Information collection of web penetration testing series-4

Others 2020-09-22 17:39:45 views: null

Googlehack technology is currently a more popular information collection method, and the frequency of use is relatively high. This time we will briefly discuss its use and principles. To put it bluntly, we will use the search function of search engines to collect some of the websites we want. , Baidu, Sogou, etc. can also be used, we can understand that googlehack is a grammar used by search engines, and Google does not have to be used. Of course it can’t be used, haha

The so-called search engine is a retrieval technology that uses specific strategies to retrieve information from the Internet and feed it back to users based on user needs and certain algorithms.

 

 

Let’s take a chestnut to see the effect. For example, if we want to find all the web pages containing login information in JP, then we need to write like this

 

 

Take a look, so you get what we want, let's briefly introduce the use of grammar

intitle: Search for web pages that contain specific characters in the web page title.

inurl: Search for URLs that contain specific characters. For example, if you enter "inurl:/admin_login", you can find a URL with admin_login characters. Usually, this type of URL is the login URL of the administrator backend.

intext: Search for specified characters in the body content of the webpage.

Filetype: Search for files of the specified type. For example, input "filetype:PDF", the PDF document will be returned.

Site: Find the URL associated with the specified website. For example, enter "Site:www.xxxxx.cn". All URLs related to this website will be displayed.

intitle

The intitle grammar is usually used to search the background, special pages and files of the website. You can find the background login pages of many websites by searching for "intitle: login" and "intitle: management" in Google. In addition, the intitle syntax can also be used to search for files. For example, by searching for "intitle:"indexof"etc/shadow", you can find user password files leaked in Linux due to improper configuration.

inurl

In Google Hack, inurl plays the biggest role, which can be divided into the following two aspects: searching for the login address of the website backend and searching for special URLs. Find the login address of the website backend: Unlike intitle, inurl can specify keywords in the URL. We all know that the backend URL of the website is similar to login.php and admin.php at the end, then we only need to "inurl:login" If you search for keywords, ".php" and "inurl:admin.php", you can also find the backends of many websites. In addition, we can also search the database address of the website, and search with "inurl:data" and "inurl:db" as keywords.

Find the background login page of the website

Searching for special URLs: By searching for special URLs through inurl syntax, we can find vulnerabilities in many website programs. For example, the earliest Uncode directory traversal vulnerability in IIS, we can construct "inurl:/winnt/system32/cmd exe?/c+dir". It’s difficult to search for websites with such antique loopholes. Another example is the upload vulnerability that was very popular the other day. We can find many upload pages by using "inurl:upload.php" or "inurl:upload_soft.php".

intext

The function of intext is to search for the specified characters in the webpage, which seems to have no effect in Google Hack, but after searching with "intext:to parent directory" as the keyword, we will be surprised to find that the directories of countless websites are exposed Before our eyes. We can switch directories and browse files at will, just like having a simple Webshell. The reason for this phenomenon is due to negligence in IIS configuration. Similarly, Chinese IIS configuration negligence may also have similar vulnerabilities. We can use "intext: go to parent directory" to find many Chinese websites with vulnerabilities.

Feel free to browse the file Filetype in the website

The role of Filetype is to search for a specified file. If we want to search the database files of a website, we can search with "filetype:mdb" as the keyword, and we can download the database files of many websites soon. Of course, the role of Filetype grammar is not only here, but also shows its powerful role when used in conjunction with other grammars.

Site

White hats use Site, usually for information spying before penetration testing. Site grammar can display all pages that are connected to the target website, from which there are more or less information about the target website. This is a breakthrough point for the penetration test for the white hat and a detailed report on the target website. The combination of grammars doubles the power. Although the grammars introduced above can each complete some steps in the penetration test, only one grammar is used for penetration testing, and its efficiency is very low. The power of Google Hack lies in its ability to combine multiple grammars so that we can quickly find what we need. Let's simulate how white hats use Google syntax combination to penetrate test a website.

Information spying

White hat wants to penetration test a website, usually the first step is to spy on the target website. At this time, you can use "Site: Target Website" to get relevant web pages and extract useful information from them. You can also use the above methods to collect email information, Weibo, QQ, etc. related to the target, so that you can provide more references for subsequent penetration

Grammar commonly used in white hats

admin site: http://edu.cn  site: http://sunghsot.cn  intext:Administration|Background|Login|Username|Password|Verification Code|System|Account|Background Management|Background Loginsite: http:// sunghsot.cn  intitle:Administration|Background|Login|Username|Password|Verification Code|System|Account|Background Management|Background Login inurl:login/admin/manage/admin_login/login_admin/system/boos/master/main/cms/ wp-admin/sys|managetem|password|username site: http://www.sunghost.cn  inurl:file site: http://www.sunghost.cn inurl:load site: http://www.sunghost.cn  inurl:php?id= site: http://www.sunghost.cn  inurl:php?id= site: http://www.sunghost.cn inurl:fck site: http://www.sunghost.cn inurl:ewebeditor inurl:ewebeditor|editor|uploadfile|eweb|edit intext:to parent directory intext:Go to parent directory/Go to parent path inurl:upload.php inurl:cms/data/templates/images/index/ intitle:powered by dedecms index of/ppt Filetype:mdb site: http://www.sunghost.cn  intext:to parent directory+intext.mdb inurl:robots.txt intitle:index.of "parent directory"
index of /passwd site: http ://sunghost.cn  filetype:mdb|ini|php|php|jsp Other related commands: related, cache, info, define, link, allinanchor, etc.

Easter egg time: Finally, share with you a website https://www.exploit-db.com/google-hacking-database  Here you can find more syntax combinations

Guess you like

Origin blog.csdn.net/GUDUzhongliang/article/details/108731060
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com