Google hacking for penetration tester - part 14 pot
... front-end application; rather, Google hackers troll the Internet looking for bits and pieces of database information leaked from potentially vulnerable servers.These bits and pieces of information ... and password information intitle:index.of config.php The config.php script, lists user and pass- word information “phpinfo.php” -manual The output from phpinfo.php, lists a great deal of infor...
Ngày tải lên: 04/07/2014, 17:20
... via the simple, straight- forward Google search interface. Google refers to USENET groups as Google Groups. Today, Internet users around the globe turn to Google Groups for general discussion ... the powerful Web-based interface that has made Google a household word. Even the most advanced Google users still rely on the Web-based interface for the majority of their day-to- day...
Ngày tải lên: 04/07/2014, 17:20
... written in this language. ie UTF-8 The input encoding of Web searches. Google suggests UTF-8. oe UTF-8 The output encoding of Web searches. Google suggests UTF-8. as_epq a search phrase The value ... query! Underground Googling… Bad Form on Purpose In some cases, there’s nothing wrong with using poor Google syntax in a search. If Google safely ignores part of a human-friendly query,...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 19 pot
... /,$to_parse); foreach my $word (@words){ if ($word =~ /[a-z 0-9 ._% +-] +@[a-z 0-9 ]+\.[a-z]{2,4}/) { 186 Chapter 5 • Google s Part in an Information Collection Framework 452 _Google_ 2e_05.qxd 10/5/07 12:46 PM Page ... s/DASH /-/ g; return $work; } Right – let's see how this works. $ perl parse-email-2.pl Before: Hey !! Is this a test for roelof-temmingh@home.paterva.com? R...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 20 potx
... looking for Andrew Williams’ e-mail address, we’ll need to set the type to “Person” and set the function (or transform) to “toEmailGoogle” as we want Evolution to search for e-mail addresses for ... 182 3-1 825 1520 people couldn’t parse telephone numbers.” Better still are time frames such as “Andrew Williams: 197 1-0 4-0 1 – 200 7-0 7-0 7.”And, while it’s not that difficult...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 27 potx
... stats: http://monkey.org/~jose/blog/viewpage.php?page =google_ code_search_stats Static Code Analysis with Google by Aaron Campbell: http://asert.arbornetworks.com/2006/10/static-code-analysis-using -google- code- search/ HD Moore’s Malware Search http://metasploit.com/research/misc/mwsearch Q: ... most cases it’s just down- right impractical. Important information can be gained from a...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 29 pot
... for these directory tags, keep in mind that your syntax is very impor- tant.There are many irrelevant results from a query for “Microsoft-IIS/6.0”“server at”, whereas a query like “Microsoft-IIS/6.0 ... specialized tools that perform these tasks in a much more streamlined fashion, but these tools make lots of noise and often overlook the simplest form of information leakage that Google...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 35 potx
... on usenet or tech forums is a risk. For an example, try searching for intext:“enable secret 5 $” as sug- gested by hevnsnt on the Google Hacking Forums.Then try the same on Google Groups. It’s ... especially for an attacker capable of viewing print jobs and network information. Using and Locating Various Web Utilities Web-enabled network devices can be located with simple Googl...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 36 pot
... Norton Anti-Virus Corporate Edition data file contains encrypted pass- words filetype:inf sysprep Sysprep.inf files contain all information for a Windows information including adminis- trative passwords, ... authentication data inurl:cgi-bin inurl:calendar.cfg CGI Calendar (Perl) configuration file reveals information including passwords for the program. inurl:chap-secrets -cvs chap-secrets fil...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 43 potx
... through the inter- face reveals more information about the architecture of the network, and the devices con- nected to it. Consolidated into one easy-to-read interface and located with a Google search, this ... configuration interface for Smoothwall personal firewalls.There’s something just wrong about Google hacking someone’s firewall. 426 Chapter 11 • Google Hacking Showcase 452 _G...
Ngày tải lên: 04/07/2014, 17:20