Hacking with new DIY Google Dorks based hacking tool

A new version of DIY Google Dorks based hacking tool has been released, it is an extremely useful tool for reconnaissance of targets.

A Webroot blog post announced that a new version of DIY Google Dorks based hacking tool has been released in the wild and it could be used for mass website analysis, the power of the popular search engine could be exploited for information gathering during the reconnaissance phase of an attack. Similar tools could be used to acquire information on target environments by an attacker or by the pen tester to evaluate the architecture is starting to test. The availability of the DIY Google Dorks based hacking tool allows to ill-intentioned to acquire precious information on remotely exploitable websites, data that could be collected to compromise them for example deploying a malicious exploit kit or exploiting known vulnerabilities. The tool relies on Google Dorks the tools to allow a target evaluation, in particular the DIY Google Dorks based hacking tool has built-in features that can be used to evaluate the possibility to perform a SQL injection attack or to discover all the targets that aren’t protected by a CAPTCHA challenge mechanism. As usual the project appears under continuous development and the authors are still working on it to improve its capabilities with new features such as the possibility to evaluate the vulnerability to a custom malicious exploits. Composing specifically crafted queries in Google it is possible to reveal sensitive information essential for the success of an attack, thanks to the use of the advanced operator, the dorking, is possible to retrieve a huge quantity of information on a target such as:

• User’s credentials.
• Sensitive documents.
• Admin login page.
• Email lists.

The syntax for using advanced operator in Google is

Operator_name:keyword

Following some sample of keyword/advance operator:

Allintext	Searches for occurrences of all the keywords given
Intext	Searches for the occurrences of keywords all at once or one at a time
Inurl	Searches for a URL matching one of the keywords
Allinurl	Searches for a URL matching all the keywords in the query
Intitle	Searches for occurrences of keywords in URL all or one
Allintitle	Searches for occurrences of keywords all at a time
Site	Specifically searches that particular site and lists all the results for that site
filetype	Searches for a particular filetype mentioned in the query
Link	Searches for external links to pages
Numrange	Used to locate specific numbers in your searches
Daterange	Used to search within a particular date range

Using more complex queries an attacker could obtain a series of information on the status of the target, for example to discover if it has been already “backdoored” and discovery which are the vulnerability that can potentially affect the system. The Google hacking database provides various examples of queries that can help a hacker to find vulnerable servers, to gain information on the target, to explore sensitive directories finding vulnerable files, to find password files or to find sensitive online shopping info.

inurl:”r00t.php”  – This dork finds websites that were hacked, backdoored and contains their system information allintext:”fs-admin.php“ – A foothold using allintext:”fs-admin.php” shows the world readable directories of a plug-in that enables WordPress to be used as a forum. Many of the results of the search also show error logs which give an attacker the server side paths including the home directory name. This name is often also used for the login to ftp and shell access, which exposes the system to attack. There is also an undisclosed flaw in version 1.3 of the software, as the author has mentioned in version 1.4 as a security fix, but does not tell us what it is that was patched. filetype:config inurl:web.config inurl:ftp – This google dork to find sensitive information of MySqlServer , “uid, and password” in web.config through ftp..filetype:config inurl:web.config inurl:ftp

The above dorks are just simple examples of the power of these search strings, just after 10 minutes playing with them user has the perception of the infinite possibilities that Google provides to an attacker. Now imagine a single DIY Google Dorks based hacking tool  that allows to automatize all this queries, without having particular knowledge on Google dorks … it’s the hacker heaven, what do you think about? The DIY Google Dorks based hacking tool proposed by Dancho Danchev offers a complete suite to automate the process of remote inspection of targets and their exploit, the instrument works on desktop and could be  also integrated with popular browsers to fool the search engines into thinking that generated traffic is legitimate traffic.

  The price for the DIY Google Dorks based hacking tool is very cheap compared to the advantage deriving from its use, one license costs $10 to pay using the Liberty Reserve currency, or $11 to pay using Western Union transfer. The license are linked to specific host due a hardware-based ID restriction, but the authors also offers an unlimited license for $20 in Liberty Reserve, or $20 in Western Union transfer.

 

Cyber criminals can exploit hundreds of thousands of legitimate Web sites is various ways and tools such as the DIY Google Dorks based hacking tool facilitate attacks. Dancho Danchev in his interesting post described the principal techniques used to compromise website:

• Use of search engine reconnaissance through DIY SQL/RFI (Remote File Inclusion) tools or botnets, the category includes a wide range of application that automatically exploit improper configured websites such as  blogging platforms or well known CMS.
• Use of data mined or purchased stolen accounting data, cyber criminals could gather information on malware infected machine, looking for login credentials to be automatically abused with malicious scripts and actual executables getting hosted on legitimate websites in an attempt to trick a security solution’s IP reputation process.
• Active exploitation of server farms – criminals try to infect the larger number of low profile websites as possible, a common practice observed by security researchers is the exploiting of servers that host large number of domains, for example using commercially available Apache backdoors.

Cybercrime underground is in offering all necessary to organize a fraud without having particular knowledge of various technological platforms (e.g. Mobile) and proposing a new efficient model of sales such as the FaaS… it is crucial to follow the black market evolution to avoid shocking surprises.

