1
00:00:00,400 --> 00:00:07,230
‫So in the previous video, we talked about crawlers, but don't forget, search engines are the best

2
00:00:07,230 --> 00:00:07,950
‫crawlers.

3
00:00:08,820 --> 00:00:15,270
‫They work almost exactly as we want them to, and they have a huge amount of data about the publicly

4
00:00:15,270 --> 00:00:17,250
‫exposed Web applications.

5
00:00:18,270 --> 00:00:24,540
‫See, when a search engine bot crawls a Web application, it indexes the pages according to some rules

6
00:00:24,540 --> 00:00:27,060
‫that are associated to the page and its content.

7
00:00:28,510 --> 00:00:33,460
‫They can index almost anything within a website, including sensitive information.

8
00:00:36,050 --> 00:00:41,390
‫So they have a complex working style and they always update the way they crawl.

9
00:00:42,770 --> 00:00:48,320
‫But at the end of the day, they provide us with so much good information from.

10
00:00:49,430 --> 00:00:53,930
‫Everything from error messages to vulnerable files and servers.

11
00:00:56,630 --> 00:01:00,620
‫OK, so now go to Caleigh and open up your browser.

12
00:01:01,280 --> 00:01:08,000
‫And for the majority of our generation, Google is one of the first search engines that comes to mind.

13
00:01:08,940 --> 00:01:14,850
‫But it is by no means alone, there are several other search engines, such as Being and Yandex and

14
00:01:14,850 --> 00:01:15,540
‫Yahoo!

15
00:01:15,540 --> 00:01:22,950
‫And of course anybody could go on, but we are going to conduct the Google queries to get more.

16
00:01:24,020 --> 00:01:31,220
‫So for the average person, Google is just a search engine used to find text, images, videos, it's

17
00:01:31,220 --> 00:01:32,750
‫even a spellchecker for some.

18
00:01:33,890 --> 00:01:38,330
‫However, for Penn testers, Google is a very useful hacking tool.

19
00:01:39,570 --> 00:01:41,700
‫So go ahead, type Google dot com.

20
00:01:43,110 --> 00:01:45,960
‫And you can run Google search queries from this interface.

21
00:01:47,610 --> 00:01:52,710
‫But besides his simple interface, Google has an advanced search functionality.

22
00:01:53,970 --> 00:01:56,280
‫So go to settings and click on Advanced Search.

23
00:01:57,390 --> 00:02:03,540
‫And you can use this page for more detailed queries, also, Google search engine has its own built

24
00:02:03,540 --> 00:02:08,100
‫in query language, and I'll give you a list of these search operators.

25
00:02:09,790 --> 00:02:12,820
‫So you can also use these search operators to get detailed results.

26
00:02:14,450 --> 00:02:19,910
‫So in order to benefit from Google more using these operators can come in quite handily.

27
00:02:21,360 --> 00:02:24,940
‫So let's run some searches with some of these advanced operators.

28
00:02:25,010 --> 00:02:25,380
‫OK?

29
00:02:26,400 --> 00:02:39,030
‫So let's find New York Times subdomains type site, Colen NY Times dot com dash site, Colen W w w dot.

30
00:02:39,030 --> 00:02:40,500
‫NY Times dot com.

31
00:02:41,650 --> 00:02:47,170
‫So the site command will bring the results that contain only NY, my Zackham.

32
00:02:48,280 --> 00:02:55,320
‫And the dash before the second site will exclude the results that contain NY Times.

33
00:02:55,480 --> 00:02:55,810
‫Com.

34
00:02:56,350 --> 00:02:59,860
‫OK, so look at the number of results.

35
00:03:01,950 --> 00:03:03,150
‫Now, if you add.

36
00:03:04,640 --> 00:03:07,310
‫And in Colin Log-in.

37
00:03:08,210 --> 00:03:11,960
‫It will bring us the results that contain login pages.

38
00:03:13,610 --> 00:03:19,580
‫But be careful, Google doesn't necessarily want us using the advanced search for our purposes.

39
00:03:21,030 --> 00:03:27,780
‫Google will start blocking your connection if you connect from a single static IP, OK, so it will

40
00:03:27,780 --> 00:03:31,940
‫ask for captcha challenges to prevent automated queries.

41
00:03:32,490 --> 00:03:34,470
‫So I'm going to fill in this capture box.

42
00:03:34,920 --> 00:03:36,290
‫It's always a favorite thing to do.

43
00:03:39,170 --> 00:03:42,830
‫Now, look at the number of results, it decreases a lot.

44
00:03:43,550 --> 00:03:49,780
‫Now add or in Earl Colon sign up to bring sign up pages.

45
00:03:50,780 --> 00:03:53,630
‫So this time the number of results are increased.

46
00:03:55,320 --> 00:03:59,160
‫So you can also look for a vulnerable version of any of the Web technologies.

47
00:04:00,070 --> 00:04:12,580
‫So type in Earl Colon, BHP, my admin slash index dot p and in title colon P, my admin to dot one

48
00:04:12,580 --> 00:04:12,910
‫one.

49
00:04:13,910 --> 00:04:21,890
‫And look at the results, it's going to bring up all of the pages that are version 2.0 on one of my

50
00:04:21,890 --> 00:04:30,310
‫admin, so also we can perform the same search for fescue lite manager, just type in title Colon Eskew

51
00:04:30,310 --> 00:04:36,490
‫like manager and Earl Colon slash Eskew light slash in text colon.

52
00:04:36,500 --> 00:04:37,520
‫Welcome to.

53
00:04:38,840 --> 00:04:43,550
‫And look at that, here are the Eskew lite manager pages.

54
00:04:44,750 --> 00:04:46,760
‫Now, there are a few pages listed.

55
00:04:48,040 --> 00:04:56,260
‫But Google does not only index the HTTP based servers, it also indexes open FTP servers.

56
00:04:57,100 --> 00:05:05,660
‫So if you type in title Colen index of an URL, Colan FTP open FTP servers will be listed.

57
00:05:06,460 --> 00:05:12,730
‫Now, I know you might say this is not enough where you can go with a prepared queries that are performed

58
00:05:12,730 --> 00:05:14,050
‫by the hacking community.

59
00:05:15,070 --> 00:05:16,470
‫Why didn't I say that before?

60
00:05:16,960 --> 00:05:22,630
‫Because these queries are stored in the Google hacking database that you didn't know it existed.

61
00:05:22,900 --> 00:05:23,560
‫Now you do.

62
00:05:23,560 --> 00:05:24,730
‫So open this page.

63
00:05:26,160 --> 00:05:30,690
‫GHB is also served by offensive security.

64
00:05:31,930 --> 00:05:35,890
‫So here, every query is called Google Dork.

65
00:05:36,790 --> 00:05:42,550
‫So you can apply any door to your target application and server, just click on any dork.

66
00:05:43,470 --> 00:05:49,200
‫And from here, just click to see the Google search results and now you can analyze the results.

67
00:05:50,210 --> 00:05:56,300
‫So imagine that a Drupal vulnerability is announced, you can create a Google query to identify the

68
00:05:56,300 --> 00:06:04,700
‫servers or applications that have this vulnerability, or you can check Google hacking database to find

69
00:06:04,700 --> 00:06:05,310
‫it and use it.

70
00:06:05,930 --> 00:06:09,920
‫So now the world is up to your imagination and you.