Hacking Borhan Kazimi pour. Agenda How to hack How to hack using How to prevent hack using

  • View
    220

  • Download
    2

Embed Size (px)

Text of Hacking Borhan Kazimi pour. Agenda How to hack How to hack using How to prevent hack using

  • Slide 1
  • Hacking Borhan Kazimi pour
  • Slide 2
  • Agenda How to hack How to hack using How to prevent hack using
  • Slide 3
  • How to hack
  • Slide 4
  • Huge White
  • Slide 5
  • How works?
  • Slide 6
  • How find us? Crawlers Add URL (site submission) Opera !
  • Slide 7
  • What give us?
  • Slide 8
  • . calculator
  • Slide 9
  • Math operators
  • Slide 10
  • Math constants
  • Slide 11
  • Units:
  • Slide 12
  • Physical constants
  • Slide 13
  • limitations Query length limit to 32. Noise word almost ignored. A, an, or, the, for, me, any, to Logic operators must be in uppercase. OR, AND, NOT
  • Slide 14
  • Search result
  • Slide 15
  • Search result
  • Slide 16
  • Special notation
  • Slide 17
  • Special notation
  • Slide 18
  • Key words
  • Slide 19
  • Key words
  • Slide 20
  • How to hack using
  • Slide 21
  • Directory listing
  • Slide 22
  • Directory listing intitle:index.of "parent directory intitle:index.of name size intitle:index.of.etc Intitle:index.of "parent directory "Xvid -html -htm -php -shtml
  • Slide 23
  • Versioning
  • Slide 24
  • Versioning intitle:index.of server.at intitle:index.of server.at site:aol.com then Search for exploit and
  • Slide 25
  • Server test page
  • Slide 26
  • Server test page intitle:welcome.to intitle:internet IIS Intitle:test.page "Hey, it worked !" "SSL/TLS- aware" allintitle:Welcome to Windows 2000 Internet Services allintitle:Welcome to Windows XP Server Internet Services
  • Slide 27
  • Finding ID/Pass "# -FrontPage-" inurl:service.pwd inurl:admin inurl:userlist "AutoCreate=TRUE password=*" allinurl: admin mdb allinurl:auth_user_file.txt intitle:"Index of" config.php filetype:bak inurl:"htaccess|passwd|shadow|htusers"
  • Slide 28
  • Slide 29
  • CGI Scanning allinurl:/random_banner/index.cgi Visit http://johnny.ihackstuff.com and see tons of golden queryhttp://johnny.ihackstuff.com
  • Slide 30
  • Auto tools Gooscan Googledorks GooPot Write yourself using API
  • Slide 31
  • How to prevent hack using
  • Slide 32
  • Protect yourself Dont use Opera ! Keep your sensitive data off the web! SSH/SFTP/SSL Encrypted email (PPG,) Removing your site from Use a robots.txt file
  • Slide 33
  • Protect yourself Googledork Try hack yourself ! Change error and test pages Disable directory listing Update and patch Setup Honey Pot
  • Slide 34
  • Thanks to And You