SlideShare uma empresa Scribd logo

Download Indexed Cache

Transferir como PPT, PDF
Christian Heinrich
Christian Heinrich

Slides for https://code.google.com/p/dic

TecnologiaNotícias e política
1 de 43
OWASP “Google Hacking” Project Download Indexed Cache Christian Heinrich christian.heinrich@owasp.org OWASP “Google Hacking” Project Lead Last Updated 2 July 2009 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
Copyright Notice Slides and Notes Licensed as:  AU Creative Commons 2.5  Attribution-Non Commercial-No Derivative Works OWASP “Google Hacking” Project 2
Updates to Slides Incorporates all previous slides from:  OWASP USA Conference 2008  ToorCon X (USA)  SecTor 2K8 (Canada)  RUXCON 2K8 (Australia)  OWASP Australian Conference 2009  OWASP European Conference 2009  5th CONFidence 2009 (Poland)  OWASP London Chapter Meeting May 2009  SyScan’09 Singapore Lasted Updated 2 July 2009 OWASP “Google Hacking” Project 3
Latest (SFW) Slides Published on http://www.slideshare.net/cmlh OWASP “Google Hacking” Project 4
Published as Separate PPT Presentations Recommended Delivery: 1. OWASP “Google Hacking” Project 1.1 “Search Engine Recon/Discovery” 1.2. “Download Indexed Cache” 2. “TCP Input Text” 3. OWASP “Google Hacking” Project 3.1 “Spiders/Robots/Crawlers” 3.2 “Continuous Improvement” OWASP “Google Hacking” Project 5
Slide References and Further Info Refer to the Notes Page of each Slide Some slides are hidden due to time limit OWASP “Google Hacking” Project 6
Christian Heinrich aka “cmlh” Experience Since 1996: Penetration Tester Web Application Security Reverse Engineer Crypto Analyst Governance (i.e. PCI, ISO, etc) OWASP “Google Hacking” Project 7
Christian Heinrich aka “cmlh” .gov.au Procurement Panels: Federal Attorney General’s CNVA Program NSW Government 2319/2020 OWASP “Google Hacking” Project 8
Christian Heinrich aka “cmlh”  Wireless Network  https://twitter.com/ruxcon OWASP “Google Hacking” Project 9
Christian Heinrich aka “cmlh” Presented at: OWASP Conferences Australia, Europe and USA. ToorCon (San Diego, USA) SecTor (Toronto, Canada) CONFidence (Poland, Europe) SyScan (Singapore) RUXCON (Sydney, Australia) OWASP “Google Hacking” Project 10
Christian Heinrich aka “cmlh” “End User” Experience Since 1996: Security Thought Leader within AU Media: Former CSO of FOXTEL Former CSO of News Limited (AU part of News Corp) OWASP “Google Hacking” Project 11
Christian Heinrich aka “cmlh” “End User” Experience Since 1996: Federal .gov.au DSD Certified Gateway Service Provider  ASIO Web Hosting Government Endorsed Business (GEB) State .nsw.gov.au Critical Infrastructure OWASP “Google Hacking” Project 12
Christian Heinrich aka “cmlh” Contributions to OWASP: OWASP Testing Guide v3  4.2.1 “Spiders/Robots/Crawlers”  4.2.2 “Search Engine Reconnaissance” OWASP “Google Hacking” Project  “Download Indexed Cache” PoC Presentations at OWASP Conferences:  Australia, Europe and USA OWASP “Google Hacking” Project 13
OWASP “Google Hacking” Project Download Indexed Cache Christian Heinrich christian.heinrich@owasp.org OWASP “Google Hacking” Project Lead Last Updated 2 July 2009 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
Download Indexed Cache Supports OWASP Testing Guide v3 4.2.2 “Search Engine Reconnaissance” Provides Evidence of Cached Page during Fieldwork Repository at: http://code.google.com/p/dic OWASP “Google Hacking” Project 15
Command Line Arguments Google SOAP Search API related:  -key API Key demo is embedded API Key  -query Google Search Query  -start Starting Google Search Result (Zero Based Index i.e. 1=0) OWASP “Google Hacking” Project 16
Results 1 to 10 cmlh$ /usr/bin/perl dic.pl –key “demo” -query “site:owasp.org" -start 1 "Download Indexed Cache" Proof of Concept (PoC) 0.1 (Released at RUXCON 2K8) Copyright 2009 Christian Heinrich Licensed under the Apache License, Version 2.0 Creating ./siteowasp.org 1. Downloading https://www.owasp.org/ from Google Cache [46k] as 1.html 2. Downloading http://www.owasp.org/ from Google Cache [46k] as 2.html [SNIP] 8. Downloading http://www.owasp.org/index.php/Session_Management from Google Cache [88k] as 8.html 9. Downloading http://www.owasp.org/index.php/Testing_for_file_extensions handling from Google Cache [24k] as 9.html 10. Downloading http://www.owasp.org/index.php/OWASP_SoC_2008_ASDR_Reviewers from Google Cache [20k] as 10.html OWASP “Google Hacking” Project 17
Results 11 to … cmlh$ /usr/bin/perl dic.pl –key demo -query “site:owasp.org" -start 11 "Download Indexed Cache" Proof of Concept (PoC) 0.1 [SNIP] Copyright 2008 Christian Heinrich Licensed under the Apache License, Version 2.0 Appending ./siteowasp.org 11. Downloading https://www.owasp.org/index.php/System_Information_Leak from Google Cache [26k] as 11.html 12. Downloading http://www.owasp.org/index.php/Buffer_overflows from Google Cache [34k] as 12.html [SNIP] 18. Downloading http://www.owasp.org/index.php/Testing_Guide_Introduction from Google Cache [111k] as 18.html 19. Downloading http://www.owasp.org/index.php/OWASP_Java_Project from Google Cache [28k] as 19.html 20. Downloading https://www.owasp.org/index.php/Insecure_Temporary_File from Google Cache [26k] as 20.html OWASP “Google Hacking” Project 18
Google Search Results - 1 to 1000 #!/usr/bin/perl –w for (my $result=0; $result < 990; $result = $result + 10) { system (“./dic.pl -key “[key]" -query “[query]" -start $resultn"); } OWASP “Google Hacking” Project 19
Exploiting Page Rank Page Rank Orders “Less Public” Results Last Descending $start of doGoogleSearch:  e.g. –start:990, -start:980, etc  Remember $start – 1 i.e. 0 OWASP “Google Hacking” Project 20
Google Search Results - 1000 to 1 #!/usr/bin/perl –w for (my $result=990; $result >= 1; $result = $result - 10) { system (“./dic.pl -key “[key]" -query “[query]" -start $resultn"); } OWASP “Google Hacking” Project 21
