Scribd
Upload
484 views

Google Hacking: Your Machine Is Your HACKER, Connected To The Internet

The document provides instructions for using Google to find website vulnerabilities and conduct penetration testing. It describes using the Google Hacking Database to find vulnerable online shopping sites still using VP-ASP and then demonstrates how to exploit that vulnerability by downloading the backend database containing customer details.

Uploaded by

Donay X Small
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
484 views

Google Hacking: Your Machine Is Your HACKER, Connected To The Internet

The document provides instructions for using Google to find website vulnerabilities and conduct penetration testing. It describes using the Google Hacking Database to find vulnerable online shopping sites still using VP-ASP and then demonstrates how to exploit that vulnerability by downloading the backend database containing customer details.

Uploaded by

Donay X Small
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

2011-BR

1

GOOGLE HACKING


Configuration:

Your machine is your HACKER, connected to the Internet

Objectives:

1. Penetration Testing using Google

Tools:

Mozilla Firefox
Microsoft Access

Preparation:

Ensure that your machine is connected to the internet.

Try to ping www.google.com


2011-BR
2

I. GOOGLE HACKING DATABASE (GHDB)

Detailed Steps:

1. Open web browser.

2. Go to http://www.hackersforcharity.org/ghdb/

3. Go to Sensitive Online Shopping Info

4. Find this vulnerability description









5. Click on (i) button, and then read the description.

6. Do a vulnerability research regarding to VP-ASP
Example :
- http://www.exploit-database.com
- http://securitytracker.com
- etc

Try to find how to exploit/hack that application.














2011-BR
3

II. HACKING VP-ASP

1. Go google type inurl:shopadmin.asp shop administrators only and press search.
2. Now Google returns with our results. Choose any of those.
3. Now it asks for a username and password. Dont worry about this. In the address bar
replace shopadmin.asp with shopdbtest.asp
It should take you to a page with some infos on it. Next to where it says xDatabase is the
name of the database. E.g if it was shopping, in the address bar, replace shopdbtest.asp
with shopping.mdb













4. Download the database file and open it up with Access or your other software. Find
customers and youll have a list of customer details.

You might also like