1 / 34

Hacking

Hacking. Borhan Kazimi pour. Agenda. How to hack How to hack using How to prevent hack using . How to hack. Huge White. How works? . How find us?. Crawlers Add URL (site submission) Opera !. What give us?. . calculator. Math operators.

baina
Télécharger la présentation

Hacking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hacking Borhan Kazimi pour

  2. Agenda • How to hack • How to hack using • How to prevent hack using

  3. How to hack

  4. Huge White

  5. How works?

  6. How find us? • Crawlers • Add URL (site submission) • Opera !

  7. What give us?

  8. . calculator

  9. Math operators

  10. Math constants

  11. Units:

  12. Physical constants

  13. limitations • Query length limit to 32. • Noise word almost ignored. • A, an, or, the, for, me, any, to … • Logic operators must be in uppercase. • OR, AND, NOT

  14. Search result

  15. …Search result

  16. Special notation

  17. …Special notation

  18. Key words

  19. … Key words

  20. How to hack using

  21. Directory listing

  22. …Directory listing • intitle:index.of "parent directory“ • intitle:index.of name size • intitle:index.of.etc • Intitle:index.of "parent directory "Xvid -html -htm -php -shtml

  23. Versioning

  24. …Versioning • intitle:index.of server.at • intitle:index.of server.at site:aol.com • …then Search for exploit and …

  25. Server test page

  26. …Server test page • intitle:welcome.to intitle:internet IIS • Intitle:test.page "Hey, it worked !" "SSL/TLS-aware" • allintitle:Welcome to Windows 2000 Internet Services • allintitle:Welcome to Windows XP Server Internet Services • …

  27. Finding ID/Pass • "# -FrontPage-" inurl:service.pwd • inurl:admin inurl:userlist • "AutoCreate=TRUE password=*" • allinurl: admin mdb • allinurl:auth_user_file.txt • intitle:"Index of" config.php • filetype:bak inurl:"htaccess|passwd|shadow|htusers"

  28. CGI Scanning • allinurl:/random_banner/index.cgi • Visit http://johnny.ihackstuff.com and see tons of golden query

  29. Auto tools • Gooscan • Googledorks • GooPot • Write yourself using API

  30. How to prevent hack using

  31. Protect yourself • Don’t use Opera ! • Keep your sensitive data off the web! • SSH/SFTP/SSL… • Encrypted email (PPG,…) • Removing your site from • Use a robots.txt file

  32. … Protect yourself • Googledork • Try hack yourself ! • Change error and test pages • Disable directory listing • Update and patch • Setup Honey Pot

  33. Thanks to AndYou

More Related