Generated Output cmlh$ /usr/bin/perl dic.pl –key “demo” -query “site:owasp.org" -start 1 "Download Indexed Cache" Proof of Concept (PoC) 0.1 (Released at RUXCON 2K8) Copyright 2009 Christian Heinrich Licensed under the Apache License, Version 2.0 Creating ./siteowasp.org 1. Downloading https://www.owasp.org/ from Google Cache [46k] as 1.html 2. Downloading http://www.owasp.org/ from Google Cache [46k] as 2.html [SNIP] 8. Downloading http://www.owasp.org/index.php/Session_Management from Google Cache [88k] as 8.html 9. Downloading http://www.owasp.org/index.php/Testing_for_file_extensions handling from Google Cache [24k] as 9.html 10. Downloading http://www.owasp.org/index.php/OWASP_SoC_2008_ASDR_Reviewers from Google Cache [20k] as 10.html OWASP “Google Hacking” Project 22
Generated Output Directory: Name Stripped of “:” from Google Operator /dic sub-directory Files in Directory: x.html x is Search Result Number [SearchQuery].csv SearchResultNumber, URL OWASP “Google Hacking” Project 23
1.html Example cmlh$ cd siteowasp.org/dic/ cmlh$ head –n 25 1.html <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><base href="https://www.owasp.org/index.php /Main_Page"><div style="margin:-1px - 1px 0;padding: 0;border:1px solid #999;background:#fff"><div style= "margin:12px;p adding:8px;border:1px solid #999;background:#ddd;font:13px arial,sans- serif;color:#000;font-weight:normal;text-align:left">This is Google&#39;s cache of <a href="https://www.owasp.org/" style="text decoration:underline;color:#00c">https:// www.owasp.org/</a>. It is a snapshot of the page as it appeared on 17 Feb 2009 17:00:03 [snip] OWASP “Google Hacking” Project 24
[SearchQuery].csv Example cmlh$ cat siteowasp.org.csv 1,http://www.owasp.org/ 2,http://www.owasp.org/download/ 3,http://www.owasp.org:443/ 4,https://www.owasp.org/images/b/b1/OWASP_gr_newsle [snip] 5,http://www.owasp.org/images/0/06/Dublin_Sponsorsh [snip] 6,https://www.owasp.org/images/2/21/OWASP_gr_newsle [snip] 7,http://www.owasp.org/index.php/Cincinnati 8,http://www.owasp.org/index.php/Testing_for_file_e [snip] 9,http://www.owasp.org/index.php/OWASP_SoC_2008_ASD [snip] 10,http://www.owasp.org/index.php/OWASP_Taiwan_Tran [snip] OWASP “Google Hacking” Project 25
DataDumper.txt Example $VAR1 = bless( { 'searchTime' => '0.136083‘ 'endIndex' => '10', 'searchComments' => '', 'documentFiltering' => 0, 'searchTips' => '', 'estimatedTotalResultsCount' => '41100', 'searchQuery' => 'site:owasp.org', 'startIndex' => '1', 'resultElements' => [ bless( { [SNIP] OWASP “Google Hacking” Project 26
Google SOAP Search API in Perl doGoogleSearch  $key  $q  $start -1 subtracted for Zero Index doGoogleSearchResponse  URL  cachedSize OWASP “Google Hacking” Project 27
Google SOAP Search API in Perl doGetCachedPage  $key  $URL doGetCachedPageResponse  … xsi:type="ns2:base64"> OWASP “Google Hacking” Project 28
Google SOAP Search API Limitations Search Query limited to: 10 Words 2048 Bytes 1K Search Queries Per Day Limited to Search Results within 0…999 10K Possible Results from 10 Different Queries OWASP “Google Hacking” Project 29
“10K Possible Results from 10 Different Queries” Specific each FQDN over 10 site: -queries For example:  … -query “site:www.google.com” …  … -query “site:video.google.com” … 3. … 9. [snip]  … -query “code.google.com” … OWASP “Google Hacking” Project 30
Google SOAP Search API Limitations Issuing of API Keys Discontinued 5 Dec 2006 OWASP “Google Hacking” Project 31
Google SOAP Search API Limitations Will be Deprecated on 31 August 2009 OWASP “Google Hacking” Project 32
dic Roadmap PoC v0.1 Previewed at OWASP USA, ToorCon and SecTor (CA) Released at RUXCON 2K8 in Sydney, AU, Nov 2008 PoC v0.2 Moving repository to code.google.com/p/dic Records the Timestamp from Google Cache Previewed at OWASP AU/EU 2009, SyScan09SG OWASP “Google Hacking” Project 33
dic Roadmap PoC v0.3 Specify Range of Google Search Results to 1000 Code Sync with “TCP Input Text” Consider Net::Google CPAN Perl Module PoC v0.4 Maintenance Release Released approx 31 August 2009 Once Google deprecates SOAP Search API OWASP “Google Hacking” Project 34
Call for Project Reviewers Perl – CPAN Modules SOAP::Lite Net::Google Interested? christian.heinrich@owasp.org OWASP “Google Hacking” Project 35
Call for Project Reviewers Perl – Quality Assurance: Perl::Critic CPAN Module perltidy Code Contribution Licensed as: Apache License, Version 2.0 Interested? christian.heinrich@owasp.org OWASP “Google Hacking” Project 36
Call for Project Reviewers Development Eclipse EPIC Plug-in Subclipse Plug-in Subversion Repository code.google.com Interested? christian.heinrich@owasp.org OWASP “Google Hacking” Project 37
Call for Project Reviewers OWASP Alpha Project Reviewers: pdp @ GNUCITIZEN Chris Gates @ Carnal0wnage Glenn Roberts @ Solutionary Interested? christian.heinrich@owasp.org OWASP “Google Hacking” Project 38
OWASP Project Project Endorsers  Justin Derry (OWASP AU Conference Chair)  Dinis Cruz (OWASP Board) OWASP Project Manager  Paulo Coimbra OWASP “Google Hacking” Project 39
Project Controversy - OWASP “Google Hacking” Role: 2. Someone in an Engineering Function at Google 3. Complaint Received by Tom Brennan (OWASP) Facts:  Not an Google or OWASP Summer of Code  Does not violate Google’s Terms of Service  Contacted for Sec. Role at Google Sydney AU  Google SOAP API perl code related to tit  Separation with OWASP Project due to new scope OWASP “Google Hacking” Project 40
Project Controversy code.google.com denies “Google Hacking” labels But permits project names of “Google Hacking” http://code.google.com/p/googlehacking OWASP “Google Hacking” Project 41
Closing Remarks Mitigation strategies are in the following slides: “Spiders/Robots/Crawlers” “Continuous Improvement” OWASP “Google Hacking” Project 42
Closing Remarks Upcoming Presentations: http://snipurl.com/cmlh_speaking_schedule E-mail: christian.heinrich@owasp.org Slides available from: http://www.slideshare.net/cmlh OWASP “Google Hacking” Project 43

