Hacking Borhan Kazimi pour
Hacking Borhan Kazimi pour. Agenda How to hack How to hack using How to prevent hack using.
Dec 18, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
HackingBorhan Kazimi pour
Agenda
• How to hack
• How to hack using
• How to prevent hack using
How to hack
Huge White
How works?
How find us?
• Crawlers
• Add URL (site submission)
• Opera !
What give us?
. calculator
Math operators
Math constants
Units:
Physical constants
limitations
• Query length limit to 32.
• Noise word almost ignored.– A, an, or, the, for, me, any, to …
• Logic operators must be in uppercase.– OR, AND, NOT
Search result
…Search result
Special notation
…Special notation
Key words
… Key words
How to hack using
Directory listing
…Directory listing
• intitle:index.of "parent directory“
• intitle:index.of name size
• intitle:index.of.etc
• Intitle:index.of "parent directory "Xvid -html -htm -php -shtml
Versioning
…Versioning
• intitle:index.of server.at
• intitle:index.of server.at site:aol.com
• …then Search for exploit and …
Server test page
…Server test page
• intitle:welcome.to intitle:internet IIS• Intitle:test.page "Hey, it worked !" "SSL/TLS-
aware"
• allintitle:Welcome to Windows 2000 Internet Services
• allintitle:Welcome to Windows XP Server Internet Services
• …
Finding ID/Pass
• "# -FrontPage-" inurl:service.pwd • inurl:admin inurl:userlist• "AutoCreate=TRUE password=*" • allinurl: admin mdb• allinurl:auth_user_file.txt • intitle:"Index of" config.php• filetype:bak inurl:"htaccess|passwd|shadow|
htusers"
CGI Scanning
• allinurl:/random_banner/index.cgi
• Visit http://johnny.ihackstuff.com and see tons of golden query
Auto tools
• Gooscan
• Googledorks
• GooPot
• Write yourself using API
How to prevent hack using
Protect yourself
• Don’t use Opera !
• Keep your sensitive data off the web!
– SSH/SFTP/SSL…
– Encrypted email (PPG,…)
• Removing your site from
• Use a robots.txt file
… Protect yourself
• Googledork
– Try hack yourself !
• Change error and test pages
• Disable directory listing
• Update and patch
• Setup Honey Pot
Thanks to
And You
Related Documents
