+ All Categories
Home > Documents > Hacking Borhan Kazimi pour. Agenda How to hack How to hack using How to prevent hack using.

Hacking Borhan Kazimi pour. Agenda How to hack How to hack using How to prevent hack using.

Date post: 18-Dec-2015
Category:
Upload: amelia-page
View: 253 times
Download: 2 times
Share this document with a friend
Popular Tags:
34
Hacking Borhan Kazimi pour
Transcript

HackingBorhan Kazimi pour

Agenda

• How to hack

• How to hack using

• How to prevent hack using

How to hack

Huge White

How works?

How find us?

• Crawlers

• Add URL (site submission)

• Opera !

What give us?

. calculator

Math operators

Math constants

Units:

Physical constants

limitations

• Query length limit to 32.

• Noise word almost ignored.– A, an, or, the, for, me, any, to …

• Logic operators must be in uppercase.– OR, AND, NOT

Search result

…Search result

Special notation

…Special notation

Key words

… Key words

How to hack using

Directory listing

…Directory listing

• intitle:index.of "parent directory“

• intitle:index.of name size

• intitle:index.of.etc

• Intitle:index.of "parent directory "Xvid -html -htm -php -shtml

Versioning

…Versioning

• intitle:index.of server.at

• intitle:index.of server.at site:aol.com

• …then Search for exploit and …

Server test page

…Server test page

• intitle:welcome.to intitle:internet IIS• Intitle:test.page "Hey, it worked !" "SSL/TLS-

aware"

• allintitle:Welcome to Windows 2000 Internet Services

• allintitle:Welcome to Windows XP Server Internet Services

• …

Finding ID/Pass

• "# -FrontPage-" inurl:service.pwd • inurl:admin inurl:userlist• "AutoCreate=TRUE password=*" • allinurl: admin mdb• allinurl:auth_user_file.txt • intitle:"Index of" config.php• filetype:bak inurl:"htaccess|passwd|shadow|

htusers"

CGI Scanning

• allinurl:/random_banner/index.cgi

• Visit http://johnny.ihackstuff.com and see tons of golden query

Auto tools

• Gooscan

• Googledorks

• GooPot

• Write yourself using API

How to prevent hack using

Protect yourself

• Don’t use Opera !

• Keep your sensitive data off the web!

– SSH/SFTP/SSL…

– Encrypted email (PPG,…)

• Removing your site from

• Use a robots.txt file

… Protect yourself

• Googledork

– Try hack yourself !

• Change error and test pages

• Disable directory listing

• Update and patch

• Setup Honey Pot

Thanks to

And You


Recommended