ZPrime Posted July 15, 2009 Share Posted July 15, 2009 so google (from what i understand .... which isn't much) is that google is an intensely powerful indexing and search tool, so would it be possible index massive amounts of hashes, then use google to search it, like a massive look up table? please list the reasons i'm wrong below. Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 15, 2009 Share Posted July 15, 2009 so google (from what i understand .... which isn't much) is that google is an intensely powerful indexing and search tool, so would it be possible index massive amounts of hashes, then use google to search it, like a massive look up table? please list the reasons i'm wrong below. It could be done. It would take a massive amount of time for Google to index it all, also would take a massive amount of bandwidth on the host side for Google to index all the hashes. In addition to this, Google searches are rather analogue, that is to say the results can differ from day to day. Google could also remove the index's of any domains that try to do that at any time, this would result in inconsistent service (at most times). Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 15, 2009 Share Posted July 15, 2009 It could be done. It would take a massive amount of time for Google to index it all, also would take a massive amount of bandwidth on the host side for Google to index all the hashes. In addition to this, Google searches are rather analogue, that is to say the results can differ from day to day. Google could also remove the index's of any domains that try to do that at any time, this would result in inconsistent service (at most times). We talked about something similar either on the backtrack forums or the netstumbler forums, I can't remember which. We came up with the same conclusion. Quote Link to comment Share on other sites More sharing options...
ZPrime Posted July 15, 2009 Author Share Posted July 15, 2009 hmmm, think it could ever be practically implemented? The amount of bandwidth the host would have to provide would it be to the point of impracticality? I was wondering because google looks things up at an incredible speed when compared to an EPC, so even if the results were unlikely to yield any results, it could still be a useful tool if your lacking in processing power Quote Link to comment Share on other sites More sharing options...
digip Posted July 15, 2009 Share Posted July 15, 2009 Easiest way is to search for part of the hash and see what hits. There are probably common ones, like md5 passwords, but more imporantly, you cna take a linux distros md5 hash and find mirrors of the distro by googling the hashes, so they do index certain things like that. I guess it would take the same pattern showing up in different locations a number of times before the engine considers it interesting enough to index. I think its probably not aware enough to filter them out and would create too much overhead to say, "oh, this matches this password and is commonly exploited, we'll remove it" while at the same time "this hash does not look like anything I have seen elsewhere so until I see it x # of times, I won't index it". Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted July 22, 2009 Share Posted July 22, 2009 My favorite way is to use the "Welcome to phpMyAdmin" AND " Create new database" dork and find databases that have already been poped. Look for <?php eval($_POST[cmd]);?> And try to find the page where you send commands. That or root the box your self from there. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.