1 00:00:01,850 --> 00:00:02,150 Hello. 2 00:00:02,150 --> 00:00:04,370 My name is Typhoon will come to this another actually. 3 00:00:04,370 --> 00:00:05,030 Course. 4 00:00:05,030 --> 00:00:12,080 And in this course we're going to go over a few useful scenarios for how to use Google operators. 5 00:00:23,940 --> 00:00:29,430 First, let us search for entitle in title. 6 00:00:30,600 --> 00:00:40,140 Like index of, uh, here you use the backs, uh, the space between index off here and press enter. 7 00:00:41,240 --> 00:00:48,860 So this will give us a list of web pages that support directory browsing, directory browsing, or like 8 00:00:48,860 --> 00:00:49,740 traversal. 9 00:00:49,760 --> 00:00:57,980 So this directory browsing is a hacking method that allows attackers to access restricted directories 10 00:00:57,980 --> 00:01:04,250 and files within the website and executes a command outside the web servers root directory. 11 00:01:04,280 --> 00:01:07,510 Here, as you can see, we've got a very, uh, uh, videos here. 12 00:01:07,520 --> 00:01:13,460 Let's watch this since it's an official applet uploaded to Google. 13 00:01:13,890 --> 00:01:20,000 And I think we if there's no problem if you watch this, some hotel and spa. 14 00:01:21,250 --> 00:01:22,210 Video. 15 00:01:22,240 --> 00:01:25,420 I think it's an advertising. 16 00:01:25,750 --> 00:01:26,560 Yes. 17 00:01:26,770 --> 00:01:28,810 So let's go another website. 18 00:01:33,230 --> 00:01:34,250 Are we have. 19 00:01:35,180 --> 00:01:40,100 Like so much folders and plugins like this. 20 00:01:40,950 --> 00:01:46,110 Like you can dig these files and sometimes you find something useful here. 21 00:01:56,550 --> 00:01:57,060 Here. 22 00:01:59,480 --> 00:02:00,350 Intel. 23 00:02:02,020 --> 00:02:05,020 Uh, this is, I think, some of compilers. 24 00:02:05,440 --> 00:02:08,440 I think it's F compiler. 25 00:02:10,250 --> 00:02:10,560 Mhm. 26 00:02:10,670 --> 00:02:11,480 What's the video's. 27 00:02:11,480 --> 00:02:11,690 Yeah. 28 00:02:11,690 --> 00:02:12,050 Videos. 29 00:02:12,050 --> 00:02:13,280 Files is empty. 30 00:02:14,060 --> 00:02:16,310 As an example let's try in URL. 31 00:02:16,310 --> 00:02:16,820 So. 32 00:02:16,970 --> 00:02:23,240 So as you can see here, so you can actually try and like here. 33 00:02:24,070 --> 00:02:26,740 Investigate these websites for yourself. 34 00:02:27,700 --> 00:02:34,900 I might suggest you do not harm these websites, but it's your choice, of course, so we can also use 35 00:02:34,900 --> 00:02:38,560 in your URL admin admin here. 36 00:02:38,560 --> 00:02:47,380 So this search will return sites that have admin or administrator in the URL itself here. 37 00:02:47,380 --> 00:02:52,240 So sometimes there are associated login pages like this. 38 00:02:52,240 --> 00:02:56,500 For example sillitoe admin portal. 39 00:03:01,300 --> 00:03:01,600 Yes. 40 00:03:01,600 --> 00:03:03,070 This is like Adam. 41 00:03:03,070 --> 00:03:03,820 Pages. 42 00:03:03,940 --> 00:03:10,900 This query will show us admin pages and or administrative login pages of websites. 43 00:03:15,970 --> 00:03:19,480 Let's try a different one in title. 44 00:03:21,220 --> 00:03:23,080 Open web mail. 45 00:03:25,530 --> 00:03:26,040 Here. 46 00:03:26,040 --> 00:03:32,220 So Google will show us some servers out that they are running open web mail. 47 00:03:32,220 --> 00:03:39,720 So you can also try the in title and block password. 