1
00:00:00,390 --> 00:00:07,200
So in the previous video, we talked about crawlers, but don't forget, search engines are the best

2
00:00:07,200 --> 00:00:07,930
crawlers.

3
00:00:08,790 --> 00:00:15,270
They work almost exactly as we want them to, and they have a huge amount of data about the publicly

4
00:00:15,270 --> 00:00:17,220
exposed Web applications.

5
00:00:18,220 --> 00:00:24,520
See, when a search engine bot crawls a Web application, it indexes the pages according to some rules

6
00:00:24,520 --> 00:00:27,040
that are associated to the page and its content.

7
00:00:28,490 --> 00:00:33,440
They can index almost anything within a Web site, including sensitive information.

8
00:00:36,030 --> 00:00:41,370
So they have a complex working style and they always update the way they crawl.

9
00:00:42,750 --> 00:00:48,300
But at the end of the day, they provide us with so much good information from.

10
00:00:49,410 --> 00:00:53,910
Everything from error messages to vulnerable files and servers.

11
00:00:56,610 --> 00:01:00,600
OK, so now go to Caleigh and open up your browser.

12
00:01:01,270 --> 00:01:07,980
And for the majority of our generation, Google is one of the first search engines that comes to mind.

13
00:01:08,920 --> 00:01:14,830
But it is by no means alone, there are several other search engines, such as Being and Yandex and

14
00:01:14,830 --> 00:01:15,510
Yahoo!

15
00:01:15,520 --> 00:01:22,930
And of course anybody could go on, but we are going to conduct the Google queries to get more.

16
00:01:24,000 --> 00:01:31,200
So for the average person, Google is just a search engine used to find text, images, videos, it's

17
00:01:31,200 --> 00:01:32,730
even a spellchecker for some.

18
00:01:33,840 --> 00:01:38,310
However, for Penn testers, Google is a very useful hacking tool.

19
00:01:39,520 --> 00:01:41,650
So go ahead, type Google dot com.

20
00:01:43,090 --> 00:01:45,940
And you can run Google search queries from this interface.

21
00:01:47,600 --> 00:01:52,670
But besides his simple interface, Google has an advanced search functionality.

22
00:01:53,920 --> 00:01:56,260
So go to settings and click on Advanced Search.

23
00:01:57,340 --> 00:02:03,520
And you can use this page for more detailed queries, also, Google search engine has its own built

24
00:02:03,520 --> 00:02:08,080
in query language, and I'll give you a list of these search operators.

25
00:02:09,760 --> 00:02:12,800
So you can also use these search operators to get detailed results.

26
00:02:14,430 --> 00:02:19,860
So in order to benefit from Google more using these operators can come in quite handily.

27
00:02:21,330 --> 00:02:24,950
So let's run some searches with some of these advanced operators.

28
00:02:24,960 --> 00:02:25,380
OK?

29
00:02:26,380 --> 00:02:30,250
So let's find New York Times subdomains.

30
00:02:31,320 --> 00:02:40,470
Type site, Colen NY Times dot com dash site, Colen W w w dot NY Times dot com.

31
00:02:41,630 --> 00:02:47,150
So the site command will bring the results that contain only and my time, Zackham.

32
00:02:48,260 --> 00:02:55,460
And the dash before the second site will exclude the results that contain NY Times DOT.

33
00:02:56,360 --> 00:02:59,840
OK, so look at the number of results.

34
00:03:01,920 --> 00:03:03,120
Now, if you add.

35
00:03:04,620 --> 00:03:07,260
And in Colin Log-in.

36
00:03:08,180 --> 00:03:11,930
It will bring us the results that contain login pages.

37
00:03:13,590 --> 00:03:19,560
But be careful, Google doesn't necessarily want us using the advanced search for our purposes.

38
00:03:21,010 --> 00:03:26,080
Google will start blocking your connection if you connect from a single static IP.

39
00:03:26,890 --> 00:03:31,900
OK, so it will ask for captcha challenges to prevent automated queries.

40
00:03:32,480 --> 00:03:34,450
So I'm going to fill in this capture box.

41
00:03:34,890 --> 00:03:36,270
It's always a favorite thing to do.

42
00:03:39,150 --> 00:03:42,790
Now, look at the number of results, it decreases a lot.

43
00:03:43,530 --> 00:03:49,770
Now add or in Earl Colon sign up to bring sign up pages.

44
00:03:50,760 --> 00:03:53,610
So this time the number of results are increased.

45
00:03:55,310 --> 00:03:59,120
So you can also look for a vulnerable version of any of the Web technologies.

46
00:04:00,020 --> 00:04:12,560
So tight in Earl Colon, BHP, my admin slash index dot p and end title Colon P, my admin to DOT one

47
00:04:12,560 --> 00:04:12,890
one.

48
00:04:13,860 --> 00:04:21,840
And look at the results, it's going to bring up all of the pages that are version 2.0 one one of my

49
00:04:21,840 --> 00:04:30,250
admin, so also we can perform the same search for NQ Light manager, just type in title, colon askew

50
00:04:30,250 --> 00:04:36,450
like manager and Earl Colon slash askew light slash in text colon.

51
00:04:36,460 --> 00:04:37,500
Welcome to.

52
00:04:38,820 --> 00:04:43,530
And look at that, here are the rescue lite manager pages.

53
00:04:44,730 --> 00:04:46,710
Now, there are a few pages listed.

54
00:04:48,020 --> 00:04:56,240
But Google does not only index the HTTP based servers, it also indexes open FTP servers.

55
00:04:57,080 --> 00:05:05,650
So if you type in title Colen index of an URL, Colan FTP open FTP servers will be listed.

56
00:05:06,630 --> 00:05:12,710
I know you might say this is not enough where you can go with a prepared queries that are performed

57
00:05:12,710 --> 00:05:14,030
by the hacking community.

58
00:05:15,050 --> 00:05:16,450
Why didn't I say that before?

59
00:05:16,940 --> 00:05:22,610
Because these queries are stored in the Google hacking database that you didn't know it existed.

60
00:05:22,880 --> 00:05:23,540
Now you do.

61
00:05:23,540 --> 00:05:24,710
So open this page.

62
00:05:26,220 --> 00:05:30,660
GHB is also served by offensive security.

63
00:05:31,910 --> 00:05:35,870
So here, every query is called Google Dork.

64
00:05:36,740 --> 00:05:42,530
So you can apply any door to your target application and server, just click on any talk.

65
00:05:43,460 --> 00:05:49,160
And from here, just click to see the Google search results and now you can analyze the results.

66
00:05:50,190 --> 00:05:56,280
So imagine that a Drupal vulnerability is announced, you can create a Google query to identify the

67
00:05:56,280 --> 00:06:04,680
servers or applications that have this vulnerability, or you can check Google hacking database to find

68
00:06:04,680 --> 00:06:05,290
it and use it.

69
00:06:05,910 --> 00:06:09,900
So now the world is up to your imagination and you.