Google Hacking For Penetration Testers

I'm rolling the ball at this one. Let me know what you think, that if you've read the book about it.

Some great information can be found in their and also this allowed me to actually uncover holes in a few popular websites

Regards,
fluxgfx.com

 

There's this nice site too.

It's indeed amazing the stuff you can find. Like opening pandora's box. I just don't take the time to (mis)use it.

 

Hacker community donating to charity ?

 

meneer,

I know what you mean. I have the book and several other articles and it was amazing what you could find. Once simple example of that is a exchange server that allowed me to login and create my own email account on the server and then be able to check the emails out and view the Global Address List. One other instance is how I could manage to retreive an SQL database with information...

Scary... when you think about it.

 

Actually, Chip magazine's latest issue in India has a similar cover story. Never knew about it untill I read the article. No doubt, its pretty scary.

Cheers

Akshay

 

Hi,

Yeah. More specificly some technics you can use to retreive sensitive information such as cc, records, receipts etc...

Mind you that google has been trying to fix some loopholes but still remains you can use other crafted search syntax to achieve the same goal.

I got sh*t scared when I understood the potential g**gle had.

Regards,
fluxgfx.com

 

i have some hacks that let find whatever you want and download music, films, ebooks etc i have only used it once to see if it worked and downloaded the Paris Hilton vid

 

Hi,

The search syntax are quite easy to find. They are all over the place. You can get in depth knowledge of this with the book called "Google Hacking for Penetration Testers"

Regards,
fluxgfx.com

 

Google Hacking for Penetration Testers" - what does this mean, sorry to ask, but im interested

T

 

Penetration testing is the action to try to enter a system by means of using vulnerabilities, holes, misconfigurations etc. Penetration testing is also known as white hat or ethical hacking, because usually this act is performed by security specialists and auditors, who are requested to perform a penetration test by the owner of a system. White hat hackers may also unrequested cech for vulnerabilities, but the claim to inform the owner of the system of their findings, without using them.

When the owner of a system doesn't ask for the test, it's just a plain old hack, also known as a black hat hack , or criminal activity if the hacker is trying to gain access to certain resources on the system.

Cracking (using avaliable scripts by script kiddies) is in another league. Just plain nuisance.

 

I also thought that hackers were all the same not white or black. Thats for the info though, you learning something new each day,

cheers T