Recomendados

Installation and setup hadoop published
Installation and setup hadoop publishedInstallation and setup hadoop published
Installation and setup hadoop publishedDipendra Kusi
 
Be Mean to your Code with Gauntlt #txlf 2013
Be Mean to your Code with Gauntlt #txlf 2013Be Mean to your Code with Gauntlt #txlf 2013
Be Mean to your Code with Gauntlt #txlf 2013James Wickett
 
Getting Started with OpenStack Development
Getting Started with OpenStack Development Getting Started with OpenStack Development
Getting Started with OpenStack Development Rackspace
 
Rugged by example with Gauntlt (Hacker Headshot)
Rugged by example with Gauntlt (Hacker Headshot)Rugged by example with Gauntlt (Hacker Headshot)
Rugged by example with Gauntlt (Hacker Headshot)James Wickett
 
JLeRN_CETIS2012
JLeRN_CETIS2012JLeRN_CETIS2012
JLeRN_CETIS2012Bharti Gupta
 
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...James Wickett
 
Solve the Cross-Cloud Conundrum with jclouds at Gluecon 2013
Solve the Cross-Cloud Conundrum with jclouds at Gluecon 2013Solve the Cross-Cloud Conundrum with jclouds at Gluecon 2013
Solve the Cross-Cloud Conundrum with jclouds at Gluecon 2013Everett Toews
 
Be Mean to Your Code - OWASP San Antonio
Be Mean to Your Code - OWASP San Antonio Be Mean to Your Code - OWASP San Antonio
Be Mean to Your Code - OWASP San Antonio James Wickett
 

Recomendados

Installation and setup hadoop published
Installation and setup hadoop publishedInstallation and setup hadoop published
Installation and setup hadoop publishedDipendra Kusi
 
Be Mean to your Code with Gauntlt #txlf 2013
Be Mean to your Code with Gauntlt #txlf 2013Be Mean to your Code with Gauntlt #txlf 2013
Be Mean to your Code with Gauntlt #txlf 2013James Wickett
 
Getting Started with OpenStack Development
Getting Started with OpenStack Development Getting Started with OpenStack Development
Getting Started with OpenStack Development Rackspace
 
Rugged by example with Gauntlt (Hacker Headshot)
Rugged by example with Gauntlt (Hacker Headshot)Rugged by example with Gauntlt (Hacker Headshot)
Rugged by example with Gauntlt (Hacker Headshot)James Wickett
 
