Professional Documents
Culture Documents
Patrick Chambet
Edelweb – ON-X Group
patrick.chambet@edelweb.fr
EdelWeb http://www.edelweb.fr
http://www.chambet.com
Planning
u General points
u Some examples
u Recommendations
u Conclusion
Vulnerabilities identification
Vulnerabilities exploitation
Go further !
Some examples
u Recommendations
u Conclusion
u Passwords
Ø "Index of" htpasswd / passwd
Ø filetype:xls username password email
Ø "WS_FTP.LOG"
Ø "config.php"
Ø allinurl: admin mdb
Ø service filetype:pwd (FrontPage)
x.x.x.202 x.x.x.31
Localhost================Router================Remotehost
x.x.x.205 x.x.x.32
u Social engineering
Ø Personal information about administrators
and users
Ø Hobbies
Ø Skills
Ø Expertise and motivation level
Ø Friends
Ø Etc.
Patrick Chambet Google attacks Page 12
Planning
u General points
u Some examples
Recommendations
u Conclusion
u http://www.hackingspirits.com/eth-hac/papers/
Demystifying%20Google%20Hacks.pdf
u “Googledorks”
Ø http://johnny.ihackstuff.com/index.php?module=prodreviews
u http://www.searchlores.org/
u http://www.theregister.co.uk/2001/11/28/the_google_attack
_engine/
u Athena tool
Ø http://www.buyukada.co.uk/projects/athena/