Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Art of Passive Recon

Published byAldous Gilbert Modified over 5 years ago

Similar presentations

Presentation on theme: "The Art of Passive Recon"— Presentation transcript:

1 The Art of Passive Recon
Dorking 101 The Art of Passive Recon By Christy Long

2 What is Dorking? The use of Google search engine to obtain information. Prioritized by page ranking Simplest search is a word Security Use of a Combination of words Cyber Threat Analyst Use of quotes to find a phrase or string “Certified Ethical Hacker” Google Searching is not Case Sensitive Some searches with operators or special characters are case sensitive

3 Character Limit for searching
32 – Character Limit for searches Wildcards * do not take up a character spot Example If we search “Certified * Systems *Professional” Google will see this as 4 words including the quote

4 Common Boolean Operators
Boolean operators are used to improve the efficiency of your search results by defining the relationship between the search terms Operators are case sensitive Word Symbol Result AND + Used to include multiple items in a search OR | Used to find either item in a search NOT - Used to remove items in a search

5 Search by Domain To search for information on a specific domain or server use site operator. Works with various operators Best used with web, images or group searches Cartek Consulting gave permission to use their domain for the creation of this presentation

6 Searching Files File types can help you prepare for a presentation by looking for pdf’s or pptx Filetype:pdf filetypes such as xls, csv, txt can help you discover configuration files, passwords, or other sensitive data

7 Searching for Titles - intitle
Intitle: Allows you to search for items or specifics within the title You can use “” to look for multiple words This example uses “index of” and “backup files” If this search were successful, we would have backup files to something on the domain of the site we searched. This search did not return any results. Great Job Cartek Consulting!

8 Searching within URLs - inurl
Inurl allows you to search for strings within the address of the webpage The special characters such as :// can cause various results when used with inurl operator Searching for the word admin might bring up access to admin consoles, extranets Another common search is index.filetype Inurl:index.php Inurl:index.log

9 Searching in text - intext
The intext operator allows you the hunter to find words within the body of text If you use intext:(password | passcode) you are looking for all search results with passwords or passcodes which could potentially allow you the ethical hacker to access something In this case, we learned how to protect our password

10 Complex Searches Combining multiple operators can refine a search to reveal important results only Intext:passcode | password intext:userid | username | filetype:csv Intext:(passcode OR password) AND intext:(userid OR username OR ) filetype:csv Both examples produce the same results and read: find all pages which have passcodes, passwords, and show userid, usernames, or located in a csv file Generic search without site operator

11 Cached Pages

12 Stealth Search Many companies log and monitor traffic on their websites. Use the Cache Operator to view older snapshots (Picture) of the site. Example: cache:cartekconsulting.com The page is a stored copy housed by google. Any investigating you do on the website will go undetected by the company. Cache command does not work well with other operators

13 Cached Pages If the company accidentally leaked sensitive data to the internet and removed it; a cached page may still display the information leak. Googles Cached Banner tells the viewer when the page was captured and may contain other clues which could help while investigating a company. If the cached page pulls a picture from the original domain, this may alert the company to your presence. Most Hackers use a VPN or Proxy Server for anonymity.

14 Capturing Your Actions
Open PowerShell or CMD Change Directory Cd C:\Program Files\wireshark> Choose an Interface to Capture Traffic View interfaces type: .\tshark.exe –D Capture Traffic on the correct interface Save the traffic

15 Saving the Packet Capture
Some environments will not allow Wireshark GUI to capture a PCAP file. It is essential to understand how the command line works. To save the PCAP append the capture command with a –w followed by the location to save the file and the file name Double Click the File to Open in Wireshark The cached site is hosted on Google and does not talk to the domain.

16 Directories

17 Directories Directories contain Many directories contain “Index of”
Files Folders Sensitive data Many directories contain “Index of” If you search intitle:index.of of “index of” you will receive several false positives Try refining your directory search with “Parent Directory” Index.of name size Index.of.admin or intitle:index.of inurl:admin Index.of backup Intitle.index.of filetype.log Intitle.index.of inurl:software

18 Traversing Directories
If you look at the URL g.com/about-us/why-are-we- here/ The / represents different directories on the webpage. If you delete “why-we- are-here/” you will go to a directory 1 level above your current location The image shows three ways to move directories accessing the same information.

