| Google: Yes, You Can Find Just About Anything | | | | you never know what you may find.More Complex |
| ------------ | | | | Search Queries |
| Hackers and security experts use various custom | | | | ------------ |
| and open | | | | The Google Search Engine supports very complex |
| source tools to complete their tasks. In fact, one of | | | | query types. |
| the | | | | For instance, if you were to construct a query like |
| tools they use you probably use every time you | | | | ""parent |
| browse the | | | | directory " Gamez -xxx -html -htm -php -shtml |
| web, the Google Search Engine.I remember the first | | | | -opendivx -md5 |
| time I used the Google Search Engine | | | | -md5sums", the query would result in lists upon list of |
| years ago. I was amazed at how quickly it fulfilled my | | | | systems that have a /Gamez directory off the root |
| search request. Google's huge index of systems / | | | | of the |
| information and it's ability to perform complex | | | | "parent directory" of the web server. Or, to locate |
| searches | | | | music |
| have evolved over the years. When we performed | | | | files of type mp3 you could issue a query like |
| security | | | | "intitle:index.of mp3 (name of band/song)".The bottom |
| assessments and penetration test, we regularly use | | | | line here is that it is possible to locate very |
| Google to | | | | specific types of files. It is also possible to perform |
| locate information that organizations typically want to | | | | queries for inline passwords from various search |
| keep | | | | engines by |
| private and confidential.The reason for me writing this | | | | performing a query similar to " Else Can Be Found |
| article is to give you | | | | With Google Search Queries |
| several examples of basic and complex Google | | | | ------------ |
| search terms | | | | One of the things we do when we are performing a |
| and queries. As a disclaimer, it is not my intention that | | | | security |
| you use this information to invade the privacy of | | | | assessment is perform a quick review of the various |
| someone | | | | web |
| else or access data and files on systems that do not | | | | servers to determine what types of scripting is being |
| belong | | | | used. |
| to you. It is strictly educational information and a way | | | | For instance, a lot of people use PHP code to create |
| to | | | | dynamic |
| make people more aware of what kind of information | | | | content. Many people install PHP example code and |
| they may | | | | administrative tools to help them manage their site. |
| be exposing to the rest of the world.Using Google To | | | | Unfortunately, most of the time these files are not |
| Locate Password Files | | | | secured |
| ------------ | | | | and contain login ID's and passwords. We then use |
| One of the most common remote web authoring | | | | Google |
| tools is | | | | search queries to locate these specific files on the |
| Microsoft's Front Page. Front page extensions and | | | | servers |
| WebDav, | | | | in question. I'd say we are successful in finding files like |
| the services on the web server that allow you to | | | | |
| remotely | | | | these that help us gain access to systems |
| connect and author web pages, can be configured | | | | approximately 60% |
| with a | | | | of the time.We recently learned of a financial institution |
| certain degree of security. However, in certain | | | | that was |
| configurations, the userID and password are stored in | | | | taking credit card information from one of their |
| local | | | | partners |
| files on the server. Using a Google query, you can | | | | using a web based upload service on their primary |
| easily | | | | web |
| locate thousands of these files and dump the | | | | server. The problem was this file was being indexed |
| contents.The query form is quite simple: | | | | by the |
| "inurl:(filename).pwd", | | | | Microsoft Index Service, the information was being |
| where (filename) is the name of the .pwd file. This | | | | spidered |
| query | | | | by search engines, and the file itself did not have |
| can be expanded to be very specific and target a | | | | effective security permissions on it. The result, the file |
| specific | | | | was indexed by Google and someone performing a |
| site by using a command to search for a specific site | | | | Google query |
| or | | | | found it and was able to open it in the browser, |
| domain. The results of a specific search like this would | | | | revealing |
| | | | hundreds of credit card numbers, names, and other |
| list hundreds if not thousands of these files that would | | | | personal |
| | | | information. This happens all the time.Conclusion |
| contain something like "# -FrontPage- | | | | ------------ |
| dmiller:I1KEaH1TZqxEw". Basically dumping the userID | | | | The Google Search Engine is a powerful tool that can |
| and | | | | be used |
| password.This type of basic query can be used to | | | | by people with ill intentions just as it can be used for |
| find all kinds of | | | | basic web searching. If you are setting up a web |
| interesting information such as using the "intitle:"index | | | | server at |
| of" (name of directory you want to locate)" which not | | | | home or the office, you need to understand that you |
| only | | | | may be |
| reveals many web directory structures of "index of/", | | | | publishing information on the web that no one but you |
| it | | | | should |
| also reveals how many web servers on the Internet | | | | see. This could include financial files, credit card |
| do not | | | | information, and other private / personal information. |
| have even the most basic forms of permissions and | | | | There |
| directory | | | | is a lot more to setting up a "secure" site than just |
| security. You will find that once you access a | | | | following the Microsoft setup wizards.You may reprint |
| particular | | | | or publish this article free of charge as long as the |
| directory, that you can then move up the directory | | | | bylines are included. |
| tree and | | | | |