Penetration Testing with Kali Linux OffSec
whois 38.100.193.70 -h 192.168.50.251
|
|
whois 38.100.193.70 -h 192.168.50.251
... NetRange: 38.0.0.0 - 38.255.255.255 CIDR: 38.0.0.0/8 NetName: COGENT-A ... OrgName: PSINet, Inc. OrgId: PSI Address: 2450 N Street NW City: Washington StateProv: DC PostalCode: 20037 Country: US RegDate: Updated: 2015-06-04 ... Listing 36 - Whois reverse lookup The results of the reverse lookup give us information about who is hosting the IP address. This information could be useful later, and as with all the information we gather, we will add this to our notes. 6.2.2 Google Hacking The term “Google Hacking” was popularized by Johnny Long in 2001. Through several talks 215 and an extremely popular book ( Google Hacking for Penetration Testers 216 ), he outlined how 215 (Wikipedia, 2022) https://en.wikipedia.org/wiki/Google_hacking 216 (Johnny Long, Bill Gardner, Justin Brown, 2015), https://www.amazon.com/Google-Hacking-Penetration-Testers- Johnny/dp/0128029641/ref=dp_ob_image_bk Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 116 search engines like Google could be used to uncover critical information, vulnerabilities, and misconfigured websites. At the heart of this technique is using clever search strings and operators 217 for the creative refinement of search queries, most of which work with a variety of search engines. The process is iterative, beginning with a broad search, which is narrowed using operators to sift out irrelevant or uninteresting results. We’ll start by introducing several of these operators to learn how they can be used. The site operator limits searches to a single domain. We can use this operator to gather a rough idea of an organization’s web presence. Figure 14: Searching with a Site Operator The image above shows how the site operator limited the search to the megacorpone.com domain we have specified. We can then use further operators to narrow these results. For example, the filetype (or ext ) operator limits search results to the specified file type. In the example below, we combine operators to locate TXT files ( filetype:txt ) on www.megacorpone.com (site:megacorpone.com): 217 (Google, 2022), https://support.google.com/websearch/answer/2466433?hl=en Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 117 Figure 15: Searching with a Filetype Operator We receive an interesting result. Our query found the robots.txt file, containing following content. User-agent: * Allow: / Allow: /nanites.php Listing 37 - robots.txt file The robots.txt file instructs web crawlers, such as Google’s search engine crawler, to allow or disallow specific resources. In this case, it revealed a specific PHP page (/nanities.php) that was otherwise hidden from the regular search, despite being listed allowed by the policy. The ext operator could also be helpful to discern which programming languages might be used on a web site. Searches like ext:php, ext:xml, and ext:py will find indexed PHP Pages, XML, and Python pages, respectively. We can also modify an operator using - to exclude particular items from a search, narrowing the results. For example, to find interesting non-HTML pages, we can use site:megacorpone.com to limit the search to megacorpone.com and subdomains, followed by -filetype:html to exclude HTML pages from the results. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 118 Yüklə Dostları ilə paylaş:
|