返回信息流最近从同事那里搞到了Offensive Security 101 v.2.0的一些教学视频……把学习笔记贴上来分享一下,大牛们轻拍。
第一章的基本内容有点杂乱,整理后再贴,其余10 章 我会在最近3周内慢慢更新上来。 笔记内容大多是鸟文的,见谅……
Offensive Security 官方主页
http://www.offensive-security.com/index.php
关于Offensive Security 101 v.2.0
http://www.offensive-security.com/training.php
Chapter 2 Google Hacking
Reference: See the desktop "Google Hacking for Pen-Testers", Johnny Long
Google Hacking
!!!Use Google Operator
see
http://www.googleguide.com/advanced_operators_reference.html
e.g.1.
site:offensive-security.com
site:www.offensive-security.com
Can be used to find out how many web pages served by given website.
e.g.2.
site:www.offensive-security.com filetype:pdf
Find all pdf file under same website
e.g.3. Find default kickstart configuration file, which may contain passwd, conf, etc
type in google:
#kickstart filetype:cfg
search in the file for: rootpw, installed packages, services, etc
also try
#kickstart filetype:cfg site:gov
to get more information
e.g.4 Find mysql dump file using google
#mysql dump filetype:sql
#mysql dump filetype:sql "insert into" username password
The dump file may contain schema, pwd etc.
Google Cache:
Search for cached passwd.
For more information, refer to Johnny Long's webpage (search for johney.ihackstuff.com) Pay attention to FrontPage conf files.
http://johnny.ihackstuff.com/ghdb.php
try "Files contain passwords"
Note that cached password may not be seen once removed. But google cache enable us to take a loooook at it.
Google 0wnag3
Locate the back-doors former hackers left over. If they are left as public-access allowed, we may just walk in, control the web server with full privileges
2 commonly used PHP based back-door in Apache world: r57 and c99
e.g. Search for r57shell and walk in
Search in google:
intitle:r57shell filetype: php
Escalation, try:
intitle:r57shell filetype: php inurl:gov
Email Harvesting
Find emails belonging to a domain
e.g.1 A simple search for emails
search for
bll.co.il
and harvest the email from the searching result
e.g.2 Using BackTrack3 Scripts
Kstart-> Backtrack-> Information Gathering-> Searchengine -> Goog Mail Enum
under the cmd line, type
./goog-mail.py -d bill.co.il -l 50 -b google
This will return the emails under the same domain
Backtrace
Backtarce emails fount above to see where do they come from. Find out who this persion was.
Vuln Fishing
Find the vuln feature using google.
e.g. Find certain php vuln and searching from Google
Find it: Go to place where such vuln is posted
http://milw0rm.com/exploits/4396
,get the line "Dork...."
Search it: search the dork information using google, 146000 or more result found, harvest...
这是一条镜像帖。来源:北邮人论坛 / security / #20805同步于 2009/1/1
该镜像源已超过 30 天没有更新,可能在源站已被删除。
Security机器人发帖
[分享]Offensive Security 101 v.2.0 学习笔记 第二章 Google H
Racso
2009/1/1镜像同步1 回复
订阅后,新回复会通过你的通知中心匿名送达。
1 条回复
另有
SyngressGoogle.Hacking.for.Penetration.Testers.Dec.2004.eBook-DDU.pdf
如有需要,请站内信
【 在 Racso 的大作中提到: 】
: 最近从同事那里搞到了Offensive Security 101 v.2.0的一些教学视频……把学习笔记贴上来分享一下,大牛们轻拍。
: 第一章的基本内容有点杂乱,整理后再贴,其余10 章 我会在最近3周内慢慢更新上来。 笔记内容大多是鸟文的,见谅……
: Offensive Security 官方主页
: ...................