JLeRN_CETIS2012
JLeRN_CETIS2012JLeRN_CETIS2012
JLeRN_CETIS2012Bharti Gupta
 
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...James Wickett
 
Solve the Cross-Cloud Conundrum with jclouds at Gluecon 2013
Solve the Cross-Cloud Conundrum with jclouds at Gluecon 2013Solve the Cross-Cloud Conundrum with jclouds at Gluecon 2013
Solve the Cross-Cloud Conundrum with jclouds at Gluecon 2013Everett Toews
 
Be Mean to Your Code - OWASP San Antonio
Be Mean to Your Code - OWASP San Antonio Be Mean to Your Code - OWASP San Antonio
Be Mean to Your Code - OWASP San Antonio James Wickett
 
Open stack Austin meetup January 15, 2015
Open stack Austin meetup January 15, 2015Open stack Austin meetup January 15, 2015
Open stack Austin meetup January 15, 2015Tesora
 
Malicious Payloads vs Deep Visibility: A PowerShell Story
Malicious Payloads vs Deep Visibility: A PowerShell StoryMalicious Payloads vs Deep Visibility: A PowerShell Story
Malicious Payloads vs Deep Visibility: A PowerShell StoryDaniel Bohannon
 
Osrs
OsrsOsrs
OsrsIccha Sethi
 
DevSec Defense
DevSec DefenseDevSec Defense
DevSec DefenseDaniel Bohannon
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the BadXavier Mertens
 
API analytics with Redis and Google Bigquery. NoSQL matters edition
API analytics with Redis and Google Bigquery. NoSQL matters editionAPI analytics with Redis and Google Bigquery. NoSQL matters edition
API analytics with Redis and Google Bigquery. NoSQL matters editionjavier ramirez
 
Drools 6.0 (JudCon 2013)
Drools 6.0 (JudCon 2013)Drools 6.0 (JudCon 2013)
Drools 6.0 (JudCon 2013)Mark Proctor
 
Terraform 101
Terraform 101Terraform 101
Terraform 101Haggai Philip Zagury
 
Exploring, understanding and monitoring macOS activity with osquery
Exploring, understanding and monitoring macOS activity with osqueryExploring, understanding and monitoring macOS activity with osquery
Exploring, understanding and monitoring macOS activity with osqueryZachary Wasserman
 
Heroku pycon
Heroku pyconHeroku pycon
Heroku pyconSabatino Severino
 
ACM BPM and elasticsearch AMIS25
ACM BPM and elasticsearch AMIS25ACM BPM and elasticsearch AMIS25
ACM BPM and elasticsearch AMIS25Getting value from IoT, Integration and Data Analytics
 
Prototyping applications with heroku and elasticsearch
Prototyping applications with heroku and elasticsearch Prototyping applications with heroku and elasticsearch
Prototyping applications with heroku and elasticsearchprotofy
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersJavan Rasokat
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAnton Babenko
 
ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesMihai Criveti
 
Cannibalising The Google App Engine
Cannibalising The Google App EngineCannibalising The Google App Engine
Cannibalising The Google App Enginecatherinewall
 
Samsung Devcon - State of HTML5 - Chris Heilmann
Samsung Devcon - State of HTML5 - Chris HeilmannSamsung Devcon - State of HTML5 - Chris Heilmann
Samsung Devcon - State of HTML5 - Chris HeilmannChristian Heilmann
 
OWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application AssessmentsOWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application AssessmentsInternet Security Auditors
 
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Abraham Aranguren
 
Always on! Or not?
Always on! Or not?Always on! Or not?
Always on! Or not?Carsten Sandtner
 
The Big Cloud native FaaS Lebowski
The Big Cloud native FaaS LebowskiThe Big Cloud native FaaS Lebowski
The Big Cloud native FaaS LebowskiQAware GmbH
 
CloudStack News, Berlin 16 june 2016
CloudStack News, Berlin 16 june 2016CloudStack News, Berlin 16 june 2016
CloudStack News, Berlin 16 june 2016ShapeBlue
 

Mais conteúdo relacionado

Mais procurados

Open stack Austin meetup January 15, 2015
Open stack Austin meetup January 15, 2015Open stack Austin meetup January 15, 2015
Open stack Austin meetup January 15, 2015Tesora
 
Malicious Payloads vs Deep Visibility: A PowerShell Story
Malicious Payloads vs Deep Visibility: A PowerShell StoryMalicious Payloads vs Deep Visibility: A PowerShell Story
Malicious Payloads vs Deep Visibility: A PowerShell StoryDaniel Bohannon
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the BadXavier Mertens
 
API analytics with Redis and Google Bigquery. NoSQL matters edition
API analytics with Redis and Google Bigquery. NoSQL matters editionAPI analytics with Redis and Google Bigquery. NoSQL matters edition
API analytics with Redis and Google Bigquery. NoSQL matters editionjavier ramirez
 
Drools 6.0 (JudCon 2013)
Drools 6.0 (JudCon 2013)Drools 6.0 (JudCon 2013)
Drools 6.0 (JudCon 2013)Mark Proctor
 
Exploring, understanding and monitoring macOS activity with osquery
Exploring, understanding and monitoring macOS activity with osqueryExploring, understanding and monitoring macOS activity with osquery
Exploring, understanding and monitoring macOS activity with osqueryZachary Wasserman
 

