Everyone knows google in the security sector...and what a powerful tool it is,just by entering certain search strings you can gain a vast amount of knowledgeand information of your chosen target...often revealing sensitive data...thisis all down to badly configured systems...brought on by sloppy administrationallowing directory indexing and accessing , password files , log entrys ,files , paths ,etc , etc
Search Tips
so how do we start ?
the common search inputs below will give you an idea...for instance if youwant to search for the an index of "root"
in the search box put in exactly as you see it below
==================
example 1:
allintitle: "index of/root"
result:
http://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search
what it reveals is 2,510 pages that you can possible browse at your will...
====================
example 2
inurl:"auth_user_file.txt"
http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search
this result spawned 414 possible files to access
here is an actual file retrieved from a site and edited , we know who theadmin is and we have the hashes thats a job for JTR (john the ripper)
txUKhXYi4xeFsmasteradminWorasitJunsawangxxx@xxxonqk6GaDj9iBfNgtomjangBugTomxxx@xxxon
with the many variations below it should keep you busy for a long time mixingthem reveals many different permutations
I am a 3x Entrepreneurs. Love writing code and sharing what I learn everyday as a programmer and an entrepreneur.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment