Search Engine Hacking tài liệu dành cho các bạn nghiên cứu về bảo mật mạng, cách thức tấn công và phòng thủ, bảo vệ, cũng như tìm kiếm thông tin trên mạng, tài liệu cần thiết cho các bạn thuộc lĩnh vực công nghệ thông tin, cũng như những bạn muốn tìm hiểu về hacking và security
Trang 1LOGO
Search Engine Hacking
Trang 2Search Engine Hacking
Trang 3Search Engine Hacking
1 What is SEH?
2 Tools Armoury
3 Exploiting SEH
4 Countermeasures
Trang 4Search Engine Hacking
Trang 5What is SEH?
Definition: Search Engine Hacking (SEH)
Function: noun
SEH is the malicious use of indexing
technologies in order to identify, fingerprint and exploit at-risk systems, data and people.
In other words: Using Search Engines and other indexing facilities to find juicy
information and 0wnable b0x3n/w4r3z/d00dz
Trang 6What is SEH?
How much data are we talking about?
Trang 7Search Engine Hacking
Trang 8Search Engine Hacking
Trang 9Search Engine Hacking
Trang 10What is SEH?
Only now there’s much more to contend with
IRC Search Engines
Bit Torrent/P2P Search engines
Trang 11What is SEH?
Trang 12What is SEH?
Trang 14•Searches deliberately restricted
•The ‘Internet Scanner’ of SEH tools
Trang 15Tools Armoury
SiteDigger
Trang 16Tools Armoury
SiteDigger
Trang 18Tools Armoury
•Written by Mimi & Spark of the Good Cat Studio
•No Google Key required, but still Google only
•No restrictions on Search
•Similar functionality to SiteDigger, minus the snazzy reporting
Trang 19Tools Armoury
Trang 21Tools Armoury
Wikto
(http://www.sensepost.com/research/wikto/)
•Port of Nikto to Windows with bells and whistles
•Google Hacking functionality a la GooScan
•Needs Google API Key
•Site orientated
•Requires registration with Foundstone’s portal!!!!
Trang 22Tools Armoury
Wikto
•Uses a ‘Googler’ to identify directories worth investigating
Trang 23Tools Armoury
Wikto
Trang 24Tools Armoury
Wikto
•‘BackEnd’ module imports data from Googler for use in data mining…
Trang 25Tools Armoury
Wikto
Trang 26Tools Armoury
Wikto
•‘Wikto’ module functions as Nikto on other systems, with ability
to import dirs from Googler and BackEnd
Trang 27Tools Armoury
Wikto
Trang 28Tools Armoury
Wikto
•‘GoogleHacks’ Module provides an automated GoogleDork searching facility
Trang 29Tools Armoury
Wikto
Trang 31Tools Armoury
Athena (http://www.snakeoillabs.com)
•The ‘original’ Search Engine Hacking tool (other than a web browser, of course)
•No API Key required
•Features GHDB editor and extensive logging functionality
•Not Google Specific!
•Manual tool
Trang 32Tools Armoury
Athena
Trang 33Tools Armoury
Athena
Trang 34Tools Armoury
Athena
Trang 35Tools Armoury
Athena
Trang 36Tools Armoury
Athena
Trang 37Tools Armoury
Athena
•Pros
•Cool logging/note-taking functionality
•Can edit GHDB information within Athena
•Use datagrid or raw XML editing facilities
•Designed for non-techies as well as power users
•Suitable for Yahoo, Altavista, <your search facility here>
•Cons
•No automation
•Tabbed browsing would be nice
•Overall
Trang 38Exploiting SEH
It’s easy as 1-2-3
• Load the GHDB.xml into Athena
• Select your query type
(and enter any filters)
• Hit Search
Trang 39Exploiting SEH
Trang 40Exploiting SEH
Trang 41Exploiting SEH
Thinking of buying a digital camera?
• Load Digicams.xml into Athena
• Select your camera manufacturer
(and enter any filters – e.g wedding, holiday, ‘amateur’)
• Hit Go!
Trang 42Exploiting SEH
Trang 43Exploiting non-Google SEH
An example
•Create a Catalog in Indexing Server for file store
•Associate the Catalog with the default web site via the catalog properties
•Use the index server query object in ASP (ixsso.Query)
•Voila! Instant Search facility!
Trang 44Exploiting non-Google SEH
Indexing Service MMC Snap-in
Trang 45Exploiting non-Google SEH
Example query
Trang 46Exploiting non-Google SEH
What happens when you’re not sure what you’re indexing?
Trang 47Exploiting non-Google SEH
Things to try on your own app
•.htaccess/.htpasswd stuff
•GET POST
•Deny from all
•IIS Indexing
•REM (from autoexec.bat)
•SELECT (from backup asp and aspx files)
•Other stuff
•<?php
•#!/usr/bin/perl
•root:0:
Trang 48Google-specific countermeasures
•Add the following to specific pages to be left out
•<META NAME="GOOGLEBOT" CONTENT="NOINDEX, NOFOLLOW">
•Remove ‘snippets’ but still index link
•<META NAME="GOOGLEBOT"
CONTENT="NOSNIPPET">
•Stop archiving
•<META NAME="GOOGLEBOT"
Trang 49•Make sure indexed files are held in a specific directory, not
the web root!
•Figure out what you’re indexing – you’re only indexing files
with specific extensions, right?
Trang 50Procedural countermeasures
•Newsgroups/Mailing lists
•Use a hushmail/hotmail account
•Use X-No-Archive: Yes headers in Usenet postings
•Don’t post information about your systems, data or people
(e.g: specify Solaris rather than specific Solaris patch levels)
•Check for information leakage periodically
•Don’t use site: restrictions – you want to find all
occurrences that affect you, not just the ones on your site!
Trang 52LOGO
Questions?