Tuesday, May 29, 2007

Google Hacking for Vulnerabilities

Tools like these are a clear indication in the interest of gathering targets through google hacking techniques and SQL injecting them using a single tool. What’s important to note is that, instead of scanning the target's web server in an automated fashion thus, increasing the potential of detecting your malicious requests in this case the attack vectors are already known even cached on a search engines' servers. Perhaps a good time to set up a google hacking or PHP deception honeypot, make sure google crawls it and either gather first hand statistics, or deceive at your best. A paper released under the Know Your Enemy series comments on the concept of search engines' reconnaissance :

"Below we give the exploits we have seen against our honeypots and where possible an estimate of the number of users for each piece of software. The estimates are obtained by checking the number of Google search results returned for a given page in a website, for example searching for '"powered by PHPBB" inurl:viewtopic.php' suggests there are around 1.5 million installations of PHPBB indexed by Google."

Malware using search engines to build its hit lists is nothing new and it's the Santy worm and perhaps even the JS/Yamanner worm I have in mind. Worms like these are just the tip of the iceberg when it comes to malware because their successful intrusions act as a propagation vector for malware exes, exploits embedded pages, and hosting of phishing sites. In case you remember, over an year ago New Zealand started a nation wide google hacking security audit aiming to not just build awareness on the potential security issues, but to also, measure the country's susceptibility to google hacking which they claim is the highest in the world. If you don’t take care of your web application vulnerabilities someone else will, and your organization wouldn’t even have "the privilege" of getting exploited by an advanced attacker, but by a script kiddie making your server open a reverse shell back to them in between everything else.