8/11/2019 Ghack Crypto Presentation NEC
1/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
Google Hacking for Cryptographic Secrets
Emin Islam [email protected]
Department of Computer Science, University of Mannheim
NEC Research-Heidelberg, 10 November 2006
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
http://goforward/http://find/http://goback/8/11/2019 Ghack Crypto Presentation NEC
2/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
Outline
1 Google Hacking
2 Cryptographic Secrets
3 Automatic Tools
4 Countermeasures
5 Google Code Search
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
http://find/8/11/2019 Ghack Crypto Presentation NEC
3/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
MotivationAdvanced Search ParametersExamples of Google Hacking
Motivation
Google has the index size over 20 billion entriestry to search -"fgkdfgjisdfgjsiod"
Hackers use google to search vulnerabilitiescalled Google Hackingvulnerable servers, les and applications, les containingusernames-passwords, sensitive directories, online devices, etc.Google Hacking Database [1] 1468 entries in 14 groups (byOctober 2006)
What about Cryptographic Secrets?In this talk, we nd out cryptographic secrets with google
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
http://find/8/11/2019 Ghack Crypto Presentation NEC
4/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
MotivationAdvanced Search ParametersExamples of Google Hacking
Advanced Search Parameters
[ all] inurl[ all] intext[ all] intitlesite
ext, letypesymbols: - . * |
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
http://find/http://goback/8/11/2019 Ghack Crypto Presentation NEC
5/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
MotivationAdvanced Search ParametersExamples of Google Hacking
Examples of Google Hacking I
Unauthenticated programs"PHP Version" intitle:phpinfo inurl:info.php
Applications containing SQL injection & path modicationvulnerabilities
"advanced guestbook * powered" inurl:addentry.php
intitle:"View Img" inurl:viewimg.php
Security Scanner Reports"Assessment Report" "nessus" filetype:pdf
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
O li
http://find/8/11/2019 Ghack Crypto Presentation NEC
6/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
MotivationAdvanced Search ParametersExamples of Google Hacking
Examples of Google Hacking II
Private data listings"index of private|privat| ozel"
phone address email intitle:"Curriculum Vitae"
Database applications&error les"Welcome to phpmyadmin ***" "running on * asroot@*" intitle:phpmyadmin
"mysql error with query"
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
O tli
http://find/8/11/2019 Ghack Crypto Presentation NEC
7/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
MotivationAdvanced Search ParametersExamples of Google Hacking
Examples of Google Hacking III
Online Devicesinurl:"hp/device/this.LCDispatcher"
intitle:liveapplet inurl:LvAppl
"Please wait....." intitle:"SWW link"
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
Outline
http://goforward/http://find/http://goback/8/11/2019 Ghack Crypto Presentation NEC
8/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
Hashed PasswordsSecret KeysPublic KeysPrivate KeysEncrypted MessagesSigned Messages
Cryptographic Secrets
1 Hashed Passwords2 Secret Keys3 Public Keys4 Private Keys5
Encrypted Messages6 Signed Messages
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
Outline
http://find/8/11/2019 Ghack Crypto Presentation NEC
9/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
Hashed PasswordsSecret KeysPublic KeysPrivate KeysEncrypted MessagesSigned Messages
Hashed Passwords
Cleartext passwordsext:log inurl:password
Hashed passwords in dump les"create table" "insert into""pass|passwd|password" (ext:sql | ext:dump |ext:dmp)
intext:"password|pass|passwd"intext:"md5|sha1|crypt" (ext:sql | ext:dump |ext:dmp)
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
Outline
http://find/8/11/2019 Ghack Crypto Presentation NEC
10/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
Hashed PasswordsSecret KeysPublic KeysPrivate KeysEncrypted MessagesSigned Messages
Secret Keys
Secret keys in Kerberosinurl:"kdc.conf" ext:conf
inurl:"slave datatrans" OR inurl:"from master"
Java keystoreskeystore ext:ks
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
Outline H h d P d
http://find/8/11/2019 Ghack Crypto Presentation NEC
11/25
OutlineGoogle Hacking
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
Hashed PasswordsSecret KeysPublic KeysPrivate KeysEncrypted MessagesSigned Messages
Public Keys
PGP public keys"BEGIN PGP PUBLIC KEY BLOCK" (ext:txt | ext:asc |ext:key)
Public keys in certicates
"Certificate:Data:Version" "BEGIN CERTIFICATE"(ext:crt | ext:asc | ext:txt)
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
Outline H h d P d
http://find/http://goback/8/11/2019 Ghack Crypto Presentation NEC
12/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
Hashed PasswordsSecret KeysPublic KeysPrivate KeysEncrypted MessagesSigned Messages
Private Keys
PGP private keys"BEGIN (DSA|RSA)" ext:key
"BEGIN PGP PRIVATE KEY BLOCK" inurl:txt|asc
"index of" "secring.gpg"
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
Outline Hashed Passwords
http://find/8/11/2019 Ghack Crypto Presentation NEC
