Google Hacking For Penetration Testers

Discussion in 'privacy general' started by FluxGFX, Jul 14, 2005.

Thread Status:
Not open for further replies.
  1. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    I'm rolling the ball at this one. Let me know what you think, that if you've read the book about it.

    Some great information can be found in their and also this allowed me to actually uncover holes in a few popular websites :)

    Regards,
    fluxgfx.com
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    There's this nice site too.

    It's indeed amazing the stuff you can find. Like opening pandora's box. I just don't take the time to (mis)use it.
     
  3. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hacker community donating to charity ?
     
  4. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    meneer,

    I know what you mean. I have the book and several other articles and it was amazing what you could find. Once simple example of that is a exchange server that allowed me to login and create my own email account on the server and then be able to check the emails out and view the Global Address List. One other instance is how I could manage to retreive an SQL database with information...

    Scary... when you think about it.
     
  5. akshay_k72

    akshay_k72 Registered Member

    Joined:
    Jul 2, 2005
    Posts:
    79
    Location:
    New Delhi, India
    Actually, Chip magazine's latest issue in India has a similar cover story. Never knew about it untill I read the article. No doubt, its pretty scary.

    Cheers

    Akshay
     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Hi,

    Yeah. More specificly some technics you can use to retreive sensitive information such as cc, records, receipts etc...

    Mind you that google has been trying to fix some loopholes but still remains you can use other crafted search syntax to achieve the same goal.

    I got sh*t scared when I understood the potential g**gle had.

    Regards,
    fluxgfx.com
     
  7. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i have some hacks that let find whatever you want and download music, films, ebooks etc i have only used it once to see if it worked and downloaded the Paris Hilton vid :D
     
  8. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Hi,

    The search syntax are quite easy to find. They are all over the place. You can get in depth knowledge of this with the book called "Google Hacking for Penetration Testers"

    Regards,
    fluxgfx.com
     
  9. tom772

    tom772 Guest

    Google Hacking for Penetration Testers" - what does this mean, sorry to ask, but im interested

    T;)
     
  10. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Penetration testing is the action to try to enter a system by means of using vulnerabilities, holes, misconfigurations etc. Penetration testing is also known as white hat or ethical hacking, because usually this act is performed by security specialists and auditors, who are requested to perform a penetration test by the owner of a system. White hat hackers may also unrequested cech for vulnerabilities, but the claim to inform the owner of the system of their findings, without using them.

    When the owner of a system doesn't ask for the test, it's just a plain old hack, also known as a black hat hack , or criminal activity if the hacker is trying to gain access to certain resources on the system.

    Cracking (using avaliable scripts by script kiddies) is in another league. Just plain nuisance.
     
  11. tom772

    tom772 Guest

    I also thought that hackers were all the same not white or black. Thats for the info though, you learning something new each day,

    cheers T
     
Loading...
Thread Status:
Not open for further replies.