Geek Stuff
This section is about computer stuff. It’s about technical stuff, the stuff of geeks. We will take
a look at some of the more interesting technical finds uncovered by Google hackers. We’ll
begin by looking at various utilities that really have no business being online, unless of
course your goal is to aid hackers.Then we’ll look at open network devices and open appli-
cations, neither of which requires any real hacking to gain access to.
Utilities
Any self-respecting hacker has a war chest of tools at his disposal, but the thing that’s inter-
esting about the tools in this section is that they are online—they run on a web server and
allow an attacker to effectively bounce his reconnaissance efforts off of that hosting web
server.To make matters worse, these application-hosting servers were each located with
clever Google queries. We’ll begin with the handy PHP script shown in Figure 11.1 which
allows a web visitor to ping any target on the Internet. A ping isn’t necessarily a bad thing,
but why offer the service to anonymous visitors?
Figure 11.1 Php-ping.cgi Provides Free Ping Bounces
Unlike the ping tool, the finger tool has been out of commission for quite a long time.
This annoying service allowed attackers to query users on a UNIX machine, allowing enu-
meration of all sorts of information such as user connect times, home directory, full name
and more. Enter the finger CGI script, an awkward attempt to “webify” this irritating service.
As shown in Figure 11.2, a well-placed Google query locates installations of this script, pro-
viding web visitors with a finger client that allows them to query the service on remote
machines.
Google Hacking Showcase • Chapter 11 421
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 421
Figure 11.2 Finger CGI Script Allows Remote Fingering
Pings and finger lookups are relatively benign; most system administrators won’t even
notice them traversing their networks. Port scans, on the other hand, are hardly ever consid-
ered benign, and a paranoid administrator (or piece of defense software) will take note of the
source of a port scan. Although most modern port scanners provide options which allow for
covert operation, a little Google hacking can go a long way. Figure 11.3 reveals a Google
search submitted by Jimmy Neutron which locates sites that will allow a web visitor to

portscan a target.
Remember, scans performed in this way will originate from the web server, not from
the attacker. Even the most paranoid system administrator will struggle to trace a scan
launched in this way. Of course, most attackers won’t stop at a portscan.They will most
likely opt to continue probing the target with any number of network utilities which could
reveal their true location. However, if an attacker locates a web page like the one shown in
Figure 11.4 (submitted by Jimmy Neutron), he can channel various network probes through
the WebUtil Perl script hosted on that remote server. Once again, the probes will appear to
come from the web server, not from the attacker.
422 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 422
Figure 11.3 PHPPort Scanner- A Nifty Web-Based Portscanner
Figure 11.4 WebUtil Lets An Attacker Do Just About Anything
Google Hacking Showcase • Chapter 11 423
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 423
The web page listed in Figure 11.5 (submitted by Golfo) lists the name, address and
device information for a school’s “student enrollment” systems. Clicking through the inter-
face reveals more information about the architecture of the network, and the devices con-
nected to it. Consolidated into one easy-to-read interface and located with a Google search,
this page makes short work of an attacker’s reconnaissance run.
Figure 11.5 WhatsUp Status Screen Provides Guests with a Wealth of Information
Open Network Devices
Why hack into a network server or device when you can just point and click your way into
an open network device? Management devices, like the one submitted by Jimmy Neutron in
Figure 11.6, often list all sorts of information about a variety of devices.
424 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 424
Figure 11.6 Open APC Management Device
When m00d submitted the query shown in Figure 11.7, I honestly didn’t think much of
it.The SpeedStream router is a decidedly lightweight device installed by home users, but I

was startled to find them sitting wide-open on the Internet. I personally like the button in
the point-to-point summary listing. Who do you want to disconnect today?
Figure 11.7 Open SpeedStream DSL Router Allows Remote Disconnects
Google Hacking Showcase • Chapter 11 425
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 425
Belkin is a household name in home network gear. With their easy-to-use web-based
administrative interfaces, it makes sense that eventually pages like the one in Figure 11.8
would get crawled by Google. Even without login credentials, this page reveals a ton of
information that could be interesting to a potential attacker. I got a real laugh out of the
Features section of the page. The firewall is enabled, but the wireless interface is wide open
and unencrypted. As a hacker with a social conscience, my first instinct is to enable encryp-
tion on this access point—in an attempt to protect this poor home user from themselves.
Figure 11.8 Belkin Router Needs Hacker Help
Milkman brings us the query shown in Figure 11.9, which digs up the configuration
interface for Smoothwall personal firewalls.There’s something just wrong about Google
hacking someone’s firewall.
426 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 426
Figure 11.9 Smoothwall Firewall Needs Updating
As Jimmy Neutron reveals in the next two figures, even big-name gear like Cisco shows
up in the recesses of Google’s cache every now and again.Although it’s not much to look at,
the switch interface shown in Figure 11.10 leaves little to the imagination—all the configu-
ration and diagnostic tools are listed right on the main page.
Figure 11.10 Open Cisco Switch
Google Hacking Showcase • Chapter 11 427
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 427
This second Cisco screenshot should look familiar to Cisco geeks. I don’t know why, but
the Cisco nomenclature reminds me of a bad Hollywood flick. I can almost hear the grating
voice of an over-synthesized computer beckoning,“Welcome to Level 15.”
Figure 11.11 Welcome to Cisco Level 15

The search shown in Figure 11.12 (submitted by Murfie) locates interfaces for an Axis
network print server. Most printer interfaces are really boring, but this one in particular
piqued my interest. First, there’s the button named configuration wizard, which I’m pretty sure
launches a configuration wizard.Then there’s the handy link labeled Print Jobs, which lists
the print jobs. In case you haven’t already guessed, Google hacking sometimes leaves little to
the imagination.
Printers aren’t entirely boring things. Consider the Web Image Monitor shown in Figure
11.13. I particularly like the document on Recent Religion Work. That’s quite an honorable
pursuit, except when combined with the document about Aphrodisiacs. I really hope the two
documents are unrelated.Then again, nothing surprises me these days.
428 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 428
Figure 11.12 Axis Print Server with Obscure Buttonage
Figure 11.13 Ricoh Print Server Mixes Religion and Aphrodisiacs
Google Hacking Showcase • Chapter 11 429
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 429
CP has a way of finding Google hacks that make me laugh, and Figure 11.14 is no
exception.Yes, this is the web-based interface to a municipal water fountain.
Figure 11.14 Hacking Water Fountains For Fun and Profit
After watching the water temperature fluctuate for a few intensely boring seconds, it’s
only logical to click on the Control link to see if it’s possible to actually control the munic-
ipal water fountain. As Figure 11.15 reveals, yes it is possible to remotely control the munic-
ipal water fountain.
One bit of advice though—if you happen to bump into one of these, be nice. Don’t go
rerouting the power into the water storage system. I think that would definitely constitute
an act of terrorism.
430 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 430