using google to hack your site #pubcon
TRANSCRIPT
#pubcon@badams
Using Google to Hack Your Site
Presented by:Barry Adams
Polemic Digital
#pubcon@badams
About Barry Adams• Dutchman in Northern Ireland• Founder of Polemic Digital• Co-Chief Editor for StateofDigital.com• Twitter ranter: @badams• Lecturer & educator
#pubcon@badams
Anatomy of a Hack
1. Reconnaissance2. Scanning3. Gaining Access4. Maintaining Access5. Covering Tracks
#pubcon@badams
Prevention is the best cure• Security through obscurity
– Enough to defeat script kiddies & automated tools
• Won’t stop dedicated hackers– But then, few things will…
#pubcon@badams
Becoming invisible…
#pubcon@badams
Wappalyzer
#pubcon@badams
Hide your version numbers
<meta name="generator" content="WordPress 4.6.1"/>
#pubcon@badams
Broadcasting your security in robots.txt
• Don’t put your back-end login folder in your robots.txt– Use meta robots
noindex,nofollow
#pubcon@badams
Using Google to find weaknesses• Google is a hungry beast• It will crawl & index all it can• Even stuff it really shouldn’t …
Advanced search commands allow you to use Google’s insatiable hunger for your own benefit/protection
#pubcon@badams
Google Advanced Search Commands
site:domain.com > only search within that domainext:xxx > only show files with that extensioninurl:xyz > only show pages with ‘xyz’ in the URL-abc > exclude pages that match ‘abc’| > string searches together with pipes
#pubcon@badams
Login folders
#pubcon@badams
Database files
#pubcon@badams
Configuration files
#pubcon@badams
Log Files
#pubcon@badams
Backups
#pubcon@badams
Documents
#pubcon@badams
Social Engineering• Be careful what you publish online!
– Hackers can use personal information to gain confidence and extract more information.
• Even passwords…
#pubcon@badams
Shared Hosting / Shared Sites
SpyOnWeb.com
#pubcon@badams
Subdomains
https://pentest-tools.com/
#pubcon@badams
To summarise• Minimise your online footprint;
– Anything online can and will be used against you
• Don’t give away any clues;– Make your website difficult to reconnoitre
• Educate your staff;– People are your biggest weakness