This is only part of the document I have available, I will share much more, depending on the interest of this post. I know there is a character restriction of PM's - because I hit it a few times yesterday, when a member asked me what I was capable of doing, needless to say - I left him overwhelmed on a simple Penatration Test. I would like to know the actual character limit on forum posts if anyone knows can they please PM me.
The Google Goldmine
Probably, everyone knows the old find the mp3 hacks using Google! But what about all of the other documents, you know the stuff that gets leaked on to the surface web, is it safe from Google, well that is really a stupid question. Penetration testing using Google can give you data that you wished for but were unable to get even using hack1ng tools.
Google offers so much data, not even google knows exactly what ‘switches’ can be used to call up a lot of data that really should not be on the internet.
Okay, there is that many leaks of documents, that you would not believe. Just take a look for yourself, and become a ‘Google Geek’, while having so much data at your fingertips. Now, I’m not talking about mp3’s – that’s last century information. We are talking about huge data, addresses, phone numbers, DOB’s, emails, credit cards, CV’s, bank accounts.
Pentesting Security
Type the following in Google search:
inurl:”viewerframe?mode=motion”
Want to try ‘Live’ testing a camera?
Then type this into Google:
intitle:”Live View / – AXIS”
Pentesting Personal and Confidential Documents
Gain access to Email Repositries containing CV’s of hundreds of people that applied for jobs.
The documents found will contain full addresses, phone numbers, DOB, Education, Work types, etc.
intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”
Educational groups of People containing contact details, including email addresses, etc. These are large .xls files (Excel documents).
Type in Google search the following:
filetype:xls inurl:”email.xls”
Documents of containing information on bank accounts, financial summaries and credit card numbers.
Use the following in Google:
intitle:index.of finances.xls
Want to get the config.php data and do not know how, just let Google do the dirty work for you!
Enter the following and say ‘hello’ to the world of config.php files.
intitle:”Index of” config.php
You may well ask what else can Google do? It is not what it can do, it’s more to the point of what it cannot do! I’ve only touched the surface with the above details. There is much more out there than people know about Google.
The aforementioned information is really easy to do; doesn’t that make you feel unsecure?
These search types and many others show just how bad security on the web really is, applying for a job online, securely – probably not!
Websites
All websites have holes in them, regardless of what type of script you are running, the only way to protect yourself is to get a whitehat hacker to check your website, for you - but in order to do this they need the webmasters permission and probably want you to sign a document to confirm that you have given your permission to run such a task.
I can show you how to get usr/pwd/database combinations even if the directory is pwd coded with a .htaccess file, with google, there is so much you can do with Google, this is why there is a 'Google Geek Team'. You can even run penatration exploits on any database, some are easier to takedown than others.
Wordpress you can as much security on it as possible, but it is the easiest script for hack1ng!
Look at IPB - an hackers forum was hackered ironically, yet IPB only today released patches. That is one whole week that the same exploit could have been used on other IPB forums with Nexus. The hacked forum had many peoples addresses, credit and debit cards on it and paypal accounts. It hit media headlines because of the amount of account details that were stored! It is okay running a site about hack1ng, but many these get hackers to fix the exploits, before opening up to to public.
If anyone wants me to post more of the Google hack1ng boolean expressions, just let me know, and I'll type them up!
Social Networking Bookmarks