Search Engines for Penetration Testers and Crackers
Nella Defcon 18(DEF CON® Hacking Conference) si è parlato di SHODAN,che non è altro che un motore di ricerca, molto diverso però dai soliti, bing google,yahoo ecc.
Con SHODAN, possiamo filtrare i risultati per porta, per server, per continente,cercare password… web applicazioni “old”,router,ftp e molto altro ancora…cercando nelle risposte che il server ci da, ad esempio “Server: iis 5″
Dal sito ufficiale:
SHODAN is a computer search engine. But it is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. This presentation will focus on the applications of SHODAN to penetration testers, and in particular will detail a number of case studies demonstrating passive vulnerability analysis including default passwords, descriptive banners, and complete pwnage. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities.
Michael Schearer (“theprez98″) is a government contractor who spent nearly nine years in the United States Navy as a combat-experienced EA-6B Prowler Electronic Countermeasures Officer. He also spent nine months on the ground doing counter-IED work with the U.S. Army. He is a graduate of Georgetown University’s National Security Studies Program and a previous presenter at DEFCON, and has spoken at ShmooCon, HOPE and internationally at CONFidence (Poland) and HackCon (Norway) as well as other numerous conferences. Michael is a licensed amateur radio operator and an active member of the Church of WiFi. He lives in Maryland with his wife and four children.
Anche con google, come saprete si possono filtrare i risultati le famose dork .
Ad esempio con google o.o se cerchiamo:
inurl:"password" filetype:xls
Beh ci piombano fuori password di mediaset, megaupload,rapidshare,tim,vodafone,aruba e altre cazzate :D che il nostro amico google indicizza.
Tutto questo perché la gente carica i propri file sul web e “non dice agli spider(come google)” di non indicizzare certi documenti… tipo password backup ecc… non si fa un buon uso del file robots.txt .
Come è facile la vita dei crackers o.O
Ma siamo noi a rendergliela facile è :D
Se google, non è nato proprio per indicizzare password e file potenzialmente pericolosi, SHODAN mira proprio ad individuare falle di sicurezza…
Vi lascio alla lettura della presentazione di SHODAN alla Defcon 18.
[DOWNLOAD PDF ] SHODAN presentation and TUTORIAL
Related posts:
- Pdf Search Engine:Trova Libri Gratis
- [scanner]Plecost: A WordPress Penetration-Test for Plugins
- [chrome-estensione]Togli gli * dalle password salvate =)
- Guida: GOOGLE HACKING
- Naviga super veloce con Google DNS: Addio OpenDNS =)
This entry was posted on Wednesday, September 1st, 2010 at 9:15 am and is filed under Hacking, Web Services. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Tagged with: default • dork • google • password • server
Pingback: Search Engines for Penetration Testers and Crackers
Pingback: news sul mondo della programmazione » Search Engines for Penetration Testers and Crackers