Hello, everybody. And welcome to the episode number 11 off the RCP course rule hacks. My name is Alejandro Gonna and I'll be your instructor for today's session. The learning objectives is to understand what is Google tax and also use girl hacks, the strings to gather information.
Well, let's get down to business.
Well, first of all, in my opinion, goal search on. In this case, Google hacks are the only truly passive information gathering technique Juries, other tunics, even though they're not, You know, no, I see or intrusive. They do have to go to face, you know, kind of a face to face
with the victim's system.
So for simple Deanna's
information gathering or any other actually proven technique that you can apply, it has to some somewhere along that, the
the way they have to Doetsch the based on victim system. I'm not saying that you don't have to actually go to toast the victim's system here because maybe you have to go to the Web. H. You know, this is kind of public information is available to anybody. As I said, the name sounds it's actually reachable
like Google, so you're not doing anything that you know,
that's a problem here. Even, you know, being said that it doesn't mean that you can actually do that for any other server that you don't have permissions or any other business that you don't have permission to do. That is at the end, you will be finding really
sensitive information, this cool search. But then again, it's available to anyone. So you know you can fight it. I can find it. Anybody can fight it as it again isn't Google. So there's that.
Now when I say Google search, I don't mean the usual searches. We making Google this actually cold Google hats. So, you know, as the name suggests, is using go Google combined winds up advanced search options. Actually, this is receiving a page dedicated to that. I mean, you can actually, you know, select
check boxes and whatever for what you want
when what, you want Search. But as for disk for this session will be just, you know, Houston,
Um, the simple browser so you can actually see the options here?
The gym is just started browser here and, for example, let me just
go ahead and give you some good, uh,
strings you can use. For example, you can use living. Just copy pays here, the first command will see. Is something kohl in your L. As the name suggests,
You know, we're looking for cameras, lynxes, for example, and that it contains in your el mensaje I maybe some lugging with, for example, video. You go here in, there's a log in page for Ah, what camera Camera?
Ah, a web camera. So you know, you can see the problem here in just, you know, 102 results so
kind of a big deal. I mean, are you exposing the camera? Do they have the default or, you know, factory password and user name? That's kind of problem. You know, you didn't mean for this specific example. There's something called, um,
you can I mean, you can use different applications that are dedicated to find vulnerabilities in cameras and actually, often them, and you can actually see the camera.
You know what, The camera's field man, You know, there's a web pages dedicated to that. You can actually just woke to the webpage and will show you something, you know, Uh, malicious. Oh, are you know, not not malicious per se. But, you know, you can actually see what the people is doing and,
you know, see them Maybe busting mopping the floor in their houses or something like that, You know, kind of a big deal to me, because privacy is one of the, you know, the concerns right now, but then again, you can do that, uh, again, going to endure l I'm just
showing you the strings you can use to find cameras. That's one of them. You know, their heaters. Another your elder contains network cameras. And with cameras were here. You can, actually Oh,
you can actually see the camera in this in this place.
You know, again, Kind of a big deal. I'm not blaming something legal here. This is actually available on the Internet. That kind of
Yeah, no worries me about, you know. Then again,
another, uh, Google Search Command. And I'm actually using disc amends because I don't want to go on give you a course about what? Um, this what you can actually achieve with each command? Because again, just have to, you know, Google hacks,
commands or options, for example, options. And you will have a lot of information uh, with that
s so I don't want to stay here and tell you. Okay? These in your elders days on this entitled is that I just want to show you what you can actually do. Here, let me just just the untitled option that I just mentioned. There's another entitled,
uh, example. And again we just go here
and lucky in what happens, eh?
Did I get the camera? I don't know.
I want to find out anyways. But, you know, doing the point. Ah, lot off
strings for cameras. Let me just give you another one.
And again. Fault. This is available. I will show you a webpage at the end of the off off this curse, and you will see that this is a bit Lisa. Strings are available, uh, to anybody, you know that I can actually have access to Google, So
Okay, where are preachers? Printers? Kind of a big deal. I mean, you can't imagine how many times have a hacked ah, business by using their printer server or, you know, the prince herself so
I got banned by Google. Yeah, I'm not machine I'm not.
I rule about Google. You can imagine that. Okay. Were Page
Can I really see the job? History.
Okay, they at least have a password.
Ah, but you get the point. I mean, you can actually find really, really sensitive information with school
Google Search. Let me just give you another for printers here,
by the way. Even going too fast, you can just pause the video and see the commands of juicing
OK, print desk page. What will happen if I click that? I don't want to find out, man. I don't want to find out. Bring jobs.
serial printer. Not Jeff's Beauty of luck
can actually see the lock. Oh, my God.
