OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find...

Post on 23-Sep-2020

16 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find...

OFFENSIVE GOOGLING

ABOUT ME

• BLAY ABU SAFIAN

• FOUNDER/CEO of INVETECK GLOBAL

• Engineer / Security Researcher / Penetration

Tester / Part-Time Bug Hunter

• www.inveteckglobal.com

• INSTAGRAM: inveteck_global

• TWITTER: Inveteck

http://www.inveteckglobal.com
http://www.inveteckglobal.com
http://www.inveteckglobal.com
http://www.inveteckglobal.com
http://www.inveteckglobal.com

WHAT IS GOOGLE?

AMERICAN MULTINATIONAL TECHNOLOGY

COMPANY THAT SPECIALIZE IN INTERNET

RELATED SERVICES AND PRODUCTS INCLUDING

SOFTWARE,HARDWARE, CLOUD COMPUTING

ETC.

WHY USE GOOGLE ?

GOOGLE WEBPAGE

• PROVIDES RELEVANT RESULTS QUICKLY.

• FOR AD DISPLAYS.

• CAN BE USED TO TRANSLATE LANGUAGES.

• HIDDEN VERTICAL SEARCH ENGINES FOR

FINDING SECRETFILES, VIDEOS, PICTURES

WHAT IS OFFENSIVE GOOGLING?

• OFFICIAL NAME GOOGLE DORKING / GOOGLE

HACKING

• ADVANCE GOOGLE SEARCH TO FIND SECURITY

VULNERABILTIES IN THE CONFIGURATION

THAT A WEBSITE USES.

WHY OFFENSIVE GOOGLING

• FIND WEBSITE SERVER MISCONFIGURATION.

• FIND LEAKED/SENSITIVE CREDENTIALS.

• FOR ADVANCE SEARCH

WHO HAS USED OFFENSIVE GOOGLING IN

THE PAST?

HACKER HACKING WITH GOOGLE DORKS

USING OFFENSIVE GOOGLING FOR NON-

MALICIOUS ACTIVITIES

GOOGLE DORKS FOR SEARCHING WINDOWS 7 OS

WHERE TO FIND OFFENSIVE GOOGLING

QUERIES?

https://www.exploit-db.com

EXAMPLE OF OFFENSIVE GOOGLING

QUERIES?

• GOOGLE DORK DESCRIPTION: intitle:”index

of” sql inurl:./db/

• GOOGLE DORK DESCRIPTION: intitle:”index

of” “sms.log”

EXAMPLE OF OFFENSIVE GOOGLING

PAYLOADS?

GOOGLE EXPLOIT- DB

Demo

OFFENSIVE GOOGLING

CONCLUSION

• OFFENSIVE GOOGLING CAN BE USED FOR

BOTH MALICIOUS AND NON MALICIOUS

ACTIVITIES

REFERENCES

• https://www.jabari-holder.com/blog/a-team-

hacker-group-exposes-lulzsec/

ANY QUESTION

Top related

Googling for genealogy
 Self Improvement
BGP misconfiguration
 Documents
Effective googling
 Education
Googling Google
 Technology
Googling for Answers (LLA)
 Education
Spatial Googling Midterm Presentation
 Documents
Top SharePoint misconfiguration
 Business
Googling with Google
 Technology
Googling for Answers
 Education
Security Misconfiguration (OWASP Top 10 - 2013 - A5)
 Technology
Modeling DNS Security: Misconfiguration, Availability, and Visualization
 Documents
Googling of GooGle
 Technology
Beyond Googling
 Documents
Security misconfiguration
 Software
Art of Googling
 Documents
Googling to the Max
 Documents
Who's googling you
 Technology
KIN24x7 and Googling & Wiki'ing
 Education
Googling for Answers (LLA 2013)
 Documents
Googling for health presentation
 Health & Medicine

Copyright © 2022 FDOCUMENTS