Có 100+ tài liệu thuộc chủ đề "kỹ thuật bảo mật"
tailieu.vn Xem trực tuyến Tải xuống
Google’s binary search feature can be used to profile executables, but it can also be used to locate live malware on the web. http://metasploit.com/research/misc/mwsearch.. www.sensepost.com/research/wikto/ Wikto, an excellent Google and Web scanner.. http://packetstormsecurity.com/ An excellent site for tools and exploits.. Nitesh Dhanjani http://dhanjani.com/archives/2006/10/using_google_. Stephen de Vries http://www.securityfocus.com/archive Michael Sutton’s Blog:. http://portal.spidynamics.com/blogs/msutton/archive How- Prevalent-Are-SQL-Injection-Vulnerabilities_3F00_.aspx. http://portal.spidynamics.com/blogs/msutton/archive How- Prevalent-Are-XSS-Vulnerabilities_3F00_.aspx. http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code- search/. HD Moore’s...
tailieu.vn Xem trực tuyến Tải xuống
Another interesting use of the administrator derivations is to search for them in the URL of a page using an inurl search. –ext:html –ext:htm. –ext:shtml –ext:asp –ext:php. The –ext:html –ext:htm –ext:shtml –ext:asp –ext:php query uses ext, a synonym for the filetype operator, and is a negative query. It returns no results when used alone and should be com- bined with...
tailieu.vn Xem trực tuyến Tải xuống
Hackers, on the other hand, have the luxury of selecting from a wider target base. Depending on his or her motivations and skill level, the attacker might opt to select a target based on known exploits at his disposal.This reverses the model used by pen testers, and as such it affects the structure we will use to explore the topic...
tailieu.vn Xem trực tuyến Tải xuống
var="HTTP_REFERER"-->">referring page</a>. var="HTTP_REFERER"-->">that page</a>. about the error.. <!—#include virtual=”include/bottom.html” —>. Notice that the sections of the error page are clearly labeled, making it easy to translate into Google queries.The TITLE variable, shown near the top of the listing, indicates that the text “Object not found!” will be displayed in the browser’s title bar. A search for intitle:“Object not found!” is...
tailieu.vn Xem trực tuyến Tải xuống
Using these subtle differences to our advantage, we can use specific Google queries to locate servers with these default pages, indicating that they are most likely running a specific version of Apache.Table 8.4 shows queries that can be used to locate specific families of Apache running default pages.. Table 8.4 Queries That Locate Default Apache Installations. Apache 1.2.6 intitle:”Test Page...
tailieu.vn Xem trực tuyến Tải xuống
Aanval Intrusion Detection intitle:”remote assessment” OpenAanval Console Console. Affiliate Tracking Software intitle:”iDevAffiliate - admin” -demo. Aimoo intitle:”Login to the forums. AlternC Desktop intitle:”AlternC Desktop”. Ampache intitle:Ampache intitle:”love of music” pass- word | login | “Remember Me.” -welcome Anyboard Login Portals intitle:”Login Forum Powered By AnyBoard”. intitle:”If you are a new user:” intext:”Forum Powered By AnyBoard” inurl:gochat -edu aspWebCalendar inurl:”calendar.asp?action=login”. Athens...
tailieu.vn Xem trực tuyến Tải xuống
Webmail intitle:”Login to @Mail” (ext:pl | inurl:”index”) -dwaffleman. Webmin inurl:”:10000” intext:webmin. WebMyStyle (intitle:”WmSC e-Cart. Administration”)|(intitle:”WebMyStyle e-Cart Administration”). W-Nailer uploadpics.php?did= -forum. WorkZone Extranet Solution intitle:”EXTRANET. WWWthreads (intitle:”Please login - Forums powered by WWWThreads”)|(inurl:”wwwthreads/login.php. ”)|(inurl:”wwwthreads/login.pl?Cat=”). xams intitle:”xams Login”. XcAuction intitle:”XcAuctionLite. XMail intitle:”XMail Web Administration Interface”. Zope Help System intitle:”Zope Help System” inurl:HelpSys ZyXEL Prestige Router intitle:”ZyXEL Prestige Router” “Enter pass-. Consider a...
tailieu.vn Xem trực tuyến Tải xuống
PhaserLink Printers intitle:”View and Configure PhaserLink”. Panasonic Network Cameras inurl:”ViewerFrame?Mode=”. Mobotix netcams (intext:”MOBOTIX M1. intext:”MOBOTIX M10”) intext:”Open Menu” Shift-Reload. Panasonic WJ-NT104 intitle:”WJ-NT104 Main Page”. AXIS Cameras intitle:”Live View. Linux Dreamboxes intitle:”dreambox web”. Axis Netcams intitle:”Live View. inurl:view/view.sht Axis 200 intitle:”The AXIS 200 Home Page”. Fiery WebTools (“Fiery WebTools” inurl:index2.html. Konica Network Printer intitle:”network administration” inurl:”nic”. Ricoh Afficio Printer intitle:RICOH intitle:”Network...
tailieu.vn Xem trực tuyến Tải xuống
All sorts of network devices can be located with Google queries.These devices are more than a passing technological curiosity for some attackers, since many devices linked from the Web are poorly configured, trusted devices often overlooked by typical security auditors. Web-enabled network devices can be located with simple Google queries.. The information from these devices can be used to help...
tailieu.vn Xem trực tuyến Tải xuống
Figure 9.5 Public Outlook Directory Searching for Usernames. filetype:config config intext: .Net Web Application configuration may appSettings “User ID” contain authentication information. filetype:netrc password .netrc file may contain cleartext passwords intitle:”Index of” passwords modified “Password” directories. filetype:bak inurl:”htaccess|passwd| BAK files referring to passwords or. filetype:log “See `ipsec —copyright” BARF log files reveal ipsec data inurl:”calendarscript/users.txt” CalenderScript passwords. inurl:ccbill filetype:log CCBill...
tailieu.vn Xem trực tuyến Tải xuống
Table 9.3 English Translations of the Word Password. Searching for Credit Card Numbers, Social Security Numbers, and More. Everything from credit infor- mation to banking data or supersensitive classified government documents can be found on the Web. This document, found using Google, lists hundreds and hundreds of credit card numbers (including expiration date and card validation numbers) as well as...
tailieu.vn Xem trực tuyến Tải xuống
Google Services. AJAX Search API. Blogger and Google’s Blog Search. Chapter 10. AJAX Search API is one of the leading Google services on the AJAX front.This service is meant as a replacement of the older SOAP search service which support was discontinued some time ago. AJAX Search API is considered to be more powerful then the SOAP service and easier...
tailieu.vn Xem trực tuyến Tải xuống
http://www.google.com/uds/GwebSearch?callback=GwebSearch.RawCompletion&context=0&ls tkp=0&rsz=large&hl=en&gss=.com&sig d756101be2fa94e0ce277&q=VW%20Beetle&k ey=internal&v=1.0. gss .com. www.google.com/uds/GwebSearch?callback=our_callback&context=0&rsz=large&q=GHDB&key=. our_callback('0',{"results GsearchResultClass":"GwebSearch","unescapedUrl":"htt p://johnny.ihackstuff.com/index.php?module\u003Dprodreviews","url":"http://johnny.i hackstuff.com/index.php%3Fmodule%3Dprodreviews","visibleUrl":"johnny.ihackstuff.com. ","cacheUrl":"http://www.google.com/search?q\u003Dcache:IS5G5YGJmHIJ:johnny.ihackst uff.com","title":"johnny.ihackstuff.com. Home","titleNoFormatting":"johnny.ihackstuff.com - Home","content":"Latest Downloads. \u003Cb\u003E...\u003C/b\u003E GsearchResultClass":"GwebSearch","unescapedUrl":. "http://johnny.ihackstuff.com/ghdb.php","url":"http://johnny.ihackstuff.com/ghdb.ph p","visibleUrl":"johnny.ihackstuff.com","cacheUrl":"http://www.google.com/search?q\. u003Dcache:MxfbWg9ik-MJ:johnny.ihackstuff.com","title":"Google Hacking. Database","titleNoFormatting":"Google Hacking Database","content":"Welcome to the Google Hacking Database (\u003Cb\u003EGHDB\u003C/b\u003E)! We call them. "http://ghh.sourceforge.net url":"http://ghh.sourceforge.net visibleUrl":"ghh .sourceforge.net","cacheUrl":"http://www.google.com/search?q\u003Dcache:WbkSIUl0UtM J:ghh.sourceforge.net","title":"GHH - The \u0026quot;Google Hack\u0026quot;. Honeypot","titleNoFormatting":"GHH - The \u0026quot;Google Hack\u0026quot;. Honeypot","content u003Cb\u003EGHDB\u003C/b\u003E Signature #734. \u003Cb\u003E...\u003C/b\u003E \u003Cb\u003EGHDB\u003C/b\u003E Signatures are maintained by the...
tailieu.vn Xem trực tuyến Tải xuống
Figure 10.12 reveals several scheduled telephone conferences. Of course we can try variations of the above quires and even space them up with more keywords so we can get a better picture. For example the query “username password” returns results about people who may stored sensitive login information within their calendar, as shown in Figure 10.13.. Figure 10.13 Calendar Search...
tailieu.vn Xem trực tuyến Tải xuống
feed = feedparser.parse('http://www.gnucitizen.org/feed. Figure 10.18 - Import Blog Entries. This script, entered as shown in Figure 10.18, will import all feed entries from GNUCITIZEN’s blog into your blog, effectively creating a spam blog as shown in Figure 10.19.. Figure 10.19 The new Splog. Very often we need to track changes in Google’s result set. Then again, we could simply use...
tailieu.vn Xem trực tuyến Tải xuống
Once you are ready to release your project, log into Google Code and click on the Source tab.You will be taken to your project source page.This page displays instructions on how to checkout your project folder as shown in Figure 10.27.. Figure 10.27 Google Code Source Page. Substitute projectname and username placeholders with your project name and your Google username.You...
tailieu.vn Xem trực tuyến Tải xuống
We’ll begin with the handy PHP script shown in Figure 11.1 which allows a web visitor to ping any target on the Internet. Figure 11.1 Php-ping.cgi Provides Free Ping Bounces. As shown in Figure 11.2, a well-placed Google query locates installations of this script, pro- viding web visitors with a finger client that allows them to query the service on...
tailieu.vn Xem trực tuyến Tải xuống
Figure 11.15 More Water Fountain Fun. Moving along to a more traditional network fixture, consider the screenshot captured in Figure 11.16.. Figure 11.16 An IDS Manager on Acid. It’s the way of things. But when I see something like the log shown in Figure 11.16, I get all confused. It’s hard to tell.. Even still, the Google hacking community has...
tailieu.vn Xem trực tuyến Tải xuống
Figure 11.30 Handicapped Parking Spot Gestapo Cam. WarriorClown sent me the search used for the capture shown in Figure 11.31. Figure 11.31 Remote Exploding Container Fun. In an attempt to get my imagination in check, I present pretty straightforward security camera view shown in Figure 11.32.. Figure 11.32 Open Web “Security” Cameras. Moving on, the search shown in Figure 11.33...
tailieu.vn Xem trực tuyến Tải xuống
Most people think I’m talking about UPS systems like the one submitted by Yeseins in Figure 11.47.. Figure 11.47 Whazzups?. This is a clever Google query, but it’s only an uninterruptible power system (UPS) monitoring page.This can be amusing, but as Jimmy Neutron shows in Figure 11.48, there are more interesting power hacking opportunities available.. Figure 11.48 Bedroom Hacking For...