0
Lord of the Bing
   d f h
Taking Back Search Engine Hacking From Google and Bing
29 July 2010




                        ...
Goals
G l
    DESIRED OUTCOME


 • To improve Google Hacking
    • Attacks and defenses
    • Advanced tools and technique...
Google/Bing H ki
G   l /Bi Hacking
  SEARCH ENGINE ATTACKS




                          4
Attack Targets
Att k T     t
          GOOGLE HACKING DATABASE

• Advisories and Vulnerabilities (215)   • Pages containin...
Attack Targets
Att k T     t
     GOOGLE HACKING DATABASE


 Old School Examples
 • E
   Error Messages
         M
     • ...
New Toolkit
N   T lkit
    STACH & LIU TOOLS

 Google Diggity
    • Uses Google AJAX API
              g    J
        • No...
New Toolkit
N   T lkit
       STACH & LIU TOOLS


GoogleScrape Diggity
   • Uses Google mobile
     interface
       • Lig...
New Hack Databases
N   H kD t b
            ATTACK QUERIES

BHDB – Bing Hacking Data Base                   Example - Bing...
New Hack Databases
N   H kD t b
     ATTACK QUERIES

 SLDB - Stach & Liu Data Base
     • New Google/Bing hacking searches...
NEW GOOGLE HACKING TOOLS


DEMO

                           11
Traditional D f
T diti    l Defenses
     GOOGLE HACKING DEFENSES

 • “Google Hack yourself” organization
     • Employ to...
Traditional D f
T diti    l Defenses
     GOOGLE HACKING DEFENSES

 • “Google Hack yourself” organization
     • Employ to...
Advanced Defenses
Ad     dD f
  PROTECT YO NECK




                    14
Existing D f
E i ti Defenses
    “H A C K Y O U R S E L F”


  Tools exist
  Convenient
  Real-time updates
   Real tim...
Advanced Defenses
Ad     dD f
       NEW HOT SIZZLE



Stach & Liu now proudly presents:
                p     yp
   • Goo...
Google H ki Alerts
G   l Hacking Al t
          ADVANCED DEFENSES

 Google Hacking Alerts
    • All hacking database queri...
Google H ki Alerts
G   l Hacking Al t
    ADVANCED DEFENSES




                        18
Bing H ki Al t
Bi Hacking Alerts
      ADVANCED DEFENSES

 Bing Hacking Alerts
    • Bing searches with regexs from BHDB
 ...
Alert Cli t Tools
Al t Client T l
 GOOGLE/BING ALERT CLIENTS

 Google/Bing Hacking Alert Thick Clients
    • Take in Googl...
ADVANCED DEFENSE TOOLS


DEMO

                         21
New Defenses
N   D f
“G O O G L E / B I N G H A C K A L E R T S”


  Tools exist
  Convenient
  Real-time updates
   Re...
Google A
G   l Apps E l i
           Explosion
  SO MANY APPLICATIONS TO ABUSE




                                  23
Google Ph
G   l PhoneBook
           B k
  SPEAR PHISHING




                   24
Google C d S
G   l Code Search
                h
     VULNS IN OPEN SOURCE CODE

 • Regex search for vulnerabilities in pu...
GOOGLE CODE SEARCH HACKING


DEMO

                             26
Google C d S
G   l Code Search
                h
  VULNS IN OPEN SOURCE CODE




                              27
Google C d S
G   l Code Search
                h
  VULNS IN OPEN SOURCE CODE




                              28
Black Hat SEO
        SEARCH ENGINE OPTIMIZATION



• Use popular search
  topics d jour
         du
• Pollute results wit...
Google Trends
  BLACK HAT SEO RECON




                        30
Defenses
D f
    BLACKHAT SEO DEFENSES

 • Malware Warning Filters
    • Google Safe Browsing
          g               g
...
Mass I j ti Att k
M    Injection Attacks
      MALWARE GONE WILD

Malware Distribution Woes
   • Popular websites victimiz...
Malware B
M l     Browser Fil
                Filters
       URL BLACK LIST

Protecting users from known threats
   • Join...
Inconvenient T th
I       i t Truth
    DICKHEAD ALERTS

Malware Black List Woes
   • Average web administrator has no ide...
Advanced Defenses
Ad     dD f
  PROTECT YO NECK




                    36
Malware Di it
M l     Diggity
      ADVANCED DEFENSES

 Malware Diggity
    • Uses Bing’s linkfromdomain: directive to ide...
Malware Di it
M l     Diggity
   ADVANCED DEFENSES




                       38
Malware Di it
M l     Diggity
   ADVANCED DEFENSES




                       39
40
Malware M i i
M l     Monitoring
  INFECTION DETECTION

                    Identify 
                 External Links


  ...
Search Engine deOptimization
 BLACK   LIST YOUR FOES

                    Identify 
                  Malware Links


    ...
Future Direction
F      Di    i
      PREDICTIONS




                    43
Predictions
P di ti
    FUTURE DIRECTIONS


 Data Explosion                      Renewed Tool Dev
    • More data indexed,...
Real-time U d t
R l ti    Updates
   FUTURE DIRECTIONS




