The post ethical hacker course online free more than 15 hours appeared first on Cyber Hyena.
]]>today we will talk about ethical hacker course online and free this course is full course in one video on YouTube by the cyber mentor Learn network penetration testing / ethical hacking in this full tutorial course for beginners.
This course teaches everything you need to know to get started with ethical hacking and penetration testing. You will learn the practical skills necessary to work in the field. Throughout the course, we will develop our own Active Directory lab in Windows, make it vulnerable, hack it, and patch it. We’ll cover the red and blue sides. We’ll also cover some of the boring stuff like report writing :). This course was originally live streamed weekly on Twitch and built from lessons learned in the previous week.
Course created by The Cyber Mentor. Check out his YouTube channel: here
the best in this ethical hacker course is free and simple and easy to learn the cyber mentor give you the information in easy way also you will learn allot of things in this 15 hours course
you can also see our php free course
Certified Ethical Hacker (CEH) is a qualification obtained by demonstrating knowledge of assessing the security of computer systems by looking for weaknesses and vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system. This knowledge is assessed by answering multiple choice questions regarding various ethical hacking techniques and tools. The code for the CEH exam is 312-50. This certification has now been made a baseline with a progression to the CEH (Practical), launched in March 2018, a test of penetration testing skills in a lab environment where the candidate must demonstrate the ability to apply techniques and use penetration testing tools to compromise various simulated systems within a virtual environment.
The post ethical hacker course online free more than 15 hours appeared first on Cyber Hyena.
]]>The post google dork to find spesific file types appeared first on Cyber Hyena.
]]>google dork is a great technique to help you improve your search and make it more usefull
finding a spesific file type on google search is so easy using a filetype: google dork
lets say you want to search for pdf file with some text on it , its super easy using 2 types of dorks
filetype: and intext: for example i want to search in google for pdf files about web security
i will use this dork ” filetype:pdf intext:websecurity ” this will show a good list of availble and downloadable pdf files which contains websecuirty text
another way to using this method if you want to search all the pdf files or spesific pdf files in the website you can use this dork
filetype:pdf site:www.example.com the “site:” is for search only on this site , another example if you want to search for spesific pdf file on a website you can use this example
site:www.example.com filetype:pdf intext:websecurity this will search for the pdf files which conatins web security on www.example.com
so using this type of searches will make it easy to find what you want under this articles you will see how hackers use this method with illigal ways and you can learn how to prottect your website using top web secuirty techniques
you can find more about google dorks here
read about this method and how can be so risky here
the cyberhyena
The post google dork to find spesific file types appeared first on Cyber Hyena.
]]>The post full list of google dorks and simple ways to prevent it appeared first on Cyber Hyena.
]]>Google Dorks , also known as Google Dorking or google dorks list , is a valuable resource for security researchers. For the average person, Google is just a search engine used to find text, images, videos, and news. However, in the infosec world, Google is a useful security tool.
Let’s look at the most popular Google Dorks and what they do.
cache
: this dork will show you the cached version of any website, e.g. cache: cyberhyena.net
allintext
: searches for specific text contained on any web page, e.g. allintext: "what you want "
allintitle
: exactly the same as allintext, but will show pages that contain titles with X characters, e.g. allintitle:"Security Companies"
allinurl
: it can be used to fetch results whose URL contains all the specified characters, e.g: allinurl client areafiletype
: used to search for any kind of file extensions, for example, if you want to search for jpg files you can use: filetype: jpg
inurl
: this is exactly the same as allinurl
, but it is only useful for one single keyword, e.g. inurl: admin
intitle
: used to search for various keywords inside the title, for example, intitle:security tools
will search for titles beginning with “security” but “tools” can be somewhere else in the page.inanchor
: this is useful when you need to search for an exact anchor text used on any links, e.g. inanchor:"cyber security"
intext
: useful to locate pages that contain certain characters or strings inside their text, e.g. intext:"safe internet"
link
: will show the list of web pages that have links to the specified URL, e.g. link: microsoft.com
site
: will show you the full list of all indexed URLs for the specified domain and subdomain, e.g. site:cyberhyena.net
*
: wildcard used to search pages that contain “anything” before your word, e.g. how to * a website
, will return “how to…” design/create/, etc… “a website”.|
: this is a logical operator, e.g. "security" "tips"
will show all the sites which contain “security” or “tips,” or both words.+
: used to concatenate words, useful to detect pages that use more than one specific key, e.g. security + trails
–
: minus operator is used to avoiding showing results that contain certain words, e.g. security -trails
will show pages that use “security” in their text, but not those that have the word “trails.”If you’re looking for the complete set of Google operators, you can follow this SEJ post which covers almost every known dork available today.
if you want to search all the pdf file in a website you will use it like this
site:www.example.com filetype:.pdf
if you want to search for website with ID’s you will use this
inurl:.php?id= or inurl:.php?num= or inurl:news.php?id=
if you want to search for pdf files or books about secuirty you will use this
filetype:.pdf intitle: understanding web security
Log files are the perfect example of how sensitive information can be found within any website. Error logs, access logs and other types of application logs are often discovered inside the public HTTP space of websites. This can help attackers find the PHP version you’re running, as well as the critical system path of your CMS or frameworks.