Mais procurados (10)

Open stack Austin meetup January 15, 2015
Open stack Austin meetup January 15, 2015Open stack Austin meetup January 15, 2015
Open stack Austin meetup January 15, 2015
 
Malicious Payloads vs Deep Visibility: A PowerShell Story
Malicious Payloads vs Deep Visibility: A PowerShell StoryMalicious Payloads vs Deep Visibility: A PowerShell Story
Malicious Payloads vs Deep Visibility: A PowerShell Story
 
Osrs
OsrsOsrs
Osrs
 
DevSec Defense
DevSec DefenseDevSec Defense
DevSec Defense
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the Bad
 
API analytics with Redis and Google Bigquery. NoSQL matters edition
API analytics with Redis and Google Bigquery. NoSQL matters editionAPI analytics with Redis and Google Bigquery. NoSQL matters edition
API analytics with Redis and Google Bigquery. NoSQL matters edition
 
Drools 6.0 (JudCon 2013)
Drools 6.0 (JudCon 2013)Drools 6.0 (JudCon 2013)
Drools 6.0 (JudCon 2013)
 
Terraform 101
Terraform 101Terraform 101
Terraform 101
 
Exploring, understanding and monitoring macOS activity with osquery
Exploring, understanding and monitoring macOS activity with osqueryExploring, understanding and monitoring macOS activity with osquery
Exploring, understanding and monitoring macOS activity with osquery
 
Heroku pycon
Heroku pyconHeroku pycon
Heroku pycon
 

Semelhante a Download Indexed Cache

Prototyping applications with heroku and elasticsearch
Prototyping applications with heroku and elasticsearch Prototyping applications with heroku and elasticsearch
Prototyping applications with heroku and elasticsearchprotofy
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersJavan Rasokat
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAnton Babenko
 
ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesMihai Criveti
 
Cannibalising The Google App Engine
Cannibalising The Google App EngineCannibalising The Google App Engine
Cannibalising The Google App Enginecatherinewall
 
Samsung Devcon - State of HTML5 - Chris Heilmann
Samsung Devcon - State of HTML5 - Chris HeilmannSamsung Devcon - State of HTML5 - Chris Heilmann
Samsung Devcon - State of HTML5 - Chris HeilmannChristian Heilmann
 
OWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application AssessmentsOWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application AssessmentsInternet Security Auditors
 
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Abraham Aranguren
 
The Big Cloud native FaaS Lebowski
The Big Cloud native FaaS LebowskiThe Big Cloud native FaaS Lebowski
The Big Cloud native FaaS LebowskiQAware GmbH
 
CloudStack News, Berlin 16 june 2016
CloudStack News, Berlin 16 june 2016CloudStack News, Berlin 16 june 2016
CloudStack News, Berlin 16 june 2016ShapeBlue
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsAmazon Web Services
 
Weekly lecture appsterdam_19mar2014
Weekly lecture appsterdam_19mar2014Weekly lecture appsterdam_19mar2014
Weekly lecture appsterdam_19mar2014Microsoft
 
Offline strategies for HTML5 web applications - IPC12
Offline strategies for HTML5 web applications - IPC12Offline strategies for HTML5 web applications - IPC12
Offline strategies for HTML5 web applications - IPC12Stephan Hochdörfer
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
 
Django deployment with PaaS
Django deployment with PaaSDjango deployment with PaaS
Django deployment with PaaSAppsembler
 
OpenStack and serverless - long shot or sure thing
OpenStack and serverless - long shot or sure thingOpenStack and serverless - long shot or sure thing
OpenStack and serverless - long shot or sure thingCloudify Community
 
Blue whale, jail and Microsoft
Blue whale, jail and MicrosoftBlue whale, jail and Microsoft
Blue whale, jail and MicrosoftLukasz Kaluzny
 
Students of Navgujarat College of Computer Applications, Ahmedabad felt excit...
Students of Navgujarat College of Computer Applications, Ahmedabad felt excit...Students of Navgujarat College of Computer Applications, Ahmedabad felt excit...
Students of Navgujarat College of Computer Applications, Ahmedabad felt excit...cresco
 

Semelhante a Download Indexed Cache (20)

ACM BPM and elasticsearch AMIS25
ACM BPM and elasticsearch AMIS25ACM BPM and elasticsearch AMIS25
ACM BPM and elasticsearch AMIS25
 
Prototyping applications with heroku and elasticsearch
Prototyping applications with heroku and elasticsearch Prototyping applications with heroku and elasticsearch
Prototyping applications with heroku and elasticsearch
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic intro
 
ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
 
Cannibalising The Google App Engine
Cannibalising The Google App EngineCannibalising The Google App Engine
Cannibalising The Google App Engine
 
Samsung Devcon - State of HTML5 - Chris Heilmann
Samsung Devcon - State of HTML5 - Chris HeilmannSamsung Devcon - State of HTML5 - Chris Heilmann
Samsung Devcon - State of HTML5 - Chris Heilmann
 
OWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application AssessmentsOWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application Assessments
 
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011
 
Always on! Or not?
Always on! Or not?Always on! Or not?
Always on! Or not?
 
