Google hacking for penetration tester - part 34 docx

Table 8.11Queries That Locate Various Network Devices Sony NC RZ30 Camers SNC-RZ30 HOME Sony NC RZ20 Cameras intitle:snc-z20 inurl:home/ Mobotix netcams intext:”MOBOTIX M1” | intext:”MOB

Trang 1

Figure 8.31Webcams Placed Outside a Facility

Most network printers manufactured these days have some sort of Web-based interface installed If these devices (or even the documentation or drivers supplied with these devices)

are linked from a Web page, various Google queries can be used to locate them

Once located, network printers can provide an attacker with a wealth of information As shown in Figure 8.32, it is very common for a network printer to list details about the

sur-rounding network, naming conventions, and more Many devices located through a Google

search are still running a default, insecure configuration with no username or password

needed to control the device In a worst-case scenario, attackers can view print jobs and

even coerce these printers to store files or even send network commands

Trang 2

Figure 8.32Networked Printers Provide Lots of Details

Table 8.11 shows queries that can be used to locate various network devices

Table 8.11Queries That Locate Various Network Devices

PhaserLink Printers intitle:”View and Configure PhaserLink”

Panasonic Network Cameras inurl:”ViewerFrame?Mode=”

Trang 3

Table 8.11Queries That Locate Various Network Devices

Sony NC RZ30 Camers SNC-RZ30 HOME

Sony NC RZ20 Cameras intitle:snc-z20 inurl:home/

Mobotix netcams (intext:”MOBOTIX M1” | intext:”MOBOTIX M10”)

intext:”Open Menu” Shift-Reload Panasonic WJ-NT104 intitle:”WJ-NT104 Main Page”

AXIS Cameras intitle:”Live View / - AXIS”

Phaser 6250N Printer “Phaser 6250” “Printer Neighborhood” “XEROX

CORPORATION”

Xerox Phaser Printer “Phaser740 Color Printer” “printer named: “

Phaser 8200 Printer “Phaser 8200” “Xerox” “refresh” “ Email Alerts”

Xerox Phaser 840 “Phaser 840 Color Printer” “Current Status”

Canon “WebView LiveScope” intitle:liveapplet inurl:LvAppl

Xerox Phaser 4500/6250/ intext:centreware inurl:status

8200/8400

Linux Dreamboxes intitle:”dreambox web”

Axis Netcams intitle:”Live View / - AXIS” | inurl:view/view.sht

Fiery WebTools (“Fiery WebTools” inurl:index2.html) | “WebTools

enable * * observe, *, * * * flow * print jobs”

Konica Network Printer intitle:”network administration” inurl:”nic”

Ricoh Aficio 1022 inurl:sts_index.cgi

Ricoh Afficio Printer intitle:RICOH intitle:”Network Administration”

Canon ImageReady 3300, intitle:”remote ui:top page”

5000 & 60000

HP Printers inurl:hp/device/this.LCDispatcher

Webeye webcams intitle:webeye inurl:login.ml

AXIS StorPoint CD+ intitle:”axis storpoint CD” intitle:”ip address”

Cisco Switches intitle:”switch home page” “cisco systems” “Telnet

- to”

Linksys webcam camera linksys inurl:main.cgi

My webcamXP server intitle:”my webcamXP server!” inurl:”:8080”

Trang 4

Table 8.11 continuedQueries That Locate Various Network Devices

Ricoh Aficio 2035 (inurl:webArch/mainFrame.cgi ) | (intitle:”web (fax/scanner) image monitor” -htm -solutions)

Axis Network Camera inurl:netw_tcp.shtml

Panasonic Network Camera site:.viewnetcam.com -www.viewnetcam.com Toshiba netcams intitle:”toshiba network camera - User Login” CCTV webcams “please visit” intitle:”i-Catcher Console” Copyright

“iCode Systems”

XeroxDocuPrint printer intitle:”Home” “Xerox Corporation” “Refresh

Status”

Xerox 860 and 8200 Printers intext:”Ready with 10/100T Ethernet”

Lexmark printers intext:”UAA (MSB)” Lexmark -ext:pdf

Tandberg video conferencing intext:”Videoconference Management System” appliances ext:htm

Phaser printers “Copyright (c) Tektronix, Inc.” “printer status” Xerox DocuPrint printer intext:”MaiLinX Alert (Notify)”

-site:net-workprinters.com Brother HL Printers inurl:”printer/main.html” intext:”settings”

Axis Storpoint axis storpoint “file view” inurl:/volumes/

Netsnap Online Cameras intitle:”Live NetSnap Cam-Server feed”

V-Gear Bee Web Cameras intitle:”V-Gear BEE”

Audio ReQuest home intitle:”AudioReQuest.web.server”

CD/MP3 player

CUPS Printers inurl:”:631/printers” -php -demo

Axis Video Cameras

Linksys Wireless-G web cams inurl:”next_file=main_fs.htm” inurl:img

inurl:image.cgi

Trang 5

SnapStream Digital filetype:cgi transcoder.cgi

Video Recorder

Axis Network Print Server intitle:”Network Print Server” filetype:shtm (

inurl:u_printjobs | inurl:u_server | inurl:a_server | inurl:u_generalhelp | u_printjobs )

Axis Network Print Server intitle:”Network Print Server”

intext:”http://www.axis.com” filetype:shtm

Sweex, Orite Web Cameras allinurl:index.htm?cus?audio

EDSR video cameras intitle:”EverFocus.EDSR.applet”

Epson Web Assist intitle:”EpsonNet WebAssist Rev”

Brother printers intitle:”Brother” intext:”View Configuration”

intext:”Brother Industries, Ltd.”

Linksys webcams intitle:Linksys site:ourlinksys.com

mmEye webcam allintitle:Brains, Corp camera

Dell ESW Printers intitle:”Dell Laser Printer” ews

HomeSeer home intitle:HomeSeer.Web.Control |

automation server Home.Status.Events.Log

Samsung webthru cameras “Webthru User Login”

Lexmark printers (4 models) intitle:”Lexmark *” inurl:port_0

Aficio printers inurl:/en/help.cgi “ID=*”

HP Officejet help page intitle:jdewshlp “Welcome to the Embedded Web

Server!”

Xerox Phaser printers “display printer status” intitle:”Home”

Winamp Servers “About Winamp Web Interface” intitle:”Winamp

Web Interface”

NeroNet Servers intitle:”NeroNET - burning online”

Xerox (*Centre) Printers ext:dhtml intitle:”document centre|(home)” OR

intitle:”xerox”

Lexmark and Dell Printers inurl:”port_255” -htm

Adobe’s PrintGear intext:”Powered by: Adobe PrintGear” inurl:admin

Trang 6

AVTech Video Web Server intitle:”—- VIDEO WEB SERVER —-” intext:”Video

Web Server” “Any time & Any where” username password

VPON (Video Picture On Net) inurl:start.htm?scrw=

video surveillance system

Dell Printers intitle:”Dell *” inurl:port_0

Kpix Java Based Traffic (cam1java)|(cam2java)|(cam3java)|

Cameras (cam4java)|(cam5java)|(cam6java) -navy.mil -backflip

-power.ne.jp Mobile Cameras inurl:”S=320x240” | inurl:”S=160x120”

inurl:”Q=Mob Panasonic IP cameras inurl:”CgiStart?page=”

Dell and Lexmark Printers intitle:”configuration” inurl:port_0

Dell Laser Printer M5200 intitle:”Dell Laser Printer M5200” port_0

AXIS 240 Camera Servers intitle:”AXIS 240 Camera Server” intext:”server

push” -help Veo Observer Web Client intitle:”Veo Observer Web Client”

Standalone Network Camera intitle:”Java Applet Page” inurl:ml

DVR Systems intitle:”WEBDVR” -inurl:product -inurl:demo

sensorProbe Environmental “Summary View of Sensors” | “sensorProbe8 v *” |

iDVR Camera intitle:iDVR -intitle:”com | net | shop” -inurl:”asp |

htm | pdf | html | php | shtml | com | at | cgi | tv” INTELLINET IP camera intitle:”INTELLINET” intitle:”IP Camera Homepage” StarDot netcam intitle:”NetCam Live Image” edu gov

-johnny.ihackstuff.com Netbotz devices intitle:”netbotz appliance” inurl:.php inurl:.asp

-inurl:.pdf -inurl:securitypipeline -announces Phaser Network Printers Phaser numrange:100-100000 Name DNS IP “More

Printers” index help filetype:html | filetype:shtml Orite 301 Netcams intitle:”Orite IC301” | intitle:”ORITE Audio

IP-Camera IC-301” -the -a Brimsoft webcam intitle:”Biromsoft WebCam” 4.0 serial ask crack

-software -a -the -build -download -v4 -3.01 -num-range:1-10000

Continued

Trang 7

VisionGS Webcam (intitle:”VisionGS Webcam

Software”)|(intext:”Powered by VisionGS Webcam”) showthread.php showpost.php

-”Search Engine” -computersglobal.com -site:g IQeye netcam intitle:”IQeye302 | IQeye303 | IQeye601 | IQeye602 |

IQeye603” intitle:”Live Images”

Samsung printers “This page is for configuring Samsung Network

Printer” | printerDetails.htm Intel Netport Express intitle:”SNOIE Intel Web Netport Manager” OR

Print Server intitle:”Intel Web Netport Manager Setup/Status”

Express6 live video controller Display Cameras intitle:”Express6 Live Image”

Sony SNT-V304 Video intitle:”Sony SNT-V304 Video Network Station”

Windows 2003 Remote inurl:Printers/ipp_0001.asp

Printing

Linksys wireless G Camera inurl:/img/vr.htm

Sony DCS-950 Web Camera DCS inurl:”/web/login.asp”

Dell laser printers intitle:”Dell Laser Printer *” port_0

-johnny.ihack-stuff INTELLINET IP Camera intitle:”::::: INTELLINET IP Camera Homepage :::::

Celestix Taurus Server intext:”Welcome to Taurus” “The Taurus Server

Appliance” intitle:”The Taurus Server Appliance”

Sharp printers intitle:”AR-*” “browser of frame dealing is

neces-sary”

Watchdogs WxGoos Camera intitle:”WxGoos-” (“Camera image”|”60 seconds” )

Nuvico DVR intitle:”DVR Client” the free pdf downloads

-blog -download -dvrtop Hunt Electronics web cams “OK logout” inurl:vb.htm?logout=1

IVC Security Cameras intitle:”IVC Control Panel”

MOBOTIX Cameras (intitle:MOBOTIX intitle:PDAS) | (intitle:MOBOTIX

intitle:Seiten) | (inurl:/pda/index.html +camera) Netbotz devices intitle:”Device Status Summary Page” -demo

iGuard Fingerprint intitle:”iGuard Fingerprint Security System”

Security System

Continued

Trang 8

Veo Observer XT intitle:”Veo Observer XT”

inurl:shtml|pl|php|htm|asp|aspx|pdf|cfm -intext:observer

EyeSpyFX or OptiCamFX (intitle:(EyeSpyFX|OptiCamFX) “go to

MOBOTIX cameras inurl:cgi-bin/guestimage.html

Sony SNC-RZ30 IP camera intitle:”SNC-RZ30” -demo

Everfocus EDSR400 allintitle: EverFocus | EDSR | EDSR400 Applet

Everfocus EDR1680 allintitle:Edr1680 remote viewer

Everfocus EDR1600 allintitle: EDR1600 login | Welcome

Everfocus EDR400 allintitle: EDR400 login | Welcome

Boshe/Divar Net Cameras intitle:”Divar Web Client”

Axis Cameras intitle:”Live View / - AXIS” | inurl:view/view.shtml

OR inurl:view/indexFrame.shtml | intitle:”MJPG Live Demo” | “intext:Select preset position”

