Monday, August 13, 2012

War Games

Just saw the old movie War Games from 1983.

I think it was one of the first films were I saw someone "Hack" a system.
Check out the size of the floppy disk he's using :-)



I Love this movie. What do you think ?




Saturday, August 11, 2012

Google Hacking Diggity Project

I was in DEFCON 20 a couple of weeks ago and was introduced to a few cool applications and I thought I should share them so I'll be posting making some posts introducing them the following weeks.


Today I want to introduce the Google Hacking Diggity Project, http://www.stachliu.com/resources/tools/google-hacking-diggity-project/.
Probably everyone reading this post  already knows about Google hacking (if not, start with http://en.wikipedia.org/wiki/Google_hacking, fast) but it is so much nicer to have one tool that will build all your queries for you.
Now despite the name, they do more than google.

 
Francis Brown and Rob Ragan have developed a search engine hacking tool arsenal that leverages Google, Bing and Shodan to quickly identify vulnerable systems or sensitive data leaks from corporate networks.

To start all you need to do is go to the link mentioned above and download search diggity from the attack tools menu.
 

some cool features include PortScan

NotInMyBackyard is becoming one of my favorites, allowing to search for passwords or sensitive information intentionally or recklessly posted on the net. The tool comes with pre-built queries that make it really easy to find information on pastebin, youtube, twitter, dropbox, googledocs and more.

Just try :
  1. type 'password' in the Query appender
  2. select site:s3.amazoneaws.com from the locations list (inside cloud storage).
  3. from the extensions section choose XLS and XLSX
  4. look at all the documents you can find.


Try different settings for better results.