                       45
Questions?
Ask us something
W
We’ll try to answer it.
        y       w
                   For more info:
                ...
Thank Yo
      You




Stach & Liu Project info:
http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-...
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010
Upcoming SlideShare
Loading in...5
×

Lord of the Bing - Black Hat USA 2010

15,407

Published on

During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - our demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. We will then reveal several new search engine hacking techniques that have resulted in remarkable breakthroughs against both Google and Bing. Come ready to engage with us as we release two new tools, GoogleDiggity and BingDiggity, which take full advantage of the new hacking techniques. We’ll also be releasing the first ever “live vulnerability feed”, which will quickly become the new standard on how to detect and protect yourself against these types of attacks. This presentation will change the way you've previously thought about search engine hacking, so put on your helmets. We don't want a mess when we blow your minds.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
15,407
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
76
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Lord of the Bing - Black Hat USA 2010"

  1. 1. Lord of the Bing d f h Taking Back Search Engine Hacking From Google and Bing 29 July 2010 Presented by: Francis Brown and Rob Ragan Stach & Liu, LLC www.stachliu.com
  2. 2. Goals G l DESIRED OUTCOME • To improve Google Hacking • Attacks and defenses • Advanced tools and techniques • To think differently about exposures in publicly available sources • To blow your mind! 3
  3. 3. Google/Bing H ki G l /Bi Hacking SEARCH ENGINE ATTACKS 4
  4. 4. Attack Targets Att k T t GOOGLE HACKING DATABASE • Advisories and Vulnerabilities (215) • Pages containing network or • Error Messages (58) vulnerability data (59) y • Files containing juicy info (230) • Sensitive Directories (61) • Files containing passwords (135) • Sensitive Online Shopping Info (9) • Files containing usernames (15) • Various Online Devices (201) • Footholds (21) • Vulnerable Files (57) • Pages containing login portals (232) • Vulnerable Servers (48) • Web Server Detection (72) 5
  5. 5. Attack Targets Att k T t GOOGLE HACKING DATABASE Old School Examples • E Error Messages M • filetype:asp + "[ODBC SQL“ • "Warning: mysql_query()" "invalid query“ • Files containing passwords • inurl:passlist.txt 6
  6. 6. New Toolkit N T lkit STACH & LIU TOOLS Google Diggity • Uses Google AJAX API g J • Not blocked by Google bot detection • Does not violate Terms of Service • Can leverage Bing Diggity • Uses Bing SOAP API • Company/Webapp Profiling • Enumerate: URLs, IP-to-virtual hosts, etc. • Bing Hacking Database (BHDB) • V l Vulnerability search queries in Bing format bilit h i i Bi f t 7
  7. 7. New Toolkit N T lkit STACH & LIU TOOLS GoogleScrape Diggity • Uses Google mobile interface • Light-weight, no advertisements or extras • V l Violates T Terms of S f Service • Automatically leverages valid open proxies • Spoofs User agent and User-agent Referer headers • Random &userip= value 8
  8. 8. New Hack Databases N H kD t b ATTACK QUERIES BHDB – Bing Hacking Data Base Example - Bing vulnerability search: • First ever Bing Hacking database • GHDB query • "allintitle:Netscape FastTrack Server Home Page" allintitle:Netscape Page • Bing has limitations that make it • BHDB version • "intitle:Netscape FastTrack Server Home Page" difficult to create vuln search queries • Bing disabled the link: and linkdomain: directives to combat abuse in March 2007 • Does not support ext: or inurl: • The filetype: functionality is limited 9
  9. 9. New Hack Databases N H kD t b ATTACK QUERIES SLDB - Stach & Liu Data Base • New Google/Bing hacking searches in active development by the S&L team SLDB Examples • ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential • ( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject • filetype:sql "insert into" (pass|passwd|password) • !Host=*.* intext:enc_UserPassword=* ext:pcf • "your password is" filetype:log 10
  10. 10. NEW GOOGLE HACKING TOOLS DEMO 11
  11. 11. Traditional D f T diti l Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers p y q y • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf OpenDLP • Policy and Legal Restrictions 12
  12. 12. Traditional D f T diti l Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers p y q y • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf OpenDLP • Policy and Legal Restrictions 13
  13. 13. Advanced Defenses Ad dD f PROTECT YO NECK 14
  14. 14. Existing D f E i ti Defenses “H A C K Y O U R S E L F”  Tools exist  Convenient  Real-time updates Real time  Multi-engine results  Historical archived data  Multi-domain searchingg 15
  15. 15. Advanced Defenses Ad dD f NEW HOT SIZZLE Stach & Liu now proudly presents: p yp • Google Hacking Alerts • Bing Hacking Alerts 16