48 00:03:41,500 --> 00:03:45,760 Uh, to find blogs or websites powered by every block. 49 00:03:45,760 --> 00:03:50,140 So we block the prone to several different input validation vulnerabilities. 50 00:03:50,140 --> 00:03:56,260 So I could just quickly go and find several targets out there that are using that technology as a part 51 00:03:56,260 --> 00:03:59,710 of my testing process. 52 00:03:59,710 --> 00:04:08,470 So here, as you can see, this is this means that they are using m v block power, as you can see, 53 00:04:08,470 --> 00:04:10,000 powered by in V block. 54 00:04:10,420 --> 00:04:12,730 We can also have open web mail. 55 00:04:12,850 --> 00:04:14,320 This might actually be the web mail. 56 00:04:14,320 --> 00:04:15,760 Actually the open mail. 57 00:04:15,760 --> 00:04:22,150 I think they had some vulnerabilities, which we will try later in this lecture. 58 00:04:22,150 --> 00:04:24,850 This is just an open source intelligence. 59 00:04:26,180 --> 00:04:30,050 The section of our Oxley course. 60 00:04:31,500 --> 00:04:32,100 Here. 61 00:04:32,970 --> 00:04:39,960 Let's actually try the entitled, entitled root, root. 62 00:04:40,170 --> 00:04:44,190 This is the things getting serious here, right past here. 63 00:04:44,550 --> 00:04:50,820 And after that, as you remember in previous lectures, I said you can use in title with another parameters 64 00:04:50,820 --> 00:04:51,540 as well. 65 00:04:51,840 --> 00:04:54,540 And are we going to also add in text? 66 00:04:55,960 --> 00:04:59,890 We are in courts home here like that. 67 00:05:06,490 --> 00:05:13,330 So surprisingly enough, this can show you the password directory for a few Linux boxes. 68 00:05:13,360 --> 00:05:15,910 As you can see, we got just some results here. 69 00:05:16,630 --> 00:05:19,270 This firstly is of course, the Google hacking database. 70 00:05:19,270 --> 00:05:19,750 Google doc. 71 00:05:20,230 --> 00:05:23,040 This is a Google doc that published on Metasploit. 72 00:05:23,050 --> 00:05:27,850 Actually, you can find more google docs and like pen tests your. 73 00:05:28,930 --> 00:05:30,460 Ethical hacking. 74 00:05:31,520 --> 00:05:39,320 Pieters, your ethical hacking skills with this Google Docs as well, of course, do not harm this website. 75 00:05:39,350 --> 00:05:42,650 This is what ethical hacking is. 76 00:05:42,830 --> 00:05:50,690 So error logs are yet another valuable source of reconnaissance information. 77 00:05:50,690 --> 00:05:58,760 So error logs might tell you what is running on their user behavior or even the controls they have put 78 00:05:58,760 --> 00:06:00,200 in place. 79 00:06:00,850 --> 00:06:01,250 Your. 80 00:06:02,570 --> 00:06:13,520 So for our first example, we'll try the in text, in text parameter and in quotes here access denied 81 00:06:13,520 --> 00:06:14,420 for. 82 00:06:16,770 --> 00:06:22,710 And as you can see here, we got the first StackOverflow because someone asked this questions in Web. 83 00:06:22,710 --> 00:06:26,310 Or we can also try the shopping cart. 84 00:06:26,400 --> 00:06:27,420 Shopping cart. 85 00:06:31,760 --> 00:06:39,280 Card so this can show us exactly which sites are using my skill in the back of their shopping cart. 86 00:06:39,670 --> 00:06:46,990 Of course, there is a more precisely way precise way to finding my SQL running websites, but it's 87 00:06:46,990 --> 00:06:52,880 just basic examples of how to find the like in text shopping cart here. 88 00:06:52,900 --> 00:06:54,970 So let's take this step of order. 