When I was still working at the University of Wisconsin, a co-worker of mine showed me a way to find unprotected directories indexed by Apache and web cameras. Not those kind of web cam feeds – these are usually security cameras in innocuous places, like restaurants, streets, tops of buildings… etc., that are so benign (usually) that whoever set them up decided they didn’t need to be secured (or didn’t know how to secure them).
Anyway, the way he found these was the interesting part. At the time, it was termed “Google Hacking” although now it is sometimes called “Google dorking.” It is simply using Google to find unsecured web content with targeted search terms. You’re generally looking for things like:
- Content that has been indexed by Apache or IIS (or any webserver for that matter), but isn’t secured. This allows you to find web content that may not be intended for public consumption (i.e. there aren’t links from web pages to these files). A good example would be to Google this:
intitle:index.of “Apache/2.0 Server at”
This will yield a LOT of results, most of which will be normal and of no value. Additional operators/terms would be needed to find anything interesting very quickly
- Password files of various types. This seems silly, but there are a lot of password files that are on the internet. The most vulnerable are clear-text passwords (as opposed to hashed passwords). Once you have someone else’s username and password, you proceed to do your malevolent activities. A good example of a Google search for clear-text passwords is:
- Sensitive data such as Personally Identifiable Information (PII) or credit card information, that is stored in clear-text
- FTP Sites that allows anonymous connections
You can actually see a lot of the world through Google hacking links to webcams. You can try this one for example:
The first result, for example, is a camera over an outdoor eating area at The Salty Dog Cafe.
Or you can find network printers that are accessible to the world wide web, and print funny pictures on their printer. You can find a fair number of printers with these search terms:
Maybe you could print this for them:
You can find a lot of information on dorking and some good examples at the Google Hacking DataBase.
One last note – if you’re doing this for malevolent purposes, you may get ‘caught’ – IT security folks are not dumb, so if you try to malevolently attack an organization this way, you are most likely going to find a ‘honeypot.’ A honeypot is an INTENTIONALLY CREATED VULNERABLE AREA to draw in rookie hackers and bust ’em or at the very least, log the malevolent attempt. If you’re doing this for learning/academic worries, I wouldn’t sweat it. On the other hand, should you be taking any legal advice from me?
No. You should not, under any circumstances, take legal advice from me.