Académique Documents
Professionnel Documents
Culture Documents
with Google
Maximiliano Soler
e-Mail:
Twitter: @maxisoler
Presentation
General Information
Identify vulnerabilities.
Exploit vulnerabilities.
got r00t?
10
Using Google
Dorks / Search Operators
11
12
13
14
15
16
17
allinanchor:
intext:
allintext:
intitle:
allintitle:
inurl:
allinurl:
link:
cache:
filetype:
define:
phonebook:
related:
info:
site:
id:
18
intitle:
site:
inurl:
filetype:
19
20
21
22
23
and Now
What we can find?!
24
Vulnerable products.
Error messages.
Files that contain sensitive information.
Files that contain passwords.
Files that contain usernames.
Foot-holds and support information to the access.
Pages with access forms.
Pages that contain relative data to vulnerabilities.
Directory sensitive.
Sensitive information on e-commerce and e-banking.
Devices online hardware.
Vulnerable files.
Vulnerable servers.
Detection of Web Servers.
25
26
27
inurl:gov.ar + intext:phpinfo
c0c0n 2010 @ Kochi, India
28
29
30
31
inurl:gov.ar inurl:robots.txt
c0c0n 2010 @ Kochi, India
32
33
inurl:gov.ar + inurl:config.xml
c0c0n 2010 @ Kochi, India
34
35
inurl:admin inurl:userlist
c0c0n 2010 @ Kochi, India
36
37
38
39
inurl:gov.ar inurl:wp-login.php
c0c0n 2010 @ Kochi, India
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
http://www.foundstone.com/us/resources/proddesc/sitedigger.htm
c0c0n 2010 @ Kochi, India
65
66
67
68
69
https://addons.mozilla.org/en-US/firefox/addon/2144/
70
71
Social Engineering
Increasing the game
72
73
Recommendations
74
75
76
Conclusions
77
78
79
80
81
Thank you!!
Maximiliano Soler
e-Mail:
Twitter: @maxisoler
c0c0n 2010 @ Kochi, India
82