Then again, we could simply use Google Alerts as shown in see Figure 10.20... Google Co-op Google Co-op www.google.com/coop is a powerful service that allows you to create pow-erful cus
Trang 1gs = GoogleSplogger.GoogleSplogger('username', 'password')
feed = feedparser.parse('http://www.gnucitizen.org/feed') # we are going to import
this feed into our blog
for e in feed.entries:
gs.post('my blog name', e.title, e.content[0].value, 'author')
Figure 10.18 - Import Blog Entries
This script, entered as shown in Figure 10.18, will import all feed entries from GNUCITIZEN’s blog into your blog, effectively creating a spam blog as shown in Figure
10.19
Trang 2Figure 10.19 The new Splog
Notice how quickly we created a new blog with content
There are completely different set of strategies that can be undertaken to make the splog achieve its purposes however due to the size of this topic we can’t really cover all of them in this book It is important to understand the security and ethical implications that are related
to splogging Again, remember that spamming Google or any other service is totally prohib-ited by the terms of service.You can potentially damage your account and all data that it holds
Signaling Alerts
Very often we need to track changes in Google’s result set For example, let’s say that we want to monitor a certain site for vulnerabilities How can we do that? We can simply run scanners every once in a while but this is a noisy exercise and will definitely take loads of time Instead, being dedicated Google hackers, we can use Google itself and use a few pow-erful Google dorks to locate the things that we are interested in without the need for
auto-mated scanning software.Then we can setup a cron task to monitor the results returned by
Google and when a change is detected email us the result
Then again, we could simply use Google Alerts as shown in see Figure 10.20
Trang 3Figure 10.20 Google Alerts
Google Alerts is a powerful system that detects when a query’s result set changes.The system can be modified to send updates once a day, once a week, or as they happen Keep in mind that only the first 10 entries (the first page) are taken into consideration Nevertheless,
the Alert system does a good job when optimized
This is a great tool, but it can be used for more interesting purposes Let’s say that we know that a target is using MsSQL as database backend We could use Google alerts to poll
the target, searching for error messages as they pop up.That search might look something
like this:
"[SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" forum thread
-showthread site:example.com
For the type of alert select Web, usually default option Select the frequency of the alert, and your email address and click Create Alert.
Notice that the query that we use for this alert is domain restricted
(site:example.com) Also pay attention to the actual Google dork Obviously we look for
messages that look like being generated failures in the SQL queries sent to backend.These
types of messages are sign for SQL Injection vulnerable resources
A malicious user can use this service to alert whenever a vulnerability or interesting message appears on a target site.This is very low-profile, and does not alert the target; the
Trang 4transaction happens between the user and Google An attacker could even enter alerts for every entry in the Google Hacking Database Although this would be overkill, some of the entries in the database reveal extremely sensitive information, which could be harvested with very little further effort
Google Co-op
Google Co-op (www.google.com/coop) is a powerful service that allows you to create
pow-erful custom search engines.You do not need to be registered Google user in order to use
the service but if you want to create an engine, it is required In the following section, we’ll guide you through some of the most interesting features of this service and we’ll show you how to create your own search engines
Let’s start with the simplest of search engines Browse the Google Go-op page and click
Create a Custom Search Engine, or simply browse to www.google.com/coop/cse From the Custom Engine configuration page (Figure 10.21), we need define the characteristics we need
Figure 10.21 Google Custom Search Engine Creation page
Trang 5First enter a search engine name We’ll call ours the “Google Hacking Database Search”.
Enter a description and some basic search keywords, both of which are optional.The
key-words are primary used by Google to find the most relevant results.This means that our
query will be mingled with these keywords For now, we’ll leave this alone Moving forward,
to the field titled What do you want to search, we will define the scope of the search queries.
For this example, we are going to use the default option entitled Only sites that I select.
Now, the interesting part- we need to supply the URLs Google will look into when performing the queries Since our search engine will do stuff around the Google Hacking
Database located at http://johnny.ihackstuff.com/ghdb.php, we’ll simply drop that URL
into this field We’ll customize this entry option further with the use of wildcards, in order
to search URLs that match a specific syntax Here are a few examples taken from Cop-op’s
documentation:
www.mysite.com/mypage.html - look for information within mypage.html part of the
www.mysite.com domain
www.mysite.com/* - look for information within the entire context of www.mysite.com www.mysite.com/*about* - look for information within URLs from www.mysite.com that
has the about keyword
*.mydomain.com - look for information within sub-domains of mysite.com.
