Tuesday, May 1, 2012

Snoop internal network data without breaking in, Info is already breaking out.

One day when I was creating a pastie for some DevOps related discussion, and filtering out the organization related data..... it just occurred to what all internal information just gets added with the long logs getting pasted online for help.

someone pasted this on 20-Mar-2012 at pastebin.com
says nothing much except probably 'assanka.com' uses Puppet with PuppetMaster at puppetmaster.virtual.office.assanka.com with 192.168.30.147 as internal IP.

There are loads of paste-ies like it adding to recon for easy latched rooms behind the huge lock web entry gates.

Now, like this pastebin-scrap says hints being generated at some internal machine of Qualigaz's network
so some information about internal network of Qualigaz floating wild in open
[+] Internal IPs in range of 192.168.30.x
[+] is a XEN Virtual Machine
[+] with SELinux Not Enforced
[+] running Debian GNU/Linux 5.0.2 (lenny)
[+] sshrsakey=> AAAAB3NzaC1yc2E.......==
[+] sshdsakey=> AAAAB3NzaC1kc3M.......==

could have a look at http://pastebin.com/haiqVHCN, http://pastebin.com/iFMsYiwC for some funny more out-bursting data.

This was just from very few google search-ed pastebin.com results. Think what a full blown pastebin scrapper would do.

To be safe from such accidents, try to use service like ZeroBin {with 256 bits AES encrypted pastie at server}.