SlideShare a Scribd company logo

Hack attack pulp google

S
sourav6388

This book shares information, about various techniques for new kind of hacking research

EducationTechnologyNews & Politics
1 of 71
Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 – Black Hat 2011 – Las Vegas, NV Presented by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com
Agenda OVERVIEW • Introduction/Background • Advanced Attacks • Google/Bing Hacking - Core Tools • NEW Diggity Attack Tools • Advanced Defenses • Google/Bing Hacking Alert RSS Feeds • NEW Diggity Alert Feeds and Updates • NEW Diggity Alert RSS Feed Client Tools • Future Directions 2
Introduction/ Background GETTING UP TO SPEED 3
Open Source Intelligence SEARCHING PUBLIC SOURCES OSINT – is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 4
Google/Bing Hacking SEARCH ENGINE ATTACKS 5
Google/Bing Hacking SEARCH ENGINE ATTACKS Bing's source leaked! class Bing { public static string Search(string query) { return Google.Search(query); } } 6
Attack Targets GOOGLE HACKING DATABASE • Advisories and Vulnerabilities (215) • Pages containing network or • Error Messages (58) vulnerability data (59) • Files containing juicy info (230) • Sensitive Directories (61) • Files containing passwords (135) • Sensitive Online Shopping Info (9) • Files containing usernames (15) • Various Online Devices (201) • Footholds (21) • Vulnerable Files (57) • Pages containing login portals (232) • Vulnerable Servers (48) • Web Server Detection (72) 7
Google Hacking = Lulz REAL WORLD THREAT LulzSec and Anonymous believed to use Google Hacking as a primary means of identifying vulnerable targets. Their releases have nothing to do with their goals or their lulz. It's purely based on whatever they find with their "google hacking" queries and then release it. -- A-Team, 28 June 2011 8
Google Hacking = Lulz REAL WORLD THREAT 22:14 <@kayla> Sooooo...using the link above and the google hack string. !Host=*.* intext:enc_UserPassword=* ext:pcf Take your pick of VPNs you want access too. Ugghh.. Aaron Barr CEO HBGary Federal Inc. 22:15 <@kayla> download the pcf file 22:16 <@kayla> then use http://www.unix-ag.uni- kl.de/~massar/bin/cisco-decode?enc= to clear text it 22:16 <@kayla> = free VPN 9
Quick History GOOGLE HACKING RECAP Dates Event 2004 Google Hacking Database (GHDB) begins May 2004 Foundstone SiteDigger v1 released 2005 Google Hacking v1 released by Johnny Long Jan 2005 Foundstone SiteDigger v2 released Feb 13, 2005 Google Hack Honeypot first release Jan 10, 2005 MSNPawn v1.0 released Dec 5, 2006 Google stops issuing Google SOAP API keys Mar 2007 Bing disables inurl: link: and linkdomain: Nov 2, 2007 Google Hacking v2 released 10
Quick History…cont. GOOGLE HACKING RECAP Dates Event Mar 2008 cDc Goolag - gui tool released Sept 7, 2009 Google shuts down SOAP Search API Nov 2009 Binging tool released Dec 1, 2009 FoundStone SiteDigger v 3.0 released 2010 Googlag.org disappears April 21, 2010 Google Hacking Diggity Project initial releases Nov 1, 2010 Google AJAX API slated for retirement Nov 9, 2010 GHDB Reborn Announced – Exploit-db.com July 2011 Bing ceases ‘&format=rss’ support 11
Advanced Attacks WHAT YOU SHOULD KNOW 12
Diggity Core Tools STACH & LIU TOOLS Google Diggity • Uses Google JSON/ATOM API • Not blocked by Google bot detection • Does not violate Terms of Service • Required to use Bing Diggity • Uses Bing 2.0 SOAP API • Company/Webapp Profiling • Enumerate: URLs, IP-to-virtual hosts, etc. • Bing Hacking Database (BHDB) • Vulnerability search queries in Bing format 13
