Google hacking for penetration tester - part 50 pot

... ./gooscan -t www .google. com -s apple.com microsoft $ ./gooscan -t www .google. com -s linux.org microsoft The [-x] and [-d] options are used with the Google appliance. We don’t talk too much about the Google ... valid Google query. For example, these are valid options: -q googledorks -q "microsoft sucks" -q "intitle:index.of secret" ■ [ -i input_file] (optional ar...

Ngày tải lên: 04/07/2014, 17:20

... via the simple, straight- forward Google search interface. Google refers to USENET groups as Google Groups. Today, Internet users around the globe turn to Google Groups for general discussion ... the powerful Web-based interface that has made Google a household word. Even the most advanced Google users still rely on the Web-based interface for the majority of their day-to- day...

Ngày tải lên: 04/07/2014, 17:20

... written in this language. ie UTF-8 The input encoding of Web searches. Google suggests UTF-8. oe UTF-8 The output encoding of Web searches. Google suggests UTF-8. as_epq a search phrase The value ... query! Underground Googling… Bad Form on Purpose In some cases, there’s nothing wrong with using poor Google syntax in a search. If Google safely ignores part of a human-friendly query,...

Ngày tải lên: 04/07/2014, 17:20

... front-end application; rather, Google hackers troll the Internet looking for bits and pieces of database information leaked from potentially vulnerable servers.These bits and pieces of information ... and password information intitle:index.of config.php The config.php script, lists user and pass- word information “phpinfo.php” -manual The output from phpinfo.php, lists a great deal of infor...

Ngày tải lên: 04/07/2014, 17:20

... /,$to_parse); foreach my $word (@words){ if ($word =~ /[a-z 0-9 ._% +-] +@[a-z 0-9 ]+\.[a-z]{2,4}/) { 186 Chapter 5 • Google s Part in an Information Collection Framework 452 _Google_ 2e_05.qxd 10/5/07 12:46 PM Page ... s/DASH /-/ g; return $work; } Right – let's see how this works. $ perl parse-email-2.pl Before: Hey !! Is this a test for roelof-temmingh@home.paterva.com? R...

Ngày tải lên: 04/07/2014, 17:20

... looking for Andrew Williams’ e-mail address, we’ll need to set the type to “Person” and set the function (or transform) to “toEmailGoogle” as we want Evolution to search for e-mail addresses for ... 182 3-1 825 1520 people couldn’t parse telephone numbers.” Better still are time frames such as “Andrew Williams: 197 1-0 4-0 1 – 200 7-0 7-0 7.”And, while it’s not that difficult...

Ngày tải lên: 04/07/2014, 17:20

... stats: http://monkey.org/~jose/blog/viewpage.php?page =google_ code_search_stats  Static Code Analysis with Google by Aaron Campbell: http://asert.arbornetworks.com/2006/10/static-code-analysis-using -google- code- search/  HD Moore’s Malware Search http://metasploit.com/research/misc/mwsearch Q: ... most cases it’s just down- right impractical. Important information can be gained from a...

Ngày tải lên: 04/07/2014, 17:20

... the Google hacker a bit more difficult since there is no apparent way to home in on a customized error page. However, some error messages, including 400, 403.9, 411, 414, 500 , 500 .11, 500 .14, 500 .15, ... messages, including 400, 403.9, 411, 414, 500 , 500 .11, 500 .14, 500 .15, 501 , 503 , and 505 pages, cannot be customized. In terms of Google hacking, this means that ther...

Ngày tải lên: 04/07/2014, 17:20

... on usenet or tech forums is a risk. For an example, try searching for intext:“enable secret 5 $” as sug- gested by hevnsnt on the Google Hacking Forums.Then try the same on Google Groups. It’s ... especially for an attacker capable of viewing print jobs and network information. Using and Locating Various Web Utilities  Web-enabled network devices can be located with simple Googl...

Ngày tải lên: 04/07/2014, 17:20

... Norton Anti-Virus Corporate Edition data file contains encrypted pass- words filetype:inf sysprep Sysprep.inf files contain all information for a Windows information including adminis- trative passwords, ... authentication data inurl:cgi-bin inurl:calendar.cfg CGI Calendar (Perl) configuration file reveals information including passwords for the program. inurl:chap-secrets -cvs chap-secrets fil...

Ngày tải lên: 04/07/2014, 17:20