Embed Size (px)
Citation preview
Copyright ©2004 Foundstone, Inc. All Rights Reserved
Google HackingSearching For Ways To Stop Hackers
Copyright ©2004 Foundstone, Inc. All Rights Reserved
George KurtzMcAfee, Inc.
Senior Vice PresidentRisk Management
“Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy”
- Al Qaeda training manual
AGENDA
How Google works Threats Tools Countermeasures
How Google Works
How Google Works
How Google Works
Advanced Search Operatorssite (.edu, .gov, foundstone.com, usc.edu)filetype (txt, xls, mdb, pdf, .log)Daterange (julian date format) Intitle / allintitle Inurl / allinurl
Threats - filetype:pwd service
Threats – allinurl: admin mdb
Threats - intitle:Remote.Desktop.Web.Connection inurl:tsweb
Threats
intitle:"Index of" finances.xls "Network Vulnerability Assessment Report“ /
filetype:pdf "Assessment Report" nessus "not for distribution" confidential site:edu grades admin "ORA-00921: unexpected end of SQL
command“ "VNC Desktop" inurl:5800 intitle:guestbook "advanced guestbook 2.2
powered“ intitle:"index of" trillian.ini
Threats - Categories
Private information Usernames / passwords Configuration management / Remote
Admin Interface Error messages Backup files / log files Public vulnerabilities
Tools
Using Web interfaceGooScanAthena
Using Web Service API SiteDigger
Tools - GooScan
Tools - Athena
Tools - SiteDigger
By:Kartik TrivediFoundstone
Tools - SiteDigger
Tools - SiteDigger
Version 2 features Proxy support / Google appliance support
XML signatures in OASIS WAS format Adding signatures for OWASP top 10 Signature contribution option Raw search tab Configurable # of results
Countermeasures
Keep sensitive data off the web!! Perform periodic Google Assessments
Update robots.txtUse meta-tags: NOARCHIVEhttp://www.google.com/remove.html
SUMMARY
How is Google exposing my information??