New Features DIGGITY CORE TOOLS Google Diggity - New API • Updated to use Google JSON/ATOM API • Due to deprecated Google AJAX API Misc. Feature Uprades • Auto-update for dictionaries • Output export formats • Now also XLS and HTML • Help File – chm file added 14
New Features DOWNLOAD BUTTON Download Buttons for Google/Bing Diggity • Download actual files from Google/Bing search results • Downloads to default: C:DiggityDownloads • Used by other tools for file download/analysis: • FlashDiggity, DLP Diggity, MalwareDiggity,… 15
New Features AUTO-UPDATES SLDB Updates in Progress • Example: SharePoint Google Dictionary • http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity- project/#SharePoint – GoogleDiggity Dictionary File 16
Google Diggity DIGGITY CORE TOOLS 17
Bing Diggity DIGGITY CORE TOOLS 18
Bing Hacking Database STACH & LIU TOOLS BHDB – Bing Hacking Data Base Example - Bing vulnerability search: • GHDB query • First ever Bing hacking database • "allintitle:Netscape FastTrack Server Home Page" • BHDB version • Bing hacking limitations • intitle:”Netscape FastTrack Server Home Page" • Disabled inurl:, link: and linkdomain: directives in March 2007 • No support for ext:, allintitle:, allinurl: • Limited filetype: functionality • Only 12 extensions supported 19
Hacking CSE’s ALL TOP LEVEL DOMAINS 20
NEW GOOGLE HACKING TOOLS Code Search Diggity 21
Google Code Search VULNS IN OPEN SOURCE CODE • Regex search for vulnerabilities in indexed public code, including popular open source code repositories: • Example: SQL Injection in ASP querystring • select.*from.*request.QUERYSTRING 22
CodeSearch Diggity AMAZON CLOUD SECRET KEYS 23
NEW GOOGLE HACKING TOOLS Bing LinkFromDomainDiggity 24
Bing LinkFromDomain DIGGITY TOOLKIT 25
Bing LinkFromDomain FOOTPRINTING LARGE ORGANIZATIONS 26
NEW GOOGLE HACKING TOOLS Malware Diggity 27
MalwareDiggity DIGGITY TOOLKIT 1. Leverages Bing’s linkfromdomain: search directive to find off-site links of target applications/domains 2. Runs off-site links against Google’s Safe Browsing API to determine if any are malware distribution sites 3. Return results that identify malware sites that your web applications are directly linking to 28
Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – WSJ.com – June2010 • Popular websites victimized, become malware distribution sites to their own customers 29
Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – LizaMoon – April2011 • Popular websites victimized, become malware distribution sites to their own customers 30
Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – willysy.com - August2011 • Popular websites victimized, become malware distribution sites to their own customers 31
Malware Diggity DIGGITY TOOLKIT 32
Malware Diggity DIAGNOSTICS IN RESULTS 33
NEW GOOGLE HACKING TOOLS DLP Diggity 34
DLP Diggity LOTS OF FILES TO DATA MINE 35
DLP Diggity MORE DATA SEARCHABLE EVERY YEAR Google Results for Common Docs 513,000,000 600,000,000 500,000,000 400,000,000 260,000,000 2004 300,000,000 2007 84,500,000 200,000,000 2011 17,300,000 46,400,000 42,000,000 100,000,000 16,100,000 2011 10,900,000 30,100,000 2,100,000 0 2007 969,000 PDF 1,720,000 DOC 2004 XLS TXT 36
DLP Diggity DIGGITY TOOLKIT 37
NEW GOOGLE HACKING TOOLS FlashDiggity 38
Flash Diggity DIGGITY TOOLKIT • Google for SWF files on target domains • Example search: filetype:swf site:example.com • Download SWF files to C:DiggityDownloads • Disassemble SWF files and analyze for Flash vulnerabilities 39
