lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: full-disclosure at illuminated.nl (Aschwin Wesselius)
Subject: Any thoughts on War-Googling?

Gregory A. Gilliss wrote:

> Been there ... done that. +"Index of" would (and still will) supply
> numerous candidates for further study =;^)
>
> You mean someone wrote an *article* about this? Who - Meinel? <LOL>
>
> G
>
> On or about 2004.04.18 18:42:07 +0000, Aschwin Wesselius 
> (full-disclosure@...uminated.nl) said:
>
>> Hello,
>>
>> Is there anybody who is common with the technique described in this 
>> article?
>>
>> http://www.ebcvg.com/articles.php?id=207
>>
>> It says something about using Google to target servers by searching 
>> paths to vulnerabilities.
>>
>> Any thoughts on that?
>>
>> Kind regards,
>>   
>

It is not really about wether or not it is known as technique perse, but 
as used into a worm (can you call it a worm?). A program wich adopts the 
results of a Google query and takes actions upon it by exploiting the 
vulnerabilities found.

Off course, people on this list know about Google as a tool for finding 
URLs with dubious locations (like somebodies admin folder). But using a 
tool for doing that and reducing the "target by the numbers" mentality 
is very new to me at least.

But from the reactions of some people I can conclude that no tool is yet 
implemented on this kind of theory?

Kind regards,

Aschwin Wesselius

PS: Thanks for the replies so far


Powered by blists - more mailing lists