The Big Cloud native FaaS Lebowski
The Big Cloud native FaaS LebowskiThe Big Cloud native FaaS Lebowski
The Big Cloud native FaaS Lebowski
 
CloudStack News, Berlin 16 june 2016
CloudStack News, Berlin 16 june 2016CloudStack News, Berlin 16 june 2016
CloudStack News, Berlin 16 june 2016
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
 
Weekly lecture appsterdam_19mar2014
Weekly lecture appsterdam_19mar2014Weekly lecture appsterdam_19mar2014
Weekly lecture appsterdam_19mar2014
 
Offline strategies for HTML5 web applications - IPC12
Offline strategies for HTML5 web applications - IPC12Offline strategies for HTML5 web applications - IPC12
Offline strategies for HTML5 web applications - IPC12
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
 
Django deployment with PaaS
Django deployment with PaaSDjango deployment with PaaS
Django deployment with PaaS
 
OpenStack and serverless - long shot or sure thing
OpenStack and serverless - long shot or sure thingOpenStack and serverless - long shot or sure thing
OpenStack and serverless - long shot or sure thing
 
Blue whale, jail and Microsoft
Blue whale, jail and MicrosoftBlue whale, jail and Microsoft
Blue whale, jail and Microsoft
 
Students of Navgujarat College of Computer Applications, Ahmedabad felt excit...
Students of Navgujarat College of Computer Applications, Ahmedabad felt excit...Students of Navgujarat College of Computer Applications, Ahmedabad felt excit...
Students of Navgujarat College of Computer Applications, Ahmedabad felt excit...
 

Mais de Christian Heinrich

Mais de Christian Heinrich (10)

Maltego "Have I been pwned?"
Maltego "Have I been pwned?"Maltego "Have I been pwned?"
Maltego "Have I been pwned?"
 
Maltego Breach
Maltego BreachMaltego Breach
Maltego Breach
 
CVSS
CVSSCVSS
CVSS
 
tit
tittit
tit
 
ssh
sshssh
ssh
 
BSAMMBO
BSAMMBOBSAMMBO
BSAMMBO
 
BSIMM
BSIMMBSIMM
BSIMM
 
skipfish
skipfishskipfish
skipfish
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
 
