Figure 11.48 Bedroom Hacking For DummiesAMX NetLinx systems are designed to allow control of power systems.The figure above seems to suggest that a web visitor could control power in a t
Trang 1This front-end was designed to put a new face on an older PBX product, but client secu-rity seems to have been an afterthought Notice that the interface asks the user to “Logout”
of the interface, indicating that the user is already logged in Also, notice that cryptic button
labeled Start Managing the Device After firing off a Google search, all a malicious hacker has to
do is figure out which button to press What an unbelievably daunting task
Power
I get a lot of raised eyebrows when I talk about using Google to hack power systems Most
people think I’m talking about UPS systems like the one submitted by Yeseins in Figure
11.47
Figure 11.47Whazzups?
This is a clever Google query, but it’s only an uninterruptible power system (UPS) monitoring page.This can be amusing, but as Jimmy Neutron shows in Figure 11.48,
there are more interesting power hacking opportunities available
Trang 2Figure 11.48 Bedroom Hacking For Dummies
AMX NetLinx systems are designed to allow control of power systems.The figure above seems to suggest that a web visitor could control power in a theater, a family room and the master bedroom of a residence.The problem is that the Google search turns up a scarce number of results, most of which are password protected As an alternative, Jimmy offers the search shown in Figure 11.49
Figure 11.49 Passwords Are Nifty, Especially Default Ones
Trang 3Although this query results in a long list of password-protected sites, many sites still use the default password, providing access to the control panel shown in Figure 11.50
Figure 11.50Google Hacking Light Sockets? Uh oh
This control panel lists power sockets alongside interesting buttons named Power and
Restart, which even the dimmest of hackers will undoubtedly be able to figure out.The
problem with this interface is that it’s just not much fun A hacker will definitely get
bored flipping unnamed power switches—unless of course he also finds an open
webcam so he can watch the fun.The search shown in Figure 11.51 seems to address
this, naming each of the devices for easy reference
Trang 4Figure 11.51 Step Away From The Christmas Lights
Of course even the most vicious hackers would probably consider it rude to nail someone’s Christmas lights, but no hacker in their right mind could resist the open HomeSeer control panel shown in Figure 11.52
Figure 11.52 Bong Hacking BONG Hacking
Trang 5The HomeSeer control panel puts the fun back into power hacking, listing descriptions
for each control, as well as an On, Off and slider switch for applicable elements Some of the
elements in this list are quite interesting, including Lower Motion and Bathroom.The best
though is definitely Electric Bong If you’re a member of the Secret Service looking to bust
the owner of this system, I would suggest a preemptive Google strike before barging into
the home Start by dimming the lights, and then nail the motion sensors Last but not least,
turn on the electric bong in case your other charges don’t stick
Sensitive Info
Sensitive info is such a generic term, but that’s what this section includes: a hodgepodge of
sensitive info discovered while surfing Google We’ll begin with the VCalendar search
sub-mitted by Jorokin as shown in Figure 11.53
Figure 11.53Let Me Check Their Calendar
There’s at least a decent possibility that these calendar files were made public on pur-pose, but the Netscape history file submitted by Digital_Revolution in Figure 11.54
shouldn’t be public
Trang 6Figure 11.54 Hot Chicks at IBM? Nah.
For starters, the file contains the user’s POP email username and encoded password Then there’s the issue of his URL history, which contains not only the very respectable
IBM.com, but also the not-so-respectable hotchicks.com, which I’m pretty sure is NSFW.
Next up is an MSN contact list submitted by Harry-AAC, which is shown in Figure 11.55
Trang 7Figure 11.55Want To Steal My Friends?
This file lists the contact names and email addresses found in someone’s contact list At best, this file is spam fodder.There’s really no shortage of email address lists, phone number
lists and more on the Web, but what’s surprising is how many documents containing this
type of information were created with the express intention of sharing that information
Consider the screen shown in Figure 11.56, which was submitted by CP
Trang 8Figure 11.56Call and Email the Entire Staff and Wish Them Happy Birthday
This document is a staff directory, which was created for internal use only.The only problem is that it was found on a public web site While this doesn’t seem to constitute seri-ously private information, the search shown in Figure 11.57 (submitted by Maerim) reveals slightly more sensitive information: passwords
Trang 9Figure 11.57I Think This RCON Password is Written In Greek
This file lists the cleartext passwords for the Ghost Squad’s private Counterstrike remote
administration console Ask any CS gamer how embarrassing this could be But hacking a
game server is fairly tame Consider, however, Figure 11.58 which was submitted by Barabas
Figure 11.58Encoded VPN Passwords
Trang 10This file lists information and encoded passwords for a Cisco Virtual LAN (VLAN) About the only thing worse than revealing your VLAN’s encoded passwords is revealing
your VLAN’s cleartext passwords Ask and you shall receive Check out Figure 11.59, again
from Barabas
Figure 11.59Plaintext VPN Passwords
Yup, that’s a cleartext password nestled inside a University’s configuration file But interesting passwords can be found in all sorts of places, such as inside Windows unat-tended installation files, as shown in Figure 11.60, which was submitted by MBaldwin
Figure 11.60 Owning a Windows Install before It’s Installed Leet