L4.docx

samples and paper topics / By

is an active website.

2) Search the term site:amazonaws.com

This search result in millions of websites or documents that have been hosted on Amazon cloud servers.

Review the search results and find some company websites that have been hosted in the Amazon cloud. (AWS).

3) Search the term Franklin Univesity site:amazonaws.com

This search query will reveal documents and web pages having “Franklin University” keywords and hosted in Amazon AWS.

4) Search the term filetype:doc site:franklin.edu

The filetype operator produces the search results linked to the indexed files with the type indicated in the operator. Above search will reveal word files hosted in the franklin.edu domain and indexed by Google.

If the above query does not produce any results, try another query by changing the file types such as docx, ppt, pptx, pdf.

Download one file and check the metadata information. Find information such as username, author name, application version, etc. There are various methods to see the metadata information. You can right-click the file and check the details tab, as shown below. Alternatively, you can open the file with Microsoft Word and see the properties within the Word program. Use the Google search engine, if you need, to learn how to see metadata information of Microsoft office documents/PDF files.

Note: Every small piece of information is important for a meticulous pentester. A username such as john.smith can indicate that the username pattern used in the organization is name.surname. It is important to know the username patterns in the social engineering attacks. Some metadata might contain Office software and operating system version information. Version information provides information about the patch level, and a hacker/pentester can create malicious payloads specific to the versions found in metadata.

5) Search the term inurl:login site:franklin.edu

inurl operator here finds the pages that contain the “login” in the URL. By using this operator, we can discover login forms hosted by the targeted website.

Review the search results. Take a screenshot of one of the login forms.

6) Visit this page:

QUESTION: Choose a query, start a Google search and analyze the search results.

Note: “The Exploit Database is a CVE compliant[footnoteRef:1] archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away [1: https://cve.mitre.org/data/refs/refmap/source-EXPLOIT-DB.html]

The Google Hacking Database (GHDB) is a categorized index of Internet search engine queries designed to uncover interesting and usually sensitive information made publicly available on the Internet. In most cases, this information was never meant to be made public but due to any number of factors this information was linked in a web document that was crawled by a search engine that subsequently followed that link and indexed the sensitive information.” (Source of this double-quoted information: exploit-db.com about page)

Note that Google hacking (Google Dorking) is a broad topic; there are books written on this topic.

Section-2: Using archive.org

1) The Wayback Machine is an essential part of the Internet Archive project (archive.org). It is a digital archive of the World Wide Web, allows the user to go “back in time” and see what websites looked like in the past. ( )

The Wayback Machine provides useful information for the pen-testers and hackers as well.

1) Go to archive.org website

2) Type in franklin.edu to the Wayback Machine

3) See that the Wayback Machine has been archiving franklin.edu since December 23, 1996. You can check how the first webpage of Franklin was.

2) Assume that you are performing a penetration testing for Franklin University. You were checking an internal portal website. You found a link in one of the message forums.

a) This is the link you found. Click on this or type in the address:

You will come up with a 404 error saying, “Sorry, this page does not exist.”

As the pentester, you are curious. You wonder what information was published on this page, and that information might be useful for your pentest. As the URL contains “info”, this might be something important.

b) Type in this URL to the Wayback Machine and see when the webpage was archived.

As you can see, the last snapshots of this page were taken in 2002. As a pentester, you may continue your search and find some useful information, or you can discard your search because this page does not have recent snapshots.

c) Go to October 18, 2001 snapshot and see how this page looks like.

3) Now, you will perform an OSINT (Open Source Intelligence) challenge by using the Wayback Machine. Think about this case:

Paul was System Admin at x64 Corporation. He argued with his manager and left the company a few days back. Being disappointed, he started leaking sensitive data. He also deleted all the employee records.

Help our investigators to find his Phone number.

Take a screenshot of the browser window where Paul's phone is shown.

Section-4: Using Shodan

Shodan is a specialized search engine that provides information about the versions of the devices connected to the Internet. A device can be anything having an IP address, including webservers, IP cameras, and even refrigerators, as long as it has been reachable by Shodan search robots.

Note: Please register Shodan before starting this lab. You will need to log in before using search filters in your searches. The first query below does not require you to login; however, you will need to register and then log in for the rest of the queries.

The Shodan website is

1) Find all Apache web servers that the Shodan search engine has detected.

Type in apache to the search box and press enter. Review the results pages.

2)

Weekly Learning and Reflection 

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.

image1.png

Our customer support team is here to answer your questions. Ask us anything!
WeCreativez WhatsApp Support
Support Executive
Jacob
Available
WeCreativez WhatsApp Support
Support Supervisor
Brian
Available
Hi, how can I help?