Symantec ThreatCon
Nov 15 2005 12:30AM
Symantec ThreatCon
Search: Home Bugtraq Vulnerabilities Mailing Lists Security Jobs Tools
(page 8 of 8 ) previous 
Google Hacking for Penetration Testers


By Johnny Long
Published by Syngress
ISBN: 1931836361   Buy Now!
Published:December 1, 2004
Pages:528
 About the author
 Buy the book

Solutions Fast Track

Locating and Profiling Web Servers

· Directory listings and default server-generated error messages can provide details about the server. Even though this information could be obtained by connecting directly to the server, an attacker armed with an exploit for a particular version of software could find a target using a Google query designed to locate this information.

· Server and application error message proved a great deal of information, ranging from software versions and patch level to snippets of source code and information about system processes and programs. Error messages are one of the most underestimated forms of information leakage.

· Default pages, documentation, and programs speak volumes about the server that hosts them. They suggest that a server is not well maintained and is by extension vulnerable due to poor maintenance.

Locating Login Portals

· Login portals can draw attackers who are searching for specific types of software. In addition, they can serve as a starting point for information-gathering attacks, since most login portals are designed to be user friendly, providing links to help documents and procedures to aid new users. Administrative login portals and remote administration tools are sometimes even more dangerous, especially if they are poorly configured.

Locating Network Hardware

· All sorts of network devices can be located with Google queries. These devices are more than a passing technological curiosity for some attackers, since many devices linked from the Web are poorly configured, trusted devices often overlooked by typical security auditors. Web cameras are often overlooked devices that can provide insight for an attacker, even though an extremely small percentage of targets have Web cameras installed. Network printers, when compromised, can reveal a great deal of sensitive information, especially for an attacker capable of viewing print jobs and network information.

Frequently Asked Questions

Q: I run an IIS 6.0 server, and I don’t like the idea of those static HTTP 1.1 error pages hanging around my site, luring potential malicious interest in my server. How can I enable the customized error messages?

A: If you aren’t in the habit of just asking Google by now, you should be! Seriously, try a Google search for site:microsoft.com "Configuring Custom Error Messages" IIS 6.0. At the time of this writing, the article describing this procedure is the first hit. The procedure involves firing up the IIS Manager, double-clicking My Computer, right-clicking the Web Sites folder, and selecting Properties. See the Custom Errors tab.

Q: I run an Apache server, and I don’t like the idea of those server tags on error messages and directory listings. How can I turn these off?

A: To remove the tags, locate the section in your httpd.conf file (usually in /etc/httpd/conf/httpd.conf) that contains the following:

#

# Optionally add a line containing the server version and virtual host

# name to server-generated pages (error documents, FTP directory listings,

# mod_status and mod_info output etc., but not CGI generated documents).

# Set to "EMail" to also include a mailto: link to the ServerAdmin.

# Set to one of: On | Off | EMail

#

ServerSignature On

The ServerSignature setting can be changed to Off to remove the tag altogether or to Email, which presents an e-mail link with the ServerAdmin e-mail address as it appears in the httpd.conf file.

Q: I’ve got an idea for a search that’s not listed here. If you’re so smart about Google, why isn’t my search listed in this book?

A: This book serves as more of a primer than a reference book. There are so many possible Google searches out there that it’s impossible to include them all in one book. Most searches listed in this book are the result of a community of people working together to come up with as many effective searches as possible. Fortunately, this community of individuals has created a unique and extensive database that is open to the public for the purposes of adequately defending against this unique threat. The Search Engine Hacking forum and the Google Hacking Database (GHDB) are both available at http://johnny.ihackstuff.com. If you’ve got a new search, first search the database to make sure it’s unique. If you think it is, submit it to the forums, and your search could be the newest addition to the database. But beware, Google searcher. Google hacking is fun and addictive. If you submit one search, I think you’ll find it’s hard to stop. Just ask any of the individuals on the Google Master’s list. Some of them found it hard to stop at 10 or 20 unique submitted searches! Check out the Acknowledgments page for a list of users who have made a significant contribution to the Google hacking community.


About the author
Johnny Long has spoken on network security and Google hacking at several computer security conferences around the world including SANS, Defcon, and the Black Hat Briefings. During his recent career with Computer Sciences Corporation (CSC), a leading global IT services company, he has performed active network and physical security assessments for hundreds of government and commercial clients. His website, currently the Internet's largest repository of Google hacking techniques, can be found at http://johnny.ihackstuff.com. Johnny is also co-author of the forthcoming books Aggressive Network Self-Defense, InfoSec Career Hacking: Sell Your Skillz, Not Your Soul, and Stealing the Network: How to Own an Identity from Syngress Publishing.
(page 8 of 8 ) previous 







 

Privacy Statement
Copyright 2005, SecurityFocus