89 00:06:55,030 --> 00:07:00,970 So you probably already know that you must be careful about which devices you're hooking with, uh, 90 00:07:01,180 --> 00:07:04,420 to the internet and with every device that has a web interface. 91 00:07:04,420 --> 00:07:06,010 So that's because people. 92 00:07:06,940 --> 00:07:09,750 Um, can probably find it. 93 00:07:09,760 --> 00:07:19,840 So I will demonstrate this with in title by typing in title Blue net with your weaver. 94 00:07:21,100 --> 00:07:21,640 Here. 95 00:07:22,920 --> 00:07:23,130 It. 96 00:07:24,260 --> 00:07:26,090 I think the Google. 97 00:07:27,720 --> 00:07:29,490 Oh, we were. 98 00:07:31,430 --> 00:07:31,910 Here. 99 00:07:33,260 --> 00:07:37,040 As you can see, this is an old Google hacking database. 100 00:07:37,070 --> 00:07:39,620 Google, Google Hacking Dog. 101 00:07:41,460 --> 00:07:44,400 Which is actually I think they covered this up. 102 00:07:44,520 --> 00:07:46,650 As you can see, we got no results here. 103 00:07:47,280 --> 00:07:53,730 In some cases, I've been able to use this to take control of a camera on the bridges in the previous, 104 00:07:53,730 --> 00:07:56,940 uh, like 20 tens or fifteens. 105 00:07:57,210 --> 00:08:00,340 But you can do this with several propeller cameras. 106 00:08:00,360 --> 00:08:03,870 You just need to look up the specific name of the camera, for example. 107 00:08:03,870 --> 00:08:05,430 Like, um. 108 00:08:05,430 --> 00:08:06,000 Like. 109 00:08:07,070 --> 00:08:07,670 Here. 110 00:08:10,440 --> 00:08:11,310 Like this. 111 00:08:13,170 --> 00:08:16,530 So let's try another examples. 112 00:08:16,920 --> 00:08:17,820 Example. 113 00:08:18,270 --> 00:08:18,990 Quest. 114 00:08:18,990 --> 00:08:19,770 Quest. 115 00:08:19,770 --> 00:08:21,270 Image that HTML. 116 00:08:23,180 --> 00:08:25,140 You know, this is an another. 117 00:08:26,040 --> 00:08:28,880 Or actually it's not all 2020. 118 00:08:28,950 --> 00:08:30,660 This is an exploit database. 119 00:08:31,510 --> 00:08:32,980 You can see this as well. 120 00:08:32,980 --> 00:08:34,210 Google talk here. 121 00:08:34,930 --> 00:08:36,220 Let's see. 122 00:08:37,840 --> 00:08:39,100 What we got here. 123 00:08:42,950 --> 00:08:44,810 This is some strange oral. 124 00:08:45,640 --> 00:08:46,650 Let's look at this. 125 00:08:46,660 --> 00:08:47,290 Okay. 126 00:08:55,820 --> 00:08:58,410 You can also use in your URL. 127 00:08:59,410 --> 00:09:00,880 Route a c. 128 00:09:00,880 --> 00:09:02,620 P a c. 129 00:09:02,620 --> 00:09:03,250 S. 130 00:09:03,460 --> 00:09:04,510 Anon here. 131 00:09:04,510 --> 00:09:04,750 A. 132 00:09:04,750 --> 00:09:05,170 Non. 133 00:09:05,170 --> 00:09:05,430 A. 134 00:09:05,440 --> 00:09:05,740 C. 135 00:09:05,740 --> 00:09:06,280 S. 136 00:09:19,610 --> 00:09:20,060 Yeah. 137 00:09:21,390 --> 00:09:30,810 So the results will take us directly to the main page of outlook, access, public folders and an exchange 138 00:09:30,810 --> 00:09:32,040 address book. 139 00:09:32,210 --> 00:09:32,850 Here. 140 00:09:42,970 --> 00:09:46,300 Some of some of these websites are actually slow. 141 00:09:48,660 --> 00:09:50,040 Here, as you can see here.