Google hacking for penetration tester - part 24 ppt

Google hacking for penetration tester - part 24 ppt

Google hacking for penetration tester - part 24 ppt

... better for this purpose because we can account for potential variations in how a Web site is ultimately displayed. For example, some administra- tors might modify the format of a vendor-supplied ... about Google Hacking, not about Google s plans to save the world’s Internet surfers from themselves, it’s only right that we get to the dark heart of the matter: Google can be used to...

Ngày tải lên: 04/07/2014, 17:20

10 202 1
Google hacking for penetration tester - part 6 pptx

Google hacking for penetration tester - part 6 pptx

... got Google all confused, and it coughed up a blank page. Notes from the Underground… But That’s What I Wanted! As you grom in your Google- Fu, you will undoubtedly want to perform a search that Google s ... fuel the fire for further exploration. Notes from the Underground… Googleturds So, what about that link that Google returned to r&besk.tr.cx? What is that thing? I coined the te...

Ngày tải lên: 04/07/2014, 17:20

10 434 0
Google hacking for penetration tester - part 25 ppt

Google hacking for penetration tester - part 25 ppt

... XSS. ext:pl inurl:cgi intitle:”FormMail *” Certain versions of FormMail contain - *Referrer” - * Denied” configuration problems and invalid referrer -sourceforge -error -cvs -input checks. inurl:”dispatch.php?atknodetype” ... execution, administra- tive credentials disclosure, system informa- tion disclosure, XSS and path disclosure. “Powered by and copyright class-1” Class-1 Forum Sof...

Ngày tải lên: 04/07/2014, 17:20

10 88,8K 0
Google hacking for penetration tester - part 26 ppt

Google hacking for penetration tester - part 26 ppt

... remote code intext:”final - index” -inurl:demo execution. intext:”Powered by DEV web DEV cms <=1.5 allows SQL injection. management system” -dev-wms. sourceforge.net -demo intitle:”phpDocumentor ... inurl:”cgi-bin/cosmoshop/lshop.cgi” 8.10.106, 8.10.108 and 8.11* are vulnerable -johnny.ihackstuff.com -V8.10.106 - to SQL injection, and cleartext password V8.10.100 -V.8.10.85 -...

Ngày tải lên: 04/07/2014, 17:20

10 49,4K 0
Google hacking for penetration tester - part 28 pptx

Google hacking for penetration tester - part 28 pptx

... operator. For example, if we wanted to search for the PDF extension, we might use a query like filetype:PDF to get the number of known results on the Internet.This type of Google query was performed for ... desk workers will (or should) ask for identifying information such as user- names, Social Security numbers, employee numbers, and even PIN numbers to properly vali- date callers’...

Ngày tải lên: 04/07/2014, 17:20

10 263 2
Google hacking for penetration tester - part 30 ppt

Google hacking for penetration tester - part 30 ppt

... and the text that might appear on the error page: grep -h -r "Content-language: en" * -A 10 | grep -A5 "TITLE" | grep -v virtual This Linux bash shell command, when run against ... these pages as the “HTTP_FROM=googlebot” line. We can search for pages like this with a query such as “HTTP_FROM=googlebot“ googlebot.com “Server_Software”. These pages are dynami- cally gener...

Ngày tải lên: 04/07/2014, 17:20

10 117 0
Google hacking for penetration tester - part 31 ppt

Google hacking for penetration tester - part 31 ppt

... an attacker can often gain access to other infor- mation about the target.The Outlook Web Access portal is particularly renowned for this type of information leak, because it provides an anonymous ... soft- ware. For example, Apache Web servers ship with documentation in HTML format, as shown in Figure 8.17. 304 Chapter 8 • Tracking Down Web Servers, Login Portals, and Network Hardware 45...

Ngày tải lên: 04/07/2014, 17:20

10 163 0
Google hacking for penetration tester - part 33 ppt

Google hacking for penetration tester - part 33 ppt

... Statistics Practically any Web-based network statistics package can be located with Google. Table 8.10 reveals several examples from the Google Hacking Database (GHDB) that show searches for various network ... network +”Settings Tree View” -cvs -RPM information including architecture, hosts, and services. inurl:fcgi-bin/echo fastcgi echo program reveals detailed server information....

Ngày tải lên: 04/07/2014, 17:20

10 274 2
Google hacking for penetration tester - part 39 pptx

Google hacking for penetration tester - part 39 pptx

... http://www.gnucitizen.org/blog /google- search-api-worms, http://www.gnucitizen.org/projects/ghdb and http://www.gnucit- izen.org/blog/the-web-has-betrayed-us. 388 Chapter 10 • Hacking Google Services 452 _Google_ 2e_10.qxd ... \u003C/b\u003E"},{"GsearchResultClass":"GwebSearch","unescapedUrl": "http://johnny.ihackstuff.com/ghdb.php","url...

Ngày tải lên: 04/07/2014, 17:20

10 215 0
Google hacking for penetration tester - part 40 pptx

Google hacking for penetration tester - part 40 pptx

... prog + ' -u username -p [password] -P blog ' \ '-t title -c [content] -a author' print ' ' + prog + ' -u username -p [password] -l' print '-u username ... inline: python GoogleSplogger.py -u username -p password -P blog_name_here -t title _for_ the_post -a author -c << EOF Once you are done writing the post type EOF on a new line. A post can...

Ngày tải lên: 04/07/2014, 17:20

10 247 0
w