hacking borhan kazimi pour. agenda how to hack how to hack using how to prevent hack using

Download Hacking Borhan Kazimi pour. Agenda How to hack How to hack using How to prevent hack using

Post on 18-Dec-2015

214 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • Hacking Borhan Kazimi pour
  • Slide 2
  • Agenda How to hack How to hack using How to prevent hack using
  • Slide 3
  • How to hack
  • Slide 4
  • Huge White
  • Slide 5
  • How works?
  • Slide 6
  • How find us? Crawlers Add URL (site submission) Opera !
  • Slide 7
  • What give us?
  • Slide 8
  • . calculator
  • Slide 9
  • Math operators
  • Slide 10
  • Math constants
  • Slide 11
  • Units:
  • Slide 12
  • Physical constants
  • Slide 13
  • limitations Query length limit to 32. Noise word almost ignored. A, an, or, the, for, me, any, to Logic operators must be in uppercase. OR, AND, NOT
  • Slide 14
  • Search result
  • Slide 15
  • Search result
  • Slide 16
  • Special notation
  • Slide 17
  • Special notation
  • Slide 18
  • Key words
  • Slide 19
  • Key words
  • Slide 20
  • How to hack using
  • Slide 21
  • Directory listing
  • Slide 22
  • Directory listing intitle:index.of "parent directory intitle:index.of name size intitle:index.of.etc Intitle:index.of "parent directory "Xvid -html -htm -php -shtml
  • Slide 23
  • Versioning
  • Slide 24
  • Versioning intitle:index.of server.at intitle:index.of server.at site:aol.com then Search for exploit and
  • Slide 25
  • Server test page
  • Slide 26
  • Server test page intitle:welcome.to intitle:internet IIS Intitle:test.page "Hey, it worked !" "SSL/TLS- aware" allintitle:Welcome to Windows 2000 Internet Services allintitle:Welcome to Windows XP Server Internet Services
  • Slide 27
  • Finding ID/Pass "# -FrontPage-" inurl:service.pwd inurl:admin inurl:userlist "AutoCreate=TRUE password=*" allinurl: admin mdb allinurl:auth_user_file.txt intitle:"Index of" config.php filetype:bak inurl:"htaccess|passwd|shadow|htusers"
  • Slide 28
  • Slide 29
  • CGI Scanning allinurl:/random_banner/index.cgi Visit http://johnny.ihackstuff.com and see tons of golden queryhttp://johnny.ihackstuff.com
  • Slide 30
  • Auto tools Gooscan Googledorks GooPot Write yourself using API
  • Slide 31
  • How to prevent hack using
  • Slide 32
  • Protect yourself Dont use Opera ! Keep your sensitive data off the web! SSH/SFTP/SSL Encrypted email (PPG,) Removing your site from Use a robots.txt file
  • Slide 33
  • Protect yourself Googledork Try hack yourself ! Change error and test pages Disable directory listing Update and patch Setup Honey Pot
  • Slide 34
  • Thanks to And You