Re: [Full-Disclosure] Any thoughts on War-Googling?

[Aschwin Wesselius <full-disclosure@xxxxxxxxxxxxxx>]

Gregory A. Gilliss wrote:

> Been there ... done that. +"Index of" would (and still will) supply
> numerous candidates for further study =;^)
>
> You mean someone wrote an *article* about this? Who - Meinel? <LOL>
>
> G
>
> On or about 2004.04.18 18:42:07 +0000, Aschwin Wesselius 
> (full-disclosure@xxxxxxxxxxxxxx) said:
>
> > Hello,
> >
> > Is there anybody who is common with the technique described in this 
> > article?
> >
> > http://www.ebcvg.com/articles.php?id=207
> >
> > It says something about using Google to target servers by searching 
> > paths to vulnerabilities.
> >
> > Any thoughts on that?
> >
> > Kind regards,
> >   

It is not really about wether or not it is known as technique perse, but 
as used into a worm (can you call it a worm?). A program wich adopts the 
results of a Google query and takes actions upon it by exploiting the 
vulnerabilities found.

Off course, people on this list know about Google as a tool for finding 
URLs with dubious locations (like somebodies admin folder). But using a 
tool for doing that and reducing the "target by the numbers" mentality 
is very new to me at least.

But from the reactions of some people I can conclude that no tool is yet 
implemented on this kind of theory?

Kind regards,

Aschwin Wesselius

PS: Thanks for the replies so far

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html