Figure 11.15More Water Fountain FunMoving along to a more traditional network fixture, consider the screenshot captured in Figure 11.16... Even still, the Google hacking community has di
Trang 1Figure 11.15More Water Fountain Fun
Moving along to a more traditional network fixture, consider the screenshot captured in Figure 11.16
Trang 2Figure 11.16An IDS Manager on Acid
Now, I’ve been in the security business for a lot of years, and I’m not exactly brilliant in any one particular area of the industry But I do know a little bit about a lot of different things, and one thing I know for sure is that security products are designed to protect stuff It’s the way of things But when I see something like the log shown in Figure 11.16, I get all confused See, this is a web-based interfaced for the Snort intrusion detection system.The last time I checked, this data was supposed to be kept away from the eyes of an attacker, but
I guess I missed an email or something But I suppose there’s logic to this somewhere Maybe if the attacker sees his screw-ups on a public webpage, he’ll be too ashamed to ever hack again, and he’ll go on to lead a normal productive life.Then again, maybe he and his hacker buddies will just get a good laugh out of his good fortune It’s hard to tell
Open Applications
Many mainstream web applications are relatively idiot-proof, designed for the point-and-click masses that know little about security Even still, the Google hacking community has discovered hundreds of online apps that are wide open, just waiting for a point-and-click script kiddy to come along and own them.The first in this section was submitted by
Shadowsliv and is shown in Figure 11.17
Trang 3Figure 11.17Tricky Pivot Hack Requires Five Correct Field Fills
The bad news is that if a hacker can figure out what to type in those confusing fields, he’ll
have his very own Pivot web log The good news is that most skilled attackers will leave this
site alone, figuring that any software left this unprotected must be a honeypot It’s really sad
that hacking (not real hacking mind you) can be reduced to a point-and-click affair, but as
Arrested’s search reveals in Figure 11.18, owning an entire website can be a relatively simple
affair
Figure 11.18PHP-Nuke Ownage in Four Correct Field Fills
Trang 4Sporting one less field than the open Pivot install, this configuration page will create a PHP-Nuke Administrator account, and allow any visitor to start uploading content to the page as if it were their own Of course, this takes a bit of malicious intent on behalf of the web visitor.There’s no mistaking the fact that he or she is creating an Administrator account
on a site that does not belong to them However, the text of the page in Figure 11.19 is a bit more ambiguous
Figure 11.19Hack This PHP-Nuke Install “For Security Reasons”
The bold text in the middle of the page really cracks me up I can just imagine some-body’s poor Grandma running into this page and reading it aloud “For security reasons, the best idea is to create the Super User right NOW by clicking HERE.” I mean who in their
right mind would avoid doing something that was for security reasons? For all Grandma
knows, she may be saving the world from evil hackers… by hacking into some poor fool’s PHP-Nuke install
And as if owning a website isn’t cool enough, Figure 11.20 (submitted by Quadster) reveals a phpMyAdmin installation logged in as root, providing unfettered access to a
MySQL database
Trang 5Figure 11.20 Open phpMyAdmin - MySQL Ownage for Dummies
With a website install and an SQL database under his belt, it’s a natural progression for a Google hacker to want the ultimate control of a system VNC installations provide remote
control of a system’s keyboard and mouse Figure 11.21, submitted by Lester, shows a query
that locates RealVNC’s Java-based client
Figure 11.21Hack A VNC, Grab A Remote Keyboard
Trang 6Locating a client is only part of the equation, however An attacker will still need to know the address, port and (optional) password for a VNC server As Figure 11.22 reveals, the Java client itself often provide two-thirds of that equation in a handy popup window
Figure 11.22 VNC Options Handed Up With a Side of Fries
If the hacker really lucks out and stumbles on a server that’s not password protected, he’s faced with the daunting task of figuring out which of the four buttons to click in the above connection window Here’s a hint for the script kiddie looking to make his way in the
world: it’s not the Cancel button.
Of course running without a password is just plain silly But passwords can be so difficult
to remember and software vendors obviously realize this as evidenced by the password prompt shown in Figure 11.23
Figure 11.23Handy Password Reminder, In Case The Hacker Forgot
Posting the default username/password combination on a login popup is just craziness Unfortunately it’s not an isolated event Check out Figure 11.24, submitted by Jimmy Neutron Can you guess the default password?
Trang 7Figure 11.24You Suck If You Can’t Guess This Default Password
Graduating to the next level of hacker leetness requires a bit of work Check out the user screen shown in Figure 11.25, which was submitted by Dan Kaminsky
Figure 11.25Welcome To Guest Access
If you look carefully, you’ll notice that the URL contains a special field called ADMIN, which is set to False.Think like a hacker for a moment and imagine how you might gain
administrative access to the page.The spoiler is listed in Figure 11.26
Trang 8Figure 11.26Admin Access through URL Tinkering
Check out the shiny new Exit Administrative Access button By Changing the ADMIN field to True, the application drops us into Administrative access mode Hacking really is
hard, I promise
Cameras
I’ve got to be honest and admit that like printer queries, I’m really sick of webcam queries For a while there, every other addition to the GHDB was a webcam query Still, some webcam finds are pretty interesting and worth mentioning in the showcase I’ll start with a cell phone camera dump, submitted by Vipsta as shown in Figure 11.27
Not only is this an interesting photo of some pretty serious-looking vehicular carnage, but the idea that Google trolls camera phone picture sites is interesting Who knows what kind
of blackmail fodder lurks in the world’s camera phones Not that anyone would ever use that kind of information for sensationalistic or economically lucrative purposes Ahem
Trang 9Figure 11.27 Google Crawled Vehicular Carnage
Moving on, check out the office-mounted open web camera submitted by Klouw as shown in Figure 11.28
Figure 11.28 Remote Shoulder Surfing 101
Trang 10This is really an interesting web cam Not only does it reveal all the activity in the office, but it seems especially designed to allow remote shoulder surfing Hackers used to have to get out of the house to participate in this classic sport.These days all they have to do is fire off a few Google searches
Figure 11.29, submitted by Jimmy Neutron, shows the I.T infrastructure of a tactical US nuclear submarine
Figure 11.29 Not Really A Tactical US Nuclear Submarine
OK, so not really It’s probably just a nuclear reactor or power grid control center or even a drug lord’s warehouse in Columbia (Maryland) Or maybe I’ve been reading too
many Stealing The Network books Either way, it’s a cool find none the less.
Figure 11.30, however (submitted by JBrashars) is unmistakable It’s definitely a parking lot camera I’m not sure why, exactly, a camera is pointed at a handicapped parking space, but
my guess is that there have been reports of handicapped parking spot abuse Imagine the joy
of being the guard that gets to witness the CIO parking in the spot, leaping out of his con-vertible and running into the building.Those are the stories of security guard legends