Why hack into a network server or device when you can just point and click your way into an open network device? Management devices, like the one submitted by Jimmy Neutron in Figure 6.6, often list all sorts of information about a variety of devices.
Figure 6.5 WhatsUp Status Screen Provides Guests with a Wealth of Information
Figure 6.6 Open APC Management Device
www.syngress.com
Google Hacking Showcase • Chapter 6 129
When m00d submitted the query shown in Figure 6.7, I honestly didn’t think much of it. The SpeedStream router is a decidedly lightweight device installed by home users, but I was startled to fi nd them sitting wide-open on the Internet. I personally like the button in the point-to-point summary listing. Who do you want to disconnect today?
Figure 6.7 Open SpeedStream DSL Router Allows Remote Disconnects
Belkin is a household name in home network gear. With their easy-to-use web-based administrative interfaces, it makes sense that eventually pages like the one in Figure 6.8 would get crawled by Google. Even without login credentials, this page reveals a ton of information that could be interesting to a potential attacker. I got a real laugh out of the Features section of the page. The fi rewall is enabled, but the wireless interface is wide open and unencrypted. As a hacker with a social conscience, my fi rst instinct is to enable encryption on this access point—in an attempt to protect this poor home user from themselves.
130 Chapter 6 • Google Hacking Showcase
Milkman brings us the query shown in Figure 6.9, which digs up the confi guration interface for Smoothwall personal fi rewalls. There’s something just wrong about Google hacking someone’s fi rewall.
Figure 6.8 Belkin Router Needs Hacker Help
www.syngress.com
Google Hacking Showcase • Chapter 6 131
As Jimmy Neutron reveals in the next two fi gures, even big-name gear like Cisco shows up in the recesses of Google’s cache every now and again. Although it’s not much to look at, the switch interface shown in Figure 6.10 leaves little to the imagination—all the confi guration and diagnostic tools are listed right on the main page.
Figure 6.9 Smoothwall Firewall Needs Updating
Figure 6.10 Open Cisco Switch
132 Chapter 6 • Google Hacking Showcase
This second Cisco screenshot should look familiar to Cisco geeks. I don’t know why, but the Cisco nomenclature reminds me of a bad Hollywood fl ick. I can almost hear the grating voice of an over-synthesized computer beckoning, “Welcome to Level 15.”
Figure 6.11 Welcome to Cisco Level 15
The search shown in Figure 6.12 (submitted by Murfi e) locates interfaces for an Axis network print server. Most printer interfaces are really boring, but this one in particular piqued my interest. First, there’s the button named confi guration wizard,
www.syngress.com
Google Hacking Showcase • Chapter 6 133
Printers aren’t entirely boring things. Consider the Web Image Monitor shown in Figure 6.13. I particularly like the document on Recent Religion Work. That’s quite an honorable pursuit, except when combined with the document about Aphrodisiacs.
I really hope the two documents are unrelated. Then again, nothing surprises me these days.
Figure 6.12 Axis Print Server with Obscure Buttonage
which I’m pretty sure launches a confi guration wizard. Then there’s the handy link labeled Print Jobs, which lists the print jobs. In case you haven’t already guessed, Google hacking sometimes leaves little to the imagination.
134 Chapter 6 • Google Hacking Showcase
CP has a way of fi nding Google hacks that make me laugh, and Figure 6.14 is no exception. Yes, this is the web-based interface to a municipal water fountain.
Figure 6.13 Ricoh Print Server Mixes Religion and Aphrodisiacs
Figure 6.14 Hacking Water Fountains For Fun and Profi t
www.syngress.com
Google Hacking Showcase • Chapter 6 135
After watching the water temperature fl uctuate for a few intensely boring seconds, it’s only logical to click on the Control link to see if it’s possible to actually control the municipal water fountain. As Figure 6.15 reveals, yes it is possible to remotely control the municipal water fountain.
Figure 6.15 More Water Fountain Fun
One bit of advice though—if you happen to bump into one of these, be nice.
Don’t go rerouting the power into the water storage system. I think that would defi nitely constitute an act of terrorism.
Moving along to a more traditional network fi xture, consider the screenshot captured in Figure 6.16.
136 Chapter 6 • Google Hacking Showcase
Now, I’ve been in the security business for a lot of years, and I’m not exactly brilliant in any one particular area of the industry. But I do know a little bit about a lot of different things, and one thing I know for sure is that security products are designed to protect stuff. It’s the way of things. But when I see something like the log shown in Figure 6.16, I get all confused. See, this is a web-based interfaced for the Snort intrusion detection system. The last time I checked, this data was supposed to be kept away from the eyes of an attacker, but I guess I missed an email or something. But I suppose there’s logic to this somewhere. Maybe if the attacker sees his screw-ups on a public webpage, he’ll be too ashamed to ever hack again, and he’ll go on to lead a normal productive life. Then again, maybe he and his hacker buddies will just get a good laugh out of his good fortune. It’s hard to tell.
Figure 6.16 An IDS Manager on Acid
www.syngress.com
Google Hacking Showcase • Chapter 6 137