Axis Cameras 2XXX Series allintitle: Axis 2.10 OR 2.12 OR 2.30 OR 2.31 OR

2.32 OR 2.33 OR 2.34 OR 2.40 OR 2.42 OR 2.43

“Network Camera “ BlueNet Video Viewer intitle:”BlueNet Video Viewer”

Stingray File Transfer Server intitle:”stingray fts login” | ( login.jsp

intitle:StingRay ) Softwell Technology allintitle:”DVR login”

“Wit-Eye” DVR

WR Control Lite Multi- inurl:wrcontrollite

Camera View

Axis Video Server (CAM) inurl:indexFrame.shtml Axis

AXIS Video Live Camera intitle:”Live View / - AXIS”

AXIS Video Live View intitle:”Live View / - AXIS” | inurl:view/view.sht

AXIS 200 Network Camera intitle:”The AXIS 200 Home Page”

Canon Network Camera intitle:liveapplet inurl:LvAppl

Mobotix Network Camera intext:”MOBOTIX M1” intext:”Open Menu”

Panasonic Network Camera intitle:”WJ-NT104 Main Page”

Panasonic Network Camera inurl:”ViewerFrame?Mode=”

Trang 9

Seyeon FlexWATCH Camera intitle:flexwatch intext:”Home page ver”

Sony Network Camera intitle:snc-z20 inurl:home/

Canon ImageReady intitle:”remote ui:top page”

Fiery Printer Interface (“Fiery WebTools” inurl:index2.html) | “WebTools

enable * * observe, *, * * * flow * print jobs”

Konica Printers intitle:”network administration” inurl:”nic”

RICOH Printers intitle:RICOH intitle:”Network Administration”

Tektronix Phaser Printer intitle:”View and Configure PhaserLink”

Xerox Phaser (generic) inurl:live_status.html

Xerox Phaser 6250 Printer “Phaser 6250” “Printer Neighborhood” “XEROX

CORPORATION”

Xerox Phaser 740 Printer “Phaser® 740 Color Printer” “printer named: “

phaserlink

Xerox Phaser 840 Printer Phaser® 840 Color Printer

Xerox Centreware Printers intext:centreware inurl:status

XEROX WorkCentre intitle:”XEROX WorkCentre PRO - Index”

Trang 10

Attackers use Google for a variety of reasons An attacker might have access to an exploit for

a particular version of Web software and may be on the prowl for vulnerable targets Other times the attacker might have decided on a target and is using Google to locate information about other devices on the network In some cases, an attacker could simply be looking for Web devices that are poorly configured with default pages and programs, indicating that the security around the device is soft

Directory listings provide information about the software versions in use on a device Server and application error messages can provide a wealth of information to an attacker and are perhaps the most underestimated of all information-gathering techniques Default pages, programs, and documentation not only can be used to profile a target, but they serve as an indicator that the server is somewhat neglected and perhaps vulnerable to exploitation Login portals, while serving as the “front door” of a Web server for regular users, can be used to profile a target, used to locate more information about services and procedures in use, and used as a virtual magnet for attackers armed with matching exploits In some cases, login portals are set up by administrators to allow remote access to a server or network.This type of login portal, if compromised, can provide an entry point for an intruder as well Google can be used to locate or augment Web-based networking tools like NQT, which enables remote execution of various network-querying applications Using creative queries, Google may even locate Web-enabled network devices in use by the target or output from network statistical packages Whatever your goal during a network-based assessment, there’s a good chance Google can be used to augment your existing tools and techniques

Solutions Fast Track

Locating and Profiling Web Servers

Directory listings and default server-generated error messages can provide details about the server Even though this information could be obtained by connecting directly to the server, an attacker armed with an exploit for a particular version of software could find a target using a Google query designed to locate this

information

Server and application error messages proved a great deal of information, ranging from software versions and patch level, to snippets of source code and information about system processes and programs Error messages are one of the most

underestimated forms of information leakage

Định dạng
Số trang	10
Dung lượng	516,06 KB