Google hacking for penetration tester - part 41 ppt
... examples taken from Cop-op’s documentation: www.mysite.com/mypage.html - look for information within mypage.html part of the www.mysite.com domain www.mysite.com/* - look for information within the ... www.mysite.com www.mysite.com/*about* - look for information within URLs from www.mysite.com that has the about keyword *.mydomain.com - look for information within su...
Ngày tải lên: 04/07/2014, 17:20
... got Google all confused, and it coughed up a blank page. Notes from the Underground… But That’s What I Wanted! As you grom in your Google- Fu, you will undoubtedly want to perform a search that Google s ... fuel the fire for further exploration. Notes from the Underground… Googleturds So, what about that link that Google returned to r&besk.tr.cx? What is that thing? I coined the te...
Ngày tải lên: 04/07/2014, 17:20
... better for this purpose because we can account for potential variations in how a Web site is ultimately displayed. For example, some administra- tors might modify the format of a vendor-supplied ... Targets 452 _Google_ 2e_06.qxd 10/5/07 12:52 PM Page 240 Figure 6.7 Google s Malware Wrapping Page So this is certainly a handy feature, but since this book is about Google Hacking, not...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 25 ppt
... XSS. ext:pl inurl:cgi intitle:”FormMail *” Certain versions of FormMail contain - *Referrer” - * Denied” configuration problems and invalid referrer -sourceforge -error -cvs -input checks. inurl:”dispatch.php?atknodetype” ... vulnerabilities. “Powered by FUDForum 2.7” FUDforum 2.7 is prone to a remote arbitrary -site:fudforum.org -johnny.ihackstuff PHP file upload vulnerability. inurl:...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 26 ppt
... remote code intext:”final - index” -inurl:demo execution. intext:”Powered by DEV web DEV cms <=1.5 allows SQL injection. management system” -dev-wms. sourceforge.net -demo intitle:”phpDocumentor ... inurl:”cgi-bin/cosmoshop/lshop.cgi” 8.10.106, 8.10.108 and 8.11* are vulnerable -johnny.ihackstuff.com -V8.10.106 - to SQL injection, and cleartext password V8.10.100 -V.8.10.85 -...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 28 pptx
... operator. For example, if we wanted to search for the PDF extension, we might use a query like filetype:PDF to get the number of known results on the Internet.This type of Google query was performed for ... desk workers will (or should) ask for identifying information such as user- names, Social Security numbers, employee numbers, and even PIN numbers to properly vali- date callers’...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 30 ppt
... and the text that might appear on the error page: grep -h -r "Content-language: en" * -A 10 | grep -A5 "TITLE" | grep -v virtual This Linux bash shell command, when run against ... these pages as the “HTTP_FROM=googlebot” line. We can search for pages like this with a query such as “HTTP_FROM=googlebot“ googlebot.com “Server_Software”. These pages are dynami- cally gener...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 31 ppt
... an attacker can often gain access to other infor- mation about the target.The Outlook Web Access portal is particularly renowned for this type of information leak, because it provides an anonymous ... soft- ware. For example, Apache Web servers ship with documentation in HTML format, as shown in Figure 8.17. 304 Chapter 8 • Tracking Down Web Servers, Login Portals, and Network Hardware 45...
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 33 ppt
... Statistics Practically any Web-based network statistics package can be located with Google. Table 8.10 reveals several examples from the Google Hacking Database (GHDB) that show searches for various network ... network +”Settings Tree View” -cvs -RPM information including architecture, hosts, and services. inurl:fcgi-bin/echo fastcgi echo program reveals detailed server information....
Ngày tải lên: 04/07/2014, 17:20
Google hacking for penetration tester - part 39 pptx
... http://www.gnucitizen.org/blog /google- search-api-worms, http://www.gnucitizen.org/projects/ghdb and http://www.gnucit- izen.org/blog/the-web-has-betrayed-us. 388 Chapter 10 • Hacking Google Services 452 _Google_ 2e_10.qxd ... \u003C/b\u003E"},{"GsearchResultClass":"GwebSearch","unescapedUrl": "http://johnny.ihackstuff.com/ghdb.php","url...
Ngày tải lên: 04/07/2014, 17:20