Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Tuesday, May 21, 2013

Google Hacking - GHDB

Robots.txt is a text (not html) file you put on your site to tell search engine which pages you would like them not to visit. Robots.txt is by no means mandatory for search engines but generally search engines obey what they are asked not to do.
Now if this is not configured properly, then there are chances hacker tries to find exploitable targets and sensitive data by using search engines which is known as Google Hacking. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.
Information that the Google Hacking Database identifies:
 * Files containing passwords
 * Files containing usernames
 * Advisories and server vulnerabilities
 * Error messages that contain sensitive information
 * Sensitive directories
 * Vulnerable servers
 * Web server detection
 * Control of CCTV Cameras

Trying to completely update this GHDB soon, So you can refer this post to find latest attack pattern.

GHDB: Files containing passwords

This search show “password” files which contain encrypted/hashed/cleartext passwords. A password cracker can decrypt the encrypted/hashed password faster than Elvis eating jelly doughnuts. Sometimes you will get FULL ADMIN access...

1. inurl:"/root/etc/passwd" intext:"home/*:"
2. intitle:index.of passwd passwd.bak
3. intitle:index.of master.passwd
4. intitle:”Index of” pwd.db
5. intitle:”Index of” “.htpasswd” htpasswd.bak
6. intitle:”Index of” “.htpasswd” “htgroup” -intitle:”dist” -apache -htpasswd.c
7. intitle:”Index of” spwd.db passwd -pam.conf
8. intitle:”Index of..etc” passwd
9. intitle:index.of config.php
10. index.of passlist
11. intitle:index.of administrators.pwd
12. filetype:sql insite:pass && user

GHDB: Files containing usernames

This search reveals userlists, username of different types of user like end user account, administrative user account.

1. inurl:admin inurl:userlist
2. inurl:admin filetype:asp inurl:userlist
3. filetype:reg reg HKEY_CURRENT_USER username
4. filetype:conf inurl:proftpd.conf -sample
5. inurl:php inurl:hlstats intext:”Server Username”
6. intext:”SteamUserPassphrase=” intext:”SteamAppUser=” -”username” -”user”
7. filetype:log username putty

GHDB: Control of CCTV Cameras

This search reveals web cameras, If authentication is not enable then you can take controll of web cameras.

1. inurl:/control/userimage.html
2. intitle:"active webcam page"
3. inurl:camctrl.cgi
4. allintitle:Brains, Corp. camera
5. intitle:"supervisioncam protocol"
6. allinurl:index.htm?cus?audio
7. intitle:"Browser Launch Page"
8. inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi
9. intitle:"Live NetSnap Cam-Server feed"
10. intitle:"iVISTA.Main.Page"
11. intitle:"V-Gear BEE"
12. intitle:"EvoCam" inurl:"webcam.html"
13. intitle:"i-Catcher Console" Copyright "iCode Systems"
14. intitle:"toshiba network camera - User Login"
15. intitle:"DVR Web client"
16. inurl:netw_tcp.shtml
17. camera linksys inurl:main.cgi

1 comment:

  1. launching the Google Hacking Database queries directly onto the crawled content. Soccer Trophies