20121124

Advanced how-to phacking gettin' more from serach _ hack GOOGLE! MSN! YAHOO!

Bigbignotenotebigbig:-)

Windows user.....just click on  <- button..... Or......time to explore linux.......nah maybe not.....just browse few posts back and U will find biggest password hunting programs made for windows

Search Engine Hacking

Search engines, by definition, are used to find and locate information on the World Wide Web. In addition to using search engines to search for information, attackers have ways of using search engines to identify and locate vulnerabilities and confidential data.

Using search engines to find vulnerabilities offers a way for attackers to probe a network without the target’s knowledge since the entire search request and response come from the search engine and not the target. The attacker doesn’t leave a footprint since he is not sending information to the target. Attackers also use a cached page to view the information, instead of accessing the site directly, which creates another layer of protection for them.

Google Hacking

Numerous books and presentations discuss how to gather “sensitive” information from Google. Attackers can use Google to gather basic information such as contact lists, internal documents, and top-level organizational structures, as well as locate potential vulnerabilities in an organization’s web application.

Attackers can use a specific type of search query, called a dork, to locate security issues or confidential data. Attackers can use dorks to obtain firewall logs and customer data, and to find ways to access an organization’s database.

Security professionals have developed public databases of dorks. Dork databases exist for several different search engines; the most common dork database is the Google Hacking Database.

The Google Hacking Database (GHDB) is a great resource for finding dorks that can aid an attacker. The GHDB is located at :-)right here(-:

Using a dork is relatively simple. An attacker locates a dork of interest, and then uses Google to search for the dork. Just gøøgle for more

Automating Google Hacking

An attacker can use the Search Engine Assessment Tool (SEAT), developed by Midnight Research Labs, to automate Google hacking. SEAT uses search engines and search caches to search for vulnerabilities for a particular domain.

SEAT supports multiple search engines, including Google, Yahoo!, and MSN. SEAT also has a variety of built-in dorks. The databases that SEAT uses  were compiled from multiple sources, including the GHDB and Nikto.

how to get a file into a different directory, or how to bypass the security mechanisms that are helpfull and finally

download link for SEAT  :-)here(-:

complete documentation HOW TO  :-)there(-:





No comments:

Post a Comment