Time
14 hours 43 minutes
Difficulty
Advanced
CEU/CPE
15

Video Transcription

00:00
Hello, everybody. And welcome to the episode number 11 off the RCP course rule hacks. My name is Alejandro Gonna and I'll be your instructor for today's session. The learning objectives is to understand what is Google tax and also use girl hacks, the strings to gather information.
00:20
Well, let's get down to business.
00:23
Well, first of all, in my opinion, goal search on. In this case, Google hacks are the only truly passive information gathering technique Juries, other tunics, even though they're not, You know, no, I see or intrusive. They do have to go to face, you know, kind of a face to face
00:42
with the victim's system.
00:44
So for simple Deanna's
00:47
information gathering or any other actually proven technique that you can apply, it has to some somewhere along that, the
00:57
the way they have to Doetsch the based on victim system. I'm not saying that you don't have to actually go to toast the victim's system here because maybe you have to go to the Web. H. You know, this is kind of public information is available to anybody. As I said, the name sounds it's actually reachable
01:15
like Google, so you're not doing anything that you know,
01:19
that's a problem here. Even, you know, being said that it doesn't mean that you can actually do that for any other server that you don't have permissions or any other business that you don't have permission to do. That is at the end, you will be finding really
01:38
sensitive information, this cool search. But then again, it's available to anyone. So you know you can fight it. I can find it. Anybody can fight it as it again isn't Google. So there's that.
01:51
Now when I say Google search, I don't mean the usual searches. We making Google this actually cold Google hats. So, you know, as the name suggests, is using go Google combined winds up advanced search options. Actually, this is receiving a page dedicated to that. I mean, you can actually, you know, select
02:08
check boxes and whatever for what you want
02:12
when what, you want Search. But as for disk for this session will be just, you know, Houston,
02:19
Um, the simple browser so you can actually see the options here?
02:23
The gym is just started browser here and, for example, let me just
02:30
go ahead and give you some good, uh,
02:34
strings you can use. For example, you can use living. Just copy pays here, the first command will see. Is something kohl in your L. As the name suggests,
02:45
You know, we're looking for cameras, lynxes, for example, and that it contains in your el mensaje I maybe some lugging with, for example, video. You go here in, there's a log in page for Ah, what camera Camera?
03:01
Ah, a web camera. So you know, you can see the problem here in just, you know, 102 results so
03:07
kind of a big deal. I mean, are you exposing the camera? Do they have the default or, you know, factory password and user name? That's kind of problem. You know, you didn't mean for this specific example. There's something called, um,
03:23
you can I mean, you can use different applications that are dedicated to find vulnerabilities in cameras and actually, often them, and you can actually see the camera.
03:37
You know what, The camera's field man, You know, there's a web pages dedicated to that. You can actually just woke to the webpage and will show you something, you know, Uh, malicious. Oh, are you know, not not malicious per se. But, you know, you can actually see what the people is doing and,
03:54
you know, see them Maybe busting mopping the floor in their houses or something like that, You know, kind of a big deal to me, because privacy is one of the, you know, the concerns right now, but then again, you can do that, uh, again, going to endure l I'm just
04:13
showing you the strings you can use to find cameras. That's one of them. You know, their heaters. Another your elder contains network cameras. And with cameras were here. You can, actually Oh,
04:27
you can actually see the camera in this in this place.
04:30
You know, again, Kind of a big deal. I'm not blaming something legal here. This is actually available on the Internet. That kind of
04:39
Yeah, no worries me about, you know. Then again,
04:43
another
04:46
another, uh, Google Search Command. And I'm actually using disc amends because I don't want to go on give you a course about what? Um, this what you can actually achieve with each command? Because again, just have to, you know, Google hacks,
05:04
commands or options, for example, options. And you will have a lot of information uh, with that
05:14
s so I don't want to stay here and tell you. Okay? These in your elders days on this entitled is that I just want to show you what you can actually do. Here, let me just just the untitled option that I just mentioned. There's another entitled,
05:31
