Enviar búsqueda
Cargar
TH3 Professional Developper google hacking
•
8 recomendaciones
•
49,578 vistas
th3prodevelopper
Seguir
Formation N° 2 Google Hacking
Leer menos
Leer más
Educación
Tecnología
Noticias y política
Vista de diapositivas
Denunciar
Compartir
Vista de diapositivas
Denunciar
Compartir
1 de 93
Descargar ahora
Descargar para leer sin conexión
Recomendados
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google Hacking
Gareth Davies
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database Servers
Kislaychd
Phishing
Phishing
defquon
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP Spain
Christian Martorella
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
Oles Seheda
Information Gathering With Google
Information Gathering With Google
Zero Science Lab
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
Chris Gates
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
Jeremiah Grossman
Recomendados
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google Hacking
Gareth Davies
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database Servers
Kislaychd
Phishing
Phishing
defquon
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP Spain
Christian Martorella
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
Oles Seheda
Information Gathering With Google
Information Gathering With Google
Zero Science Lab
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
Chris Gates
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
Jeremiah Grossman
Evolution Of Web Security
Evolution Of Web Security
Chris Shiflett
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)
Jeremiah Grossman
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
Christian Martorella
A Basic Guide to Safe Surfing on the Internet
A Basic Guide to Safe Surfing on the Internet
- Mark - Fullbright
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
Ramsés Gallego
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012
jakobkorherr
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition]
Jose Manuel Ortega Candel
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
msz
Web application security
Web application security
Sathyanarayana Panduranga
Ce hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsers
Vi Tính Hoàng Nam
WhiteHat Security "Website Security Statistics Report" (Q1'09)
WhiteHat Security "Website Security Statistics Report" (Q1'09)
Jeremiah Grossman
Ip on the internet day
Ip on the internet day
Craig Dsouza
Google Dorks: Analysis, Creation, and new Defenses
Google Dorks: Analysis, Creation, and new Defenses
Flavio Toffalini
Password cracking and brute force tools
Password cracking and brute force tools
zeus7856
Phishing with Super Bait
Phishing with Super Bait
Jeremiah Grossman
Ce hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwords
Vi Tính Hoàng Nam
Module 13 (web based password cracking techniques)
Module 13 (web based password cracking techniques)
Wail Hassan
Web Security: A Primer for Developers
Web Security: A Primer for Developers
Mike North
So whats in a password
So whats in a password
Rob Gillen
Twarfing: Malicious Tweets
Twarfing: Malicious Tweets
Costin Raiu
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Kislaychd
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
Más contenido relacionado
La actualidad más candente
Evolution Of Web Security
Evolution Of Web Security
Chris Shiflett
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)
Jeremiah Grossman
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
Christian Martorella
A Basic Guide to Safe Surfing on the Internet
A Basic Guide to Safe Surfing on the Internet
- Mark - Fullbright
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
Ramsés Gallego
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012
jakobkorherr
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition]
Jose Manuel Ortega Candel
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
msz
Web application security
Web application security
Sathyanarayana Panduranga
Ce hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsers
Vi Tính Hoàng Nam
WhiteHat Security "Website Security Statistics Report" (Q1'09)
WhiteHat Security "Website Security Statistics Report" (Q1'09)
Jeremiah Grossman
Ip on the internet day
Ip on the internet day
Craig Dsouza
Google Dorks: Analysis, Creation, and new Defenses
Google Dorks: Analysis, Creation, and new Defenses
Flavio Toffalini
Password cracking and brute force tools
Password cracking and brute force tools
zeus7856
Phishing with Super Bait
Phishing with Super Bait
Jeremiah Grossman
Ce hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwords
Vi Tính Hoàng Nam
Module 13 (web based password cracking techniques)
Module 13 (web based password cracking techniques)
Wail Hassan
Web Security: A Primer for Developers
Web Security: A Primer for Developers
Mike North
So whats in a password
So whats in a password
Rob Gillen
Twarfing: Malicious Tweets
Twarfing: Malicious Tweets
Costin Raiu
La actualidad más candente
(20)
Evolution Of Web Security
Evolution Of Web Security
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
A Basic Guide to Safe Surfing on the Internet
A Basic Guide to Safe Surfing on the Internet
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition]
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
Web application security
Web application security
Ce hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsers
WhiteHat Security "Website Security Statistics Report" (Q1'09)
WhiteHat Security "Website Security Statistics Report" (Q1'09)
Ip on the internet day
Ip on the internet day
Google Dorks: Analysis, Creation, and new Defenses
Google Dorks: Analysis, Creation, and new Defenses
Password cracking and brute force tools
Password cracking and brute force tools
Phishing with Super Bait
