Google recon

Going beyond simply reading a web page and extracting helpful information from it, google can be used to find much more information that can aid an attacker.

  • Searching for target information – the attacker often begins by doing simple searches and building some kind of knowledge record or map of what they have learned. This could be just hand written notes or a text file, or it could be a more organized format like a spreadsheet or small database, or in a very organized group of attackers working in collaboration, more sophisticated tools designed to do data mining and knowledge sharing could be used very effectively.
  • Drilling in on specifics – once the general knowledge map is filled out, the attacker can start to look into specific areas of interest. Using google advanced search to restrict searches to specific sites or domains can greatly facilitate this process.
    • System information – help desk and technical support web pages often include a lot of system configuration information and even general Q&A dialogue usually reveals plenty of information about what hardware and software is being used inside an organization.
    • People – information about people inside the target organization may become useful in a variety of unanticipated ways and will always be of extreme value to any social engineering effort. By building an organizational chart and then filling in profiles of individuals, a lot can be determined about roles and responsibilities. It may become possible to run searches looking for message board posts made by key individuals who have asked questions that reveal technical information including some vulnerabilities or defenses that the organization is using.
    • Policy and procedures – organizations often post some of their policy and procedures publicly and usually do this on some kind of intranet that may or may not have strong restrictions in place. Knowing even general policy can be helpful and specifics are often available such as minimum password length or wireless security settings and the type of encryption or protocols being used.
  • Target vulnerabilities – as more and more system information is accumulated, it may become possible to start searching for vulnerability related information such as software versions that are revealed by banners. For instance – searching for a specific string that web servers usually show may reveal a list of web servers running a specific version of software that has a known vulnerability. When this becomes possible, it can yield information as valuable as a vulnerability scan to the attacker, but with almost no chance of the defenders detecting the interest.

Leave a Reply

You must be logged in to post a comment.