Google hacking for penetration tester - part 26 ppt

Google hacking for penetration tester - part 26 ppt

Google hacking for penetration tester - part 26 ppt

... remote code intext:”final - index” -inurl:demo execution. intext:”Powered by DEV web DEV cms <=1.5 allows SQL injection. management system” -dev-wms. sourceforge.net -demo intitle:”phpDocumentor ... inurl:”cgi-bin/cosmoshop/lshop.cgi” 8.10.106, 8.10.108 and 8.11* are vulnerable -johnny.ihackstuff.com -V8.10.106 - to SQL injection, and cleartext password V8.10.100 -V.8.10.85 -...

Ngày tải lên: 04/07/2014, 17:20

10 49,4K 0
Google hacking for penetration tester - part 6 pptx

Google hacking for penetration tester - part 6 pptx

... got Google all confused, and it coughed up a blank page. Notes from the Underground… But That’s What I Wanted! As you grom in your Google- Fu, you will undoubtedly want to perform a search that Google s ... fuel the fire for further exploration. Notes from the Underground… Googleturds So, what about that link that Google returned to r&besk.tr.cx? What is that thing? I coined the te...

Ngày tải lên: 04/07/2014, 17:20

10 434 0
Google hacking for penetration tester - part 24 ppt

Google hacking for penetration tester - part 24 ppt

... better for this purpose because we can account for potential variations in how a Web site is ultimately displayed. For example, some administra- tors might modify the format of a vendor-supplied ... Targets 452 _Google_ 2e_06.qxd 10/5/07 12:52 PM Page 240 Figure 6.7 Google s Malware Wrapping Page So this is certainly a handy feature, but since this book is about Google Hacking, not...

Ngày tải lên: 04/07/2014, 17:20

10 202 1
Google hacking for penetration tester - part 25 ppt

Google hacking for penetration tester - part 25 ppt

... XSS. ext:pl inurl:cgi intitle:”FormMail *” Certain versions of FormMail contain - *Referrer” - * Denied” configuration problems and invalid referrer -sourceforge -error -cvs -input checks. inurl:”dispatch.php?atknodetype” ... vulnerabilities. “Powered by FUDForum 2.7” FUDforum 2.7 is prone to a remote arbitrary -site:fudforum.org -johnny.ihackstuff PHP file upload vulnerability. inurl:...

Ngày tải lên: 04/07/2014, 17:20

10 88,8K 0
Google hacking for penetration tester - part 28 pptx

Google hacking for penetration tester - part 28 pptx

... operator. For example, if we wanted to search for the PDF extension, we might use a query like filetype:PDF to get the number of known results on the Internet.This type of Google query was performed for ... desk workers will (or should) ask for identifying information such as user- names, Social Security numbers, employee numbers, and even PIN numbers to properly vali- date callers’...

Ngày tải lên: 04/07/2014, 17:20

10 263 2
Google hacking for penetration tester - part 30 ppt

Google hacking for penetration tester - part 30 ppt

... and the text that might appear on the error page: grep -h -r "Content-language: en" * -A 10 | grep -A5 "TITLE" | grep -v virtual This Linux bash shell command, when run against ... these pages as the “HTTP_FROM=googlebot” line. We can search for pages like this with a query such as “HTTP_FROM=googlebot“ googlebot.com “Server_Software”. These pages are dynami- cally gener...

Ngày tải lên: 04/07/2014, 17:20

10 117 0
Google hacking for penetration tester - part 31 ppt

Google hacking for penetration tester - part 31 ppt

... an attacker can often gain access to other infor- mation about the target.The Outlook Web Access portal is particularly renowned for this type of information leak, because it provides an anonymous ... soft- ware. For example, Apache Web servers ship with documentation in HTML format, as shown in Figure 8.17. 304 Chapter 8 • Tracking Down Web Servers, Login Portals, and Network Hardware 45...

Ngày tải lên: 04/07/2014, 17:20

10 163 0
Google hacking for penetration tester - part 33 ppt

Google hacking for penetration tester - part 33 ppt

... Figure 8 .26. Figure 8 .26 NQT “Rotator” Output This example is designed to suggest that Google can be used to supplement the use of many Web-based applications. All that’s required is a bit of Google ... Statistics Practically any Web-based network statistics package can be located with Google. Table 8.10 reveals several examples from the Google Hacking Database (GHDB) that show s...

Ngày tải lên: 04/07/2014, 17:20

10 274 2
Google hacking for penetration tester - part 39 pptx

Google hacking for penetration tester - part 39 pptx

... http://www.gnucitizen.org/blog /google- search-api-worms, http://www.gnucitizen.org/projects/ghdb and http://www.gnucit- izen.org/blog/the-web-has-betrayed-us. 388 Chapter 10 • Hacking Google Services 452 _Google_ 2e_10.qxd ... \u003C/b\u003E"},{"GsearchResultClass":"GwebSearch","unescapedUrl": "http://johnny.ihackstuff.com/ghdb.php","url...

Ngày tải lên: 04/07/2014, 17:20

10 215 0
Google hacking for penetration tester - part 40 pptx

Google hacking for penetration tester - part 40 pptx

... prog + ' -u username -p [password] -P blog ' \ '-t title -c [content] -a author' print ' ' + prog + ' -u username -p [password] -l' print '-u username ... inline: python GoogleSplogger.py -u username -p password -P blog_name_here -t title _for_ the_post -a author -c << EOF Once you are done writing the post type EOF on a new line. A post can...

Ngày tải lên: 04/07/2014, 17:20

10 247 0
w