How You Get Hacked at Starbucks

      For those who frequently use the free public Wi-Fi in coffee shops such as Starbucks and Dunkin' Donuts, you're likely already aware of how easy it is for hackers to steal your personal and financial information over the shared network.

But what you may not realize is how cybercriminals could gain access to sensitive data in other ways that might not be on your radar.

           According to ThreatMetrix, a provider of cybercrime prevention solutions, some hackers even leave malicious USB drives on tables for curious customers to plug into their devices. This allows them to retrieve personal information and even social network passwords. Although this may seem unlikely, ThreatMetrix says the scenario actually occurs.

SEE ALSO: AP Twitter Hack Falsely Claims Explosions at White House

Cybercriminals can also use video cameras on a mobile device to capture what you're doing nearby. This means if you are entering your credit card or email login information into a smartphone, you could be recorded doing so. Creepy, right?

More sophisticated techniques include network scanners, which detect open ports on a device connected to the network, and "hotspot honeypots" which intercept a user’s Internet connection and give full access to that network.

Here's a look at what to keep your eyes peeled for when cozying into a coffee shop near you. Note: Click to enlarge the infographic.

Add caption

Eight Trends That Are Changing Network Security

1. Mobile networks, VPNs and roaming users

Today’s connect-from-anywhere road warriors regularly test the traditional boundaries of network security. Firewalls are increasingly porous as employees access services from devices such as iPads, Android phones, tablets and PCs—all of which require security that mirrors but also

improves upon PC solutions. Extending connectivity to small branch or home offices for many organizations. Your network strategy needs to consider how to secure access across

platforms over an expanding network perimeter.

2. Targeted attacks and APTs

APTs (or advanced persistent threats) represent the next generation of Internet crimeware. For years network security capabilities such as web filtering or IPS played a key part in identifying such attacks (mostly after the initial compromise). As attackers grow bolder and employ more evasive
techniques, network security must integrate with other security services to detect attacks. We’ll need to evolve security capabilities in response to these threats in the coming years.

3. Consumerization and BYOD

Consumerization and the BYOD (bring your own device) movement means consumer devices like iPads, iPhones and Android phones are moving onto the corporate network. To deal with consumerization, your security strategy needs to focus on network security for devices where an endpoint agent may not have been deployed, or may not be functioning properly. For example, if a user connects with a Mac running malicious code, your network security layer
should be able to identify that the device is attempting to retrieve malicious code updates or other suspicious activities—and be able to identify and remeate it. Otherwise you may not find out until you’re already infected, and remediation can only happen after the fact. Consumerization and BYOD increase the importance of alignment between your various security layers.

4. Web application and web server protection

The threat of attacks on web applications to extract data or to distribute malicious code persists. Cybercriminals distribute their malicious code via legitimate web servers they’ve compromised. But data-stealing attacks, many of which get the attention of media, are also a big threat. Organizations
used to focus security investment on PCs and preventing conventional malware from spreading to them and onto the network. Now, you need a greater emphasis on protecting web servers and web applications. Similar challenges lie ahead for emerging technologies such as HTML5. See our article HTML5 and Security on the New Web for more information on thi trend.

5. IPv6: Major surgery for the Internet

IPv6 is the new Internet protocol replacing IPv4, long the backbone of our networks in general and the Internet at large. Protecting IPv6 is not just a question of porting IPv4 capabilities. While IPv6 is a wholesale replacement in making more IP addresses available, there are some very fundamental
changes to the protocol which need to be considered in security policy. Whether your organization adopts it later rather than sooner, make sure that IPv6 is on your network security agenda. For more on IPv6, check out our article Why Switch to IPv6.

6. Contending with cloud services

Small, medium and large enterprises are beginning to adopt cloud services and SaaS at a greater rate. This trend presents a big challenge for network security, as traffic can go around traditional points of inspection. Additionally, as the number of applications available in the cloud grows, policy controls for web applications and cloud services will also need to evolve. For example, which users should be able to interface with which services? Who should be able to
post data, and who should have read-only privileges? While cloud services are developing their own security models, they will still need to be harmonized with your own strategy to avoid multiplication of password, permissions and other security infrastructure concerns. To be sure, the cloud represents a great opportunity. But as the cloud evolves, so too must network security.

7. More encryption

Encryption at every level protects the privacy and integrity of data. We’re increasingly deploying encryption at every layer. However, more use of encryption will bring more challenges for network security devices. For example, how will your network DLP (data loss prevention) inspect traffic
which is encrypted end-to-end as it accesses a certain cloud service? Collaboration between the network and the endpoint to deliver complete security in scenarios like this will be critical. You need to have a network security strategy that integrates your network security with other layers of security such as endpoint, web protection and mobile devices.

8. The elastic network

The network perimeter is expanding like an elastic to include high-speed 4G and LTE networks, wireless access points, branch offices, home offices, roaming users, cloud services, and third parties accessing your applications and data to perform services. These changes to the size, scope and surface of your network can lead to misconfiguration or change control errors that could lead
to security breaches. You’ll need security solutions you can consistently deploy at each device or point of infrastructure. And you need central management to keep on top of the dynamics of this elastic infrastructure and the various layers of security at each endpoint.