Embed Size (px)
DESCRIPTION
[web security share] part one. The example in this ppt,just use to show how,please don't hack and damage that site,which one show in this ppt!thanks! And then ,i will show more ppt that about web security. you could contact me in email or QQ: My emial is [email protected] QQ num is 764834962.Let me talk and learn from each other and be good!
Citation preview
![Page 1: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/1.jpg)
Google Hacking
Web 安全系列 ·Part 1
By 程亚飞
![Page 2: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/2.jpg)
What is Google Hacking?
How we do that?
Let’s analyze it!
Try
Protect Your Data !
Note
Google Hacking是什么?
我们该怎么做
分 析并
尝 试
保 护数 据
![Page 3: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/3.jpg)
Part 1:Google hacking 是什么?
Google 黑客 绝对不是 入侵 Google!! !
面对海纳百川的 internet ,你该如何开始你的漫漫 web 攻击 [ 白帽子 ] 之路 ?!
goolge 是 $&*^%&~%... 所以在准备入侵目标 , 或者检查自身漏洞之前可以通过google 强大的搜索功能充分掌握目标的相关信息。
或者 , 当网上发布了某个最新漏洞之后,也可以利用 goolge 来搜索有漏洞的网站。或者也可以直接搜索别人留下的后门和 webshell ,或者 ...... ,因为 google[ 爬虫 ] 是如此的强大!
所以 google hacking 呢。也就是指将 google 强大的搜索功能应用到 hack 攻击之中 !
Google Hacking 新技术
![Page 4: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/4.jpg)
基 本操 作
https://www.google.com
Everybody know it
![Page 5: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/5.jpg)
高 级操 作
https://www.google.com.hk/advanced_search
![Page 6: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/6.jpg)
谁创 造GH
Site: http://johnny.ihackstuff.com/
书籍下载地址 :http://www.verycd.com/topics/2939802/
![Page 7: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/7.jpg)
Part 2: How we do that
+ 把 google 可能忽略的字列如查询范围 【已弃用】 - 把某个字忽略 ~ 同意词 OR 或 [ 大写 ]
* 通配符,补全搜索字词 “ " 精确查询
操作符 ->
![Page 8: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/8.jpg)
Part 2: How we do that
site 搜索一个特定站点的详细内容 intitle 搜索网页标题中的某个特定字符串 inurl 搜索网页 URL 地址中的某个特定字符串 filetype 搜索指定类型的文件 link 搜索和某个站点做了链接的所有 URL
intext 搜索网页面正文内容中的某个特定字符串 info 搜索指定站点的一些基本信息 all 所有关键字前都加上 all 可以得到更加精确详细的信息
关键词搜索 ->
![Page 9: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/9.jpg)
Part 2: How we do that
For 前端的童鞋们:情景:有一个专题,编辑需要维护,可是,可是时间间隔太久,有些不记得链接,肿么办?【你可以这样:】
插曲
![Page 10: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/10.jpg)
Part 3: Let’s analyze it
关键词: site
Example:佳能 site:pchome,net
![Page 11: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/11.jpg)
Part 3: Let’s analyze it
关键词: intitle inurl
组合他们!
Example:国外程序员 伯乐在线
![Page 12: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/12.jpg)
Part 3: Let’s analyze it
关键词:
Example:filetype:pdf inurl:event.pchome.net
![Page 13: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/13.jpg)
彩 蛋
"Disallow:" filetype:txt
大家可以看到,我们找到了很多知名网站的robots.txt
![Page 14: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/14.jpg)
彩 蛋
filetype:doc site:xxxYou will see…
![Page 15: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/15.jpg)
彩 蛋
Index of
You will see…
![Page 16: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/16.jpg)
彩 蛋
intitle:"index of" passwd
You will see…
![Page 17: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/17.jpg)
Part 4: Try
Tips:
案例 1 :PhpMyAdmin
案例 2 :sql injection 案例
案例 3 :文件安全案例
简要展示下,这些搜索对于某些 web 应用的影响。
详细的入侵方式和具体方法【知己知彼才能安全】,后续会详细介绍到!
![Page 18: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/18.jpg)
Part 4: Try
1 :Phpmyadmin
![Page 19: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/19.jpg)
Part 4: Try
2.1 :SqlInjection
![Page 20: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/20.jpg)
Part 4: Try
2.2 :SqlInjection
![Page 21: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/21.jpg)
Part 4: Try
2.3 :SqlInjection
![Page 22: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/22.jpg)
Part 4: Try
2.4 :SqlInjection
![Page 23: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/23.jpg)
Part 4: Try
2.5 :SqlInjection
![Page 24: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/24.jpg)
Part 4: Try
2.6 :SqlInjection
![Page 25: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/25.jpg)
Part 4: Try
2.7 :SqlInjection
![Page 26: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/26.jpg)
Part 4: Try
2.8 :SqlInjection
![Page 27: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/27.jpg)
Part 4: Try
2.9 :SqlInjection
![Page 28: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/28.jpg)
Part 4: Try
3. :文件 》 1
![Page 29: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/29.jpg)
Part 4: Try
3. :文件 》 2
![Page 30: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/30.jpg)
Part 4: Try
3. :文件 》 3
![Page 31: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/31.jpg)
Part 5: Protect Your Data
针对谷歌:1 : robots.txt [ 有利有弊 ]2 : google webmaster
http://support.google.com/webmasters/?hl=zh-Hans3 :?
针对应用:1 : web 服务器安全设置 [ 目录,权限… ..]2 : 程序漏洞检测【攻击你自己的站点】3 : ?
![Page 32: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/32.jpg)
Note:
![Page 33: 1.[web security share]google_hacking](https://reader035.pdfslide.tips/reader035/viewer/2022062513/556a25f5d8b42a2f3f8b4d8e/html5/thumbnails/33.jpg)
![[Kerference] Naver Web Security - 허규(NAVER)](https://img.pdfslide.tips/doc/110x75/58700c321a28ab427f8b74a3/kerference-naver-web-security-naver.jpg)
