tailieunhanh - Google hacking for penetration tester - part 43

Phần này là về công cụ máy tính. Đó là về kỹ thuật, công cụ, các công cụ của chuyên viên máy tính. Chúng tôi sẽ xem xét tại một số các chi tiết thú vị kỹ thuật của tin tặc phát hiện thấy Google. Chúng tôi sẽ bắt đầu bằng cách nhìn vào các tiện ích khác nhau mà thực sự không có kinh doanh trực tuyến được, trừ khi tất nhiên mục tiêu của bạn là để hỗ trợ chúng tôi sẽ xem xét các thiết bị mạng mở và các ứng dụng mở, không đòi hỏi. | Google Hacking Showcase Chapter 11 421 Geek Stuff This section is about computer stuff. It s about technical stuff the stuff of geeks. We will take a look at some of the more interesting technical finds uncovered by Google hackers. We ll begin by looking at various utilities that really have no business being online unless of course your goal is to aid we ll look at open network devices and open applications neither of which requires any real hacking to gain access to. Utilities Any self-respecting hacker has a war chest of tools at his disposal but the thing that s interesting about the tools in this section is that they are online they run on a web server and allow an attacker to effectively bounce his reconnaissance efforts off of that hosting web server. To make matters worse these application-hosting servers were each located with clever Google queries. We ll begin with the handy PHP script shown in Figure which allows a web visitor to ping any target on the Internet. A ping isn t necessarily a bad thing but why offer the service to anonymous visitors Figure Provides Free Ping Bounces Unlike the ping tool the finger tool has been out of commission for quite a long time. This annoying service allowed attackers to query users on a UNIX machine allowing enumeration of all sorts of information such as user connect times home directory full name and more. Enter the finger CGI script an awkward attempt to webify this irritating service. As shown in Figure a well-placed Google query locates installations of this script providing web visitors with a finger client that allows them to query the service on remote machines. 422 Chapter 11 Google Hacking Showcase Figure Finger CGI Script Allows Remote Fingering Pings and finger lookups are relatively benign most system administrators won t even notice them traversing their networks. Port scans on the other hand are hardly ever considered benign and a paranoid administrator or .

TỪ KHÓA LIÊN QUAN