Re: Website search engine is a hacking tool..

From: Gerry Eisenhaur (GEisenhaur_at_cisco.com)
Date: 07/21/04

  • Next message: Oliver_at_greyhat.de: "Re: Raptor firewall 6.1 port 80" 
    Date: Wed, 21 Jul 2004 14:54:13 -0500
To: Amal Mohammad Al Hajeri <amal@nis.etisalat.ae>

    There have been many articles written about using google as a hacking
    tool. All you really though need is an imagination.

    Here are some google modifiers that you might not know of:
    http://www.google.com/help/operators.html

    and here are some ideas to get you started:
    http://johnny.ihackstuff.com/index.php?module=prodreviews

    You would be amazed at whats out there, I've found everything from VNC
    passwords for entire domains, WEP keys, to pictures of peoples family.

    --gerry

    Amal Mohammad Al Hajeri wrote:
    > Hi List,
    >
    > Did you ever thought of the website search engine as a hacking tool?
    > During one of the pen-tests, The website search engine, was a valuable
    > tool to discover interesting directories within the website itself,
    > these directories were not detected by famous website scanners like
    > nikto or SPI dynamics,i managed to get documentation pages about the API
    > application implemented, management login pages, backup files and much
    > more.
    > I leave it to your imagination to search for words like:
    > password,login,oracle,database,administrator, backup...etc
    >
    > Best Regards,
    >
    >
    > -----------------------------------
    > Amal M. Al-Hajeri
    > E/Network & Information Security
    > Etisalat
    >
    >
    >
    >
    > 

    -- 
Gerald Eisenhaur
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MASSACHUSETTS 01719
tel:	978.936.0465
geisenhaur@cisco.com
  • Next message: Oliver_at_greyhat.de: "Re: Raptor firewall 6.1 port 80"