Google hacking for penetration tester - part 52 ppt

... respect for the spirit of Google s no-automation rule, it is a most thorough automated tool. 520 Chapter 12 • Protecting Yourself from Google Hackers 452 _Google_ 2e_12.qxd 10/5/07 1:24 PM Page 520 Figure ... from Google Hackers 452 _Google_ 2e_12.qxd 10/5/07 1:24 PM Page 514 Advanced Dork is context sensitive—Right licking will invoke Advanced Dork based on where the right-clic...

Ngày tải lên: 04/07/2014, 17:20

... however, Google is less helpful, returning a blank results page with no error text, as shown in Figure 2.2. 52 Chapter 2 • Advanced Operators 452 _Google_ 2e_02.qxd 10/5/07 12:14 PM Page 52 This ... got Google all confused, and it coughed up a blank page. Notes from the Underground… But That’s What I Wanted! As you grom in your Google- Fu, you will undoubtedly want to perform a sea...

Ngày tải lên: 04/07/2014, 17:20

... Targets 452 _Google_ 2e_06.qxd 10/5/07 12 :52 PM Page 240 Figure 6.7 Google s Malware Wrapping Page So this is certainly a handy feature, but since this book is about Google Hacking, not about Google s ... and Finding Targets 452 _Google_ 2e_06.qxd 10/5/07 12 :52 PM Page 236 A search for bagle, for example, reveals several hits, as shown in Figure 6.9. Figure 6.9 A Malware Sear...

Ngày tải lên: 04/07/2014, 17:20

... XSS. ext:pl inurl:cgi intitle:”FormMail *” Certain versions of FormMail contain - *Referrer” - * Denied” configuration problems and invalid referrer -sourceforge -error -cvs -input checks. inurl:”dispatch.php?atknodetype” ... Atztek Forum are prone -site:forum-aztek.com to multiple input validation vulnerabilities. 246 Chapter 6 • Locating Exploits and Finding Targets Continued 452...

Ngày tải lên: 04/07/2014, 17:20

... execution. 252 Chapter 6 • Locating Exploits and Finding Targets Continued 452 _Google_ 2e_06.qxd 10/5/07 12 :52 PM Page 252 Figure 6.19 A Single CGI Scan-Style Query There are other ways to go after CGI-type ... remote code intext:”final - index” -inurl:demo execution. intext:”Powered by DEV web DEV cms <=1.5 allows SQL injection. management system” -dev-wms. sourceforge.net -de...

Ngày tải lên: 04/07/2014, 17:20

... operator. For example, if we wanted to search for the PDF extension, we might use a query like filetype:PDF to get the number of known results on the Internet.This type of Google query was performed for ... desk workers will (or should) ask for identifying information such as user- names, Social Security numbers, employee numbers, and even PIN numbers to properly vali- date callers’...

Ngày tải lên: 04/07/2014, 17:20

... and the text that might appear on the error page: grep -h -r "Content-language: en" * -A 10 | grep -A5 "TITLE" | grep -v virtual This Linux bash shell command, when run against ... these pages as the “HTTP_FROM=googlebot” line. We can search for pages like this with a query such as “HTTP_FROM=googlebot“ googlebot.com “Server_Software”. These pages are dynami- cally gener...

Ngày tải lên: 04/07/2014, 17:20

... soft- ware. For example, Apache Web servers ship with documentation in HTML format, as shown in Figure 8.17. 304 Chapter 8 • Tracking Down Web Servers, Login Portals, and Network Hardware 452 _Google_ 2e_08.qxd ... an attacker can often gain access to other infor- mation about the target.The Outlook Web Access portal is particularly renowned for this type of information leak, because it...

Ngày tải lên: 04/07/2014, 17:20

... Statistics Practically any Web-based network statistics package can be located with Google. Table 8.10 reveals several examples from the Google Hacking Database (GHDB) that show searches for various network ... network +”Settings Tree View” -cvs -RPM information including architecture, hosts, and services. inurl:fcgi-bin/echo fastcgi echo program reveals detailed server information....

Ngày tải lên: 04/07/2014, 17:20

... http://www.gnucitizen.org/blog /google- search-api-worms, http://www.gnucitizen.org/projects/ghdb and http://www.gnucit- izen.org/blog/the-web-has-betrayed-us. 388 Chapter 10 • Hacking Google Services 452 _Google_ 2e_10.qxd ... \u003C/b\u003E"},{"GsearchResultClass":"GwebSearch","unescapedUrl": "http://johnny.ihackstuff.com/ghdb.php","u...

Ngày tải lên: 04/07/2014, 17:20