  16. 16. Google H ki Alerts G l Hacking Al t ADVANCED DEFENSES Google Hacking Alerts • All hacking database queries using • Real-time vuln updates to >2400 hack queries via RSS • Organized and available via importable file 17
  17. 17. Google H ki Alerts G l Hacking Al t ADVANCED DEFENSES 18
  18. 18. Bing H ki Al t Bi Hacking Alerts ADVANCED DEFENSES Bing Hacking Alerts • Bing searches with regexs from BHDB • Leverage &format rss directive to turn into update feeds &format=rss 19
  19. 19. Alert Cli t Tools Al t Client T l GOOGLE/BING ALERT CLIENTS Google/Bing Hacking Alert Thick Clients • Take in Google/Bing Alert RSS feeds as input • Allow user to set one or more filters to generate alerts when one of the RSS alert entries matches something they are interested in (e.g. “yourcompany.com” in the URL) • Several thick clients being released by Stach & Liu: • Windows app • iPhone app (coming soon) • Droid app (coming soon) 20
  20. 20. ADVANCED DEFENSE TOOLS DEMO 21
  21. 21. New Defenses N D f “G O O G L E / B I N G H A C K A L E R T S”  Tools exist  Convenient  Real-time updates Real time  Multi-engine results  Historical archived data  Multi-domain searchingg 22
  22. 22. Google A G l Apps E l i Explosion SO MANY APPLICATIONS TO ABUSE 23
  23. 23. Google Ph G l PhoneBook B k SPEAR PHISHING 24
  24. 24. Google C d S G l Code Search h VULNS IN OPEN SOURCE CODE • Regex search for vulnerabilities in public code • Example: SQL Injection in ASP querystring • select.*from.*request.QUERYSTRING 25
  25. 25. GOOGLE CODE SEARCH HACKING DEMO 26
  26. 26. Google C d S G l Code Search h VULNS IN OPEN SOURCE CODE 27
  27. 27. Google C d S G l Code Search h VULNS IN OPEN SOURCE CODE 28
  28. 28. Black Hat SEO SEARCH ENGINE OPTIMIZATION • Use popular search topics d jour du • Pollute results with links to badware • Increase chances of a successful attack 29
  29. 29. Google Trends BLACK HAT SEO RECON 30
  30. 30. Defenses D f BLACKHAT SEO DEFENSES • Malware Warning Filters • Google Safe Browsing g g • Microsoft SmartScreen Filter • Yahoo Search Scan • Sandbox Software • Sandboxie (sandboxie.com) • Dell KACE - Secure Browser • Adobe Reader Sandbox (Protected Mode) • No-script and Ad-block browser plugins 32
  31. 31. Mass I j ti Att k M Injection Attacks MALWARE GONE WILD Malware Distribution Woes • Popular websites victimized, become malware distribution sites to their own customers 33
  32. 32. Malware B M l Browser Fil Filters URL BLACK LIST Protecting users from known threats • Joint effort to protect customers from known malware and phishing links 34
  33. 33. Inconvenient T th I i t Truth DICKHEAD ALERTS Malware Black List Woes • Average web administrator has no idea when their site gets black listed 35
  34. 34. Advanced Defenses Ad dD f PROTECT YO NECK 36
  35. 35. Malware Di it M l Diggity ADVANCED DEFENSES Malware Diggity • Uses Bing’s linkfromdomain: directive to identify off-site links of the domain(s) g y () you wish to monitor • Compares to known malware sites/domains • Alerts if site is compromised and now distributing malware • Monitors new Google Trends links Malware Diggity Alerts • L Leverages the Bing ‘&f h B ’ directive, to actively monitor new off-site ‘&format=rss’ d l ff links of your site as they appear • Immediately lets you know if you have been compromised by one of these mass injection attacks or if your site has been black listed 37
  36. 36. Malware Di it M l Diggity ADVANCED DEFENSES 38
  37. 37. Malware Di it M l Diggity ADVANCED DEFENSES 39
  38. 38. 40
  39. 39. Malware M i i M l Monitoring INFECTION DETECTION Identify  External Links Identify  Alert Incoming Links Detect  Compare to  Infected Links Black List 41
  40. 40. Search Engine deOptimization BLACK LIST YOUR FOES Identify  Malware Links Mass Inject  Profit Competition Competition  Competition  PageRank is 0 Black Listed 42
  41. 41. Future Direction F Di i PREDICTIONS 43
  42. 42. Predictions P di ti FUTURE DIRECTIONS Data Explosion Renewed Tool Dev • More data indexed, • Google Ajax API based searchable • Bing/Yahoo/other engines • Real-time, streaming updates • Search engine aggregators • Faster more robust search Faster, • G Google C d and Oth O l Code d Other Open interfaces Source Repositories • MS CodePlex, SourceForge, … Google Involvement g • More automation in tools Mo e au o a o oo s • Filtering of search results • Real-time detection and • Better GH detection and exploitation tool blocking • Google worms 44
  43. 43. Real-time U d t R l ti Updates FUTURE DIRECTIONS 45
  44. 44. Questions? Ask us something W We’ll try to answer it. y w For more info: Email: contact@stachliu.com Project: diggity@stachliu.com Stach Liu, St h & Li LLC www.stachliu.com
  45. 45. Thank Yo You Stach & Liu Project info: http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ htt //www t hli /i d h / /t l / l h ki di it j t/ 47
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×