uh, example. And again we just go here
05:34
and lucky in what happens, eh?
05:38
Like this.
05:41
Oh, my gosh.
05:43
Did I get the camera? I don't know.
05:45
I want to find out anyways. But, you know, doing the point. Ah, lot off
05:48
strings for cameras. Let me just give you another one.
05:55
And again. Fault. This is available. I will show you a webpage at the end of the off off this curse, and you will see that this is a bit Lisa. Strings are available, uh, to anybody, you know that I can actually have access to Google, So
06:10
Okay, where are preachers? Printers? Kind of a big deal. I mean, you can't imagine how many times have a hacked ah, business by using their printer server or, you know, the prince herself so
06:25
kind of release me.
06:27
Okay.
06:29
I got banned by Google. Yeah, I'm not machine I'm not.
06:32
I rule about Google. You can imagine that. Okay. Were Page
06:39
uh,
06:41
a printer? Okay.
06:44
Can I really see the job? History.
06:46
No. Again.
06:47
Come on.
06:49
Administration mode.
06:51
Okay, they at least have a password.
06:55
Ah, but you get the point. I mean, you can actually find really, really sensitive information with school
07:01
Google Search. Let me just give you another for printers here,
07:05
by the way. Even going too fast, you can just pause the video and see the commands of juicing
07:14
another
07:15
printer.
07:16
OK, print desk page. What will happen if I click that? I don't want to find out, man. I don't want to find out. Bring jobs.
07:27
What happens?
07:29
Smile. Okay.
07:31
Parable, printers,
07:34
serial printer. Not Jeff's Beauty of luck
07:39
can actually see the lock. Oh, my God.
07:42
Okay, I want to keep Deegan,
07:45
but you get the point. I mean, can you even consider that you're the printer you're actually using? Injury business is actually supposed to the internet. You can see how harm harmful. Can this be? And especially if you didn't bother to change the
08:01
credential there come by default. I mean, this kind of big deal to me,
08:05
for example, email manager. That is up, not after date.
08:13
Let me just
08:16
and you know, I'm using a squeal email or school male. Ah, in diversion specific version in your old source and extensions speech be. But, you know, you can actually deuce other things,
08:30
For example. Okay, the did you go on up to date? And you know what's the harm about this? This is ah, passive gathering technique. But you can just go here, for example, and
08:41
swell little law.
08:45
And you can just go to a different level and put that exploit,
08:50
and most likely you'll find information. Okay, Buck and TV and, you know, whatever. A lot of information to exploit that so kind of big deal folks
09:01
again. I'm showing you this, and I'm trusting that you're actually decent people and that you will be using that Thio either. Ah, strengthen the security kind of measures you have in your business, or give me. You know, you may want to make a career as a penetration tester and help your customers
09:20
to actually prove their security
09:22
with that. But you know where you were actually, at the start of the
09:28
in the previous modules off the skirt of the scores. I show you some basic techniques, but, you know, this is the first session that we're actually starting as the penetration testing process goes on, because at the end, the first thing you have to do is to actually got their information about your victim,
09:48
for example.
09:48
Ah, list off servers. You know, with that we're not updated or not. Up to date version,
09:56
for example.
09:58
Welcome to Windows Moll. Business Server 1000 tree.
10:03
Okay, 397 results. Kind of big deal at all.
10:09
Entitle Apache,
10:11
for example.
10:15
Apache. How many Apaches heard there? Okay, a lot off patches, and you get a good idea. I mean, you can actually search what ever's that comes to your mind, and you know, for example, username and password. You know, for an administrator exposed to the Internet. Yeah, that kind of
10:35
You know,
10:37
it's a little scary, but, you know
10:41
Okay, you'd have it. I don't care about that. That, you know, from page from
10:48
deferral businesses. Actually, 115 results so kind of scary. You think? I mean, it is actually files
10:56
that contained password and user name. I'm afraid to click any of them that I want to show you the information that these guys have, but, you know, you get the idea,
11:05
Uh, servers that contain, for example, of a file called passwords that 60
11:13
which, as you can imagine
11:16
Ah, wow. Look at the results.
11:20
And it's kind of scary. You guys. I mean
11:24
Oh, my God. I hope you will fight the name of your business in this web pages or with this web search.
11:31
Okay. Ah, database. Uh um, Buzzwords
11:39
