Quien se inicia en el mundo del hacking y/o el pentesting en sí, ha oído hablar del llamado “Hacking con buscadores“, me refiero a términos como Google hacking, Bing hacking etc…
Seguro que mas de uno/a recuerda algunas de las herramientas que pongo a continuación.
¿A alguien le trae buenos recuerdos?
Luego tenemos proyectos como los de Stach&Liu
El artículo de hoy no va sobre este proyecto sino sobre GooDork. Podremos hacer Google Hacking desde la línea de comandos!
Para usar la herramienta la clonamos desde el GitHub.
darkmac:~ marc$ git clone https://github.com/k3170makan/GooDork.git
Cloning into ‘GooDork’…
remote: Counting objects: 103, done.
remote: Compressing objects: 100% (52/52), done.
remote: Total 103 (delta 53), reused 95 (delta 46)
Receiving objects: 100% (103/103), 32.96 KiB, done.
Resolving deltas: 100% (53/53), done.
Para poder usarlo hay que instalar dependencias, en mi caso solo ha echo falta instalar BeautifulSoup4. Se puede instalar vía pip o easy_install.
Vamos a hacer una búsqueda.
-
darkmac:GooDork marc$ python GooDork.py inurl:/products/category/?id=
-
_/_/_/ _/_/_/ _/
-
_/ _/_/ _/_/ _/ _/ _/_/ _/ _/_/ _/ _/
-
_/ _/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/_/
-
_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/
-
_/_/_/ _/_/ _/_/ _/_/_/ _/_/ _/ _/ _/
-
by k3170
-
[]
-
Searching >>inurl:/products/category/?id=<<
-
200
-
OK
-
Date: Thu, 11 Jul 2013 21:52:45 GMT
-
Expires: -1
-
Cache-Control: private, max-age=0
-
Content-Type: text/html; charset=ISO-8859-1
-
Set-Cookie:PREF=ID=0cd70a2461167b31:FF=0:TM=1373579565:LM=1373579565:S=P7g9NPNmp3pg3t2c;expires=Sat, 11-Jul-2015 21:52:45 GMT; path=/; domain=.google.com
-
Set-Cookie: NID=67=dSh-AyrbkHxbIDdf0eDO2GhBFE8KF1MIDzrERJQANpsFJTA4hJXYtNdwAW-7h6IDgE7jCBFfRSri7Hgg0gXabq5oebaEqnMMHGcBhhPDXfkJ9KY36rMhK99GgIECk4ma; expires=Fri,10-Jan-2014 21:52:45 GMT; path=/; domain=.google.com; HttpOnly
-
P3P: CP=”This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info.”
-
Server: gws
-
X-XSS-Protection: 1; mode=block
-
X-Frame-Options: SAMEORIGIN
Aquí tenemos la respuesta por parte de servidor, ahora veremos que es lo que ha encontrado.