In the results we discovered one particular website showing an SQL error log from a database server that included critical information:
MyBB SQL Error
SQL Error: 1062 - Duplicate entry 'XXX' for key 'username'
Query:
INSERT
INTO XXX (`username`,`password`,`salt`,`loginkey`,`email`,`postnum`,`avatar`,`avatartype`,`usergroup`,`additionalgroups`,`displaygroup`,`usertitle`,`regdate`,`lastactive`,`lastvisit`,`website`,`icq`,`aim`,`yahoo`,`msn`,`birthday`,`signature`,`allownotices`,`hideemail`,`subscriptionmethod`,`receivepms`,`receivefrombuddy`,`pmnotice`,`pmnotify`,`showsigs`,`showavatars`,`showquickreply`,`showredirect`,`tpp`,`ppp`,`invisible`,`style`,`timezone`,`dstcorrection`,`threadmode`,`daysprune`,`dateformat`,`timeformat`,`regip`,`longregip`,`language`,`showcodebuttons`,`away`,`awaydate`,`returndate`,`awayreason`,`notepad`,`referrer`,`referrals`,`buddylist`,`ignorelist`,`pmfolders`,`warningpoints`,`moderateposts`,`moderationtime`,`suspendposting`,`suspensiontime`,`coppauser`,`classicpostbit`,`usernotes`)
VALUES ('XXX','XXX','XXX','XXX','XXX','0','','','5','','0','','1389074395','1389074395','1389074395','','0','','','','','','1','1','0','1','0','1','1','1','1','1','1','0','0','0','0','5.5','2','linear','0','','','XXX','-655077638','','1','0','0','0','','','0','0','','','','0','0','0','0','0','0','0','')
This example exposed the current database name, user login, password and email values to the Internet. We’ve replaced the original values with “XXX”.
we talk about this before and how google dorking can be so dangerous you can read it here
an example of bad use for that is this one of dorks that used to search for database backup ! we will not show it for security reasons this dork will order google to search for sql format files which contains username and password !!
you may think it is not possible , actually its working !! some website when they do a backup for the database they safe an online version on the website files , and without right robots.txt file orders google will index that , and then a backup of your database are available to every one !!
also some attackers use google dorks to find websites with SQL injection exploit ! and they order google to get the website using php programming language using file type .php and have iD in the url using inurl order , also you can search in any country websites for that using location order or by using site: option by adding the domain country tld (Top-level domain) for example .us is for united states of America and .ru is for russia google dorks list
There are a lot of ways to avoid falling into the hands of a Google Dork.
These measures are suggested to prevent your sensitive information from being indexed by search engines.
One of the best ways to prevent Google dorks is by using a robots.txt file. Let’s see some practical examples.
The following configuration will deny all crawling from any directory within your website, which is pretty useful for private access websites that don’t rely on publicly-indexable Internet content.
User-agent: *
Disallow: /
You can also block specific directories to be excepted from web crawling. If you have an /admin area and you need to protect it, just place this code inside:
User-agent: *
Disallow: /admin/
This will also protect all the subdirectories inside.
Restrict access to specific files:
User-agent: *
Disallow: /privatearea/file.htm
Restrict access to dynamic URLs that contain ‘?’ symbol
User-agent: *
Disallow: /*?
To restrict access to specific file extensions you can use:
User-agent: *
Disallow: /*.php$/
In this case, all access to .php files will be denied.
The post full list of google dorks and simple ways to prevent it appeared first on Cyber Hyena.
]]>The post Google dorks can be risky for your website and your information appeared first on Cyber Hyena.
]]>pretty much google dorks can be risky to your information and your website i will show you how on this article , first of all what is google dorks ?
Before starting with google dorks, you need to have basic understanding of few special google search operators and also how it functions.
This will ask google to show pages that have the term in their html title.
2. inurl:
Searches for specified term in the URL. For example:inurl:register.php
3. filetype:
Searched for certain file type. Example: filetype:pdfwill search for all the pdf files in the websites.
4. ext:
It works similar to filetype. Example: ext:pdf finds pdf extension files.
5. intext:
This will search content of the page. This works somewhat like plain google search
6. site:
This limits the search to a specific site only. Example: site:[email protected] will limit search to only [email protected].
7. Cache:
This will show you cached version of any website. Example: cache: aa.com
8. *
This works like a wildcard. Example: How to * sites, will show you all the results like “how to…” design/create/hack, etc… “sites”
an example of bad use for that is this one of dorks that used to search for database backup ! we will not show it for security reasons this dork will order google to search for sql format files which contains username and password !!
you may think it is not possible , actually its working !! some website when they do a backup for the database they safe an online version on the website files , and without right robots.txt file orders google will index that , and then a backup of your database are available to every one !!
also some attackers use google dorks to find websites with SQL injection exploit ! and they order google to get the website using php programming language using file type .php and have iD in the url using inurl order , also you can search in any country websites for that using location order or by using site: option by adding the domain country tld (Top-level domain) for example .us is for united states of America and .ru is for russia
Explore Specific websites with specific domains
Let’s say you want to explore websites or certain organization that has certain domain. You can simply do that by entering the following code:
“inurl:."domain"/”dorks” “
Example: “inurl:.gov/index.php?id=”
You can use the above example to explore all the list of government sites. You can also replace inurl: with some other google search operators for interesting results.
Google almost indexes everything connected with the internet, which also includes different private informations of misconfigured services. This can often be useful as well as equally harmful at the same time. You need to make sure that do not log in to any of the services, even if the password is exposed, as this could get you into trouble because you don’t have permission.
However, if you have something hosted online, you can use some of the dork commands on your domain just to make sure you did not left anything exposed that hacker can use to get you.
The post Google dorks can be risky for your website and your information appeared first on Cyber Hyena.
]]>