PA-DSS
PA-DSSPA-DSS
PA-DSS
 

Último

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Download Indexed Cache

  • 1. OWASP “Google Hacking” Project Download Indexed Cache Christian Heinrich christian.heinrich@owasp.org OWASP “Google Hacking” Project Lead Last Updated 2 July 2009 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
  • 2. Copyright Notice Slides and Notes Licensed as:  AU Creative Commons 2.5  Attribution-Non Commercial-No Derivative Works OWASP “Google Hacking” Project 2
  • 3. Updates to Slides Incorporates all previous slides from:  OWASP USA Conference 2008  ToorCon X (USA)  SecTor 2K8 (Canada)  RUXCON 2K8 (Australia)  OWASP Australian Conference 2009  OWASP European Conference 2009  5th CONFidence 2009 (Poland)  OWASP London Chapter Meeting May 2009  SyScan’09 Singapore Lasted Updated 2 July 2009 OWASP “Google Hacking” Project 3
  • 4. Latest (SFW) Slides Published on http://www.slideshare.net/cmlh OWASP “Google Hacking” Project 4
  • 5. Published as Separate PPT Presentations Recommended Delivery: 1. OWASP “Google Hacking” Project 1.1 “Search Engine Recon/Discovery” 1.2. “Download Indexed Cache” 2. “TCP Input Text” 3. OWASP “Google Hacking” Project 3.1 “Spiders/Robots/Crawlers” 3.2 “Continuous Improvement” OWASP “Google Hacking” Project 5
  • 6. Slide References and Further Info Refer to the Notes Page of each Slide Some slides are hidden due to time limit OWASP “Google Hacking” Project 6
  • 7. Christian Heinrich aka “cmlh” Experience Since 1996: Penetration Tester Web Application Security Reverse Engineer Crypto Analyst Governance (i.e. PCI, ISO, etc) OWASP “Google Hacking” Project 7
  • 8. Christian Heinrich aka “cmlh” .gov.au Procurement Panels: Federal Attorney General’s CNVA Program NSW Government 2319/2020 OWASP “Google Hacking” Project 8
  • 9. Christian Heinrich aka “cmlh”  Wireless Network  https://twitter.com/ruxcon OWASP “Google Hacking” Project 9
  • 10. Christian Heinrich aka “cmlh” Presented at: OWASP Conferences Australia, Europe and USA. ToorCon (San Diego, USA) SecTor (Toronto, Canada) CONFidence (Poland, Europe) SyScan (Singapore) RUXCON (Sydney, Australia) OWASP “Google Hacking” Project 10
  • 11. Christian Heinrich aka “cmlh” “End User” Experience Since 1996: Security Thought Leader within AU Media: Former CSO of FOXTEL Former CSO of News Limited (AU part of News Corp) OWASP “Google Hacking” Project 11
  • 12. Christian Heinrich aka “cmlh” “End User” Experience Since 1996: Federal .gov.au DSD Certified Gateway Service Provider  ASIO Web Hosting Government Endorsed Business (GEB) State .nsw.gov.au Critical Infrastructure OWASP “Google Hacking” Project 12
  • 13. Christian Heinrich aka “cmlh” Contributions to OWASP: OWASP Testing Guide v3  4.2.1 “Spiders/Robots/Crawlers”  4.2.2 “Search Engine Reconnaissance” OWASP “Google Hacking” Project  “Download Indexed Cache” PoC Presentations at OWASP Conferences:  Australia, Europe and USA OWASP “Google Hacking” Project 13
  • 14. OWASP “Google Hacking” Project Download Indexed Cache Christian Heinrich christian.heinrich@owasp.org OWASP “Google Hacking” Project Lead Last Updated 2 July 2009 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
  • 15. Download Indexed Cache Supports OWASP Testing Guide v3 4.2.2 “Search Engine Reconnaissance” Provides Evidence of Cached Page during Fieldwork Repository at: http://code.google.com/p/dic OWASP “Google Hacking” Project 15
  • 16. Command Line Arguments Google SOAP Search API related:  -key API Key demo is embedded API Key  -query Google Search Query  -start Starting Google Search Result (Zero Based Index i.e. 1=0) OWASP “Google Hacking” Project 16
  • 17. Results 1 to 10 cmlh$ /usr/bin/perl dic.pl –key “demo” -query “site:owasp.org" -start 1 "Download Indexed Cache" Proof of Concept (PoC) 0.1 (Released at RUXCON 2K8) Copyright 2009 Christian Heinrich Licensed under the Apache License, Version 2.0 Creating ./siteowasp.org 1. Downloading https://www.owasp.org/ from Google Cache [46k] as 1.html 2. Downloading http://www.owasp.org/ from Google Cache [46k] as 2.html [SNIP] 8. Downloading http://www.owasp.org/index.php/Session_Management from Google Cache [88k] as 8.html 9. Downloading http://www.owasp.org/index.php/Testing_for_file_extensions handling from Google Cache [24k] as 9.html 10. Downloading http://www.owasp.org/index.php/OWASP_SoC_2008_ASDR_Reviewers from Google Cache [20k] as 10.html OWASP “Google Hacking” Project 17
  • 18. Results 11 to … cmlh$ /usr/bin/perl dic.pl –key demo -query “site:owasp.org" -start 11 "Download Indexed Cache" Proof of Concept (PoC) 0.1 [SNIP] Copyright 2008 Christian Heinrich Licensed under the Apache License, Version 2.0 Appending ./siteowasp.org 11. Downloading https://www.owasp.org/index.php/System_Information_Leak from Google Cache [26k] as 11.html 12. Downloading http://www.owasp.org/index.php/Buffer_overflows from Google Cache [34k] as 12.html [SNIP] 18. Downloading http://www.owasp.org/index.php/Testing_Guide_Introduction from Google Cache [111k] as 18.html 19. Downloading http://www.owasp.org/index.php/OWASP_Java_Project from Google Cache [28k] as 19.html 20. Downloading https://www.owasp.org/index.php/Insecure_Temporary_File from Google Cache [26k] as 20.html OWASP “Google Hacking” Project 18
  • 19. Google Search Results - 1 to 1000 #!/usr/bin/perl –w for (my $result=0; $result < 990; $result = $result + 10) { system (“./dic.pl -key “[key]" -query “[query]" -start $resultn"); } OWASP “Google Hacking” Project 19
  • 20. Exploiting Page Rank Page Rank Orders “Less Public” Results Last Descending $start of doGoogleSearch:  e.g. –start:990, -start:980, etc  Remember $start – 1 i.e. 0 OWASP “Google Hacking” Project 20
  • 21. Google Search Results - 1000 to 1 #!/usr/bin/perl –w for (my $result=990; $result >= 1; $result = $result - 10) { system (“./dic.pl -key “[key]" -query “[query]" -start $resultn"); } OWASP “Google Hacking” Project 21
