Google hacking for penetration tester part 2
➤ Gửi thông báo lỗi ⚠️ Báo cáo tài liệu vi phạmNội dung chi tiết: Google hacking for penetration tester part 2
Google hacking for penetration tester part 2
Chapter 9Usernames, Passwords, and Secret stuff. Oh My!Solutions in this Chapter:■Searching for Usernames■Searching for Passwords■Searching for Credit Google hacking for penetration tester part 2t Card Numbers, Social Security Numbers, and More■Searching for other Juicy Info■List of Sites0 Summary0 Solutions Fast Track0 Frequently Asked Questions263264 Chapter 9 • Usernames, Passwords, and Secret stuff. Oh My!IntroductionThis chapter is not about finding sensitive data during an assessment Google hacking for penetration tester part 2as much as it is about what the “bad guys” might do to troll for the data. The examples presented in this chapter generally represent the lowest-hangiGoogle hacking for penetration tester part 2
ng fruit on rhe security tree. Hackers target this information on a daily basis. To protect against this type of attacker, we need to be fairly candidChapter 9Usernames, Passwords, and Secret stuff. Oh My!Solutions in this Chapter:■Searching for Usernames■Searching for Passwords■Searching for Credit Google hacking for penetration tester part 2 less important half of most authentication systems. The value of a username is often overlooked, but as we saw in Chapters 4 and 5, an entire multimillion-dollar security system can be shattered through skillful crafting of even the smallest, most innocuous bit of information.Next, we take a look a Google hacking for penetration tester part 2t queries that are designed to uncover passwords. Some of the queries we look at reveal encrypted or encoded passwords, which will take a bit of workGoogle hacking for penetration tester part 2
on the part of an attacker to use to his or her advantage. We also take a look at queries that can uncover cleartext passwords. These queries are someChapter 9Usernames, Passwords, and Secret stuff. Oh My!Solutions in this Chapter:■Searching for Usernames■Searching for Passwords■Searching for Credit Google hacking for penetration tester part 2to an attacker?We wrap up this chapter by discussing the very real possibility of uncovering highly sensitive data such as credit card information and information used to commit identity theft, such as Social Security numbers. Our goal here is to explore ways of protecting against this very real thr Google hacking for penetration tester part 2eat. To that end, we don’t go into details about uncovering financial information and the like. If you're a “dark side” hacker, you'll need to figureGoogle hacking for penetration tester part 2
these things out on your own.Searching for UsernamesMost authentication mechanisms use a username and password to protect information. To get through Chapter 9Usernames, Passwords, and Secret stuff. Oh My!Solutions in this Chapter:■Searching for Usernames■Searching for Passwords■Searching for Credit Google hacking for penetration tester part 2g efforts, as we discussed earlier.Many methods can be used to determine usernames. In Chapter 10, we explored ways of gathering usernames via database error messages. In Chapter 8 we explored Web server and application error messages that can reveal various information, including usernames. These i Google hacking for penetration tester part 2ndirect methods of locating usernames are helpful, but an attacker could target a usernames directory with a simplewww.syngress.comUsernames, PasswordGoogle hacking for penetration tester part 2
s, and Secret stuff. Oh My! • Chapter 9265query like “your username is”. This phrase can locate help pages that describe the username creation processChapter 9Usernames, Passwords, and Secret stuff. Oh My!Solutions in this Chapter:■Searching for Usernames■Searching for Passwords■Searching for Credit Google hacking for penetration tester part 2e based on information gleaned from other sources, such as Google Groups posts or phone listings. The usernames could then be recycled into various other phases of the attack, such as a worm-based spam campaign or a social-engineering attempt. An attacker can gather usernames from a variety of sourc Google hacking for penetration tester part 2es, as shown in the sample queries listed in Table 9.1.Table 9.1 Sample Queries That Locate UsernamesQueryDescriptioninurl:admin inurl: userlist inurlGoogle hacking for penetration tester part 2
:admin filetype:asp inurl: user list inurl:php inurl:hlstats intext:Generic userlist files Generic userlist files Half-life statistics file, lists useChapter 9Usernames, Passwords, and Secret stuff. Oh My!Solutions in this Chapter:■Searching for Usernames■Searching for Passwords■Searching for Credit Google hacking for penetration tester part 2Continuedwww.syngress.com266 Chapter 9 • Usernames, Passwords, and Secret stuff, Oh My!Table 9.1 Sample Queries That Locate UsernamesQueryfiletype:reg reg in text: "internet account manager" Google hacking for penetration tester part 2Chapter 9Usernames, Passwords, and Secret stuff. Oh My!Solutions in this Chapter:■Searching for Usernames■Searching for Passwords■Searching for CreditGọi ngay
Chat zalo
Facebook