offensive googling - owasp · why offensive googling find website server misconfiguration. find...

16
OFFENSIVE GOOGLING

Upload: others

Post on 23-Sep-2020

14 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

OFFENSIVE GOOGLING

Page 2: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

ABOUT ME

• BLAY ABU SAFIAN

• FOUNDER/CEO of INVETECK GLOBAL

• Engineer / Security Researcher / Penetration

Tester / Part-Time Bug Hunter

• www.inveteckglobal.com

• INSTAGRAM: inveteck_global

• TWITTER: Inveteck

Page 3: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

WHAT IS GOOGLE?

AMERICAN MULTINATIONAL TECHNOLOGY

COMPANY THAT SPECIALIZE IN INTERNET

RELATED SERVICES AND PRODUCTS INCLUDING

SOFTWARE,HARDWARE, CLOUD COMPUTING

ETC.

Page 4: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

WHY USE GOOGLE ?

GOOGLE WEBPAGE

• PROVIDES RELEVANT RESULTS QUICKLY.

• FOR AD DISPLAYS.

• CAN BE USED TO TRANSLATE LANGUAGES.

• HIDDEN VERTICAL SEARCH ENGINES FOR

FINDING SECRETFILES, VIDEOS, PICTURES

Page 5: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

WHAT IS OFFENSIVE GOOGLING?

• OFFICIAL NAME GOOGLE DORKING / GOOGLE

HACKING

• ADVANCE GOOGLE SEARCH TO FIND SECURITY

VULNERABILTIES IN THE CONFIGURATION

THAT A WEBSITE USES.

Page 6: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

WHY OFFENSIVE GOOGLING

• FIND WEBSITE SERVER MISCONFIGURATION.

• FIND LEAKED/SENSITIVE CREDENTIALS.

• FOR ADVANCE SEARCH

Page 7: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

WHO HAS USED OFFENSIVE GOOGLING IN

THE PAST?

HACKER HACKING WITH GOOGLE DORKS

Page 8: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

USING OFFENSIVE GOOGLING FOR NON-

MALICIOUS ACTIVITIES

GOOGLE DORKS FOR SEARCHING WINDOWS 7 OS

Page 9: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

WHERE TO FIND OFFENSIVE GOOGLING

QUERIES?

https://www.exploit-db.com

Page 10: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

EXAMPLE OF OFFENSIVE GOOGLING

QUERIES?

• GOOGLE DORK DESCRIPTION: intitle:”index

of” sql inurl:./db/

• GOOGLE DORK DESCRIPTION: intitle:”index

of” “sms.log”

Page 11: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

EXAMPLE OF OFFENSIVE GOOGLING

PAYLOADS?

GOOGLE EXPLOIT- DB

Page 12: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

Demo

Page 13: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

OFFENSIVE GOOGLING

Page 14: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

CONCLUSION

• OFFENSIVE GOOGLING CAN BE USED FOR

BOTH MALICIOUS AND NON MALICIOUS

ACTIVITIES

Page 15: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

REFERENCES

• https://www.jabari-holder.com/blog/a-team-

hacker-group-exposes-lulzsec/

Page 16: OFFENSIVE GOOGLING - OWASP · why offensive googling find website server misconfiguration. find leaked/sensitive credentials. for advance search . who has used offensive googling

ANY QUESTION