1 / 52

Search Engine Hacking

Search Engine Hacking. Steve at SnakeOilLabs dot com. Search Engine Hacking. Search Engine Hacking. 1. What is SEH?. 2. Tools Armoury. 3. Exploiting SEH. 4. Countermeasures. Search Engine Hacking. What is SEH?. Definition: Search Engine Hacking (SEH) Function: noun

ananda
Télécharger la présentation

Search Engine Hacking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Search Engine Hacking Steve at SnakeOilLabs dot com

  2. Search Engine Hacking

  3. Search Engine Hacking 1. What is SEH? 2. Tools Armoury 3. Exploiting SEH 4. Countermeasures

  4. Search Engine Hacking

  5. What is SEH? Definition: Search Engine Hacking (SEH) Function: noun SEH is the malicious use of indexing technologies in order to identify, fingerprint and exploit at-risk systems, data and people. In other words: Using Search Engines and other indexing facilities to find juicy information and 0wnable b0x3n/w4r3z/d00dz

  6. What is SEH? How much data are we talking about? http://searchenginewatch.com/reports/article.php/2156481

  7. Search Engine Hacking

  8. Search Engine Hacking

  9. Search Engine Hacking

  10. What is SEH? Only now there’s much more to contend with IRC Search Engines Bit Torrent/P2P Search engines FTP Search engines Flickr.com Blogs Your.application.here/search/ Oh, and Google But there’s more… (Whaddya mean you only thought there was Google?)

  11. What is SEH?

  12. What is SEH?

  13. Tools Armoury Tools Armoury • SiteDigger • Apollo • Wikto • Athena

  14. Tools Armoury SiteDigger (http://www.foundstone.com) • The ‘original’ Google Scanning tool (other than a web browser, of course) • Requires a Google API Key • Uses FSDB and GHDB • Searches deliberately restricted • The ‘Internet Scanner’ of SEH tools

  15. Tools Armoury SiteDigger

  16. Tools Armoury SiteDigger

  17. Tools Armoury SiteDigger • Pros • Slick Reporting • Well maintained • FSDB sometimes outdated, but well categorized • Cons • Needs Google API Key • Google-Specific • Restricted searches means stuff gets missed • Overall • A good tool, ultimately crippled by restrictions

  18. Tools Armoury Apollo (http://worm.ccert.edu.cn/GoogleHacking/Apollo/) • Written by Mimi & Spark of the Good Cat Studio. • No Google Key required, but still Google only • No restrictions on Search • Similar functionality to SiteDigger, minus the snazzy reporting

  19. Tools Armoury

  20. Tools Armoury Apollo • Pros • No restrictions • No Google API Key needed • Auto update GHDB • Cons • Google-Specific • Clunky interface • No direct link in results • Overall • Better than SiteDigger, but needs better reporting interface

  21. Tools Armoury Wikto (http://www.sensepost.com/research/wikto/) • Port of Nikto to Windows with bells and whistles • Google Hacking functionality a la GooScan • Needs Google API Key • Site orientated • Requires registration with Foundstone’s portal!!!!

  22. Tools Armoury Wikto • Uses a ‘Googler’ to identify directories worth investigating

  23. Tools Armoury Wikto

  24. Tools Armoury Wikto • ‘BackEnd’ module imports data from Googler for use in data mining…

  25. Tools Armoury Wikto

  26. Tools Armoury Wikto • ‘Wikto’ module functions as Nikto on other systems, with ability to import dirs from Googler and BackEnd

  27. Tools Armoury Wikto

  28. Tools Armoury Wikto • ‘GoogleHacks’ Module provides an automated GoogleDork searching facility

  29. Tools Armoury Wikto

  30. Tools Armoury Wikto • Pros • Directory harvesting via Google • Wikto port • Cons • Google Key required • Complicated • Google-Specific • Overall • Feels like several tools bundled into one

  31. Tools Armoury Athena (http://www.snakeoillabs.com) • The ‘original’ Search Engine Hacking tool (other than a web browser, of course) • No API Key required • Features GHDB editor and extensive logging functionality • Not Google Specific! • Manual tool

  32. Tools Armoury Athena

  33. Tools Armoury Athena

  34. Tools Armoury Athena

  35. Tools Armoury Athena

  36. Tools Armoury Athena

  37. Tools Armoury Athena • Pros • Cool logging/note-taking functionality • Can edit GHDB information within Athena • Use datagrid or raw XML editing facilities • Designed for non-techies as well as power users • Suitable for Yahoo, Altavista, <your search facility here> • Cons • No automation • Tabbed browsing would be nice • Overall • Unique … so far.

  38. Exploiting SEH It’s easy as 1-2-3 • Load the GHDB.xml into Athena • Select your query type • (and enter any filters) • Hit Search

  39. Exploiting SEH

  40. Exploiting SEH

  41. Exploiting SEH Thinking of buying a digital camera? • Load Digicams.xml into Athena • Select your camera manufacturer • (and enter any filters – e.g wedding, holiday, ‘amateur’) • Hit Go!

  42. Exploiting SEH

  43. Exploiting non-Google SEH An example • Create a Catalog in Indexing Server for file store • Associate the Catalog with the default web site via the catalog properties • Use the index server query object in ASP (ixsso.Query) • Voila! Instant Search facility!

  44. Exploiting non-Google SEH Indexing Service MMC Snap-in

  45. Exploiting non-Google SEH Example query

  46. Exploiting non-Google SEH What happens when you’re not sure what you’re indexing?

  47. Exploiting non-Google SEH Things to try on your own app • .htaccess/.htpasswd stuff • GET POST • Deny from all • IIS Indexing • REM (from autoexec.bat) • SELECT (from backup .asp and .aspx files) • Other stuff • <?php • #!/usr/bin/perl • root:0: • .inc, .htm, .txt, .bak • </> • <div> (try other html tags)

  48. Countermeasures Google-specific countermeasures • Add the following to specific pages to be left out • <META NAME="GOOGLEBOT" CONTENT="NOINDEX, NOFOLLOW"> • Remove ‘snippets’ but still index link • <META NAME="GOOGLEBOT" CONTENT="NOSNIPPET"> • Stop archiving • <META NAME="GOOGLEBOT" CONTENT="NOARCHIVE"> • Remove my page NOW! • http://services.google.com:8882/urlconsole/controller • http://www.google.com/remove.html

  49. Countermeasures HTTP Server configuration countermeasures • Robots.txt • Some indexing systems obey it • Some don’t • .htaccess/.htpasswd • Make sure it’s configured properly! • Indexing Services • Make sure indexed files are held in a specific directory, not the web root! • Figure out what you’re indexing – you’re only indexing files with specific extensions, right?

  50. Countermeasures Procedural countermeasures • Newsgroups/Mailing lists • Use a hushmail/hotmail account • Use X-No-Archive: Yes headers in Usenet postings • Don’t post information about your systems, data or people • (e.g: specify Solaris rather than specific Solaris patch levels) • Check for information leakage periodically • Don’t use site: restrictions – you want to find all occurrences that affect you, not just the ones on your site! • Web sites • Ensure that backups, test data etc. is held outside of the web root.

More Related