lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: get at illuminated.nl (Aschwin Wesselius)
Subject: Any thoughts on War-Googling?

Gregory A. Gilliss wrote:

>Been there ... done that. +"Index of" would (and still will) supply
>numerous candidates for further study =;^)
>
>You mean someone wrote an *article* about this? Who - Meinel? <LOL>
>
>G
>
>On or about 2004.04.18 18:42:07 +0000, Aschwin Wesselius (full-disclosure@...uminated.nl) said:
>
>>Hello,
>>
>>Is there anybody who is common with the technique described in this article?
>>
>>http://www.ebcvg.com/articles.php?id=207
>>
>>It says something about using Google to target servers by searching 
>>paths to vulnerabilities.
>>
>>Any thoughts on that?
>>
>>Kind regards,
>>    
>>

It is not really about wether or not it is known as technique perse, but 
as used into a worm (can you call it a worm?). A program wich adopts the 
results of a Google query and takes actions upon it by exploiting the 
vulnerabilities found.

Off course, people on this list know about Google as a tool for finding 
URLs with dubious locations (like somebodies admin folder). But using a 
tool for doing that and reducing the "target by the numbers" mentality 
is very new to me at least.

But from the reactions of some people I can conclude that no tool is yet 
implemented on this kind of theory?

Kind regards,

Aschwin Wesselius

PS: Thanks for the replies so far


Powered by blists - more mailing lists