1
00:00:00,080 --> 00:00:03,260
Now let's talk about Google Hacking database.

2
00:00:03,770 --> 00:00:11,000
Google hacking database contains bunch of search operators that we have learned from previous lectures

3
00:00:11,000 --> 00:00:19,580
that are intended to find some juicy and sensitive information so we can find vulnerable servers, passwords,

4
00:00:19,580 --> 00:00:22,700
usernames, everything we could imagine.

5
00:00:22,700 --> 00:00:29,030
In this example, I would like to show you how Google Hacking database could be used to find some public

6
00:00:29,030 --> 00:00:29,720
cameras.

7
00:00:29,720 --> 00:00:34,190
So I'm going to go to the search and search for camera.

8
00:00:35,960 --> 00:00:39,800
And then I'm going to go to the next page and copy this dork.

9
00:00:40,670 --> 00:00:47,330
And then I'll go to google.com and add this search operator, which is something that is very simple

10
00:00:47,330 --> 00:00:49,730
and we've learned from previous lectures.

11
00:00:50,750 --> 00:00:56,270
So there are many links that will allow you to see some live videos.

12
00:00:56,840 --> 00:01:03,560
So let me open this one for example, and this one and this one.

13
00:01:03,560 --> 00:01:07,370
So as you can see here, we can see a live video camera.

14
00:01:07,910 --> 00:01:14,210
And the crazy thing about that is that we didn't need to use any login credentials.

15
00:01:14,480 --> 00:01:24,260
Now, please keep in mind that if you were able to find a camera or a server or an IoT device and this

16
00:01:24,260 --> 00:01:31,310
device asks you for a username and password, even if they are using the default credentials, you are

17
00:01:31,310 --> 00:01:38,930
not allowed to enter the login credentials and login because you are not authorized and you do not have

18
00:01:38,930 --> 00:01:40,250
permission to do this.

19
00:01:40,970 --> 00:01:47,540
But in this case, we are looking at a camera that did not ask us to enter any login credentials.

20
00:01:50,150 --> 00:01:57,380
Here is another Google doc that will allow you to find pictures that are hosted on an Android device.

21
00:01:57,950 --> 00:01:59,510
So I'm going to hit enter.

22
00:02:01,550 --> 00:02:04,490
And you can see that we were able to find an Android device.

23
00:02:04,490 --> 00:02:11,750
If we open the URL, we can see that there are MP4 files that we can download and watch, and we can

24
00:02:11,750 --> 00:02:13,610
also find some pictures.

25
00:02:14,630 --> 00:02:18,560
We can also go to the parent directory and see if there is anything else.

26
00:02:19,250 --> 00:02:25,760
We can see that we can access books, applications, or what I'm going to do is to analyze one of these

27
00:02:25,760 --> 00:02:29,420
pictures and see if they contain any metadata.

28
00:02:29,900 --> 00:02:36,890
And metadata are information that are embedded in an MP4 file, or a picture that tells you more about

29
00:02:36,890 --> 00:02:37,370
the image.

30
00:02:37,370 --> 00:02:41,090
For example, what phone took the image at which time?

31
00:02:41,090 --> 00:02:45,860
And sometimes you'll be able to find the coordinates of the image.

32
00:02:46,850 --> 00:02:48,680
So let's do an example.

33
00:02:49,010 --> 00:02:54,770
I'm going to copy the link of this image, and then I'm going to go to Google and search for Exiftool.

34
00:02:58,040 --> 00:03:00,320
And open the first website.

35
00:03:00,530 --> 00:03:06,650
And in Exiftool is a tool that will extract metadata from PDF files, images and videos.

36
00:03:06,770 --> 00:03:13,100
We can go to this field and add the link of the image and then click on get URL.

37
00:03:14,390 --> 00:03:18,500
So here are the information that we were able to find about this image.

38
00:03:18,530 --> 00:03:21,920
Here we can see that it were taken from a Samsung phone.

39
00:03:21,920 --> 00:03:29,930
We can see the camera model name and the software that were used, and the modify date and the creation

40
00:03:29,930 --> 00:03:38,000
date, etc. and sometimes you will be able to find the coordinates of this image, which will tell you

41
00:03:38,030 --> 00:03:40,910
where exactly the image has been taken.