aaron goldstein november 20, 2014 - owasp · pdf filewho you calling a dork? ... aaron...
TRANSCRIPT
![Page 1: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/1.jpg)
Who you calling a Dork? – Using Google to find
vulnerable and exploited web servers
Aaron Goldstein
November 20, 2014
![Page 2: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/2.jpg)
About Me
• Currently handle Cyber Security and Threat Intel for Amgen (Biotechnology)
• Previous Experience-
– Incident Response and Forensics Consulting
– Responded to over 100+ incidents for large and small companies, including Fortune 500, U i ersities, Medi al, Fi a ial, Go ’t, et .
• Over 8 years experience in the DFIR field
• (Ethical) Hacker by heart
![Page 3: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/3.jpg)
What we will cover today
• What is Google Dorking
• Legitimate / Nefarious uses for using Google
• How can this info be used by Pen Testers /
Vuln assessments
• Manual examples
• Automated tools
• How to protect your own systems
![Page 4: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/4.jpg)
What is Google Dorking?
• Straight from the source:
![Page 5: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/5.jpg)
A background in Google Dorking
• The process of using google indexing service
to find (potentially sensitive) information
– Can be completely legitimate and useful.
– Can also be used for evil
*source: Infosec Institute
![Page 6: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/6.jpg)
Legitimate uses for Dorking
• Quick and easy searching
across multiple domains
• Limit your searches to
only items of importance
• Combine multiple
searches into one query
![Page 7: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/7.jpg)
Dorking Database
![Page 8: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/8.jpg)
Questionable uses for Dorking
Quickly and easily source pirated material
Finding torrents Grabbing pdf books
![Page 9: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/9.jpg)
Pen Testing Gold Mine
• Easy to find misconfigured applications and servers for
information gathering and password harvesting
![Page 10: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/10.jpg)
Pen Testing Gold Mine
• Finding vulnerable servers (like weak SSL)
– Like Heartbleed and Shellshock
![Page 11: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/11.jpg)
Finders Keepers
• Find already exploited web servers
– Why work hard to exploit a server, when you can hijack an existing one?
![Page 12: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/12.jpg)
But ait there’s ore!
• Find People and their hotel reservations (creepy)
![Page 13: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/13.jpg)
Automated Dorking
• As you can see, this is all very easy to do, but if
you have many targets we need to work
smarter not harder
• There are many tools to assist in this
![Page 14: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/14.jpg)
Automated Dorking
• V3N0M Automated Dorking – FOSS – GPL v2
– Largest and most powerful d0rker o li e
– 18k+d0rks searched over 13 Engines at once
![Page 15: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/15.jpg)
• the dumpster – python script for dorking
– Older, but allows proxying (important!)
![Page 16: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/16.jpg)
• Dork Searcher – FOSS (Windows)
– Requires Proxy!
![Page 17: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/17.jpg)
Staying Safe / Best Practices
Basic OPSEC • I am not responsible or liable for what you do with this
information!
• Potentially accessing sensitive / protected information. Be careful! This might be (likely is) considered illegal.
• Better hide your tracks!
• Best option - TOR – Setup SOCKS5 proxy and route traffic through 127.0.0.1:9050
• Alternative option – Proxies – If ou a ’t fi d a pro , ho a out the help of google (pote tiall
insecure!) • intitle:"glype pro
• intitle:"PHProxy
Remember!
![Page 18: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/18.jpg)
Preventing this on your
systems
• All of these tools provide the capability to ensure you and
our lie ts / usto ers / frie ds are ’t leaki g riti al information
• Robots.txt – add an exclusion file to restrict indexing locations
– Ex: User-agent: * Disallow: /
• Use noindex page eta tags – <meta name="robots" content="noindex" />
• Password Protect sensitive areas
• Use nofollow page eta tags
– <meta name="robots" content="noindex" />
![Page 19: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/19.jpg)
List of tools and resources
• https://github.com/v3n0m-Scanner/V3n0M-
Scanner
• https://github.com/tunnelshade/thedumpster
• http://sourceforge.net/projects/dorksearcher/
• http://www.exploit-db.com/google-dorks
• http://antezeta.com/news/avoid-search-
engine-indexing
![Page 20: Aaron Goldstein November 20, 2014 - OWASP · PDF fileWho you calling a Dork? ... Aaron Goldstein November 20, 2014 . About Me ... ± Like Heartbleed and Shellshock . Finders Keepers](https://reader034.vdocuments.net/reader034/viewer/2022051720/5a78b8f97f8b9aa17b8b9492/html5/thumbnails/20.jpg)
Questions / Comments?
• Q & A
• Comments
• Vă mulțumesc pentru timpul acordat!