Okay, I want to keep Deegan,
but you get the point. I mean, can you even consider that you're the printer you're actually using? Injury business is actually supposed to the internet. You can see how harm harmful. Can this be? And especially if you didn't bother to change the
credential there come by default. I mean, this kind of big deal to me,
for example, email manager. That is up, not after date.
and you know, I'm using a squeal email or school male. Ah, in diversion specific version in your old source and extensions speech be. But, you know, you can actually deuce other things,
For example. Okay, the did you go on up to date? And you know what's the harm about this? This is ah, passive gathering technique. But you can just go here, for example, and
And you can just go to a different level and put that exploit,
and most likely you'll find information. Okay, Buck and TV and, you know, whatever. A lot of information to exploit that so kind of big deal folks
again. I'm showing you this, and I'm trusting that you're actually decent people and that you will be using that Thio either. Ah, strengthen the security kind of measures you have in your business, or give me. You know, you may want to make a career as a penetration tester and help your customers
to actually prove their security
with that. But you know where you were actually, at the start of the
in the previous modules off the skirt of the scores. I show you some basic techniques, but, you know, this is the first session that we're actually starting as the penetration testing process goes on, because at the end, the first thing you have to do is to actually got their information about your victim,
Ah, list off servers. You know, with that we're not updated or not. Up to date version,
Welcome to Windows Moll. Business Server 1000 tree.
Okay, 397 results. Kind of big deal at all.
Apache. How many Apaches heard there? Okay, a lot off patches, and you get a good idea. I mean, you can actually search what ever's that comes to your mind, and you know, for example, username and password. You know, for an administrator exposed to the Internet. Yeah, that kind of
it's a little scary, but, you know
Okay, you'd have it. I don't care about that. That, you know, from page from
deferral businesses. Actually, 115 results so kind of scary. You think? I mean, it is actually files
that contained password and user name. I'm afraid to click any of them that I want to show you the information that these guys have, but, you know, you get the idea,
Uh, servers that contain, for example, of a file called passwords that 60
which, as you can imagine
Ah, wow. Look at the results.
And it's kind of scary. You guys. I mean
Oh, my God. I hope you will fight the name of your business in this web pages or with this web search.
Okay. Ah, database. Uh um, Buzzwords
again, Guys, if I'm going too fast, it's just because I want to show you off examples you can use. Absolutely. This decision is to open your mind to the possibilities. You have to, you know, actually use Google as your information, just as your first information gathering
options. And, you know, in the process,
in the patrician tasting process, this might be your first step so you can gather information. And I'm not saying information, uh,
about well, about server itself is you can find actual information. You know, back in the day, I, uh I was trying to hack a customer, but I wasn't able to hack it. I mean, did he have a lot of kind of measures put in place in the perimeter.
Also, they did have a good
receive wings in their network. In their internal Edward, they have, you know, Berto lands and, you know, they have firewalls. They have GPS, and they have, you know, every technology you can imagine. So I wasn't able to actually hacked him. But what? I did this I just Googled to search for old employees,
their social networks, you know, a league game,
Facebook, Twitter. And I did find a guy that was actually invested a really invested. I mean, this guy has had a hobby with classic cards. So I created a fake page with a classy kourt, and I told him that it was actually selling 11 cards. I you know, I didn't tell him that was, um,
in a hurry. I need to sell because I was to move the country.
And, you know, I told story on by sending a link. I mean, uh, actually creating the webpage and crafting the link and exploit in the river Shal wasn't that difficult technique, like, I don't know, a day maybe, uh, listen, that
But the point is, I was able to do that because I use social networks and Google hacks
to actually find old employees and and and their social profiles. And I was able to gather that information so back to the Google hacks that have a spaz words. Oh, my God. You can see how many bodies were you confined here, So this is kind of scary. You guys, I don't know
if you're thinking the same. I'm thinking, but, you know,
this is scary, and you're probably thinking, okay, how can I actually
get these commands? They seem complicated. For example, file type in text. I don't know. Uh, yeah. You can just go to this Web page. I'm going to live it a little, like seeking, you know, Lance it a little bit. Ah, but this is just Google hacking database, and you can't see a lot of months in here,
and they can't even tell you what this does. For example,
sensitive directories pages containing Logan portals, so you can just, you know, just
copy base. That, for example, you want to maybe something specific, Apache way. Don't find sage
Okay. Shh. That any s h whatever, sage. Something specific to maybe isn't b
okay? five containing juicy info on this copy. Pace.
This one. You see how simple it is? I mean, I'm not inventing anything here, and I'm gonna bank from the wheeled you guys, I'm gonna inventing anything. I'm just using what's available to me. So Yeah, Bree,
um Ms Carey results.
Did you get the idea, You guys? I mean, you can use Google hacks to find information to passively find information for your victim.
Post assessment questions. Is this information gathering tonight considered passive or active? Well, it's actually considered passive. You. You're not actually interacting with any of your victims
server or information directly.
What is performed by the command in U R L? Well, we will search for Ah, whatever. You passed through that command that is contained in the Ural. What is performed by the command, ext? Well, it will search all the pages containing a file. With that, a specific extension.
In this video, we saw the most common Google hacks options to gather information. We executed some Google hack strings to see the results
supplements, materials. There's a book called Google Hack Steps and Tools for Finding and Using The World's Information I highly recommend you to do that. I mean, there's there's even, uh,
saving her about this book. But, you know, I don't think my war for round, but I'm sure about this book. This is a really cool book. I have it. I read it. And, you know, this is how I find I found out about ghoul hacks and, you know, the Mason things. You could do that.
Looking forward in the next video, we'll cover some D. N s and admiration techniques. Well, that's it for today, folks. I hope you're the video and talk to you soon.