype:pass pass intext:userid SQL Passwords  filetype:sql password Usernames  inurl:admin filetype:xls Passwords  inurl:password filetype:xls More!!  inurl:passwd filetype:xls (pdf, doc, mdb)
  • 48. More Stuff! intitle:"Index of" passwords modified allinurl:auth_user_file.txt "access denied for user" "using password“ "A syntax error has occurred" filetype:ihtml allinurl: admin mdb "ORA-00921: unexpected end of SQL command“ inurl:passlist.txt "Index of /backup“ "Chatologica MetaSearch" "stack tracking:"
  • 49. Credit Cards!! Number Ranges to find Credit Card, SSN, Account Numbers Numbers Amex: (15 digits) 300000000000000..399999999999 999 MC: (16 digits) 5178000000000000..51789999999999 99 4356000000000000..435699999999 9999 Visa : (16 digits)
  • 50. Listings of what you want Change the word after the parent directory to what you want "parent directory " DVDRip -xxx -html -htm -php -shtml opendivx -md5 -md5sums "parent directory "Xvid -xxx -html -htm -php -shtml opendivx -md5 -md5sums "parent directory " Gamez -xxx -html -htm -php -shtml opendivx -md5 -md5sums "parent directory " MP3 -xxx -html -htm -php -shtml opendivx -md5 -md5sums "parent directory " Name of Singer or album” -xxx –html htm -php -shtml - opendivx -md5 -md5sums
  • 51. CGI Scanner Google can be used as a CGI scanner. The index.of or inurl searchs are good tools to find vulnerable targets. For example, a Google search for this: allinurl:/random_banner/index.cgi Hurray! There are only four two now… the broken random_banner program will cough up any file on that web server, including the password file…
  • 52. Passwords "# -FrontPage-" inurl:service.pwd FrontPage passwords.. very nice clean search results listing !! "AutoCreate=TRUE password=*" This searches the password for "Website Access Analyzer", a Japanese software that creates web statistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/ "http://*:*@www" domainname This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the domain name without the .com or .net "http://*:*@www" gamespy or http://*:*@www”gamespy Another way is by just typing "http://bob:bob@www"
  • 53. More Passwords – IRC and Access "sets mode: +k" This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs. eggdrop filetype:user user These are eggdrop config files. Avoiding a fullblown discussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users. allinurl: admin mdb Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
  • 54. MySQL Passwords & ETC directory intitle:"Index of" config.php This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. intitle:index.of.etc This search gets you access to the etc directory, where many, many, many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!
  • 55. Passwords in backup files filetype:bak inurl:"htaccess|passwd|shadow|htusers" This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extension of a file on a web server can have ugly consequences.
  • 56. Serial Numbers Let's pretend you need a serial number for Windows XP Pro. In the Google search bar type in just like this - "Windows XP Professional" 94FBR the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' sites (usually pornography) that trick you. Or if you want to find the serial for WinZip 8.1 - "WinZip 8.1" 94FBR
  • 57. And Finally inurl:LvAppl intitle:liveapplet inurl:"viewerframe?mode=motion" intitle:"Live View / - AXIS" intitle:"snc-rz30 home" inurl:indexFrame.shtml "Axis Video Server“ So where is the database? http://www.exploit-db.com/google-dorks/
  • 58. Securing ourselves from Google Hackers
  • 61. Scanner Limitations If the DB doesn’t have it, it won’t detect it – purely signature based Authentication by scanner is not trust-worthy Lacks IDS detection bypass No realistic fuzzing possible Cant replace manual SQL Injection No intelligence in detecting attack vectors and surfaces Working with custom apps is a limitation Can identify points of weakness but can’t anticipate complex attack schemes Cant handle asynchronous & offline attack vectors Limitations should be clearly understood Can’t detect logic flaws, weak cryptographic functions, information leakage etc
  • 62. So, who are these hackers?