Phishing with Super Bait
Ce hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwords
Module 13 (web based password cracking techniques)
Module 13 (web based password cracking techniques)
Web Security: A Primer for Developers
Web Security: A Primer for Developers
So whats in a password
So whats in a password
Twarfing: Malicious Tweets
Twarfing: Malicious Tweets
Destacado
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Kislaychd
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
The Hackers Dictionary
The Hackers Dictionary
alanocu
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings
Symantec
prova
prova
guest4e3d2e
Waterhole Attack
Waterhole Attack
Symantec
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
defquon
Samsung galaxy s6 edge review
Samsung galaxy s6 edge review
91mobiles
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
amiable_indian
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011
Symantec
Google Hacking
Google Hacking
Ilsun Choi
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
Mina Fawzy
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
Cyber crime
Cyber crime
Tushar Malhotra
Destacado
(14)
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
The Hackers Dictionary
The Hackers Dictionary
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings
prova
prova
Waterhole Attack
Waterhole Attack
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
Samsung galaxy s6 edge review
Samsung galaxy s6 edge review
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011
Google Hacking
Google Hacking
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
Cyber crime
Cyber crime
Similar a TH3 Professional Developper google hacking
Web Security - Introduction
Web Security - Introduction
SQALab
Duplicate content presentation March 2012
Duplicate content presentation March 2012
Shake Interactive
Gopher & Search Engines.pptx
Gopher & Search Engines.pptx
ApurvSingh65
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
DevOps.com
Web Presen
Web Presen
guest79a91d
Web Presen
Web Presen
guest79a91d
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
Vi Tính Hoàng Nam
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internet
Vi Tính Hoàng Nam
Module 11 (hacking web servers)
Module 11 (hacking web servers)
Wail Hassan
Hello Drupal
Hello Drupal
hellodrupal
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
Wail Hassan
DomainTools Fingerprinting Threat Actors with Web Assets
DomainTools Fingerprinting Threat Actors with Web Assets
DomainTools
Google Hacking by Ali Jahangiri
Google Hacking by Ali Jahangiri
Devetol
Introduction to "robots.txt
Introduction to "robots.txt
Ishan Mishra
Orion Introduction
Orion Introduction
Tomasz Zarna
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
lior mazor
OWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript Applications
Lewis Ardern
Internet research for HRD Profession
Internet research for HRD Profession
Laurence Yap M.A. (UM) CHRM
Internet research-1200691875464541-5
Internet research-1200691875464541-5
惠子 李
Internet research-1200691875464541-5
Internet research-1200691875464541-5
惠子 李
Similar a TH3 Professional Developper google hacking
(20)
Web Security - Introduction
Web Security - Introduction
Duplicate content presentation March 2012
Duplicate content presentation March 2012
Gopher & Search Engines.pptx
Gopher & Search Engines.pptx
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
Web Presen
Web Presen
Web Presen
Web Presen
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internet
Module 11 (hacking web servers)
Module 11 (hacking web servers)
Hello Drupal
Hello Drupal
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
DomainTools Fingerprinting Threat Actors with Web Assets
DomainTools Fingerprinting Threat Actors with Web Assets
Google Hacking by Ali Jahangiri
Google Hacking by Ali Jahangiri
Introduction to "robots.txt
Introduction to "robots.txt
Orion Introduction
Orion Introduction
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
OWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript Applications
Internet research for HRD Profession
Internet research for HRD Profession
Internet research-1200691875464541-5
Internet research-1200691875464541-5
Internet research-1200691875464541-5
Internet research-1200691875464541-5
Más de th3prodevelopper
TH3 Professional Developper CEH social engineering
TH3 Professional Developper CEH social engineering
th3prodevelopper
TH3 Professional Developper CEH sniffers
TH3 Professional Developper CEH sniffers
th3prodevelopper
TH3 Professional Developper CEH phishing
TH3 Professional Developper CEH phishing
th3prodevelopper
TH3 Professional Developper CEH denial of service
TH3 Professional Developper CEH denial of service
th3prodevelopper
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accounts
th3prodevelopper
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoors
th3prodevelopper
Más de th3prodevelopper
(6)
TH3 Professional Developper CEH social engineering
TH3 Professional Developper CEH social engineering
TH3 Professional Developper CEH sniffers
TH3 Professional Developper CEH sniffers
TH3 Professional Developper CEH phishing
TH3 Professional Developper CEH phishing
TH3 Professional Developper CEH denial of service
TH3 Professional Developper CEH denial of service
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accounts
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoors
Último
Capitol Tech Univ Doctoral Presentation -May 2024
Capitol Tech Univ Doctoral Presentation -May 2024
CapitolTechU
The Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptx
NehaChandwani11
The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptx
heathfieldcps1
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
中 央社
“O BEIJO” EM ARTE .
“O BEIJO” EM ARTE .
Colégio Santa Teresinha
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
Borja Sotomayor
Word Stress rules esl .pptx
Word Stress rules esl .pptx
Nicholas Montgomery
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
Denish Jangid
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
neillewis46
philosophy and it's principles based on the life
philosophy and it's principles based on the life
NitinDeodare
The Last Leaf, a short story by O. Henry
The Last Leaf, a short story by O. Henry
Eugene Lysak
PSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptx
Marlene Maheu
Mattingly "AI and Prompt Design: LLMs with Text Classification and Open Source"
Mattingly "AI and Prompt Design: LLMs with Text Classification and Open Source"
National Information Standards Organization (NISO)
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
Krashi Coaching
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
expandedwebsite
An overview of the various scriptures in Hinduism
An overview of the various scriptures in Hinduism
Dabee Kamal
Financial Accounting IFRS, 3rd Edition-dikompresi.pdf
Financial Accounting IFRS, 3rd Edition-dikompresi.pdf
MinawBelay
How to Manage Closest Location in Odoo 17 Inventory
How to Manage Closest Location in Odoo 17 Inventory
Celine George
Features of Video Calls in the Discuss Module in Odoo 17
Features of Video Calls in the Discuss Module in Odoo 17
Celine George
REPRODUCTIVE TOXICITY STUDIE OF MALE AND FEMALEpptx
REPRODUCTIVE TOXICITY STUDIE OF MALE AND FEMALEpptx
manishaJyala2
Último
(20)
Capitol Tech Univ Doctoral Presentation -May 2024
Capitol Tech Univ Doctoral Presentation -May 2024
The Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptx
The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptx
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
“O BEIJO” EM ARTE .
“O BEIJO” EM ARTE .
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
Word Stress rules esl .pptx
Word Stress rules esl .pptx
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
philosophy and it's principles based on the life
philosophy and it's principles based on the life
The Last Leaf, a short story by O. Henry
The Last Leaf, a short story by O. Henry
PSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptx
Mattingly "AI and Prompt Design: LLMs with Text Classification and Open Source"
Mattingly "AI and Prompt Design: LLMs with Text Classification and Open Source"
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
An overview of the various scriptures in Hinduism
An overview of the various scriptures in Hinduism
Financial Accounting IFRS, 3rd Edition-dikompresi.pdf
Financial Accounting IFRS, 3rd Edition-dikompresi.pdf
How to Manage Closest Location in Odoo 17 Inventory
How to Manage Closest Location in Odoo 17 Inventory
Features of Video Calls in the Discuss Module in Odoo 17
Features of Video Calls in the Discuss Module in Odoo 17
REPRODUCTIVE TOXICITY STUDIE OF MALE AND FEMALEpptx
REPRODUCTIVE TOXICITY STUDIE OF MALE AND FEMALEpptx
TH3 Professional Developper google hacking
1.
Ethical Hacking and Countermeasures Version
6 Module IV Google Hacking
2.
Module Objective
This module will familiarize you with: • What is Google Hacking • What a Hacker Can Do With Vulnerable Site • Google H ki Basics G l Hacking B i • Google Advanced Operators • Pre-Assessment • Locating Exploits and Finding Targets g p g g • Tracking Down Web Servers, Login Portals, and Network Hardware • Google Hacking Tools Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
3.
Module Flow
Google Hacking Pre-Assessment What a Hacker Can Do Locating Exploits and Finding Targets With Vulnerable Site Tracking Down Web Servers, Google Hacking Basics Login Portals, and Network Hardware Google Advanced Operators Google Hacking Tools Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
4.
What is Google
Hacking Google hacking is a term that refers to the art of creating complex search engine q p g queries in order to filter through large g g amounts of search results for information related to computer security In its malicious format, it can be used to detect websites that format are vulnerable to numerous exploits and vulnerabilities as well as locate private, sensitive information about others, such as credit card numbers, social security numbers, and passwords Google Hacking involves using Google operators to locate specific strings of text within search results p g Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
5.
What a Hacker
Can Do With Vulnerable Site Information that the Google Hacking Database identifies: g g Advisories and server vulnerabilities Error messages that contain too much information Files containing passwords Sensitive directories Pages containing logon portals Pages containing network or vulnerability data such as firewall logs Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
6.
Google Hacking Basics
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
7.
Anonymity with Caches
Hackers can get a copy sensitive data even if plug on that pesky Web server is pulled off and they can crawl into entire website without even sending a single packet to server If the web server does not get so much as a packet, it can not write any thing to log files Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
8.
Using Google as
a Proxy Server Google some times works as a proxy server which requires a Google translated URL and some minor URL modification Translation URL is generated through Google’s translation service, service located at www.google.com/translate_t www google com/translate t If URL is entered in to “Translate a web page” field, by selecting a language pair and clicking on Translate button Google will button, translate contents of Web page and generate a translation URL Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
9.
Directory Listings
A directory listing is a type of Web page that lists files and directories that exist on a Web server It is designed such that it is to be navigated by clicking directory links, directory listings typically have a title that describes the current directory, a list of files and directories that can be clicked Just like an FTP server, directory listings offer a no-frills, easy-install solution for granting access to files that can be stored in categorized folders Problems faced by directory listings are: • They do not prevent users from downloading certain files or accessing certain directories hence they are not secure • They can display information that helps an attacker learn specific technical details about Web server • They do not discriminate between files that are meant to be public and those that are meant to remain behind the scenes • They are often displayed accidentally, since many Web servers display a directory listing if a top-level index file is missing or invalid Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
10.
Directory Listings(cont’d)
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
11.
Locating Directory Listings
Since directory listings offer p y g parent directory links and allow y browsing through files and folders, attacker can find sensitive data simply by locating listings and browsing through them Locating directory listings with Google is fairly straightforward as they begin with phrase “Index of,” which shows in tittle An obvious query to find this type of page might be ntitle:index.of, which can find pages with the term “index of” in the title of the document intitle:index.of “parent directory” or intitle:index.of “name size” queries indeed provide directory listings by not only focusing on index.of in title b on k f d f l but keywords often f d f found inside d d directory listings, such as parent directory, name, and size Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
12.
Locating Directory Listings
(cont d) (cont’d) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
13.
Finding Specific Directories
This is easily accomplished by adding the name of the directory to the search query To locate “admin” directories that are admin accessible from directory listings, queries such as intitle:index.of.admin or intitle:index.of inurl:admin will work well, as shown in the following figure Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
14.
Finding Specific Files
As the directory listing is in tree style, it is also possible to find specific files in a directory listing To find WS_FTP log files, try a search such as intitle:index.of ws_ftp.log, as shown in the Figure below: Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
15.
Server Versioning
The information an attacker can use to determine the best method for attacking a Web server is the exact software version An attacker can retrieve that information by connecting directly to the Web port of that server and issuing a request for the HTTP headers Some typical directory listings provide the name of the server software as well as the version number at the bottom portion. These information are faked and attack can be done on web server intitle:index.of “ server at” query will locate all directory listings on the Web with index of in the title and server at anywhere in the text of the page In addition to identifying the Web server version, it is also possible to determine the operating system of the server as well as modules and other software that is installed Server versioning technique can be extended by including more details in the query Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
16.
Server Versioning (cont’d)
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
17.
Going Out on
a Limb: Traversal Techniques Attackers use traversal techniques to expand a small foothold into a larger co p o se compromise The query intitle:index.of inurl:“/admin/*” is helped to traversal as shown in the figure: Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
18.