-
[‘http://www.irnashop2.com/backup/hamkar/theTba-Contents/Components/Operator/Templates/Products/Category.ascx’,’http://www.jotform.com/help/tag/products%2520category’,’http://stores.ebay.com/Periscope-Military-Products/Category-1-/_i.html%3F_fsub%3D2′, ‘http://stores.ebay.com/NATURAL-GREEN-MOSS-PRODUCTS/Category-1-/_i.html%3F_fsub%3D2′,’http://demo2.zylone.com/zylone_basic_v2_untested/products/category/number-charms’,’http://godynamic.eon.ph/our-products/category%2520b.html’,’http://www.geelongmedical.com.au/products/category/XPTBWJOR’,’http://www.freelancer.co.uk/job-search/magento-products-category-tree/’,’http://gdrectifiers.co.uk/products/category/power_assemblies/rotating_diode_assemblies/’, ‘http://stores.ebay.ca/Periscope-Military-Products/Category-1-/_i.html%3F_fsub%3D2’, ‘http://www.red-dot-21.com/products/category/kitchen’,’http://www.trustradius.com/products%3Fcategory%3Dweb-analytics-visitor-id%26like%3Dapptegic’,’http://www.venditacoltelli.com/web/portale.php/products/category/cat/221′,’http://www.aliexpress.com/item/Materials-knitted-products-category-scarf-applicable-sex-female-age-range-method-of-weaving-warp-processing-Zharan/518862084.html’, ‘http://www.freelancer.com.jm/job-search/list-products-category-page-zencart/’, ‘http://ixld.com/products/category%3Fid%3D6609′,’http://nanotechelectronics.com/index.php/products/category/8-gsm-pay-phones’,’http://www.capitalcardsystems.com/products/category-details/-in-department/departments/id-products-systems’, ‘http://www.freelancer.ph/job-search/cre-loaded-show-products-category-subcategories-v20/’,’http://www.freelancer.co.za/job-search/virtuemart-products-category-view/’,’http://www.gearsource.com/catalog/browse/brand/lex-products/category/dimming/page/1/priceend/2500/pricestart/1001/rows/10/shoppingstyle/listings/sortby/lastmodified%257Cdesc’,’http://www.indeed.com/forum/cmp/Oldcastle-Location%253A-Corona-Posted-On%253A-August-17,-2010-Share-This-Job-On-Facebook-Job-Description%253A-Human-Resources-Generalist-Product-Group%253Aoldcastle-Distribution-Job-Id%253A13223company%253Aallied-Building-Products-Category%253Ahuman-Resources.html’,’http://www.secure.namify.com/products/category.aspx%3Fcategid%3Dtablecovers’,’http://aetheriusdesign.com/aetheriusdesign.com/%3Faction%3Dproducts%26category%3Dlogo%26page%3D2′, ‘http://www.peterschem.com/products/category/14%3Fprint%3D1′,’http://www.districtsystems.com/sandbox/index.php/products/category/id-card-makers’,’http://www.mavercarp.co.uk/index.php%3Foption%3Dproducts%26category%3D1%26id%3D6′,’http://www.openpr.com/news/155974/Ducon-Technologies-I-Pvt-Ltd-Announced-IndiaMART-Leader-of-Tomorrow-Engineering-Products-Category.html%3FSID%3D41ab5ae360b1033d0b6136c67e0a1206′,’http://deiramarket.com/dubai/wholesaler/product-P1013536-selling-offer-from-Strollers-Walkers–Carriers-group-in-Baby-Products-category-Stokke-2011-Xplory-Stroller’, ‘http://zanzo.oakdene-services.com/products/category/view/senator-super-hit–ballpen–01607p’, ‘http://www.freelancer.com.bd/job-search/list-products-category-page-zencart/’, ‘http://www.freelancer.hk/job-search/virtuemart-products-category-view/’, ‘http://www.polyg.com.tw/products-category.php%3Fid%3D4′,’http://www.freelancer.sg/work/cre-loaded-show-products-category-subcategories-v20/’,’http://www.mubrno.com/e_shop/products/category%3Fp%3D2%26s%3Did%26c%3DKRTEK’,’http://www.freelancer.co.id/job-search/list