Tips for an Information Security Analyst/Pentester career - Ep. 18: OSINT (pt. 4)
DISCLAIMER: Techniques displayed here could grant illegal access to confidential/sensitive material and my technical explanations are intended for educational/penetration testing use only.
I'm in no way responsible for any unlawful actions committed by using these techniques.
Over this episode, we'll analyze some more Google Dorks for open source intelligence (OSINT) purposes, but this time I chose some juicy ones for you.
The purpose of this type of searches,
from a penetration testing perspective, is to make sure no
company-related material that should be confidential has been made
available (lawfully, or as a result of a breach) through the Internet.
The
moment you click one of these links, you're performing active
reconnaissance and/or, if you're doing so without the site owner's
authorization, you might face legal issues.
The dorks shown here are mere examples.
You should constantly check out Google Hacking Database for updates.
Examples
a) auth_user_file.txt: returns a list of crackable passwords.
b) "login: *" "password: *" filetype: xls: returns password files saved in Excel format. You can see that, among the results from the search, a WikiLeaks file is returned.
c) filetype:log inurl:"password .log": returns clear text password files.
d) "ATM PIN" ReZult: might return credit card dumps created by phishers.
e) ?intitle:index.of?".mysql_history: retrieves SQL history files.
f) intext:"Powered by X-Cart: shopping cart software" -site:x-cart.com: might allow to retrieve input validation vulnerabilities
Wrap-up
Google dorks are an amazing way for pentesters to make sure security posture of the client company or organization is correct and no confidential material got leaked through the Internet.
Of course, they can be used for malicious purposes as well, but that's outside the scope and the goal of this post.
Consider them as a tool and possibly use them for the right reasons.
Comments
Post a Comment