Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
trIpl3-H>
trIpl3-H> lynx –dump \
"http://www.google.com/search?q=site:usf.edu
+-www.usf.edu&num=100" > sites.txt
trIpl3-H>
trIpl3-H> sed -n 's/\.
http:\/\/[[:alpha:]]*.usf.edu\//& /p'
sitejunk.txt >> sites.out
trIpl3-H>
trIpl3-H>
trIpl3-H>
Scraping domain names with shell script
anchin.coedu.usf.edu library.arts.usf.edu www.cas.usf.edu
catalog.grad.usf.edu listserv.admin.usf.edu www.coba.usf.edu
ce.eng.usf.edu mailman.acomp.usf.edu www.coedu.usf.edu
cedr.coba.usf.edu modis.marine.usf.edu www.ctr.usf.edu
my.usf.edu www.eng.usf.edu
chuma.cas.usf.edu
nbrti.cutr.usf.edu www.flsummit.usf.edu
comps.marine.usf.edu www.fmhi.usf.edu
nosferatu.cas.usf.edu
etc.usf.edu planet.blog.usf.edu www.marine.usf.edu
facts004.facts.usf.edu publichealth.usf.edu www.moffitt.usf.edu
fcit.coedu.usf.edu rarediseasesnetwork.epi.usf.edu www.nelson.usf.edu
fcit.usf.edu tapestry.usf.edu www.plantatlas.usf.edu
ftp://modis.marine.usf.edu usfweb.usf.edu www.registrar.usf.edu
hsc.usf.edu usfweb2.usf.edu www.research.usf.edu
www.reserv.usf.edu
https://hsccf.hsc.usf.edu w3.usf.edu
web.lib.usf.edu www.safetyflorida.usf.edu
https://security.usf.edu
web.usf.edu www.sarasota.usf.edu
isis.fastmail.usf.edu web1.cas.usf.edu www.stpt.usf.edu
www.acomp.usf.edu www.ugs.usf.edu
www.career.usf.edu www.usfpd.usf.edu
www.wusf.usf.edu
Using Google API
• Check out http://www.google.com/apis
• Google allows up to 1000 API queries per day.
• Cool Perl script for scraping domain names at
www.sensepost.com: dns-mine.pl
– By using combos of site, web, link, about, etc. it kind
find a lot more than previous example
• Perl scripts for “Bi-Directional Link Extractor
(BiLE)” and “BiLE Weight” also available.
– BiLE grabs links to sites using Google link query
– BiLE weight calculates relevance of links
Remote anonymous scanning with NQT
• Google query: filetype:php inurl:nqt intext:"Network Query
Tool“
• Network Query Tool allows:
– Resolve/Reverse Lookup
– Get DNS Records
– Whois
– Check port
– Ping host
– Traceroute
• NQT form also accepts input from XSS, but it is still
unpatched at this point!
• Using a proxy, perform anonymous scan via the Web
• Even worse, attacker can scan the internal hosts of
networks hosting NQT
Other portscanning
• Find PHP port scanner:
– inurl:portscan.php "from Port"|"Port Range«
• Find server status tool:
– "server status" "enter domain below"
Other portscanning
Finding network reports
• Find Looking Glass router info
– "Looking Glass" (inurl:"lg/" | inurl:lookingglass)
• Find Visio network drawings
– Filetype:vsd vsd network
• Find CGI bin server info:
– Inurl:fcgi-bin/echo
Finding network reports
Default pages
• You’ve got to be kidding!
– intitle:"OfficeConnect Wireless 11g Access Point"
"Checking your browser"
Finding exploit code
• Find latest and greatest:
– intitle:"index of (hack |sploit | exploit | 0day)"
modified 2005
– Google says it can’t add date modifier, but I
can do it manually with as_qdr=m3
• Another way:
– “#include <stdio.h>” “Usage” exploit
Finding vulnerable targets
• Read up on exploits in Bugtraq. They
usually tell version number of vulernable
product.
• Then, use Google to search for for
“powered by”
– E.g., “Powered by CubeCart 2.0.1”
– E.g. “Powered by CuteNews v1.3.1”
– Etc.
Webcams
• Blogs and message forums buzzed this
week with the discovery that a pair of
simple Google searches permits access to
well over 1,000 unprotected surveillance
cameras around the world -- apparently
without their owners' knowledge.
– SecurityFocus, Jan. 7, 2005
Webcams
• Thousands of webcams used for
surveillance:
– inurl:"ViewerFrame?Mode="
– inurl:"MultiCameraFrame?Mode="
– inurl:"view/index.shtml"
– inurl:"axis-cgi/mjpg"
– intitle:"toshiba network camera - User Login"
– intitle:"NetCam Live Image" -.edu -.gov
– camera linksys inurl:main.cgi
More junk
• Open mail relays (spam, anyone?)
– inurl:xccdonts.asp
• Finger
– inurl:/cgi-bin/finger? "In real life“
• Passwords
– !Host=*.* intext:enc_UserPassword=* ext:pcf
– "AutoCreate=TRUE password=*“
–…
So much to search, so little time…