Directory Traversal
By clicking on the p y g parent directory link the sub links under y it will open. This is basic directory traversal Regardless of walking through the directory tree , traversing outside the Google search wandering around on the target Web server is also be done The Th word in the URL will b changed with other words d i th ill be h d ith th d Poorly coded third-party software product installed in the server accepts di t t directory names as arguments which allows t hi h ll users to view files above the web server directory Automated tools can do a much better job of locating files and vulnerabilities Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
19.
Incremental Substitution
This technique involves replacing numbers in a URL in an attempt to find directories or files that are hidden, or unlinked from other pages By changing the numbers in the file names, the other files can be found In some examples, substitution is used to modify the numbers in the URL to locate other files or directories that exist on the site • /docs/bulletin/2.xls could be modified to /docs/bulletin/2.xls • /DigLib_thumbnail/spmg/hel/0001/H/ could be changed to /DigLib_thumbnail/spmg/hel/0002/H/ /Di Lib th b il/ /h l/ /H/ • /gallery/wel008-1.jpg could be modified to /gallery/wel008-2.jpg Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
20.
Extension Walking
File extensions and how filetype operator can be used to locate files with specific file extensions i HTM files can be easily searched with a query such as filetype:HTM HTM Filetype searches require a search parameter and files ending in HTM always have HTM in the URL After locating HTM files, substitution technique is used to find files with the same file name and different extension Easiest E i way to d determine names of b k fil on a server i to l i f backup files is locate a didirectory li i listing using intitle:index.of or to search for specific files with queries such as intitle:index.of index.php.bak or inurl:index.php.bak If a system administrator or Web authoring p g y g program creates backup files with a .BAK p extension in one directory, there is a good chance that BAK files will exist in other directories as well Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
21.
Google Advanced Operators
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
22.
Site Operator
The site operator is absolutely invaluable during the p y g information-gathering phase of an assessment Site search can be used to gather information about the servers g and hosts that a target hosts Using simple reduction techniques, you can quickly get an idea about a target’s online presence Consider the simple example of site:washingtonpost.com – site:www.washingtonpost.com This query effectively locates pages on the washingtonpost.com washingtonpost com domain other than www.washingtonpost.com Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
23.
Site Operator (cont’d)
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
24.
intitle:index.of
intitle:index.of is the universal search for directory listings In most cases, this search applies only to Apache-based servers, but due to the overwhelming number of A h l i b f Apache- h derived Web servers on the Internet, there is a good chance that the server you are profiling will be Apache-based Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
25.
Screenshot
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
26.
error | warning
Error messages can reveal a great deal of information about a target Often Oft overlooked, error messages can provide i i ht i t th application l k d id insight into the li ti or operating system software a target is running, the architecture of the network the target is on, information about users on the system, and much more Not only are error messages informative, they are prolific A query of intitle: error results in over 55 million results Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
27.
error | warning
(cont’d) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
28.
login | logon
Login portals can reveal the software and operating system of a target, and in many cases “self-help” documentation is linked from the main self help page of a login portal These documents are designed to assist users who run into p g problems during the login process Whether the user has forgotten his or her password or even username, this document can provide clues that might help an attacker Documentation linked from login portals lists e-mail addresses, phone numbers, or URLs of h b f human assistants who can h l a troubled user i h help bl d regain lost access These assistants, or help desk operators are perfect targets for a social assistants operators, engineering attack Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
29.
login | logon
(cont’d) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
30.
username | userid
| employee.ID | “your username is” y There are many different ways to obtain a username from a target system Even though a username is the less important half of most authentication mechanisms, it should at least be marginally protected from outsiders Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
31.
password | passcode
| “your p password is” The word password is so common on the Internet, there are over 73 million results for this one-word query During an assessment, it is very likely that results for this query combined with a site operator will include pages that provide help to users who have forgotten their passwords In some cases, this query will locate pages that provide policy information about the creation of a password This type of information can be used in an intelligent-guessing or even a b t f brute-force campaign against a password fi ld i i t d field Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
32.
password | passcode
| “your p password is” ( (cont’d) ) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
33.
admin | administrator
The word administrator is often used to describe the person in control of a network or system k The word administrator can also be used to locate administrative login pages, or login portals The phrase Contact y p your system administrator is a fairly common p y y phrase on the Web, as are several basic derivations A query such as “please contact your * administrator” will return results that reference local, company, site, department, server, system, network, d t b f l l it d t t t t k database, e-mail, and even tennis administrators If a Web user is said to contact an administrator, chances are that the data has at least moderate importance to a security tester Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
34.
admin | administrator
(cont’d) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
35.
admin login
admin login Reveals Administrative Login Pages Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
36.
