Google Dorks –
What is Google Dorking?
Google Dorking is also known as Google Hacking. It is a method of doing advanced searches so that we are provided with only the result we are looking for. For example if you want to search for a PDF and you search for it on google you will get way too many search results, however with google dorking you will be provided only the required PDFs. Hackers often use this technique so that they get only the desired results and rest all the results are filtered out. It also saves their time. There are various google dorks, we will be discussing them one by one.
For Free Demo classes Call: 8983120543
Registration Link: Click Here!
1) Intext: Suppose you need to find all the results on google which contain some particular words then we can use.
Intext: .
For example we need to find all the search results that contain the word ‘hackers’ so we will type intext:hackers in the search bar as shown in the image. It can be seen from this screenshot that all the results are containing the word ‘hackers’. If we would have just written hackers in the search bar(the normal way) then we would be getting all the results wherever ‘hackers’ word would appear be it some links, url, images, text, titles, files and what not !
2) Inurl: Now assume that we want all the results where the url has the word ‘hacker’ so this google dork could be really handy. Just type inurl:hacker , you will get only those results where the url would be containing the desired word ‘hacker’. Refer to the screenshot in which it is shown. It can be clearly seen from the screenshot that only those results are being displayed that have the word ‘hacker’ in the URL, based on our google dork.
3) Intitle: You might have guessed by now how this works.
Intitle: will provide you with all those search results that contain the word specified by you using google dork in the title. If we want to search all those results where the title contains the word ‘hacker’ then we can use intitle:hacker . As it can be seen from the screenshot, we are only getting the results that have the word ‘hacker’ in the title.
4) Site: If you want to find particular subdomains of a site it can be helpful. For example you want that all the search results should be of facebook.com then type site:facebook.com and all the results that you obtain from this search will be either sub-domains of facebook.com or from facebook.com(the main domain) itself.
5) Filetype: By using this google dork technique you can search only for particular file types. There are many times when you are searching for a PowerPoint presentation or a pdf file etc and you search in google like – download ppt on business management and as a result you are flooded with all sorts of results. Now what happened was that you wanted a PowerPoint presentation on business management and you got all sorts of answers. In order to avoid such things use filetype: dork. It can be used as filetype:ppt business management, this time you would only get results related to business management and are powerpoint presentations(.ppt). As you might have observed from the screenshot, that all the results we are getting are of ppt type i.e- all are PowerPoint presentations.
For Free Demo classes Call: 8983120543
Registration Link: Click Here!
OWASP TOP 10 and Web –
Hacking –
OWASP is the abbreviation for Open Web Application Security Project. It is a not-for-profit charitable organization that aims for improving security of software. The OWASP Top 10 are the most dangerous 10 vulnerabilities that affect the Web Applications the most. Now we will discuss about all the OWASP Top 10 attacks and also we will try these attacks on our practice environment.
The OWASP Top 10 are as follows:-
A1:2017- Injection : Injection basically means that we are injecting some code into the Web Application and it is behaving in a way it should not behave. It might give critical details like complete database, admin credentials etc. There are various injection flaws such as SQL Injection, LDAP Injection, OS Injection etc.
A2:2017- Broken Authentication : Various applications have flaws in the functions that deal with authentication and session management of that application. This gives hackers the ability to compromise with user’s passwords, their identity, session tokens and various other stuff related to session management.
A3:2017-Sensitive Data Exposure : Many areas in a Web application are weaky designed and thus are not able to protect the sensitive data such as credit card details, healthcare etc. Hackers can easily exploit this issue and get access to credit card details, identity frauds etc. Sensitive data can be compromised by APIs as well that do not protect it properly.
A4:2017-XML External Entities : This mainly occurs because of poorly configured XML processors that evaluate External entity references within XML documents. External entities can be used to disclose internal files using internal file shares, remote code execution, DOS etc.
A5:2017-Broken Access Control : Restrictions are often not configured properly for the authentic user, thus attacker can exploit this and gain access to unauthorised things such as user data, change access rights etc.
A6:2017-Security Misconfiguration : This is a quite common issue. It can result in insecure default configuration. Many web applications leak out sensitive data while showing an error page, missing HTTP headers are few examples of this kind of vulnerability.
A7:2017-Cross-Site Scripting : This issue is found in most of the websites/ web applications.This flaw occurs whenever the application intakes untrusted code like that of javascript or HTML. XSS allows an attacker to create malicious payloads of javascript and enter as an input such that web application executes it. Attacker can hijack user’s session with this flaw. To prevent XSS proper sanitization of the input needs to be done.
A8:2017-Insecure Deserialisation : This flaw often leads to RCE(Remote Code Execution). They can be used to perform replay attacks, injections, privilege escalation attacks.
A9:2017-Using Components with known vulnerabilities : Components include libraries, frameworks, software modules etc. These all components run with the same privilege as the application itself. If a hacker is able to exploit this vulnerability then he might be able to take over the server as well.
A10:2017-Insufficient Logging and Monitoring : Ineffective integration with incident response allows the attacker to further attack the systems, maintain persistence or even destroy the data. Now I will explain How to perform some major attacks on websites like SQL injection, XSS, CSRF, LFI, RFI etc. But before that we would require a practice environment so we will create one. We would start creating our environment by downloading DVWA( Damn Vulnerable Web Application) and XAMPP. DVWA is basically an intentionally vulnerable web application created for practice purposes. XAMPP is used for creating a server.
For Free Demo classes Call: 8983120543
Registration Link: Click Here!
Author:-
Vinod Rajpurohit
Call the Trainer and Book your free demo Class Call now!!!
| SevenMentor Pvt Ltd.
© Copyright 2021 | Sevenmentor Pvt Ltd.