GOOGLE HACKING FOR PENETRATION TESTER - PART 23 DOCX

ReferralsAnother way of finding out what people are searching for is to look at the Referer: header ofrequests coming to your Web site. Of course there are limitations.The idea here being thatsomeone searches for something on Google, your site shows up on the list of results, and[r]

tested as Apache, for example (consider the vulnerabilities on Axis cams at securityfocus).Third, as we’ve seen in this chapter, the pages can be found with (or submittedto) Google if the admins are not careful.This opens the floodgates for all the fledglingGoogle hackers out ther[r]

an Internet-connected intranet is only partially accessible from the outside. In these cases, fil-ters are employed that only allow access to certain pages from specific addresses, presumablyinside a facility or campus.There are two major problems with this type of configuration.First, it’s an administ[r]

281Tracking Down Web Servers, LoginPortals, andNetwork HardwareSolutions in this chapter:■Locating and Profiling Web Servers■Locating Login Portals■Locating Other Network Hardware■Using and Locating Various Web Utilities■Targeting Web-Enabled Network DevicesChapter 8 Summary Solutions Fast Track F[r]

<a href="<! #echo encoding="url" var="HTTP_REFERER" >">referringpage</a> seems to be wrong or outdated. Please inform the author of<a href="<! #echo encoding="url" var="HTTP_REFERER" >">that page</a>about the error.&[r]

Using these subtle differences to our advantage, we can use specific Google queries tolocate servers with these default pages, indicating that they are most likely running a specificversion of Apache.Table 8.4 shows queries that can be used to locate specific families ofApache running default pa[r]

Table 8.9 shows some queries that can be used to locate various login portals. Refer toChapter 4 for more information about login portals and the information they reveal.Table 8.9 Queries That Locate Login PortalsLogin Portal Query.NET login pages ASP.login_aspx “ASP.NET_SessionId”4images Gal[r]

donate.php (0.9.6 | 0.9.7) vulnerabilities. Locating Exploits and Finding Targets • Chapter 6 249Continued452_Google_2e_06.qxd 10/5/07 12:52 PM Page 249Table 6.4 continued Vulnerable Web Application Examples from the GHDBGoogle Query Vulnerability Description“powered by ITWorking” SaveWebPort[r]

that is almost certainly already in place; using proxies.There are two ways that traffic can beproxied.The user can manually set a proxy in his or her browser, or it can be done transpar-ently somewhere upstream. With a transparent proxy, the user is mostly unaware that thetraffic is sent to a proxy,[r]

Figure 6.4 Google Analyzes Binary FilesClicking the file link (instead of the HTML link) will most likely freak out yourbrowser, as shown in Figure 6.5.Figure 6.5 Binary Browser GarbageLocating Exploits and Finding Targets • Chapter 6 231452_Google_2e_06.qxd 10/5/07 12:52 PM Page 231Bin[r]

© 2003-2005. -php-fusion.co.uk Injection and administrative credentials disclosure. “Powered By: lucidCMS 1.0.11” Lucid CMS 1.0.11 has SQL injection andlogin bypass vulnerabilities. “News generated by Utopia News Utopia News Pro 1.1.3 (and prior versions) Pro” | “Powered By: Utopia News Pro” cont[r]

Locating Malware Google’s binary search feature can be used to profile executables, but it can also beused to locate live malware on the web. See H.D. Moore’s search engine athttp://metasploit.com/research/misc/mwsearch.Locating Vulnerable Targets Attackers can locate potential targets by fo[r]

available that can perform these functions, but with a bit of creative Googling, it’s possible toperform all of these arduous functions and more, preserving the level of anonymity Googlehackers have come to expect. Consider a tool called the Network Query Tool (NQT),shown in Figure 8.23.Tracking Dow[r]

programmatic operations on Google’s services. For example, GData can be used to program-matically update Google Calendar instances. GData can also be used to create, delete andmanage Blogger entries and also manage our submissions to Google Base.The stage thenseems to be[r]

<script language="Javascript" type="text/javascript">//<![CDATA[function OnLoad() {// Create a search controlvar searchControl = new GSearchControl();// Add in a full set of searchersvar localSearch = new GlocalSearch();searchControl.addSearcher(localSearch);searchControl.addSea[r]

Web section so we get the complete query. Notice that many of the results point to .jpg, .gifor png images.There are quite a few going to the Ad Indicator service provided by Google,but the most interesting ones are those that point to GwebSearch service. Figure 10.7 showswhat the live captur[r]

gs = GoogleSplogger.GoogleSplogger('username', 'password')feed = feedparser.parse('http://www.gnucitizen.org/feed') # we are going to importthis feed into our blogfor e in feed.entries:gs.post('my blog name', e.title, e.content[0].value, 'author')Figure 10.18 - Import Blog EntriesThis script, entere[r]

http://tortoisesvn.net/downloads or by installing Cygwin (www.cygwin.com) and selectingthe svn package. For the rest of this section, we are going to operate from the console via thecommand line svn util.Brief Introduction to SVN Before we continue, let’s take a brief look at the subversion v[r]

Figure 8.31 Webcams Placed Outside a Facility Most network printers manufactured these days have some sort of Web-based interfaceinstalled. If these devices (or even the documentation or drivers supplied with these devices)are linked from a Web page, various Google queries can be used to loca[r]

intitle:index.of cgiirc.config CGIIRC (Web-based IRC client) configfile, shows IRC servers and user creden-tialsinurl:cgiirc.config CGIIRC (Web-based IRC client) configfile, shows IRC servers and user creden-tials“Index of” / “chat/logs” Chat logsintitle:”Index Of” cookies.txt “size” cookies.txt file revea[r]