Figure 11.15 More Water Fountain Fun
Moving along to a more traditional network fixture, consider the screenshot captured in
Figure 11.16.
Google Hacking Showcase • Chapter 11 431
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 431
Figure 11.16 An IDS Manager on Acid
Now, I’ve been in the security business for a lot of years, and I’m not exactly brilliant in
any one particular area of the industry. But I do know a little bit about a lot of different
things, and one thing I know for sure is that security products are designed to protect stuff.
It’s the way of things. But when I see something like the log shown in Figure 11.16, I get all
confused. See, this is a web-based interfaced for the Snort intrusion detection system.The
last time I checked, this data was supposed to be kept away from the eyes of an attacker, but
I guess I missed an email or something. But I suppose there’s logic to this somewhere.
Maybe if the attacker sees his screw-ups on a public webpage, he’ll be too ashamed to ever
hack again, and he’ll go on to lead a normal productive life.Then again, maybe he and his
hacker buddies will just get a good laugh out of his good fortune. It’s hard to tell.
Open Applications
Many mainstream web applications are relatively idiot-proof, designed for the point-and-
click masses that know little about security. Even still, the Google hacking community has
discovered hundreds of online apps that are wide open, just waiting for a point-and-click
script kiddy to come along and own them.The first in this section was submitted by
Shadowsliv and is shown in Figure 11.17.
432 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 432
Figure 11.17 Tricky Pivot Hack Requires Five Correct Field Fills
The bad news is that if a hacker can figure out what to type in those confusing fields, he’ll
have his very own Pivot web log. The good news is that most skilled attackers will leave this
site alone, figuring that any software left this unprotected must be a honeypot. It’s really sad
that hacking (not real hacking mind you) can be reduced to a point-and-click affair, but as
Arrested’s search reveals in Figure 11.18, owning an entire website can be a relatively simple
affair.

Figure 11.18 PHP-Nuke Ownage in Four Correct Field Fills
Google Hacking Showcase • Chapter 11 433
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 433
Sporting one less field than the open Pivot install, this configuration page will create a
PHP-Nuke Administrator account, and allow any visitor to start uploading content to the
page as if it were their own. Of course, this takes a bit of malicious intent on behalf of the
web visitor.There’s no mistaking the fact that he or she is creating an Administrator account
on a site that does not belong to them. However, the text of the page in Figure 11.19 is a
bit more ambiguous.
Figure 11.19 Hack This PHP-Nuke Install “For Security Reasons”
The bold text in the middle of the page really cracks me up. I can just imagine some-
body’s poor Grandma running into this page and reading it aloud.“For security reasons, the
best idea is to create the Super User right NOW by clicking HERE.” I mean who in their
right mind would avoid doing something that was for security reasons? For all Grandma
knows, she may be saving the world from evil hackers… by hacking into some poor fool’s
PHP-Nuke install.
And as if owning a website isn’t cool enough, Figure 11.20 (submitted by Quadster)
reveals a phpMyAdmin installation logged in as root, providing unfettered access to a
MySQL database.
434 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 434
Figure 11.20 Open phpMyAdmin - MySQL Ownage for Dummies
With a website install and an SQL database under his belt, it’s a natural progression for a
Google hacker to want the ultimate control of a system. VNC installations provide remote
control of a system’s keyboard and mouse. Figure 11.21, submitted by Lester, shows a query
that locates RealVNC’s Java-based client.
Figure 11.21 Hack A VNC, Grab A Remote Keyboard
Google Hacking Showcase • Chapter 11 435
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 435
Locating a client is only part of the equation, however. An attacker will still need to

know the address, port and (optional) password for a VNC server. As Figure 11.22 reveals,
the Java client itself often provide two-thirds of that equation in a handy popup window.
Figure 11.22 VNC Options Handed Up With a Side of Fries
If the hacker really lucks out and stumbles on a server that’s not password protected, he’s
faced with the daunting task of figuring out which of the four buttons to click in the above
connection window. Here’s a hint for the script kiddie looking to make his way in the
world: it’s not the Cancel button.
Of course running without a password is just plain silly. But passwords can be so difficult
to remember and software vendors obviously realize this as evidenced by the password
prompt shown in Figure 11.23.
Figure 11.23 Handy Password Reminder, In Case The Hacker Forgot
Posting the default username/password combination on a login popup is just craziness.
Unfortunately it’s not an isolated event. Check out Figure 11.24, submitted by Jimmy
Neutron. Can you guess the default password?
436 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 436
Figure 11.24 You Suck If You Can’t Guess This Default Password
Graduating to the next level of hacker leetness requires a bit of work. Check out the
user screen shown in Figure 11.25, which was submitted by Dan Kaminsky.
Figure 11.25
Welcome To Guest Access
If you look carefully, you’ll notice that the URL contains a special field called ADMIN,
which is set to False.Think like a hacker for a moment and imagine how you might gain
administrative access to the page.The spoiler is listed in Figure 11.26.
Google Hacking Showcase • Chapter 11 437
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 437
Figure 11.26 Admin Access through URL Tinkering
Check out the shiny new Exit Administrative Access button. By Changing the ADMIN
field to True, the application drops us into Administrative access mode. Hacking really is
hard, I promise.

Cameras
I’ve got to be honest and admit that like printer queries, I’m really sick of webcam queries.
For a while there, every other addition to the GHDB was a webcam query. Still, some
webcam finds are pretty interesting and worth mentioning in the showcase. I’ll start with a
cell phone camera dump, submitted by Vipsta as shown in Figure 11.27.
Not only is this an interesting photo of some pretty serious-looking vehicular carnage, but
the idea that Google trolls camera phone picture sites is interesting. Who knows what kind
of blackmail fodder lurks in the world’s camera phones. Not that anyone would ever use that
kind of information for sensationalistic or economically lucrative purposes. Ahem.
438 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 438
Figure 11.27 Google Crawled Vehicular Carnage
Moving on, check out the office-mounted open web camera submitted by Klouw as
shown in Figure 11.28.
Figure 11.28 Remote Shoulder Surfing 101
Google Hacking Showcase • Chapter 11 439
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 439
This is really an interesting web cam. Not only does it reveal all the activity in the office,
but it seems especially designed to allow remote shoulder surfing. Hackers used to have to
get out of the house to participate in this classic sport.These days all they have to do is fire
off a few Google searches.
Figure 11.29, submitted by Jimmy Neutron, shows the I.T. infrastructure of a tactical US
nuclear submarine.
Figure 11.29 Not Really A Tactical US Nuclear Submarine
OK, so not really. It’s probably just a nuclear reactor or power grid control center or
even a drug lord’s warehouse in Columbia (Maryland). Or maybe I’ve been reading too
many Stealing The Network books. Either way, it’s a cool find none the less.
Figure 11.30, however (submitted by JBrashars) is unmistakable. It’s definitely a parking
lot camera. I’m not sure why, exactly, a camera is pointed at a handicapped parking space, but
my guess is that there have been reports of handicapped parking spot abuse. Imagine the joy

of being the guard that gets to witness the CIO parking in the spot, leaping out of his con-
vertible and running into the building.Those are the stories of security guard legends.
440 Chapter 11 • Google Hacking Showcase
452_Google_2e_11.qxd 10/5/07 1:19 PM Page 440