13/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
Hashed PasswordsSecret KeysPublic KeysPrivate KeysEncrypted MessagesSigned Messages
Encrypted Messages
PGP encrypted les-"public|pubring|pubkey|signature|pgp|and|or|release" ext:gpg
More encrypted les-intext:"and" (ext:enc | ext:axx)
XML encrypted elements"ciphervalue" ext:xml
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
Outline Hashed Passwords
http://find/8/11/2019 Ghack Crypto Presentation NEC
14/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
Hashed PasswordsSecret KeysPublic KeysPrivate KeysEncrypted MessagesSigned Messages
Signed Messages
Signed emails"BEGIN PGP SIGNED MESSAGE" "From" "Date"
"Subject" (ext:eml | ext:txt | ext:asc)
File signatures-"and|or" "BEGIN PGP SIGNATURE" ext:asc
PGP signed messages"BEGIN PGP SIGNED MESSAGE" -"From" (ext:txt |ext:asc | ext:xml)
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
Outline
http://find/http://goback/8/11/2019 Ghack Crypto Presentation NEC
15/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
GooscanSitediggerGoolinkAdvancedDorkGoogle Advanced Operations Toolbar
Automatic Tools
1 Gooscan2 Sitedigger3 Goolink4 AdvancedDork
5 Google Advanced Operation Toolbar
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineG l H ki G
http://find/8/11/2019 Ghack Crypto Presentation NEC
16/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
GooscanSitediggerGoolinkAdvancedDorkGoogle Advanced Operations Toolbar
Gooscan [7]
a Unix/Linux script to check google hacking queries againstyour systemuses GHD [1]to execute:$ gooscan -t www.google.de -q "BEGIN (DSA|RSA)ext:key" -s de -o output.html
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineG gl H ki g G
http://find/http://goback/8/11/2019 Ghack Crypto Presentation NEC
17/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
GooscanSitediggerGoolinkAdvancedDorkGoogle Advanced Operations Toolbar
Sitedigger [6]
free from Foundstonecompanysupports both GHD andFoundstones own hackingdatabasefor a given host, all entries inthe database are queried
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineGoogle Hacking Gooscan
http://find/8/11/2019 Ghack Crypto Presentation NEC
18/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
GooscanSitediggerGoolinkAdvancedDorkGoogle Advanced Operations Toolbar
Goolink [5]
Goolink queries Google for aparticular chosen search fromGHD
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineGoogle Hacking Gooscan
http://find/8/11/2019 Ghack Crypto Presentation NEC
19/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
GooscanSitediggerGoolinkAdvancedDorkGoogle Advanced Operations Toolbar
AdvancedDork [2]
not specic to googlehackinga Firefox extension for google
searches
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineGoogle Hacking Gooscan
http://find/8/11/2019 Ghack Crypto Presentation NEC
20/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
GooscanSitediggerGoolinkAdvancedDorkGoogle Advanced Operations Toolbar
Google Advanced Operations Toolbar [3]a Firefox extensionprovides a shortcut of Googles advanced search functions
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineGoogle Hacking
http://find/http://goback/8/11/2019 Ghack Crypto Presentation NEC
21/25
Google HackingCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
Security Countermeasures
1 Use automatic tools to check your system2 Use Robot Exclusion Standart (robots.txt)3 Install and manage Google Honeypot [4]
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineGoogle Hacking
http://find/8/11/2019 Ghack Crypto Presentation NEC
22/25
g gCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
Google Code Search
search keywords within source les(www.google.com/codesearch)nd application bugs (e.g. sql injection, xss injection, bufferoverows, etc.) in the source les
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineGoogle Hacking
http://goforward/http://find/http://goback/8/11/2019 Ghack Crypto Presentation NEC
23/25
g gCryptographic Secrets
Automatic ToolsCountermeasures
Google Code SearchConclusion
Conclusion
Cryptography requires secrets to be kept secretGoogle indexes your secrets and makes publicTake the required security countermeasures and protect yoursecrets
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineGoogle Hacking
http://find/8/11/2019 Ghack Crypto Presentation NEC
24/25
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
References I
Google Hacking Database. http://johnny.ihackstuff.com
AdvancedDork- A Firefox extension for google searches.http://johnny.ihackstuff.com
Google Advanced Operation Toolbar.https://addons.mozilla.org/refox/1258/
Google Hack Honeypot Project. http://ghh.sourceforge.netGoolink- Security Scanner.www.ghacks.net/2005/11/23/goolink-scanner-beta-preview/
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
OutlineGoogle Hacking
http://goforward/http://find/http://goback/8/11/2019 Ghack Crypto Presentation NEC
25/25
Cryptographic SecretsAutomatic Tools
CountermeasuresGoogle Code Search
Conclusion
References II
SiteDigger v2.0 - Information Gathering Tool.http://www.foundstone.com
Gooscan - Google Security Scanner.http://johnny.ihackstuff.com
Emin Islam Tatl (University of Mannheim) Google Hacking for Cryptographic Secrets
http://goforward/http://find/http://goback/