How Google Hacking:is done ?

GOOGLE HACKING:

Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet. There are generally two types of vulnerabilities to be found on the Web: software vulnerabilities and misconfigurations.

Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the most popular examples are finding specific versions of vulnerable Web applications. The following search query would locate all web pages that have that particular text contained within them.

PUNCTUATION & SYMBOLS:

First, let’s understand how Google search engine will consider different symbols and meaning of it.

SNO	Symbols	How to Use
1.	+	Search for Google pages and blood groups E.g. +chrome or AB+
2.	@	To find social tags E.g. @googler
3.	$	To find price E.g. Canon $300
4.	#	To find hashtags of treading topics E.g. newyearparty
5.	–	Using – before word or site will exclude the word or site. Usually one word has many meaning Jaguar the animal and Jaguar the car.
6.	“	The result will include pages with the same words in same order as in the quotes. E.g. “Imagine all the People”
7.	*	Add an asterisk as a place holder for any unknown or wildcard terms. E.g. “a * saved * is a * earned”
8.	..	Separate numbers by two periods without spaces to see results that contain numbers in range. E.g. Camera $50 . . $100

ADVANCED OPERATORS:

These are the advanced operators in Google hacking

Sno	Advanced Operators	How to use
1	Intitle	Searches for strings in the title of the pages. E.g. title: webinar ( finds pages with “webinar” in the page title)
2	all in title	Searches for all string within the page title. E.g. all in title: webinar Briskinfosec (Finds pages with “webinar” and “Briskinfosec” in the page title)
3	Inurl	Searches for strings in the URL E.g. inurl: webinar (Find pages with the string “conference” in the URL)
4	allinurl	Searches for all strings in the URL E.g. allinurl: webinar Briskinfosec (Find pages with string “conference” & “ Brisk” in the URL)
5	info	Info about a page E.g. info: www.example.com (Finds information about the Google website)
6	filetype	Searches for files with files extension. E.g. filetype:ppt (Finds information about the Google website)
7	Cache	Display the Google cache of the page E.g. cache: www.example.com (shows the cached version of the page without performing the search)
8	Link	Linked pages E.g. link: www.examle.com (Finds pages that link to the given URL).
9	related	Related pages of the given domain name E.g. related: www.example.com (finds pages that links to the given URL)
10	site	Searches only one website E.g. webinar site: www.briskinfosec.com (searches briskinfosec site for webinar info)

New Hacking Software Tries 8 Million Times Per Second to Crack Password

While the National Security Agency (NSA) makes nearly-daily headlines about spying on people and their Internet activity, a new application recently released to the public can reportedly crack passwords with 8 million guesses per second.
This type of hacking, called "brute force," is when a hacker employs numerous combinations of letters and words to crack a password.
The application, oclHashcat-plus, is plugged as a free password cracking and recovery tool, but it's likely to be used by third parties. The software was released this weekend by Hashcat.net.
The oclHashcat-plus can crack passwords up to 55 characters and uses password guesses based upon password-construction protocol followed by a company, notes ArsTechnica.com.

To test oclHashcat-plus, a security researcher at ArsTechinica.com cracked the password “Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn1,” which is a phrase from a horror story written by H.P. Lovecraft.

 

Robots.txt is a text (not html) file you put on your site to tell search engine which pages you would like them not to visit. Robots.txt is by no means mandatory for search engines but generally search engines obey what they are asked not to do.

 

Now if this is not configured properly, then there are chances hacker tries to find exploitable targets and sensitive data by using search engines which is known as Google Hacking. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.

 

Information that the Google Hacking Database identifies:

 

 * Files containing passwords
 * Files containing usernames
 * Advisories and server vulnerabilities
 * Error messages that contain sensitive information
 * Sensitive directories
 * Vulnerable servers
 * Web server detection
 * Control of CCTV Cameras
 

Trying to completely update this GHDB soon, So you can refer this post to find latest attack pattern.


GHDB: Files containing passwords

This search show “password” files which contain encrypted/hashed/cleartext passwords. A password cracker can decrypt the encrypted/hashed password faster than Elvis eating jelly doughnuts. Sometimes you will get FULL ADMIN access...

1. inurl:"/root/etc/passwd" intext:"home/*:"
2. intitle:index.of passwd passwd.bak
3. intitle:index.of master.passwd
4. intitle:”Index of” pwd.db
5. intitle:”Index of” “.htpasswd” htpasswd.bak
6. intitle:”Index of” “.htpasswd” “htgroup” -intitle:”dist” -apache -htpasswd.c
7. intitle:”Index of” spwd.db passwd -pam.conf
8. intitle:”Index of..etc” passwd
9. intitle:index.of config.php
10. index.of passlist
11. intitle:index.of administrators.pwd
12. filetype:sql insite:pass && user

GHDB: Files containing usernames

This search reveals userlists, username of different types of user like end user account, administrative user account.