-products-category-page-zencart/’,’http://www.freelancer.pk/work/magento-ramdom-products-category/’,’http://www.riscogroup.com/products/category/wireless%2520systems%252Blightsys’,’http://preprod.daitem.fr/products/category/slugUniverse:pour-mon-entreprise/slugRange:proteger/lang:fr’,’http://furtherfasterforever.com/blog/store/products/category/bicycling-shorts/’,’http://www.mavermatch.co.uk/index.php%3Foption%3Dproducts%26category%3D63%26id%3D265′, ‘http://www.fancy.com/things/257925959309597777/Boast-USA-:-Products-:-Category’, ‘http://pastamamas.gourmet-basket.com/products/category/vegetables-and-potatoes%3Fsort%3Dname%26direction%3Dasc’, ‘http://re-downloads.info/Wallpapers-Popular-Products-Category.html’, ‘http://www.trekhaak-trekhaken.be/en/products/category/espace-iv-mpv-1102′,’http://www.tiffanysealing.com/products/category/%3Fid%3D2′,’http://www.tiffanysealing.com/products/category/%3Fid%3D14′,’http://www.peterschem.ru/products/category/14%3Fprint%3D1′,’http://www.esd.bg/index.php/en/products/category/list/product/biometric-ID-Board-G83-14400’, ‘http://www.saauto.com.au/products/category/EBMEPAMB’,’http://www.qsptips.com/products/category.aspx%3Fid%3D15′,’http://www.muovitech.com/%3Fpage%3Dproducts%26category%3DPE-pipes%2520and%2520PE-fittings%26id%3D423′, ‘http://www.petrocanada-kpi.com/products/category/%3Fid%3D1′,’http://www.seema.de/en/products/category/63-Packing—Depacking%3Fdir_new%3Ddesc%26dir_old%3Dasc%26order_new%3Dmachines.id.new%26order_old%3Dmachines.manufacturer.old’, ‘http://www.crehelp.com/show-all-products-category-amp-subcategories-v10-id-4209.html’,’http://www.desalination.biz/products/category.asp%3Fid%3D301%26title%3DWater%2BStorage%2BTanks%26channel%3D0′, ‘http://ping.sg/read/www-gate-barrier-com-products-category-id-9-penyedia-no1-aut’,’http://community.emerson.com/networkpower/support/avocent/desktop/longview/w/wiki/1432.longview-products-category-5-cable-568b.aspx’,’http://itstore.prapey.com/store/products/category/id-card-printing/’,’http://rapbank.com/products/category/self-help/’,’http://rapbank.com/products/category/free/’,’http://www.toysopt.com.ua/products/category/id/2629/’,’http://bytes.com/topic/coldfusion/answers/932182-how-show-category-then-all-products-category-each-category’, ‘http://ac.runcode.us/q/access-products-category-attribute-info-from-php-with-magento-api’,’http://www.computeruser.com/pressreleases/more-than-6300-uk-suppliers-in-home-products-category-at-wholesalepagescouk.html’, ‘http://efreedom.com/Question/1-4356019/Magento-Get-Products-Category-Order-Rand’,’http://business.highbeam.com/437399/article-1G1-180696438/products-category’,’http://go4answers.webhost4life.com/SearchResult.aspx%3Fq%3Dtechnical%2Breason%2B10%2B000%2Bproducts%2Bcategory%2Bsql%2Bprespective’,’http://www.ariscomandiri.com/products-category/50/156/oem_products’,’http://www.megaiklan.com/kategori.php%3Fgratis%3D323259%26view%3Dwww.gate-barrier.com/products/category/%3Fid%3D1pusat’, ‘http://occforeclosure.net/archive-for-the-hot-new-products-category/jayclarkent.com*jcemain*wp-content*uploads*2011*01*jay032.jpg/’, ‘http://id.scribd.com/doc/139943470/Products-Category’,’http://www.inlazy.com/png/png.aspx%3Fid%3D53554_Digital%2Baudio%2Band%2Bvideo%2Bproducts%2Bcategory%2Bvector%2Bicon’, ‘http://www.picstopin.com/600/products-category-palace-figure/http:%257C%257Cwww*fly-artxm*com%257CPic_Produets%257C20122212030440