Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop Hackers Copyright ©2004 Foundstone, Inc. All Rights Reserved George Kurtz McAfee, Inc. Senior Vice President Risk Management
“Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy” - Al Qaeda training manual
AGENDA How Google works Threats Tools Countermeasures
How Google Works
Advanced Search Operators site (.edu,.gov, foundstone.com, usc.edu) filetype (txt, xls, mdb, pdf,.log) Daterange (julian date format) Intitle / allintitle Inurl / allinurl
Threats - filetype:pwd service
Threats – allinurl: admin mdb
Threats - intitle:Remote.Desktop.Web.Connection inurl:tsweb
Threats intitle:"Index of" finances.xls "Network Vulnerability Assessment Report“ / filetype:pdf "Assessment Report" nessus "not for distribution" confidential site:edu grades admin "ORA-00921: unexpected end of SQL command“ "VNC Desktop" inurl:5800 intitle:guestbook "advanced guestbook 2.2 powered“ intitle:"index of" trillian.ini
Threats - Categories Private information Usernames / passwords Configuration management / Remote Admin Interface Error messages Backup files / log files Public vulnerabilities
Tools Using Web interface GooScan Athena Using Web Service API SiteDigger
Tools - GooScan
Tools - Athena
Tools - SiteDigger By: Kartik Trivedi Foundstone
Tools - SiteDigger
Version 2 features Proxy support / Google appliance support XML signatures in OASIS WAS format Adding signatures for OWASP top 10 Signature contribution option Raw search tab Configurable # of results
Countermeasures Keep sensitive data off the web!! Perform periodic Google Assessments Update robots.txt Use meta-tags: NOARCHIVE
SUMMARY How is Google exposing my information??
Thanks ….for listening