NEW GOOGLE HACKING TOOLS DEMO 40
GoogleScrape Diggity DIGGITY TOOLKIT GoogleScrape Diggity • Uses Google mobile interface • Light-weight, no advertisements • Violates Terms of Service • Bot detection avoidance • Distributed via proxies • Spoofs User-agent and Referer headers • Random &userip= value • Across Google servers 41
NEW GOOGLE HACKING TOOLS Baidu Diggity 42
BaiduDiggity CHINA SEARCH ENGINE • Fighting back 43
Advanced Defenses PROTECT YO NECK 44
Traditional Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf • Policy and Legal Restrictions 45
Existing Defenses “H A C K Y O U R S E L F”  Tools exist  Convenient  Real-time updates  Multi-engine results  Historical archived data  Multi-domain searching 46
Advanced Defenses NEW HOT SIZZLE Stach & Liu now proudly presents: • Google and Bing Hacking Alerts • SharePoint Hacking Alerts – 118 dorks • SHODAN Hacking Alerts – 26 dorks • Diggity Alerts FUNdle Bundles • Consolidated alerts into 1 RSS feed • Alert Client Tools • Alert Diggity – Windows systray notifications • iDiggity Alerts – iPhone notification app 47
Google Hacking Alerts ADVANCED DEFENSES Google Hacking Alerts • All hacking database queries using • Real-time vuln updates to >2400 hack queries via RSS • Organized and available via importable file 48
Google Hacking Alerts ADVANCED DEFENSES 49
Bing Hacking Alerts ADVANCED DEFENSES Bing Hacking Alerts • Bing searches with regexs from BHDB • Leverages http://api.bing.com/rss.aspx • Real-time vuln updates to >900 Bing hack queries via RSS 50
Bing/Google Alerts LIVE VULNERABILITY FEEDS World’s Largest Live Vulnerability Repository • Daily updates of ~3000 new hits per day 51
Diggity Alerts One Feed to Rule Them All ADVANCED DEFENSE TOOLS Diggity Alert Fundle Bundle 52
FUNdle Bundle ADVANCED DEFENSES 53
FUNdle Bundle ADVANCED DEFENSES 54
FUNdle Bundle MOBILE FRIENDLY 55
ADVANCED DEFENSE TOOLS SHODAN Alerts 56
SHODAN Alerts FINDING SCADA SYSTEMS 57
SHODAN Alerts SHODAN RSS FEEDS 58
Bing/Google Alerts THICK CLIENTS TOOLS Google/Bing Hacking Alert Thick Clients • Google/Bing Alerts RSS feeds as input • Allow user to set one or more filters • e.g. “yourcompany.com” in the URL • Several thick clients being released: • Windows Systray App • Droid app (coming soon) • iPhone app 59
ADVANCED DEFENSE TOOLS Alert Diggity 60
Alerts Diggity ADVANCED DEFENSES 61
iDiggity Alerts ADVANCED DEFENSE TOOLS iDiggity Alerts 62
iDiggity Alerts ADVANCED DEFENSES 63
iDiggity Alerts ADVANCED DEFENSES 64
New Defenses “G O O G L E / B I N G H A C K A L E R T S”  Tools exist  Convenient  Real-time updates  Multi-engine results  Historical archived data  Multi-domain searching 65
Future Direction IS NOW 66
Diggity Alert DB DATA MINING VULNS Diggity Alerts Database 67
Dictionary Updates 3RD P A R T Y I N T E G R A T I O N New maintainers of the GHDB – 09 Nov 2010 • http://www.exploit-db.com/google-hacking-database-reborn/ 68
Special Thanks Oscar “The Bull” Salazar Brad “BeSickWittIt” Sickles Nick “King Luscious” Harbin Prajakta “The Flasher” Jagdale Ruihai “Ninja” Fang Jason “Blk-majik” Lash
Questions? Ask us something We’ll try to answer it. For more info: Email: contact@stachliu.com Project: diggity@stachliu.com Stach & Liu, LLC www.stachliu.com
Thank You Stach & Liu Google Hacking Diggity Project info: http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ 71

Recommended

Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Rob Ragan
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerCloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerRob Ragan
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] Jose Manuel Ortega Candel
 

Recommended

Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Rob Ragan
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerCloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerRob Ragan
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] Jose Manuel Ortega Candel
 
StachLiu-NotInMyBackYard
StachLiu-NotInMyBackYardStachLiu-NotInMyBackYard
StachLiu-NotInMyBackYarddiggityslides
 
Maltego
MaltegoMaltego
Maltegopenetration Tester
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistryn|u - The Open Security Community
 
Is Enterprise Search Ripe for Open Source Disruption?
Is Enterprise Search Ripe for Open Source Disruption?Is Enterprise Search Ripe for Open Source Disruption?
Is Enterprise Search Ripe for Open Source Disruption?Enterprise 2.0 Conference
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIJustin Richer
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information GatheringChristian Martorella
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingGareth Davies
 
Pulp Google Hacking
Pulp Google HackingPulp Google Hacking
Pulp Google HackingBishop Fox
 
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingBishop Fox
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...Bishop Fox
 
Google Final Draft With Kts
Google Final Draft With KtsGoogle Final Draft With Kts
Google Final Draft With KtsJoseph Teye-Kofi
 
Effective googling
Effective googlingEffective googling
Effective googlingNiraj Bariya
 
Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Patrick Chanezon
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101Sais Abdelkrim
 
Google, Developer Experience and Discovery
Google, Developer Experience and DiscoveryGoogle, Developer Experience and Discovery
Google, Developer Experience and DiscoveryAde Oshineye
 

More Related Content

What's hot

StachLiu-NotInMyBackYard
StachLiu-NotInMyBackYardStachLiu-NotInMyBackYard
StachLiu-NotInMyBackYarddiggityslides
 
Is Enterprise Search Ripe for Open Source Disruption?
Is Enterprise Search Ripe for Open Source Disruption?Is Enterprise Search Ripe for Open Source Disruption?
Is Enterprise Search Ripe for Open Source Disruption?Enterprise 2.0 Conference
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIJustin Richer
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingGareth Davies
 

What's hot (14)

StachLiu-NotInMyBackYard
StachLiu-NotInMyBackYardStachLiu-NotInMyBackYard
StachLiu-NotInMyBackYard
 
Maltego
MaltegoMaltego
Maltego
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistry
 
Is Enterprise Search Ripe for Open Source Disruption?
Is Enterprise Search Ripe for Open Source Disruption?Is Enterprise Search Ripe for Open Source Disruption?
Is Enterprise Search Ripe for Open Source Disruption?
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP API
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information Gathering
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google Hacking
 

Similar to Hack attack pulp google

Pulp Google Hacking
Pulp Google HackingPulp Google Hacking
Pulp Google HackingBishop Fox
 
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingBishop Fox
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...Bishop Fox
 
Google Final Draft With Kts
Google Final Draft With KtsGoogle Final Draft With Kts
Google Final Draft With KtsJoseph Teye-Kofi
 
Effective googling
Effective googlingEffective googling
Effective googlingNiraj Bariya
 
Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Patrick Chanezon
 
Google, Developer Experience and Discovery
Google, Developer Experience and DiscoveryGoogle, Developer Experience and Discovery
Google, Developer Experience and DiscoveryAde Oshineye
 
Guardian devexp and_discovery
Guardian devexp and_discoveryGuardian devexp and_discovery
Guardian devexp and_discoveryAde Oshineye
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Behrouz Sadeghipour
 
Effective googling
Effective googlingEffective googling
Effective googlingNiraj Bariya
 
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...Black Duck by Synopsys
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFBishop Fox
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Zombie browsers spiced with rootkit extensions - DefCamp 2012
Zombie browsers spiced with rootkit extensions - DefCamp 2012Zombie browsers spiced with rootkit extensions - DefCamp 2012
Zombie browsers spiced with rootkit extensions - DefCamp 2012DefCamp
 
Google report 01
Google report 01Google report 01
Google report 01Sunny Gupta
 
CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingPrathan Phongthiproek
 

Similar to Hack attack pulp google (20)

Pulp Google Hacking
Pulp Google HackingPulp Google Hacking
Pulp Google Hacking
 
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
 
Google Final Draft With Kts
Google Final Draft With KtsGoogle Final Draft With Kts
Google Final Draft With Kts
 
Effective googling
Effective googlingEffective googling
Effective googling
 
Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
 
Google, Developer Experience and Discovery
Google, Developer Experience and DiscoveryGoogle, Developer Experience and Discovery
Google, Developer Experience and Discovery
 
Guardian devexp and_discovery
Guardian devexp and_discoveryGuardian devexp and_discovery
Guardian devexp and_discovery
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties
 
Effective googling
Effective googlingEffective googling
Effective googling
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Zombie browsers spiced with rootkit extensions - DefCamp 2012
Zombie browsers spiced with rootkit extensions - DefCamp 2012Zombie browsers spiced with rootkit extensions - DefCamp 2012
Zombie browsers spiced with rootkit extensions - DefCamp 2012
 
