Posts

Showing posts with the label Google Hacking

Google Web Cache and MITM attacks

Image
What on earth do these two things have to do with each other? Well before I can discuss that, I need to dig out another forgotten vulnerability, mixed scripting!

Mixed scripting happens when an application served via https references resources including CSS,XML,JS from domains that are not served via https so a typical example would look like this:


So why is this a problem? well because it means in a Man in the middle attack you can influence the behaviour of a trusted domain without mirroring the entire domain! You can have your victim---during a mitm attack---use the services on their trusted domain with out having to use sslstrip or other anit-ssl tech you don't need to touch anything on the ssl layer because the application inherently serves unauthenticated content to the user! All you really need to accomplish is mapping the unauthenticated domain to a machine under your control.

So then how does this tie into the Google Web Cache? It turns out google webcache also suffers fr…

GooDork : Super Charging your Google Hacking

Image
I recently started work on a very exciting project called GooDork in its most basic function this python script allows you to run google dorks straight from your command line.

Though its real power lies what it allows you to do with the results from a google dork.

Ordering Remote File inclusion via e-mail

I just briefly discussed Local File Inclusion in this article and more importantly to that you can use to turn an LFI into an Remote File Inclusion (or Remote Code injection)

This method, abuses the way e-mail is stored on Linux servers, (when a certain kind of Mail Delivery Agent is in use) and helps to propagate a RFI attack on a server with a LFI vulnerability, or create an RFI attack vector when one doesn't exist

LFI attacks for Predators

Image
What is an LFI vulnerability??
what? you don't know!!? lulz, an LFI or (Local file inclusion)  vulnerability ---much like other web attacks, exists when unclean user input is used to determine input to any of the  follow php functions  include : "Files are included based on the file path given or, if none is given, the include_path specified. If the file isn't found in the include_path, include() will finally check in the calling script's own directory and the current working directory before failing. The include() construct will emit a warning if it cannot find a file; this is different behavior from require(), which will emit a fatal_error."an interesting thing to note is that include will actually search for files with the specified name if an absolute path is not given the script will search for it in the include_path, this means if you can influence the environment variables that a script runs under, you may be able to fool it into including the wrong files!