again, Guys, if I'm going too fast, it's just because I want to show you off examples you can use. Absolutely. This decision is to open your mind to the possibilities. You have to, you know, actually use Google as your information, just as your first information gathering
11:58
options. And, you know, in the process,
12:01
in the patrician tasting process, this might be your first step so you can gather information. And I'm not saying information, uh,
12:09
about well, about server itself is you can find actual information. You know, back in the day, I, uh I was trying to hack a customer, but I wasn't able to hack it. I mean, did he have a lot of kind of measures put in place in the perimeter.
12:28
Also, they did have a good
12:31
receive wings in their network. In their internal Edward, they have, you know, Berto lands and, you know, they have firewalls. They have GPS, and they have, you know, every technology you can imagine. So I wasn't able to actually hacked him. But what? I did this I just Googled to search for old employees,
12:50
their social networks, you know, a league game,
12:54
Facebook, Twitter. And I did find a guy that was actually invested a really invested. I mean, this guy has had a hobby with classic cards. So I created a fake page with a classy kourt, and I told him that it was actually selling 11 cards. I you know, I didn't tell him that was, um,
13:13
in a hurry. I need to sell because I was to move the country.
13:16
And, you know, I told story on by sending a link. I mean, uh, actually creating the webpage and crafting the link and exploit in the river Shal wasn't that difficult technique, like, I don't know, a day maybe, uh, listen, that
13:33
But the point is, I was able to do that because I use social networks and Google hacks
13:37
to actually find old employees and and and their social profiles. And I was able to gather that information so back to the Google hacks that have a spaz words. Oh, my God. You can see how many bodies were you confined here, So this is kind of scary. You guys, I don't know
13:56
if you're thinking the same. I'm thinking, but, you know,
13:58
this is scary, and you're probably thinking, okay, how can I actually
14:01
get these commands? They seem complicated. For example, file type in text. I don't know. Uh, yeah. You can just go to this Web page. I'm going to live it a little, like seeking, you know, Lance it a little bit. Ah, but this is just Google hacking database, and you can't see a lot of months in here,
14:20
and they can't even tell you what this does. For example,
14:24
sensitive directories pages containing Logan portals, so you can just, you know, just
14:31
copy base. That, for example, you want to maybe something specific, Apache way. Don't find sage
14:39
sensitive directories.
14:41
Okay. Shh. That any s h whatever, sage. Something specific to maybe isn't b
14:48
okay? five containing juicy info on this copy. Pace.
14:54
This one. You see how simple it is? I mean, I'm not inventing anything here, and I'm gonna bank from the wheeled you guys, I'm gonna inventing anything. I'm just using what's available to me. So Yeah, Bree,
15:07
um Ms Carey results.
15:09
Did you get the idea, You guys? I mean, you can use Google hacks to find information to passively find information for your victim.
15:20
Post assessment questions. Is this information gathering tonight considered passive or active? Well, it's actually considered passive. You. You're not actually interacting with any of your victims
15:33
server or information directly.
15:35
What is performed by the command in U R L? Well, we will search for Ah, whatever. You passed through that command that is contained in the Ural. What is performed by the command, ext? Well, it will search all the pages containing a file. With that, a specific extension.
15:52
For example, BHP.
15:54
In this video, we saw the most common Google hacks options to gather information. We executed some Google hack strings to see the results
16:03
supplements, materials. There's a book called Google Hack Steps and Tools for Finding and Using The World's Information I highly recommend you to do that. I mean, there's there's even, uh,
16:15
saving her about this book. But, you know, I don't think my war for round, but I'm sure about this book. This is a really cool book. I have it. I read it. And, you know, this is how I find I found out about ghoul hacks and, you know, the Mason things. You could do that.
16:30
Looking forward in the next video, we'll cover some D. N s and admiration techniques. Well, that's it for today, folks. I hope you're the video and talk to you soon.

Up Next

Offensive Penetration Testing

This is a deep course about penetration testing. In this course, you’ll learn from basic to the most advanced and modern techniques to find vulnerabilities through information gathering, create and/or use exploits and be able to escalate privileges in order to test your information systems defenses.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor