Có 80+ tài liệu thuộc chủ đề "kỹ thuật bảo mật"
tailieu.vn Xem trực tuyến Tải xuống
The site operator can be easily combined with other searches and operators, as we’ll see later in this chapter.. Filetype: Search for Files of a Specific Type. Google can search many different types of files, including PDF (Adobe Portable Document Format) and Microsoft Office documents.The filetype operator can help you search for these types of files. More specifically, filetype searches...
tailieu.vn Xem trực tuyến Tải xuống
The daterange operator must be used with other search terms or advanced operators. The info operator shows the summary information for a site and provides links to other Google searches that might pertain to that site, as shown in Figure 2.18.The parameter to this operator must be a valid URL or site name.You can achieve this same functionality by supplying...
tailieu.vn Xem trực tuyến Tải xuống
Operators listed as “No” should not be used in the same query as other opera- tors. This table also lists operators that can only be used within specific Google search areas and operators that cannot be used alone.The values in this table bear some explanation. Any box marked with “Not really” indicates that Google. attempts to translate your query when...
tailieu.vn Xem trực tuyến Tải xuống
A: Yes, most other search engines offer similar operators.Yahoo is the most similar to Google, in my opinion.This might have to do with the fact that Yahoo once relied solely on Google as its search provider.The operators available with Yahoo include site (domain search), hostname (full server name), link, url (show only one document), inurl, and intitle.. The Yahoo advanced...
tailieu.vn Xem trực tuyến Tải xuống
intitle:index.of “server at”. “AnWeb/1.42h” intitle:index.of. “Apache Tomcat/” intitle:index.of. “Apache-AdvancedExtranetServer/” intitle:index.of. “Apache/df-exts” intitle:index.of. “Apache/” intitle:index.of. “Apache/AmEuro” intitle:index.of. “Apache/Blast” intitle:index.of. “Apache/WWW” intitle:index.of. “CERN httpd 3.0B (VAX VMS)” intitle:index.of. “CompySings/2.0.40” intitle:index.of. “Davepache/2.02.003 (Unix)” intitle:index.of. “DinaHTTPd Server/1.15” intitle:index.of. intitle:index.of. server at intitle:index.of. “IBM_HTTP_Server” intitle:index.of. “IBM_HTTP_Server/2.0.42” intitle:index.of. “JRun Web Server” intitle:index.of. “LiteSpeed Web” intitle:index.of. “MCWeb” intitle:index.of. “MaXX/3.1” intitle:index.of. “Microsoft-IIS/* server at” intitle:index.of. “Microsoft-IIS/4.0” intitle:index.of. “Microsoft-IIS/5.0...
tailieu.vn Xem trực tuyến Tải xuống
If you look closely at the URL, you’ll notice an “admin” directory two directory levels above our cur- rent location. If we were to click the “parent directory” link, we would be taken up one directory, to the “php” directory. Clicking the “parent directory” link from the “envr” direc- tory would take us to the “admin” directory, a potentially juicy...
tailieu.vn Xem trực tuyến Tải xuống
Configuration Files. Consider the file shown in Figure 4.2.This file, found with a query such as filetype:ini inurl:ws_ftp, is a configuration file used by the WS_FTP client program. When the WS_FTP program is downloaded and installed, the configuration file contains nothing more than a list of popular, public Internet FTP servers. However, over time, this configuration file can be automatically...
tailieu.vn Xem trực tuyến Tải xuống
Table 4.2 Log File Search Examples. QueryProgram “ZoneAlarm ZoneAlarm log files Logging Client”. +htpasswd WS_FTP.LOG filetype:log WS_FTP client log files +intext:”webalizer” +intext: Webalizer statistics. ext:log “Software: Microsoft IIS server log files Internet Information Services. ext:log password END_FILE Java password files filetype:cfg login “LoginServer=” Ultima Online log files filetype:log “PHP Parse error. filetype:log “See `ipsec —copyright” BARF log files. filetype:log access.log...
tailieu.vn Xem trực tuyến Tải xuống
ColdFusion error message, can intitle:”Error Occurred While Processing reveal SQL statements and server Request”. ColdFusion error message, can intitle:”Error Occurred” “The error occurred reveal source code, full pathnames, in” filetype:cfm. Coldfusion Error Pages reveal “Error Diagnostic Information”. many different types of information intitle:”Error Occurred While”. DB2 error message can reveal “detected an internal error [IBM][CLI path names, function names, Driver][DB2/6000]”....
tailieu.vn Xem trực tuyến Tải xuống
In cases like this, the best option for locating specific strings lies in the use of regular expressions.This involves downloading the documents you want to search (which you most likely found with a Google search) and parsing those files for the information you’re looking for.You could opt to automate the process of downloading these files, as we’ll show in Chapter...
tailieu.vn Xem trực tuyến Tải xuống
Google’s Part. There are various reasons for hacking. From this flow many of the other motiva- tors. However, this information can be reached simply by assembling related pieces of information together to form a bigger pic- ture.This, of course, is not true for all information.The chances that I will find your super secret double encrypted document on Google is extremely...
tailieu.vn Xem trực tuyến Tải xuống
Also, you will be getting results from sites that are not within the ****.gov domain. How do we get more results and limit our search to the ****.gov domain? By combining the query with keywords and other operators. Consider the query site:****.gov. www.****.gov.The query means find any result within sites that are located in the. While this query works beauti-...
tailieu.vn Xem trực tuyến Tải xuống
17 print "\n---\n".$snippet."\n----\n";. In this script we’ve put the “<div class=g>” string into a token, because we are going to use it more than once.This also makes it easy to change when Google decides to call it something else. But this is only so useful. Now that we have this function, we can inspect the HTML and decide how to...
tailieu.vn Xem trực tuyến Tải xuống
Finally, we can have our script terminate when no new sub-domains are found.. Another sure fire way of obtaining domains without having to perform the host/domain check is to post process-mined e-mail addresses. As almost all e-mail addresses are already at a domain (and not a host), the e-mail address can simply be cut after the @ sign and used...
tailieu.vn Xem trực tuyến Tải xuống
my $fname="/tmp/".$time.$frand;. print "Author:".$$info{"Author n";. print "LastSaved:".$$info{"LastSavedBy n";. print "Creator:".$$info{"creator n";. print "Company:".$$info{"Company n";. print "Email:".$$info{"AuthorEmail n";. print ". $$info{$_}\n";. perl docinfo.pl http://www.elsevier.com/framework_support/permreq.doc Author:Catherine Nielsen. foreach my $type (@types){. Save this script as scraper.pl.The scraper takes a domain and number as parameters.The number is the number of results to return, but multiple page support is not included in the code....
tailieu.vn Xem trực tuyến Tải xuống
From the e-mail addresses, extract the domains (mentioned earlier in the domain and sub-domain mining section).The results are the nodes at the top of the screen shot.. From the sub-domains, perform brute-force DNS look ups, basically looking for common DNS names.This is the second layer of nodes in the screen shot.. Add the DNS names of the MX records for...
tailieu.vn Xem trực tuyến Tải xuống
How does it actually work? Every site that you visit knows about the previous site that you visited.This is sent in the HTTP header as a referrer. When someone visits Google, their search terms appear as part of the URL (as it’s a GET request) and is passed to your site once the user arrives there.This gives you the ability...
tailieu.vn Xem trực tuyến Tải xuống
Figure 6.4 Google Analyzes Binary Files. Clicking the file link (instead of the HTML link) will most likely freak out your browser, as shown in Figure 6.5.. Figure 6.5 Binary Browser Garbage. Consider the search for Backup4all backup software shown in Figure 6.6.. Figure 6.6 Google Warning about Malware. Clicking on the file link will not take you to the...
tailieu.vn Xem trực tuyến Tải xuống
For example, line 168 shows that copyrights are printed and that the term “Powered by” is printed in the footer.. A phrase like “Powered by” can be very useful in locating specific targets due to their high degree of uniqueness. Following the “Powered by” phrase is a link to. http://cutephp.com/cutenews/ and the string $config_version_name, which will list the ver- sion...
tailieu.vn Xem trực tuyến Tải xuống
“Powered by CuteNews” CuteNews 1.4.0 (and possibly prior versions) allows remote code execution.. “Powered by GTChat 0.95”+ GTChat v0.95 contains a remote denial of. intitle:”WEB//NEWS Personal WEB//NEWS 1.4 is prone to multiple SQL Newsmanagement” intext:” injection vulnerabilities.. ”message” inurl:page=1. “Powered by autolinks pro 2.1” AutoLinksPro v2.1 contains a remote PHP inurl:register.php File include vulnerability.. “CosmoShop by Zaunz Publishing” Cosmoshop versions...