  • 22. Generated Output cmlh$ /usr/bin/perl dic.pl –key “demo” -query “site:owasp.org" -start 1 "Download Indexed Cache" Proof of Concept (PoC) 0.1 (Released at RUXCON 2K8) Copyright 2009 Christian Heinrich Licensed under the Apache License, Version 2.0 Creating ./siteowasp.org 1. Downloading https://www.owasp.org/ from Google Cache [46k] as 1.html 2. Downloading http://www.owasp.org/ from Google Cache [46k] as 2.html [SNIP] 8. Downloading http://www.owasp.org/index.php/Session_Management from Google Cache [88k] as 8.html 9. Downloading http://www.owasp.org/index.php/Testing_for_file_extensions handling from Google Cache [24k] as 9.html 10. Downloading http://www.owasp.org/index.php/OWASP_SoC_2008_ASDR_Reviewers from Google Cache [20k] as 10.html OWASP “Google Hacking” Project 22
  • 23. Generated Output Directory: Name Stripped of “:” from Google Operator /dic sub-directory Files in Directory: x.html x is Search Result Number [SearchQuery].csv SearchResultNumber, URL OWASP “Google Hacking” Project 23
  • 24. 1.html Example cmlh$ cd siteowasp.org/dic/ cmlh$ head –n 25 1.html <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><base href="https://www.owasp.org/index.php /Main_Page"><div style="margin:-1px - 1px 0;padding: 0;border:1px solid #999;background:#fff"><div style= "margin:12px;p adding:8px;border:1px solid #999;background:#ddd;font:13px arial,sans- serif;color:#000;font-weight:normal;text-align:left">This is Google&#39;s cache of <a href="https://www.owasp.org/" style="text decoration:underline;color:#00c">https:// www.owasp.org/</a>. It is a snapshot of the page as it appeared on 17 Feb 2009 17:00:03 [snip] OWASP “Google Hacking” Project 24
  • 25. [SearchQuery].csv Example cmlh$ cat siteowasp.org.csv 1,http://www.owasp.org/ 2,http://www.owasp.org/download/ 3,http://www.owasp.org:443/ 4,https://www.owasp.org/images/b/b1/OWASP_gr_newsle [snip] 5,http://www.owasp.org/images/0/06/Dublin_Sponsorsh [snip] 6,https://www.owasp.org/images/2/21/OWASP_gr_newsle [snip] 7,http://www.owasp.org/index.php/Cincinnati 8,http://www.owasp.org/index.php/Testing_for_file_e [snip] 9,http://www.owasp.org/index.php/OWASP_SoC_2008_ASD [snip] 10,http://www.owasp.org/index.php/OWASP_Taiwan_Tran [snip] OWASP “Google Hacking” Project 25
  • 26. DataDumper.txt Example $VAR1 = bless( { 'searchTime' => '0.136083‘ 'endIndex' => '10', 'searchComments' => '', 'documentFiltering' => 0, 'searchTips' => '', 'estimatedTotalResultsCount' => '41100', 'searchQuery' => 'site:owasp.org', 'startIndex' => '1', 'resultElements' => [ bless( { [SNIP] OWASP “Google Hacking” Project 26
  • 27. Google SOAP Search API in Perl doGoogleSearch  $key  $q  $start -1 subtracted for Zero Index doGoogleSearchResponse  URL  cachedSize OWASP “Google Hacking” Project 27
  • 28. Google SOAP Search API in Perl doGetCachedPage  $key  $URL doGetCachedPageResponse  … xsi:type="ns2:base64"> OWASP “Google Hacking” Project 28
  • 29. Google SOAP Search API Limitations Search Query limited to: 10 Words 2048 Bytes 1K Search Queries Per Day Limited to Search Results within 0…999 10K Possible Results from 10 Different Queries OWASP “Google Hacking” Project 29
  • 30. “10K Possible Results from 10 Different Queries” Specific each FQDN over 10 site: -queries For example:  … -query “site:www.google.com” …  … -query “site:video.google.com” … 3. … 9. [snip]  … -query “code.google.com” … OWASP “Google Hacking” Project 30
  • 31. Google SOAP Search API Limitations Issuing of API Keys Discontinued 5 Dec 2006 OWASP “Google Hacking” Project 31
  • 32. Google SOAP Search API Limitations Will be Deprecated on 31 August 2009 OWASP “Google Hacking” Project 32
  • 33. dic Roadmap PoC v0.1 Previewed at OWASP USA, ToorCon and SecTor (CA) Released at RUXCON 2K8 in Sydney, AU, Nov 2008 PoC v0.2 Moving repository to code.google.com/p/dic Records the Timestamp from Google Cache Previewed at OWASP AU/EU 2009, SyScan09SG OWASP “Google Hacking” Project 33
  • 34. dic Roadmap PoC v0.3 Specify Range of Google Search Results to 1000 Code Sync with “TCP Input Text” Consider Net::Google CPAN Perl Module PoC v0.4 Maintenance Release Released approx 31 August 2009 Once Google deprecates SOAP Search API OWASP “Google Hacking” Project 34
  • 35. Call for Project Reviewers Perl – CPAN Modules SOAP::Lite Net::Google Interested? christian.heinrich@owasp.org OWASP “Google Hacking” Project 35
  • 36. Call for Project Reviewers Perl – Quality Assurance: Perl::Critic CPAN Module perltidy Code Contribution Licensed as: Apache License, Version 2.0 Interested? christian.heinrich@owasp.org OWASP “Google Hacking” Project 36
  • 37. Call for Project Reviewers Development Eclipse EPIC Plug-in Subclipse Plug-in Subversion Repository code.google.com Interested? christian.heinrich@owasp.org OWASP “Google Hacking” Project 37
  • 38. Call for Project Reviewers OWASP Alpha Project Reviewers: pdp @ GNUCITIZEN Chris Gates @ Carnal0wnage Glenn Roberts @ Solutionary Interested? christian.heinrich@owasp.org OWASP “Google Hacking” Project 38
  • 39. OWASP Project Project Endorsers  Justin Derry (OWASP AU Conference Chair)  Dinis Cruz (OWASP Board) OWASP Project Manager  Paulo Coimbra OWASP “Google Hacking” Project 39
  • 40. Project Controversy - OWASP “Google Hacking” Role: 2. Someone in an Engineering Function at Google 3. Complaint Received by Tom Brennan (OWASP) Facts:  Not an Google or OWASP Summer of Code  Does not violate Google’s Terms of Service  Contacted for Sec. Role at Google Sydney AU  Google SOAP API perl code related to tit  Separation with OWASP Project due to new scope OWASP “Google Hacking” Project 40
  • 41. Project Controversy code.google.com denies “Google Hacking” labels But permits project names of “Google Hacking” http://code.google.com/p/googlehacking OWASP “Google Hacking” Project 41
  • 42. Closing Remarks Mitigation strategies are in the following slides: “Spiders/Robots/Crawlers” “Continuous Improvement” OWASP “Google Hacking” Project 42
  • 43. Closing Remarks Upcoming Presentations: http://snipurl.com/cmlh_speaking_schedule E-mail: christian.heinrich@owasp.org Slides available from: http://www.slideshare.net/cmlh OWASP “Google Hacking” Project 43