*jpg/’,’http://www.tradeeasy.com/search/manufacturers-products/category%25206.html’,’http://www.usbmax.com/Products/category.cfm%3Fid%3D177′,’http://www.sitefile.org/seo/tripodturnstilegate.com~~products~~category~~%2560%2560id%253D5.htm’,’http://www.sitefile.org/seo/tripodturnstilegate.com~~products~~category~~%2560%2560id%253D11.htm’,’http://www.sitefile.org/seo/tripodturnstilegate.com~~products~~category~~%2560%2560id%253D4.htm’, ‘http://www.workmob.com/products/http-wwwmarblepluscomau-products-category-XDUKNHUI/21025’]
-
step: 301 ,results: 80
Podemos acotar más la búsquedas:
-
darkmac:GooDork marc$ python GooDork.py site:.com -u ‘article.php?id=’
La herramienta es muy sencilla de usar:
-
darkmac:GooDork marc$ python GooDork.py
-
_/_/_/ _/_/_/ _/
-
_/ _/_/ _/_/ _/ _/ _/_/ _/ _/_/ _/ _/
-
_/ _/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/_/
-
_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/
-
_/_/_/ _/_/ _/_/ _/_/_/ _/_/ _/ _/ _/
-
by k3170
-
version 2.2.1
-
Usage: ./GooDork [dork] {options}
-
dork — google search query
-
pattern — a regular expression to search for
-
OPTIONS
-
-b ‘pattern’ — search the displayable text of the dork results for ‘pattern’
-
-t ‘pattern’ — search the titles of the dork results for ‘pattern’
-
-u ‘pattern’ — search the urls of the dork results for ‘pattern’
-
-a ‘pattern’ — search in the anchors of the dork results for ‘pattern’
-
-s ‘pattern’ — search in the script tags of the dork results for ‘pattern’
-
-o ‘filename’ — ouput the results
-
-L amount — Limit the amount of restults processed to the first L results
-
-U ‘user-agent’– Custom User-agent
-
e.g ./GooDork site:.edu -bStudents #returns urls to all pages in the .edu domain displaying ‘Students’
-
e.g ./GooDork site:.edu -o universities.txt #returns urls to all pages in the .edu ‘universities.txt’
Si no tenemos mucha idea de como escoger los dorks adecuados podemos visitar webs tan emblemáticas como:
No hará falta que diga que se podría hacer un módulo para SQLmap que buscara algo parecido a:
-
inurl:/general.php?*id=*
-
inurl:/careers-detail.asp?id=
-
inurl:/WhatNew.asp?page=&id=
-
inurl:/gallery.asp?cid=
-
inurl:/publications.asp?type=
-
inurl:/mpfn=pdview&id=
-
inurl:/reservations.php?id=
-
inurl:/list_blogs.php?sort_mode=
-
inurl:/eventdetails.php?*=
-
inurl:/commodities.php?*id=
-
inurl:/recipe-view.php?id=
-
inurl:product.php?mid=
-
inurl:view_ad.php?id=
-
inurl:/imprimir.php?id=
-
inurl:/prodotti.php?id=
-
inurl:index.cgi?aktion=shopview
-
inurl:/default.php?id=
-
inurl:/default.php?portalID=
-
inurl:/*.php?id=
-
inurl:/articles.php?id=
-
inurl:/os_view_full.php?
-
inurl:/Content.asp?id=
-
inurl:/CollectionContent.asp?id=
-
inurl:/Details.asp?id=
-
intext:”Powered By : SE Software Technologies” filetype:php
-
inurl:/index.php?pgId=
-
inurl:/index.php?PID= “Powered By Dew-NewPHPLinks v.2.1b”
-
inurl:/dosearch.asp?
-
inurl:/details.php?linkid=
-
inurl:/viewfaqs.php?cat=
-
inurl:/calendar.php?token=
-
Source : http://rendys-xp.blogspot.com/2013/01/google-dork-sql-injection.html#ixzz2YmJKDrOn
Y lanzará sqlmap directamente, pero no daremos más malas ideas 😛
[+] Github del Proyecto: https://github.com/k3170makan/GooDork
[+] Web con el artículo del autor: http://blog.k3170makan.com/2012/03/goodork-super-charging-your-google.html
[+] Web con múltiples Google Dorks: http://www.exploit-db.com/google-dorks/
Fuente:
securitybydefault.com