Welcome to National Cyber Security Awareness Month 2015. Or as I would put it – Business as Usual. Today’s topic is online presence and what attackers can find out about your organization. Often companies bring in expertise to improve their online presence. You know the drill. Establish Twitter and Facebook comlines. Improve the current website. Anything to make customers and users find the right information fast. There’s a downside to this – ever thought of debris left behind by unconscious users?
I’ve been preparing for this post for some weeks now by running through a lot of Google dorks. I’ve written a piece on Google dorks before, back then to find source code repositories. This time I’ll make use of dorks to show you what an attacker can find out about your organization when it comes to uncovering passwords. I’m abusing the fact that companies invest money in their online presence and that the people set to govern the strategy leaves valuable information in plain sight.
The dork I settled on which gave me the best results were:
site:"top_level_domain" filetype:"file extension" "keyword"
The reason I chose it is because it is simple to use and to remember. You can narrow it down to target your own domain. and you can filtrate by file extension like text files. A tip would be to search for passwords.
Before I go ahead, a warning is in place:
Note that I did not confirm if the uncovered usernames and passwords worked – this was an experiment to discover what’s out there without taking advantage from it to show company debris.
This dork was an instant success. I was able to find
- Backups of password reset e-mails
- Copies of domain registrations with login credentials to FTP, hosting services, DNS dashboards and e-mails
- Password policies
It amazes me that I found plain text login credentials stored in simple text files widely accessible. It’s like an invitation to log in and cause havoc. I suppose you can draw conclusion why this is dangerous by yourself. You might wonder why I put passwords policies on this list. Well, by knowing your password policy it would make it easier for me to brute force passwords since I would know the limitations and policies for your passwords.
Hopefully I made you think. Your organization may leak more information than it should. The information may lead to unknown consequences and economic loss. As far as I can see it you can never stop leakage 100%, but you can cut the risk. One way is to run Google dorks on your own organization to uncover what might be out there. It’s simple, it doesn’t take long and it’s free. For more information on dorking yourself, have a look at this resource.