[转载]Hacking Google Desktop Search(第一部分)
原始连接:[url]http://www.sharp-ideas.net/archives/000054.html[/url]Hacking Google Desktop Search: Part I
With a little experimentation, I found that Google Desktop Search can be used as an application for remotely monitoring computers across a LAN.
Things you'll need for this little tutorial:
(1) recent copy of Google Desktop Beta
(2) copy of of TCP/IP port redirection utility like datapipe.exe
(3) basic understanding of TCP/IP networking
(4) a web browser
Let's get started!
First, install your copy of Google Desktop Search.
Next, start datapipe.exe so that it is listening on TCP port 1180 and forwarding requests to 127.0.0.1 on port 4664. The command line version of this looks like this:
datapipe 127.0.0.1 1180 127.0.0.1 4664
Next, conduct a search using the actual Desktop search. Note the special salt value after the localhost designation in the browser's address bar. (Example: &s=1548888641).
Open a browser on a remote machine with this target URL:
[url]http://__ip_address_of_target_machine__:1180/&s=1548888641[/url]
Search the remote system to your heart's content! Note: if you select to open one of the search results, it will not open on the machine with the browser, it will open on the machine that is running the Google Desktop Search instance. Hmmmm, could Google Desktop Search become a platform for executing code remotely?
Posted by abeusher at January 5, 2005 10:43 PM
Comments
Hi,
I tried this, and it does work like u said.
wen i try to open the window for the target host, it gives me a "Cannot find server" error.
Andy
Posted by: Andy at January 7, 2005 06:08 AM
Shouldn't that be:
datapipe 127.0.0.1 4664
Otherwise you are just binding the new listening port to loopback again?
Posted by: MothersMaid at January 9, 2005 05:18 AM
Yikes. Works well with ssh tunneling as well (though the firefox linux browser on the other end was served up a 'this browser not supported' message).
Fortunately, it looks like an unattended silent install of google desktop isn't particularly easy, so at least it means it's less likely to be installed remotely. Unless I'm missing something?
Posted by: Jordan at January 10, 2005 09:27 AM
maybe its unlikely to be installed remotely, but its a tool that is rapidly growing in popularity so you dont need to install the google desktop remotely, all you need to get on their computer is a port redirector and a line of code in autoexec.bat. They have installed the other half of the "trojan" for you.
Posted by: John Denver at January 10, 2005 11:05 AM
shuttup
Posted by: doh at January 10, 2005 10:29 PM
THIS ARTICLE IS TOTALLY SWEET!!! (k-r4d as it were)
now all we need is AOL screenname info leakage and BAM!
LOL!
<3 abe usher
Posted by: nip14 at January 11, 2005 12:25 AM
The only flaw in your idea is that you need to know the 'salt' of the machine you want to snoop on (&s=1548888641 in your example).
Infact, at some point you also needed access to the machine to install the datapipe util.
So - unless I missed something - it's not that easy to set-up the exploit.
Rik.
Posted by: Rik Sagar at January 11, 2005 01:04 PM
It won't take long for some virus/worm/spyware writer to create something like this. Viruses and spyware depend on someone downloading something to their computer, even if they don't know they're downloading it. Look how rampant these have become. My guess is they could put something in the registry to start it at boot time, like some of the spyware does now. You don't always need access to a machine anymore. This used to be the case, but with all of the "nice" exploits out there, this probably wouldn't be difficult to do.
Of course, this should be easy to block also. Block ports on your firewall to prevent people from accessing your local lan. Unfortunately, the average Joe User doesn't know what a firewall is, let alone having one correctly configured.
Posted by: Tim at January 11, 2005 03:20 PM
Abe,
Nice tutorial. You failed to mention that you also love doing certification and accreditation work down in the district. What gives?
页:
[1]