19 Directory Walking Changing the URL to find more information
Delete the / at the end of the domain example /download Moreover, try replacing the foldername with /doc /backup or other common names for a directory If the site does not display directory folders and you have to guess directory names try using the site operator combined with inurl operator

20 Incremental Substitution
Replacing numbers Find hidden directories or files You can increase or decrease the starting number in anything that contains a number Change 1005 to 1004 or 1006 and look for new documents or files

21 Database Digging Things to look for Search Terms Login Portals
Support Files Error Messages Configuration Files Log Files Database Dumps Search Terms Login Welcome Copyright SQL “#dumping data for table”

22 Focused Search

23 Configuration Files Expose sensitive and/or confidential information
A file containing data about a program, computer, file, and/or user Narrow search commands with site operator Common search terms Config Conf cfg Helpful file extensions filetype:config filetype:cfg filetype:ini filetype:txt

24 Log Files Log files show events, provide non-repudiation, these are messages written to a file Common search terms Filetype:log Ext:log Inurl:log Examples of Log Manager Splunk Snort Sumo Logic Qradar AlienVault Solar Winds Tenable Others Search key terms based on the log aggregator to help narrow the search criteria Common search terms

25 Office Documents Office documents are files created by software such as word processors, spreadsheet software, products commonly used for day to day operations Properties Usernames Passwords Backup File Extensions Doc, docx Pdf, pdfx Txt Xml, csv, xls Others

26 Questions

27 Additional References
Google Dorking database/ File Extensions Resources dorking-commands/ Google Dorking Walk-Through Examples nal/print/volume-21/issue-11/features/google- dorking-and-shodan.html

Download ppt "The Art of Passive Recon"

Similar presentations

WordPress Installation for Beginners Sheila Bergman

WordPress Installation for Beginners Sheila Bergman
USING WORDPRESS. WEEK 1 1.Why WP? 2.Setting Up WP 3.Exploring the Admin screen 4.Page Organization 5.Posting 6.Polls.

USING WORDPRESS. WEEK 1 1.Why WP? 2.Setting Up WP 3.Exploring the Admin screen 4.Page Organization 5.Posting 6.Polls.
Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.

Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.
Google hacking & optimizing search results Faris Aloul November 2011.

Google hacking & optimizing search results Faris Aloul November 2011.
Google Search Using internet search engine as a tool to find information related to creativity & innovation.

Google Search Using internet search engine as a tool to find information related to creativity & innovation.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Operating System & Application Files BACS 371 Computer Forensics.

Operating System & Application Files BACS 371 Computer Forensics.
OS and Application Files BACS 371 Computer Forensics.

OS and Application Files BACS 371 Computer Forensics.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.
Www.TASK.to GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.

GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.
Lecturer: Ghadah Aldehim

Lecturer: Ghadah Aldehim
1 Chapter 2 (Continued) Section 2.2 Section 2.2. Internet Service Provider (ISP) ISP - a company that connects you through your communications line to.

1 Chapter 2 (Continued) Section 2.2 Section 2.2. Internet Service Provider (ISP) ISP - a company that connects you through your communications line to.
Tutorial 1 Getting Started with Adobe Dreamweaver CS3

Tutorial 1 Getting Started with Adobe Dreamweaver CS3
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
CPSC 203 Introduction to Computers Lab 23 By Jie Gao.

CPSC 203 Introduction to Computers Lab 23 By Jie Gao.
Web Searching Basics Dr. Dania Bilal IS 530 Fall 2009.

Web Searching Basics Dr. Dania Bilal IS 530 Fall 2009.
MIS 5211.001 Week 3 Site:

MIS Week 3 Site:
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 5 1 Downloading and Storing Data Using FTP and Other Services to Transfer and.

XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 5 1 Downloading and Storing Data Using FTP and Other Services to Transfer and.

Similar presentations

Ads by Google