Tag Archives: google

Google Voice (was Grand Central) is a pentester’s best friend

Google Voice turns out to be really handy for phishing attacks. When you send out a phishing email, it’s useful to include a phone number, in case of any issues with the attachment, link or other payload.

Google voice gives you a (new, anonymous) number which you can route wherever you’d like (cell, office, etc). Additionally, you can configure your voicemail to quickly impersonate the local admin, or security officer.

The killer feature, however, is the voicemail recording and transcription. Never again do you have to wade through a voice-driven mail system. Now, it simply dumps into your inbox for easy inclusion into a report. Additionally, you can download, email and share (via unique URI) voice messages.

Good for demonstrating that you can’t trust links AND phone numbers.

Google Calendar Search for Fun & Profit

In the same vein as the earlier post on searching for vulnerabilities with Google Code Search, I realized tonight that you can search for private calendars on Google Calendar Search by simply typing ‘private’ in the search box. You’ll be surprised by how many results you get (960 at time of writing).

With such nuggets as:

What

Presentation in Bern [work]

When

Mon Sep 1 12pm – Mon Sep 1 4pm
20080901T120000/20080901T160000

Where

Created By

Michel

It’s certainly not a great deal of work to trace other public details, and find out exactly who this might be.  Interestingly, he’s also praying at 1AM today, and rowing at 2PM. He looks to be a bit worried about his skills.

This post ties closely to an observation made by stan over at n0where.org. What if a bank were able to access your calendar while you were planning to make a week-long trip to vegas? Do you think they’d still be eager to give you that home-loan? Food for thought, no?

UPDATE 09/02/08:
Google: John Gomez! Are you really sure you want to share this with the world?
John Gomez: *clicks yes*
Google: Are you sure??
John Gomez: just do it, it’s handy!
Google: Okay, but don’t say I didn–
John Gomez: DO IT!
Google: fine. idiot.
[Except this doesn't happen, and people have NO IDEA they're sharing this info most likely]

Delta Air Lines #616, 01:15 PM PDT

WhenFri, Sep 26, 4:15pm – 10:01pm
WhereSFO – JFK (map)
Description Record Locator: MXNYGI Flight: Delta Air Lines #616 Confirmation: CYT0L0 Departure Location: San Francisco International Airport (SFO) Departure Time: Friday, September 26 at 01:15 PM PDT Departure Terminal: 1 Arrival Location: John F. Kennedy International Airport (JFK) Arrival Time: Friday, September 26 at 10:01 PM EDT Arrival Terminal: 3
UPDATE (09/02/08) (2):
Looks like our boy John is in good company at least… 680 results for the term ‘Record Locator.’ Ouch.
So how do you take advantage of this?
- Impersonate them
- Break into their house / steal their car while they’re away
- Frame them for a crime happening in their vicinity
- Call the airport, impersonate an authority (you’ve got all the details, right?.. right.)

Out of curiosity, is anyone doing a taxonomy of real-world attacks? The final attack listed above is analogous to a DOS attack, but these are all straight-forward. I’d love to see a taxonomy of possible ways to exploit a piece of information (vulnerability).

Google Code Search for Fun & Profit

While toying around with Google code search to look for HTTP Response Splitting vulnerabilities, i discovered that code search is a treasure trove of vulnerabilities. For instance, simply try searching for “vulnerability”.

Looks like I’m about 2 years behind on this:

UPDATE (09/01/2008):

Regular expression search rocks. Why can’t you do this with regular search?