Saturday, February 23, 2008

Google Scanner from cDc

The Cult of the Dead Cow (cDc) has released Goolag: a google scanner for searching website vulnerabilities and other juicy information using Google. The scanner is based on google hacking techniques developed by Johnny Long. The tool comes with its own dork database and helps in scanning fast.

As defined by JohnnyLong in his hacking database: googledorks are Inept or foolish people as revealed by Google.

Technically, dorks are search patterns that reveal sites with potential vulnerabilities. Check the hacking database for the extensive list of dorks. These search patterns are not specific to google but just that its more effective with google because of its vast index.

An example dork from the hacking database is "intitle:admin intitle:login" which gives Admin Login pages. Now, the existance of this page does not necessarily mean a server is vulnerable, but it sure is handy to let Google do the discovering for you, no? Let's face it, if you're trying to hack into a web server, this is one of the more obvious places to poke.

Microsoft opens up its Treasure Chest

Microsoft has finally opened up their "treasure" chest. Microsoft has started a protocols program under which they are releasing loads and loads of Microsoft documentation.

From their website

"The Microsoft Protocol Programs foster innovation and interoperability by offering partners access to Windows Vista, Windows Server 2008, Microsoft SQL Server 2008, the 2007 Microsoft Office release, Microsoft Exchange Server 2007, and Microsoft Office SharePoint Server 2007 protocols for use on any platform. These programs enable and encourage a vibrant development community and support it with customer service. The result will be smarter, interoperable products that can be released in coordination with Microsoft product releases."

All the documents are available in PDF format.

The following document gives a roadmap for ploughing through the documents. [MS-DOCO]: Windows Protocols Documentation Roadmap