From: CCID
GoogleHacking is the use of Google's search engines to quickly find a vulnerability host and information that contains sensitive data. The recent attack method that is previously manually operated by hackers can be done from a new worm. In order to cause everyone to pay attention to GoogleHacking, we have made this article hopes that you can better protect your information security through your understanding of HACK's attack. In this paper, it is important in the understanding of GoogleHacking attacks. Please understand the details of some attacks. Foreword: At the Blackhat conference held in Las Vegas, two security experts have been named you Found That on Google and Google Attacks. After the security focus forum original master WLJ big brother, the individual feels that it is necessary to supplement some detail parts. Today, I'm telling you another feature: using search engines quickly finds hosts with vulnerability and information that contains sensitive data, and even direct fool invasion. Use Google to perform the "penetration test", we often conduct information collection before implementing the attack, and then the vulnerability confirmation and the ultimate vulnerability utilization, expand the results. Here we are here to talk about: First, use Google to find the host of the PHP Webshell back door, and test whether it can be used; Second, use Google to find exposed Inc sensitive information. OK, now we start: 1. Find using php Webshell We fill in in Google's Search box:
INTITLE: "PHP shell *" "Enable stderr" FileType: PHP
(Note: INTITLE- Web Title Enable StderR-UNIX standard output and standard errors Abbreviation Filetype- file type). In the search results, you can find a lot of Web Shell directly on the machine to execute the command. If the PHPSHELL found will not be used, if you are not familiar with UNIX, you can look at the list directly, here is not detailed, there are a lot of use value. To explain, we can search for some foreign phpshells here to use the UNIX commands, all of which are SYSTEM calls (it can be used in Baidu and other search engines, just fill in the search for the search). Through my test, this phpwebshell is a direct Echo (UNIX common command). In one sentence, I get the home page:
Echo "Summon"> Index.jsp
Obtained
ECHO /
After writing: "Summon"
Take a look at the home page now, it has been changed to: "Summon"
We can also use WGET to upload a file (such as the leaves you want to replace). Then Execute Command Enter Cat File> INDEX.HTML or Echo "> File
Echo "Test" >> File
Such a bar is playing, and the site's home page is successful. The same can also
UNAME -A; CAT / ETC / Passwd
But a little attention, some WebShell programs have problems, can't do, such as:
http://www.al3toof.com/card/smal ... c_html & command =
http://ramsgaard.net/upload/shell.php
These stations's PHP is Global Register Off
solution:
We can use related tools to search on the Internet, if information is abused,
Http://www.google.com/remove.html Submit the information you want to delete,
Control search engine robot's query.
2. Search InC sensitive information
We fill in in Google's search box:
.org filetype: inc.
We can now search for INC information of the ORG domain site (because Google Shielded Search "COM" information, we can also search other GOV, CN, INFO, TW, JP, EDU, etc.) PS: I am Looking at many PHP programmers like to write some commonly written code or configuration information, write in a .inc's file, such as shared.inc, global.inc, conn.inc, etc., of course this is a very Good habits, including PHP official websites, but I don't know if you have noticed that there is a safety hazard problem.
When I wrote a PHP code, I accidentally wrote a wrong sentence. When I viewed this PHP file in the browser, I found out that the screen was discovered in detail showing the PHP file path and code row. (PHP error display configuration is open. This feature is default in PHP!), This means that when we don't want to write wrong code (same .inc file is also the same) or PHP error display It is also open, the client's users will see the .inc files of the specific URL address, and the .url file is like TXT text, when browsing in the browser, there is no need to display its content without retaining, and Many sites have written important information such as user passwords in .inc files, including domestic Haier and Jia Bell Motorcycline, I dare to announce because I have tested it.
http://www.haier.com/su *** / inc / conn.inc unfluentially can't connect with the client, the website is closed 1215, and the firewall is also filtered.
Ok, after INC's knowledge, we continue to search, find a way to expose the mysql password.
We can use the client to log in to modify the data. Here, the knowledge of the database is involved, we don't talk too much, about "INC exposure sensitive information" is over here.
Of course we can solve them through some ways:
1. You can configure it specifically to configure the .inc file and avoid the user directly to obtain the source file.
2. Of course, the better method is to add and change the file extension. PHP (PHP can be resolved) so that the client will not obtain the source file.
Here, I am expressed by the picture drawn by FreeMind.
For more information on Google Hack, help us analyze step on
Joiner:
-:. * |
Operator:
"Foo1 Foo2" FileType: 123 Site: foo.com IntexT: Foo Intitle: Footitle AllinURL: Foo
Password related
: "Index of" htpasswd / passwd filety: xls username password email "ws_ftp.log" "config.php" AllinURL: Admin MDB Service FileType: PWD (FrontPage)
Sensitive information:
"Robots.tx" "disallow:" filetype: txt inurl: _vti_cnf (frontpage files) allinurl: /msadc/samples/selector/showcode.aspallinurl: /examples/jsp/snp/snoop.jspallinurl: phpsysinfoipsec filetype: confintitle: "error Occurred "ODBC Request Where (SELECT | INSERT)" Mydomain.com "NESSUS Report" Report Generated "
end:
If you want to take the root permissions, you have to analyze the specific questions, but there is a shell permission is good, there are many articles on the Internet, you can refer to the article of WebShell upgrade authority.
We can also search for a lot of useful things through Google, but the details are slowly analyzed, expanded, expanded, invading. These I don't have a specific analysis. Give everyone a thinking, everyone slowly studied.
Here, this article is to end. The purpose of writing this article is to lead to everyone's attention and attention, understand the new HACK means, understand new protection methods, things have two sides, in the era of Google prevail, While using Google, you should also be more comprehensive.
