Professional Documents
Culture Documents
Presented by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com
Agenda
OVERVIEW Introduction/Background Advanced Attacks
Google/Bing Hacking - Core Tools NEW Diggity Attack Tools Google/Bing Hacking Alert RSS Feeds
Advanced Defenses
Future Directions
2
Introduction/ Background
GETTING UP TO SPEED
OSINT is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.
Google/Bing Hacking
SEARCH ENGINE ATTACKS
Google/Bing Hacking
SEARCH ENGINE ATTACKS
Attack Targets
GOOGLE HACKING DATABASE
Advisories and Vulnerabilities (215) Error Messages (58) Files containing juicy info (230) Files containing passwords (135) Files containing usernames (15) Footholds (21) Pages containing login portals (232) Pages containing network or vulnerability data (59) Sensitive Directories (61) Sensitive Online Shopping Info (9) Various Online Devices (201) Vulnerable Files (57) Vulnerable Servers (48) Web Server Detection (72)
LulzSec and Anonymous believed to use Google Hacking as a primary means of identifying vulnerable targets.
Their releases have nothing to do with their goals or their lulz. It's purely based on whatever they find with their "google hacking" queries and then release it. -- A-Team, 28 June 2011
8
Quick History
GOOGLE HACKING RECAP
Dates 2004 May 2004 2005 Jan 2005 Feb 13, 2005 Jan 10, 2005 Dec 5, 2006 Mar 2007 Nov 2, 2007 Event Google Hacking Database (GHDB) begins Foundstone SiteDigger v1 released Google Hacking v1 released by Johnny Long Foundstone SiteDigger v2 released Google Hack Honeypot first release MSNPawn v1.0 released Google stops issuing Google SOAP API keys Bing disables inurl: link: and linkdomain: Google Hacking v2 released
10
Quick Historycont.
GOOGLE HACKING RECAP
Dates Mar 2008 Sept 7, 2009 Nov 2009 Dec 1, 2009 2010 Nov 1, 2010 Nov 9, 2010 July 2011 Event cDc Goolag - gui tool released Google shuts down SOAP Search API Binging tool released FoundStone SiteDigger v 3.0 released Googlag.org disappears Google AJAX API slated for retirement GHDB Reborn Announced Exploit-db.com Bing ceases &format=rss support
11
Advanced Attacks
WHAT YOU SHOULD KNOW
12
Google Diggity
Not blocked by Google bot detection Does not violate Terms of Service
Bing Diggity
Enumerate: URLs, IP-to-virtual hosts, etc. Vulnerability search queries in Bing format
13
New Features
DIGGITY CORE TOOLS
Updated to use Google JSON/ATOM API Due to deprecated Google AJAX API
Auto-update for dictionaries Output export formats Now also XLS and HTML Help File chm file added
14
New Features
DOWNLOAD BUTTON
Download Buttons for Google/Bing Diggity
Download actual files from Google/Bing search results
Downloads to default: C:\DiggityDownloads\
15
New Features
AUTO-UPDATES
16
Google Diggity
DIGGITY CORE TOOLS
17
Bing Diggity
DIGGITY CORE TOOLS
18
BHDB version
19
Hacking CSEs
ALL TOP LEVEL DOMAINS
20
22
CodeSearch Diggity
AMAZON CLOUD SECRET KEYS
23
Bing LinkFromDomainDiggity
24
Bing LinkFromDomain
DIGGITY TOOLKIT
25
Bing LinkFromDomain
FOOTPRINTING LARGE ORGANIZATIONS
26
Malware Diggity
27
MalwareDiggity
DIGGITY TOOLKIT
1. Leverages Bings linkfromdomain: search directive to find off-site links of target applications/domains 2. Runs off-site links against Googles Safe Browsing API to determine if any are malware distribution sites
3. Return results that identify malware sites that your web applications are directly linking to
28
Popular websites victimized, become malware distribution sites to their own customers
29
Popular websites victimized, become malware distribution sites to their own customers
30
31
Malware Diggity
DIGGITY TOOLKIT
32
Malware Diggity
DIAGNOSTICS IN RESULTS
33
DLP Diggity
34
DLP Diggity
LOTS OF FILES TO DATA MINE
35
DLP Diggity
MORE DATA SEARCHABLE EVERY YEAR
Google Results for Common Docs
513,000,000 600,000,000 500,000,000 400,000,000 300,000,000 84,500,000 200,000,000 42,000,000 100,000,000 0 PDF 10,900,000 2,100,000 DOC 17,300,000 16,100,000 969,000 XLS 46,400,000 30,100,000 2011 2007 1,720,000 2004 TXT
36
DLP Diggity
DIGGITY TOOLKIT
37
FlashDiggity
38
Flash Diggity
DIGGITY TOOLKIT
Google for SWF files on target domains
Example search: filetype:swf site:example.com Download SWF files to C:\DiggityDownloads\
39
DEMO
40
GoogleScrape Diggity
DIGGITY TOOLKIT
GoogleScrape Diggity
Uses Google mobile interface
Violates Terms of Service Light-weight, no advertisements
Distributed via proxies Spoofs User-agent and Referer headers Random &userip= value Across Google servers
41
Baidu Diggity
42
BaiduDiggity
CHINA SEARCH ENGINE
Fighting back
43
Advanced Defenses
PROTECT YO NECK
44
Traditional Defenses
GOOGLE HACKING DEFENSES Google Hack yourself organization
Employ tools and techniques used by hackers Remove info leaks from Google cache Using Google Webmaster Tools
45
Existing Defenses
H A C K Y O U R S E L F
Tools exist Convenient Real-time updates Multi-engine results Historical archived data Multi-domain searching
46
Advanced Defenses
NEW HOT SIZZLE
47
48
49
Bing searches with regexs from BHDB Leverages http://api.bing.com/rss.aspx Real-time vuln updates to >900 Bing hack queries via RSS
50
Bing/Google Alerts
LIVE VULNERABILITY FEEDS
51
Diggity Alerts
FUNdle Bundle
ADVANCED DEFENSES
53
FUNdle Bundle
ADVANCED DEFENSES
54
FUNdle Bundle
MOBILE FRIENDLY
55
SHODAN Alerts
56
SHODAN Alerts
FINDING SCADA SYSTEMS
57
SHODAN Alerts
SHODAN RSS FEEDS
58
Bing/Google Alerts
THICK CLIENTS TOOLS
59
Alert Diggity
60
Alerts Diggity
ADVANCED DEFENSES
61
iDiggity Alerts
iDiggity Alerts
62
iDiggity Alerts
ADVANCED DEFENSES
63
iDiggity Alerts
ADVANCED DEFENSES
64
New Defenses
G O O G L E / B I N G H A C K A L E R T S
Tools exist Convenient Real-time updates Multi-engine results Historical archived data Multi-domain searching
65
Future Direction
IS NOW
66
Diggity Alert DB
DATA MINING VULNS
Diggity Alerts Database
67
Dictionary Updates
3RD P A R T Y I N T E G R A T I O N
68
Special Thanks
Oscar The Bull Salazar Brad BeSickWittIt Sickles Nick King Luscious Harbin Prajakta The Flasher Jagdale Ruihai Ninja Fang Jason Blk-majik Lash
Thank You
http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
71