1. inurl:admin inurl:userlist
2. inurl:admin filetype:asp inurl:userlist
3. filetype:reg reg HKEY_CURRENT_USER username
4. filetype:conf inurl:proftpd.conf -sample
5. inurl:php inurl:hlstats intext:”Server Username”
6. intext:”SteamUserPassphrase=” intext:”SteamAppUser=” -”username” -”user”
7. filetype:log username putty

GHDB: Control of CCTV Cameras

This search reveals web cameras, If authentication is not enable then you can take controll of web cameras.

1. inurl:/control/userimage.html
2. intitle:"active webcam page"
3. inurl:camctrl.cgi
4. allintitle:Brains, Corp. camera
5. intitle:"supervisioncam protocol"
6. allinurl:index.htm?cus?audio
7. intitle:"Browser Launch Page"
8. inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi
9. intitle:"Live NetSnap Cam-Server feed"
10. intitle:"iVISTA.Main.Page"
11. intitle:"V-Gear BEE"
12. intitle:"EvoCam" inurl:"webcam.html"
13. intitle:"i-Catcher Console" Copyright "iCode Systems"
14. intitle:"toshiba network camera - User Login"
15. intitle:"DVR Web client"
16. inurl:netw_tcp.shtml
17. camera linksys inurl:main.cgi

Webcam hacking exploits Chrome Inbuilt Flash player for Camjacking

Researcher Egor Homakov demonstrated the possibility of Webcam hacking exploiting Chrome Inbuilt Flash player, a flaw that represents a serious threat to privacy.

Webcam hacking, hackers are increasing their interest on millions of cams that surround us. These prying eyes are everywhere, in the street as in our home, gaming consoles, smartTV and PC are all equipped with a camera.
The impressive diffusion of mobile devices equipped with web cameras makes Webcam hacking very attractive and it is considerably a serious menace for users’ privacy, these attacks are silenced and could cause serious problems. Think for an instant of the implication related to Webcam hacking made by cybercriminals or by a government for surveillance purpose, we have seen it in the movies but today it is a reality.
Let’s start from domestic webcam, the Webcam hacking is a reality according to a recent post published by Egor Homakov that highlighted a serious flaw in Google Chrome’s integrated Flash player.
Egor Homakov demonstrated that just pressing the play button a user could authorize an attacker to access his webcam giving him the possibility to capture video and audio without getting permission.

“I’ve heard a hacker could access my webcam and watch me in front of my computer. Could this really happen?“ YES, it is possible exploiting new Flash based flaw in Google Chrome.
“This works precisely like regular clickjacking – you click on a transparent flash object, it allows access to Camera/Audio channel. Voila, attacker sees and hears you,” Homakov said.

This type of attack dubbed is known for several years as Clickjacking, a known vulnerability in Adobe Flash Player Settings Manager.
Adobe is aware of Clickjacking attacks and it resolved the flaw with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website.
Differently for Camjacking attacker could hide the Flash Player security message when the flash file is trying to access a web camera or to a microphone.
According the researcher the Webcam hacking is possible exploiting an invisible Flash element present on the page, it is enough that victim using Chrome Browser clicks on it is.

“That’s what I thought as well. written a simple page with the opacity and flash container (flash requested access to the web-camera), it was observed that 21 Firefox, Opera 12.15 or ignore transparency flash animation, or just do not handle. But IE and Chrome 27.0.1453.110 10 well treated transparency and allowed to place himself on top of the text and / or image. That, no doubt, would have gone into the hands of web designers. But to remain on its laurels were just not interested, and I started to dig deeper, taking the idea of Clickjacking attack, but to remake it to fit their needs, ie to borrow all the “useful” function for the attacker. I chose access to the webcam (of course, yet we can get access to the microphone, but it was important, then?) So, I wrote a simple USB flash drive, take a picture with the help of a web camera and sends it to the server. “

Homakov verified that Webcam hacking with Camjacking doesn’t work with semi-transparent on IE.

An Adobe security team representative has confirmed the bug related only to Flash Player for Google Chrome.
Will Google solve the problem in the seven days established for fixing the bug to its products?
But the concerns do not stop at home webcam, Craig Heffner, a former software developer with the NSA declared to have discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco Systems Inc, D-Link Corp and TRENDnet.

“It’s a significant threat,”
“Somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.” said the specialist.

He announced his intention to demonstrate it during the next Black Hat hacking conference, on July in Las Vegas.
Heffner revealed that he has discovered hundreds of thousands of surveillance cameras exploitable by attackers via Internet.
This is not a movie, neither an episode of the television serie Person of Interest … This is reality and maybe the Big Brother is already exploiting it!