Đang chuẩn bị liên kết để tải về tài liệu:
Google hacking for penetration tester - part 27

Định vị mục tiêu dễ bị tổn thương Những kẻ tấn công có thể xác định vị trí mục tiêu tiềm năng bằng cách tập trung vào các chuỗi trình bày trong cài đặt trình diễn một ứng dụng dễ bị tổn thương của cung cấp bởi nhà cung cấp phần mềm. | Locating Exploits and Finding Targets Chapter 6 261 Locating Malware 0 Google s binary search feature can be used to profile executables but it can also be used to locate live malware on the web. See H.D. Moore s search engine at http metasploit.com research misc mwsearch. Locating Vulnerable Targets 0 Attackers can locate potential targets by focusing on strings presented in a vulnerable application s demonstration installation provided by the software vendor. 0 Attackers can also download and optionally install a vulnerable product to locate specific strings the application displays. 0 Regardless of how a string is obtained it can easily be converted into a Google query drastically narrowing the time a defender has to secure a site after a public vulnerability announcement. Links to Sites 0 www.sensepost.com research wikto Wikto an excellent Google and Web scanner. 0 www.cirt.net code nikto.shtml Nikto an excellent Web scanner. 0 http packetstormsecurity.com An excellent site for tools and exploits. 0 Ilia Alshanetsky http ilia.ws archives 133-Google-Code-Search-Hackers-best-friend.html 0 Nitesh Dhanjani http dhanjani.com archives 2006 10 using_google_ code_search_to_fi.html 0 Chris Shiflett http shiflett.org blog 2006 oct google-code-search-for-security-vulnerabilities 0 Stephen de Vries http www.securityfocus.com archive 107 447729 30 0 Michael Sutton s Blog 0 http portal.spidynamics.com blogs msutton archive 2006 09 26 How- Prevalent-Are-SQL-Injection-Vulnerabilities_3F00_.aspx 0 http portal.spidynamics.com blogs msutton archive 2007 01 31 How-Prevalent-Are-XSS-Vulnerabilities_3F00_.aspx 262 Chapter 6 Locating Exploits and Finding Targets 0 Jose Nazario s page on Google Code Search insecurity stats http monkey.org jose blog viewpage.php page google_code_search_stats 0 Static Code Analysis with Google by Aaron Campbell http asert.arbometworks.com 2006 10 static-code-analysis-using-google-code-search 0 HD Moore s Malware Search http metasploit.com research misc