|
Penetration Testing
Website search engine is a hacking tool.. Jul 19 2004 04:06AM Amal Mohammad Al Hajeri (amal nis etisalat ae) (2 replies) Re: Website search engine is a hacking tool.. Jul 22 2004 06:35AM Wojciech Pawlikowski (ducer u-n-f com) |
|
|
Privacy Statement |
tool. All you really though need is an imagination.
Here are some google modifiers that you might not know of:
http://www.google.com/help/operators.html
and here are some ideas to get you started:
http://johnny.ihackstuff.com/index.php?module=prodreviews
You would be amazed at whats out there, I've found everything from VNC
passwords for entire domains, WEP keys, to pictures of peoples family.
--gerry
Amal Mohammad Al Hajeri wrote:
> Hi List,
>
> Did you ever thought of the website search engine as a hacking tool?
> During one of the pen-tests, The website search engine, was a valuable
> tool to discover interesting directories within the website itself,
> these directories were not detected by famous website scanners like
> nikto or SPI dynamics,i managed to get documentation pages about the API
> application implemented, management login pages, backup files and much
> more.
> I leave it to your imagination to search for words like:
> password,login,oracle,database,administrator, backup...etc
>
> Best Regards,
>
>
> -----------------------------------
> Amal M. Al-Hajeri
> E/Network & Information Security
> Etisalat
>
>
>
>
>
--
Gerald Eisenhaur
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MASSACHUSETTS 01719
tel: 978.936.0465
geisenhaur (at) cisco (dot) com [email concealed]
[ reply ]