Google report 01
Google report 01Google report 01
Google report 01
 
GOOGLE
GOOGLEGOOGLE
GOOGLE
 
CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google Hacking
 

Recently uploaded

CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 

Recently uploaded (20)

CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 

Hack attack pulp google

  • 1. Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 – Black Hat 2011 – Las Vegas, NV Presented by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com
  • 2. Agenda OVERVIEW • Introduction/Background • Advanced Attacks • Google/Bing Hacking - Core Tools • NEW Diggity Attack Tools • Advanced Defenses • Google/Bing Hacking Alert RSS Feeds • NEW Diggity Alert Feeds and Updates • NEW Diggity Alert RSS Feed Client Tools • Future Directions 2
  • 4. Open Source Intelligence SEARCHING PUBLIC SOURCES OSINT – is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 4
  • 5. Google/Bing Hacking SEARCH ENGINE ATTACKS 5
  • 6. Google/Bing Hacking SEARCH ENGINE ATTACKS Bing's source leaked! class Bing { public static string Search(string query) { return Google.Search(query); } } 6
  • 7. Attack Targets GOOGLE HACKING DATABASE • Advisories and Vulnerabilities (215) • Pages containing network or • Error Messages (58) vulnerability data (59) • Files containing juicy info (230) • Sensitive Directories (61) • Files containing passwords (135) • Sensitive Online Shopping Info (9) • Files containing usernames (15) • Various Online Devices (201) • Footholds (21) • Vulnerable Files (57) • Pages containing login portals (232) • Vulnerable Servers (48) • Web Server Detection (72) 7
  • 8. Google Hacking = Lulz REAL WORLD THREAT LulzSec and Anonymous believed to use Google Hacking as a primary means of identifying vulnerable targets. Their releases have nothing to do with their goals or their lulz. It's purely based on whatever they find with their "google hacking" queries and then release it. -- A-Team, 28 June 2011 8
  • 9. Google Hacking = Lulz REAL WORLD THREAT 22:14 <@kayla> Sooooo...using the link above and the google hack string. !Host=*.* intext:enc_UserPassword=* ext:pcf Take your pick of VPNs you want access too. Ugghh.. Aaron Barr CEO HBGary Federal Inc. 22:15 <@kayla> download the pcf file 22:16 <@kayla> then use http://www.unix-ag.uni- kl.de/~massar/bin/cisco-decode?enc= to clear text it 22:16 <@kayla> = free VPN 9
  • 10. Quick History GOOGLE HACKING RECAP Dates Event 2004 Google Hacking Database (GHDB) begins May 2004 Foundstone SiteDigger v1 released 2005 Google Hacking v1 released by Johnny Long Jan 2005 Foundstone SiteDigger v2 released Feb 13, 2005 Google Hack Honeypot first release Jan 10, 2005 MSNPawn v1.0 released Dec 5, 2006 Google stops issuing Google SOAP API keys Mar 2007 Bing disables inurl: link: and linkdomain: Nov 2, 2007 Google Hacking v2 released 10
  • 11. Quick History…cont. GOOGLE HACKING RECAP Dates Event Mar 2008 cDc Goolag - gui tool released Sept 7, 2009 Google shuts down SOAP Search API Nov 2009 Binging tool released Dec 1, 2009 FoundStone SiteDigger v 3.0 released 2010 Googlag.org disappears April 21, 2010 Google Hacking Diggity Project initial releases Nov 1, 2010 Google AJAX API slated for retirement Nov 9, 2010 GHDB Reborn Announced – Exploit-db.com July 2011 Bing ceases ‘&format=rss’ support 11
  • 12. Advanced Attacks WHAT YOU SHOULD KNOW 12
  • 13. Diggity Core Tools STACH & LIU TOOLS Google Diggity • Uses Google JSON/ATOM API • Not blocked by Google bot detection • Does not violate Terms of Service • Required to use Bing Diggity • Uses Bing 2.0 SOAP API • Company/Webapp Profiling • Enumerate: URLs, IP-to-virtual hosts, etc. • Bing Hacking Database (BHDB) • Vulnerability search queries in Bing format 13
  • 14. New Features DIGGITY CORE TOOLS Google Diggity - New API • Updated to use Google JSON/ATOM API • Due to deprecated Google AJAX API Misc. Feature Uprades • Auto-update for dictionaries • Output export formats • Now also XLS and HTML • Help File – chm file added 14
  • 15. New Features DOWNLOAD BUTTON Download Buttons for Google/Bing Diggity • Download actual files from Google/Bing search results • Downloads to default: C:DiggityDownloads • Used by other tools for file download/analysis: • FlashDiggity, DLP Diggity, MalwareDiggity,… 15
  • 16. New Features AUTO-UPDATES SLDB Updates in Progress • Example: SharePoint Google Dictionary • http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity- project/#SharePoint – GoogleDiggity Dictionary File 16
  • 17. Google Diggity DIGGITY CORE TOOLS 17
  • 18. Bing Diggity DIGGITY CORE TOOLS 18
  • 19. Bing Hacking Database STACH & LIU TOOLS BHDB – Bing Hacking Data Base Example - Bing vulnerability search: • GHDB query • First ever Bing hacking database • "allintitle:Netscape FastTrack Server Home Page" • BHDB version • Bing hacking limitations • intitle:”Netscape FastTrack Server Home Page" • Disabled inurl:, link: and linkdomain: directives in March 2007 • No support for ext:, allintitle:, allinurl: • Limited filetype: functionality • Only 12 extensions supported 19
  • 20. Hacking CSE’s ALL TOP LEVEL DOMAINS 20
  • 21. NEW GOOGLE HACKING TOOLS Code Search Diggity 21
  • 22. Google Code Search VULNS IN OPEN SOURCE CODE • Regex search for vulnerabilities in indexed public code, including popular open source code repositories: • Example: SQL Injection in ASP querystring • select.*from.*request.QUERYSTRING 22
  • 23. CodeSearch Diggity AMAZON CLOUD SECRET KEYS 23
  • 24. NEW GOOGLE HACKING TOOLS Bing LinkFromDomainDiggity 24
  • 25. Bing LinkFromDomain DIGGITY TOOLKIT 25
  • 26. Bing LinkFromDomain FOOTPRINTING LARGE ORGANIZATIONS 26
  • 27. NEW GOOGLE HACKING TOOLS Malware Diggity 27
  • 28. MalwareDiggity DIGGITY TOOLKIT 1. Leverages Bing’s linkfromdomain: search directive to find off-site links of target applications/domains 2. Runs off-site links against Google’s Safe Browsing API to determine if any are malware distribution sites 3. Return results that identify malware sites that your web applications are directly linking to 28
  • 29. Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – WSJ.com – June2010 • Popular websites victimized, become malware distribution sites to their own customers 29
  • 30. Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – LizaMoon – April2011 • Popular websites victimized, become malware distribution sites to their own customers 30
  • 31. Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – willysy.com - August2011 • Popular websites victimized, become malware distribution sites to their own customers 31
  • 32. Malware Diggity DIGGITY TOOLKIT 32
  • 33. Malware Diggity DIAGNOSTICS IN RESULTS 33
  • 34. NEW GOOGLE HACKING TOOLS DLP Diggity 34
  • 35. DLP Diggity LOTS OF FILES TO DATA MINE 35
  • 36. DLP Diggity MORE DATA SEARCHABLE EVERY YEAR Google Results for Common Docs 513,000,000 600,000,000 500,000,000 400,000,000 260,000,000 2004 300,000,000 2007 84,500,000 200,000,000 2011 17,300,000 46,400,000 42,000,000 100,000,000 16,100,000 2011 10,900,000 30,100,000 2,100,000 0 2007 969,000 PDF 1,720,000 DOC 2004 XLS TXT 36
  • 37. DLP Diggity DIGGITY TOOLKIT 37
  • 38. NEW GOOGLE HACKING TOOLS FlashDiggity 38
  • 39. Flash Diggity DIGGITY TOOLKIT • Google for SWF files on target domains • Example search: filetype:swf site:example.com • Download SWF files to C:DiggityDownloads • Disassemble SWF files and analyze for Flash vulnerabilities 39
  • 40. NEW GOOGLE HACKING TOOLS DEMO 40
  • 41. GoogleScrape Diggity DIGGITY TOOLKIT GoogleScrape Diggity • Uses Google mobile interface • Light-weight, no advertisements • Violates Terms of Service • Bot detection avoidance • Distributed via proxies • Spoofs User-agent and Referer headers • Random &userip= value • Across Google servers 41
  • 42. NEW GOOGLE HACKING TOOLS Baidu Diggity 42
  • 43. BaiduDiggity CHINA SEARCH ENGINE • Fighting back 43
  • 44. Advanced Defenses PROTECT YO NECK 44
  • 45. Traditional Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf • Policy and Legal Restrictions 45
  • 46. Existing Defenses “H A C K Y O U R S E L F”  Tools exist  Convenient  Real-time updates  Multi-engine results  Historical archived data  Multi-domain searching 46
  • 47. Advanced Defenses NEW HOT SIZZLE Stach & Liu now proudly presents: • Google and Bing Hacking Alerts • SharePoint Hacking Alerts – 118 dorks • SHODAN Hacking Alerts – 26 dorks • Diggity Alerts FUNdle Bundles • Consolidated alerts into 1 RSS feed • Alert Client Tools • Alert Diggity – Windows systray notifications • iDiggity Alerts – iPhone notification app 47
  • 48. Google Hacking Alerts ADVANCED DEFENSES Google Hacking Alerts • All hacking database queries using • Real-time vuln updates to >2400 hack queries via RSS • Organized and available via importable file 48
  • 49. Google Hacking Alerts ADVANCED DEFENSES 49
  • 50. Bing Hacking Alerts ADVANCED DEFENSES Bing Hacking Alerts • Bing searches with regexs from BHDB • Leverages http://api.bing.com/rss.aspx • Real-time vuln updates to >900 Bing hack queries via RSS 50
  • 51. Bing/Google Alerts LIVE VULNERABILITY FEEDS World’s Largest Live Vulnerability Repository • Daily updates of ~3000 new hits per day 51
  • 52. Diggity Alerts One Feed to Rule Them All ADVANCED DEFENSE TOOLS Diggity Alert Fundle Bundle 52
  • 53. FUNdle Bundle ADVANCED DEFENSES 53
  • 54. FUNdle Bundle ADVANCED DEFENSES 54
  • 55. FUNdle Bundle MOBILE FRIENDLY 55
  • 57. SHODAN Alerts FINDING SCADA SYSTEMS 57
  • 58. SHODAN Alerts SHODAN RSS FEEDS 58
  • 59. Bing/Google Alerts THICK CLIENTS TOOLS Google/Bing Hacking Alert Thick Clients • Google/Bing Alerts RSS feeds as input • Allow user to set one or more filters • e.g. “yourcompany.com” in the URL • Several thick clients being released: • Windows Systray App • Droid app (coming soon) • iPhone app 59
  • 61. Alerts Diggity ADVANCED DEFENSES 61
  • 62. iDiggity Alerts ADVANCED DEFENSE TOOLS iDiggity Alerts 62
  • 63. iDiggity Alerts ADVANCED DEFENSES 63
  • 64. iDiggity Alerts ADVANCED DEFENSES 64
  • 65. New Defenses “G O O G L E / B I N G H A C K A L E R T S”  Tools exist  Convenient  Real-time updates  Multi-engine results  Historical archived data  Multi-domain searching 65
  • 66. Future Direction IS NOW 66
  • 67. Diggity Alert DB DATA MINING VULNS Diggity Alerts Database 67
  • 68. Dictionary Updates 3RD P A R T Y I N T E G R A T I O N New maintainers of the GHDB – 09 Nov 2010 • http://www.exploit-db.com/google-hacking-database-reborn/ 68
  • 69. Special Thanks Oscar “The Bull” Salazar Brad “BeSickWittIt” Sickles Nick “King Luscious” Harbin Prajakta “The Flasher” Jagdale Ruihai “Ninja” Fang Jason “Blk-majik” Lash
  • 70. Questions? Ask us something We’ll try to answer it. For more info: Email: contact@stachliu.com Project: diggity@stachliu.com Stach & Liu, LLC www.stachliu.com
  • 71. Thank You Stach & Liu Google Hacking Diggity Project info: http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ 71