Disclaimer: Before we begin, we would like to let our readers know that we are full-time information security professionals. I do not condone the theft of anyone’s personal information, including passwords, social security numbers, credit card numbers, etc. Moreover, I condemn such actions as morally and ethically wrong. The purpose and goal of this article is not to assist those with criminal or nefarious intentions, but to educate about the information that can be easily found from web browsers and search engines, and by extension, what kind of information that the web should and shouldn’t be submitted to the site.
By now all know about Google’s dominance in the search industry.
Although Yahoo and Microsoft remain competitors, neither of their search engines is as mature as Google’s. And beyond the “big three,” it’s hard to find a search engine worth using anymore. The gyms (Google, Yahoo, and Microsoft) have all but wiped out the smaller players in search–including former giants like AltaVista, Lycos, and Excite. But even among the big three, Google is way ahead of the pack. In fact, Google’s indexing prowess and relevance ratings have become so good that many information security professionals now use Google as a key part for their vulnerability assessment and penetration testing services.
Security professionals know that the first step to conducting
a successful assessment is gathering intelligence about the target. This is known as the “footprint” or “profiling” phase of a security engagement. And what better way to profile your target than by leveraging the power of the world’s largest company name to domain api , sub domains, network address ranges, mail servers can quickly locate , FTP servers, whirs contact information, even e-mail addresses. And the kicker is that all of the above can potentially be found about a target without even sending a single packet over the target’s network can.
Using Google in an effort to better automate the foot printing
Phase some in the security industry have even written software that will go out and perform various search queries on the target inn special in an attempt to get an accurate profile of interest are Founds tone’s Site Digger and Biddable by Sense post. Site Digger will discover vulnerabilities, configurations problems, and other “interesting security nuggets” by searching Google’s cache. Like Site Digger, Biddable is a search engine using a Google API license key from various for to inquire does keyword no target’s sub domain ext in an attempt to hold. Incidentally, Biddable is an all-around excellent free tool for professional penetration testers.
It’s now one thing to find company web sites, domain names, and even e-mail addresses. But stealing people’s eBay passwords? Credit card numbers? Google searching everything? Yes. And unfortunately, not only is it possible, it is often simple to carry out. “But how can you find someone’s password if you don’t know what it is”? Good question! The answer, of course, is that you don’t. Since the unique element is unknown, you need to search on a known, common element. Allow me to explain further.
By its very nature, software contains fingerprint
Bits of information that uniquely identify and distinguish that software. For example, when you connect to a Microsoft IIS server, that web server will respond with its server string (“Microsoft-IIS/6.0”, for example). Even the smallest components of software applications will leave fingerprints. For example, McAfee Virus Scan 8.0.0 has a small component called Access Protection that acts as a very simple firewall. But the log files for this component can be easily spotted because of a common, known element that is shared across all instances of that log.
Now because this log file doesn’t contain highly sensitive information like passwords (it actually contains disk path information though), the risk isn’t substantial if someone’s log file found it’s away in the wrong hands. But what about other application log files that contain common, known elements? What does the configuration file look like? About spreadsheets? Accounting software? I think you get the point. Searching Google for these known application fingerprints will inevitably yield “interesting” results. By the way, Google has entire web sites dedicated to the sole purpose of sharing queries that result in juicy Google bits such as passwords, social security numbers and yes, credit card numbers. And although I won’t list any of those sites here, they’re not hard to find (hint: use Google!).