Ghack Crypto Presentation NEC

8/11/2019 Ghack Crypto Presentation NEC

1/25

OutlineGoogle Hacking

Cryptographic SecretsAutomatic Tools

CountermeasuresGoogle Code Search

Conclusion

Google Hacking for Cryptographic Secrets

Emin Islam [email protected]

Department of Computer Science, University of Mannheim

NEC Research-Heidelberg, 10 November 2006

Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
http://goforward/http://find/http://goback/


2/25




Conclusion

Outline

1 Google Hacking

2 Cryptographic Secrets

3 Automatic Tools

4 Countermeasures

5 Google Code Search

http://find/


3/25




Conclusion

MotivationAdvanced Search ParametersExamples of Google Hacking

Motivation

Google has the index size over 20 billion entriestry to search -"fgkdfgjisdfgjsiod"

Hackers use google to search vulnerabilitiescalled Google Hackingvulnerable servers, les and applications, les containingusernames-passwords, sensitive directories, online devices, etc.Google Hacking Database [1] 1468 entries in 14 groups (byOctober 2006)

What about Cryptographic Secrets?In this talk, we nd out cryptographic secrets with google

http://find/


4/25




Conclusion


Advanced Search Parameters

[ all] inurl[ all] intext[ all] intitlesite

ext, letypesymbols: - . * |

http://find/http://goback/


5/25




Conclusion


Examples of Google Hacking I

Unauthenticated programs"PHP Version" intitle:phpinfo inurl:info.php

Applications containing SQL injection & path modicationvulnerabilities

"advanced guestbook * powered" inurl:addentry.php

intitle:"View Img" inurl:viewimg.php

Security Scanner Reports"Assessment Report" "nessus" filetype:pdf


O li
http://find/


6/25




Conclusion


Examples of Google Hacking II

Private data listings"index of private|privat| ozel"

phone address email intitle:"Curriculum Vitae"

Database applications&error les"Welcome to phpmyadmin ***" "running on * asroot@*" intitle:phpmyadmin

"mysql error with query"


O tli
http://find/


7/25




Conclusion


Examples of Google Hacking III

Online Devicesinurl:"hp/device/this.LCDispatcher"

intitle:liveapplet inurl:LvAppl

"Please wait....." intitle:"SWW link"


Outline


8/25




Conclusion

Hashed PasswordsSecret KeysPublic KeysPrivate KeysEncrypted MessagesSigned Messages

Cryptographic Secrets

1 Hashed Passwords2 Secret Keys3 Public Keys4 Private Keys5

Encrypted Messages6 Signed Messages


Outline
http://find/


10/25




Conclusion


Secret Keys

Secret keys in Kerberosinurl:"kdc.conf" ext:conf

inurl:"slave datatrans" OR inurl:"from master"

Java keystoreskeystore ext:ks


Outline H h d P d
http://find/


11/25




Conclusion


Public Keys

PGP public keys"BEGIN PGP PUBLIC KEY BLOCK" (ext:txt | ext:asc |ext:key)

Public keys in certicates

"Certificate:Data:Version" "BEGIN CERTIFICATE"(ext:crt | ext:asc | ext:txt)


Outline H h d P d


12/25

Google HackingCryptographic Secrets

Automatic ToolsCountermeasures

Google Code SearchConclusion


Private Keys

PGP private keys"BEGIN (DSA|RSA)" ext:key

"BEGIN PGP PRIVATE KEY BLOCK" inurl:txt|asc

"index of" "secring.gpg"


Outline Hashed Passwords
http://find/


14/25





Signed Messages

Signed emails"BEGIN PGP SIGNED MESSAGE" "From" "Date"

"Subject" (ext:eml | ext:txt | ext:asc)

File signatures-"and|or" "BEGIN PGP SIGNATURE" ext:asc

PGP signed messages"BEGIN PGP SIGNED MESSAGE" -"From" (ext:txt |ext:asc | ext:xml)


Outline


15/25




GooscanSitediggerGoolinkAdvancedDorkGoogle Advanced Operations Toolbar

Automatic Tools

1 Gooscan2 Sitedigger3 Goolink4 AdvancedDork

5 Google Advanced Operation Toolbar


OutlineG l H ki G
http://find/


16/25





Gooscan [7]

a Unix/Linux script to check google hacking queries againstyour systemuses GHD [1]to execute:$ gooscan -t www.google.de -q "BEGIN (DSA|RSA)ext:key" -s de -o output.html


OutlineG gl H ki g G


17/25





Sitedigger [6]

free from Foundstonecompanysupports both GHD andFoundstones own hackingdatabasefor a given host, all entries inthe database are queried


OutlineGoogle Hacking Gooscan
http://find/


18/25





Goolink [5]

Goolink queries Google for aparticular chosen search fromGHD


http://find/


19/25





AdvancedDork [2]

not specic to googlehackinga Firefox extension for google

searches


http://find/


20/25





Google Advanced Operations Toolbar [3]a Firefox extensionprovides a shortcut of Googles advanced search functions




21/25




Security Countermeasures

1 Use automatic tools to check your system2 Use Robot Exclusion Standart (robots.txt)3 Install and manage Google Honeypot [4]


http://find/


22/25

g gCryptographic Secrets



Google Code Search

search keywords within source les(www.google.com/codesearch)nd application bugs (e.g. sql injection, xss injection, bufferoverows, etc.) in the source les




23/25

g gCryptographic Secrets



Conclusion

Cryptography requires secrets to be kept secretGoogle indexes your secrets and makes publicTake the required security countermeasures and protect yoursecrets


http://find/


24/25



Conclusion

References I

Google Hacking Database. http://johnny.ihackstuff.com

AdvancedDork- A Firefox extension for google searches.http://johnny.ihackstuff.com

Google Advanced Operation Toolbar.https://addons.mozilla.org/refox/1258/

Google Hack Honeypot Project. http://ghh.sourceforge.netGoolink- Security Scanner.www.ghacks.net/2005/11/23/goolink-scanner-beta-preview/




25/25



Conclusion

References II

SiteDigger v2.0 - Information Gathering Tool.http://www.foundstone.com

Gooscan - Google Security Scanner.http://johnny.ihackstuff.com


Documents

Ghack Crypto Presentation NEC