|
Penetration Testing
mailing list archives
Re: Website search engine is a hacking tool..
From: Gerry Eisenhaur <GEisenhaur () cisco com>
Date: Wed, 21 Jul 2004 14:54:13 -0500
There have been many articles written about using google as a hacking
tool. All you really though need is an imagination.
Here are some google modifiers that you might not know of:
http://www.google.com/help/operators.html
and here are some ideas to get you started:
http://johnny.ihackstuff.com/index.php?module=prodreviews
You would be amazed at whats out there, I've found everything from VNC
passwords for entire domains, WEP keys, to pictures of peoples family.
--gerry
Amal Mohammad Al Hajeri wrote:
Hi List,
Did you ever thought of the website search engine as a hacking tool?
During one of the pen-tests, The website search engine, was a valuable
tool to discover interesting directories within the website itself,
these directories were not detected by famous website scanners like
nikto or SPI dynamics,i managed to get documentation pages about the API
application implemented, management login pages, backup files and much
more.
I leave it to your imagination to search for words like:
password,login,oracle,database,administrator, backup...etc
Best Regards,
-----------------------------------
Amal M. Al-Hajeri
E/Network & Information Security
Etisalat
--
Gerald Eisenhaur
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MASSACHUSETTS 01719
tel: 978.936.0465
geisenhaur () cisco com
 By Date 
By Thread
Current thread:
|
Intro
