Penetration Testing with Kali Linux OffSec
|
|
Figure 16: Searching with the Exclude Operator
In this case, we found several interesting pages, including web directories indices. In another example, we can use a search for intitle:“index of” “parent directory” to find pages that contain “index of” in the title and the words “parent directory” on the page. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 119 Figure 17: Using Google to Find Directory Listings The output refers to directory listing 218 pages that list the file contents of the directories without index pages. Misconfigurations like this can reveal interesting files and sensitive information. These basic examples only scratch the surface of what we can do with search operators. The Google Hacking Database (GHDB) 219 contains multitudes of creative searches that demonstrate the power of leveraging combined operators. 218 (MITRE, 2022), https://cwe.mitre.org/data/definitions/548.html 219 (OffSec, 2023), https://www.exploit-db.com/google-hacking-database Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 120 Figure 18: The Google Hacking Database (GHDB) Another way of experimenting with Google Dorks is through the DorkSearch 220 portal, which provides a pre-built subset of queries and a builder tool to facilitate the search. Mastery of these operators, combined with a keen sense of deduction, are key skills for effective search engine “hacking”. 6.2.3 Netcraft Netcraft 221 is an internet service company, based in England, offering a free web portal that performs various information gathering functions such as discovering which technologies are running on a given website and finding which other hosts share the same IP netblock. Using services such as Netcraft is considered a passive technique, since we never directly interact with our target. Let’s review some of Netcraft’s capabilities. For example, we can use Netcraft’s DNS search page (https://searchdns.netcraft.com) to gather information about the megacorpone.com domain: 220 (DorkSearch, 2022), https://dorksearch.com/ 221 (Netcraft, 2022), https://www.netcraft.com/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 121 Figure 19: Netcraft Results for *.megacorpone.com Search For each server found, we can view a “site report” that provides additional information and history about the server by clicking on the file icon next to each site URL. Figure 20: Netcraft Site Report for www.megacorpone.com The start of the report covers registration information. However, if we scroll down, we discover various “site technology” entries. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 122 Figure 21: Site Technology for www.megacorpone.com This list of subdomains and technologies will prove useful as we move on to active information gathering and exploitation. For now, we will add it to our notes. 6.2.4 Open-Source Code In the following sections, we’ll explore various online tools and resources we can use to passively gather information. This includes open-source projects and online code repositories such as GitHub, 222 , GitHub Gist, 223 GitLab, 224 and SourceForge. 225 Code stored online can provide a glimpse into the programming languages and frameworks used by an organization. On a few rare occasions, developers have even accidentally committed sensitive data and credentials to public repos. The search tools for some of these platforms will support the Google search operators that we discussed earlier in this Module. GitHub’s search, 226 for example, is very flexible. We can use GitHub to search a user’s or organization’s repos; however, we need an account if we want to search across all public repos. To perform any Github search, we first need to register a basic account, which is free for individuals and organizations. Once we’ve logged in to our Github account, we can search MegaCorp One’s repos for interesting information. Let’s use filename:users to search for any files with the word “users” in the name. 222 (GitHub, 2022), https://github.com/ 223 (GitHub Inc, 2022), https://gist.github.com/ 224 (GitLab, 2022), https://about.gitlab.com/ 225 (Slashdot Media, 2022), https://sourceforge.net/ 226 (GitHub, 2022), https://help.github.com/en/github/searching-for-information-on-github/searching-code Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 123 Yüklə Dostları ilə paylaş:
|