For our example, the main page is located at http://johnny.ihackstuff.com/ghdb.php, but
in order to make Co-op go a couple of levels down from that location, we must change the site URL to http://johnny.ihackstuff.com/ghdb.php* (note the star at the end).This is
because the URL for an individual database entry contains parameters tacked onto the data
after the name of the ghdb.php script the following format:
http://johnny.ihackstuff.com/ghdb.php?function=detail&id=64
The rest of the options from the Go-op Custom engine creation page are irrelevant at this point Agree to Google’s terms of service and click on the next button.You must see
something similar to Figure 10.22
Trang 6Figure 10.22 2nd Stage of Google’s Custom Engine Creation Process
No we’ll test how the search engine works.Type a few queries like “index” or “secret”,
and you’ll see some sample results If everything works as expected, click finish, and the
custom search engine will be displayed as shown in Figure 10.234
Figure 10.23 GHDB Custom Search Engine
Trang 7The purpose of our search engine is find interesting queries within Johnny Long’s excel-lent Google dorks collection which does not (at the time of this writing) support searching
For example, a query for passwd will return results similar to those in Figure 10.24.
Figure 10.24 Search Results
It’s simple to create other customized search engines as well For example, we could search Phenoelit’s database of default passwords found at
www.phenoelit-us.org/dpl/dpl.html It normally takes ages to load the file and most browsers cannot
handle its enormous size Let’s create a custom search engine to search this excellent page
Following the same process as before, we will use a site restriction of www.phenoelit-us.org/dpl/dpl.htmlinstead of http://johnny.ihackstuff.com/ghdb.php* Bake the engine and give it a try Figure 10.25 shows the result of query for cisco
Trang 8Figure 10.25 Default Password List Search Engine
Notice that the resulting page contains all the details that we need, including the default username and password We can improve this engine by adding more default password lists
Notes from the Underground…
Google’s Custom Search Engine
The GNUCITIZEN group http://www.gnucitizen.org has discovered that Google’s Custom Search Engine platform can be used for many other useful things such as fin-gerprinting and enumerating hidden web servers It is well known fact that not all Web resources are exposed to the Internet We call that part of the network the Hidden Web By using Custom Search Engines we can recover them and enumerate their content Among the gathered information, we may find Intranet interfaces, Administrative panels and other types of sensitive information.
Trang 9Google AJAX Search API Integration
Earlier in this chapter we discussed how to use the AJAX API to embed search engine facili-ties in your own applications and even do automated queries Here we will do the same but
this time we are going to use the Google Hacking Database custom search engine that we
have created
The first most important thing is to locate the unique identifier of your search engine
Just access the engine page and have a look at the URL bar It should be similar to the
following:
http://www.google.com/coop/cse?cx=016629205230705557969%3Assouol31jqq
The cx parameter is the unique identifier for that engine Remember that value and
substitute it for the placeholder in the following example:
<html>
<head>
<title>Hacking AJAX API</title>
</head>
<body>
<script>
function our_callback(a, b, c, d, e) { for (var i = 0; i < b.results.length; i++) { var link = document.createElement('a');
link.href = b.results[i].url;
link.innerHTML = b.results[i].url;
document.body.appendChild(link);
var br = document.createElement('br');
document.body.appendChild(br);
} }
</script>
<script type="text/javascript"
src="http://www.google.com/uds/GwebSearch?callback=our_callback&context=0&rsz=large
&q=test&key=internal&v=1.0&cx=016629205230705557969%3Assouol31jqq"></script>
</body>
</html>
Trang 10There are tones of interesting and quite valuable things that can be accomplished with the AJAX Search API and Google Co-op It is just a matter of imagination, something that hackers and computer security experts has quite a lot
Google Code
Google Code is an offering to the open source community allowing for free-for-all project hosting Feature-wise, the service is very much like the well the known Sourceforge
Developers are provided with a Wiki for hosting the project documentation, Bug tracking system and version control through SVN At the time of this writing, each user is restricted
by the number of projects they can spawn However, this logical restriction can be easily bypassed
Google Code is more then just a development environment - it is a free hosting
provider We can use the system to stash all sorts of stuff in there
In order to open a Google Code project, you’ll first need a Google account Simply visit http://code.google.com/hosting/createProject, fill in the necessary details and you are ready
to upload your content as shown in Figure 10.26
Figure 10.26 Google Code Project Registration
As we mentioned earlier, Google Code operates on the top of SVN (Subversion) In
order to upload content, you will need the svn client which comes bundled with most Linux/Unix distributions Windows users can obtain the svn client from