Dorking & Pentesting�with Tacyt
Chema Alonso @chemaalonso
Dorking
The target is the�“What” not the “Who”
The Target is the Code
What is “Tacyt”?
Dorking with apps:�code & metadata
1.- Infrastructure
Infrastructure Surface
Well-Known Ports
Cpanel & Plesk
2.- P@ssw0rdS
Password.txt
UserLists
Userlist.app
Databases
WebServices
3.- Third Party Credentials
PathFinder
Social Networks
API Keys & Tokens
4.- Bugs to get into
• SQL.asp/php/aspx/… • Query • ldapsearch • exec • sql • command • …
(Blind) SQL Injection
(Blind) SQL Injection 101
LDAP Search
(Blind) LDAP Injection 101
Surprise me, baby!
Questions? • Chema Alonso
– http://twitter.com/chemaalonso – [email protected] – http://www.elladodelmal.com
• Disclaimer: Tacyt Service has been developed by Eleven Paths. All things working well are because of their hard work. All things *may* went bad on this talk were my fault.