–ext:html –ext:htm
–ext:shtml –ext:asp –ext:php p p p The –ext:html –ext:htm –ext:shtml –ext:asp – ext:php query uses ext, a synonym f the fil h for h filetype operator, and is a negative query It returns no results when used alone and should be combined with a site operator to work properly The idea behind this query is to exclude some of the most common Internet file types in an attempt to find files that might be more interesting Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
37.
–ext:html –ext:htm –ext:shtml
– ext:asp –ext:php (cont’d) ext:php (cont d) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
38.
inurl:temp | inurl:tmp
| inurl:backup | inurl:bak p The inurl:temp | inurl:tmp | inurl:backup | inurl:bak query, combined with th site operator, searches f t ith the it t h for temporary or b k fil or backup files directories on a server Although there are many possible naming conventions for temporary or backup files, this search focuses on the most common terms Since this search uses the inurl operator, it will also locate files that contain these terms as file extensions, such as index.html.bak f , Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
39.
Pre-Assessment
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
40.
intranet | help.desk
The term intranet, despite more specific technical meanings, has become a generic term that describes a network confined to a small group In most cases, the term intranet describes a closed or private network unavailable to the general public Many sites have configured p y g portals that allow access to an intranet from the Internet, bringing this typically closed network one step closer to the potential attackers Unavailable to public Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
41.
Locating Exploits and
g p Finding Targets Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
42.
Locating Public Exploit
Sites One way to locate exploit code is to focus on the file extension of the source code and then search for specific content within that code Since source code is the text-based representation of the difficult-to-read machine code, Google is well suited for this task For example, a large number of exploits are written in C, which generally use source code ending in a .c extension A query for fil t f filetype:c exploit returns around 5,000 results, most of which are exactly th l it t d lt t f hi h tl the types of programs you are looking for These are the most popular sites hosting C source code containing the word exploit, the returned list i a good start f a li t of b k t d li t is d t t for list f bookmarksk Using page-scraping techniques, you can isolate these sites by running a UNIX command against the dumped Google results page grep Cached exp | awk –F" –" '{print $1}' | sort –u Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
43.
Locating Exploits Via
Common g Code Strings Another way to locate exploit code is to focus on common strings within y p g the source code itself One O way to do this is to focus on common inclusions or h d fil d hi i f i l i header file references For example, many C programs include the standard input/output library functions, which are referenced by an include statement such as #include <stdio.h> within the source code A query like this would locate C source code that contained the word exploit, regardless of the file’s extension: • “#include <stdio.h>” exploit Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
44.
Searching for Exploit
Code with Nonstandard Extensions Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
45.
Locating Source Code
with Common Stringsg Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
46.
Locating Vulnerable Targets
In fact, it’s not uncommon for Attackers are increasingly using public vulnerability Google to locate Web-based Web based announcements to contain i targets vulnerable to specific Google links to potentially exploits vulnerable targets Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
47.
Locating Targets Via
Demonstration Pages Develop a query string to locate vulnerable targets on the Web; the vendor’s Web site is a good place to discover what exactly the product’s Web pages look like product s For example, some administrators might modify the format of a vendor-supplied Web page to fit the theme of the site These types of modifications can impact the effectiveness of a Google search that targets a vendor-supplied page format You can find that most sites look very similar and that nearly every site has a “powered by” message at the bottom of the main page Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
48.
“Powered by” Tags
Are Common Query Fodder for Finding Web Applications Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
49.
Locating Targets Via
Source Code A hacker might use the source code of a p g g program to discover ways to y search for that software with Google To find the best search string to locate p g potentially vulnerable targets, y y g , you can visit the Web page of the software vendor to find the source code of the offending software In cases where source code is not available, an attacker might opt to available simply download the offending software and run it on a machine he controls to get ideas for potential searches Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
50.
Vulnerable Web Application
Examples Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
51.
Vulnerable Web Application
Examples ( p (cont’d)) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
52.
Locating Targets Via
CGI Scanning One of the oldest and most familiar techniques for locating vulnerable Web servers is through the use of a CGI scanner These programs parse a list of known “bad” or vulnerable Web files and attempt to locate those files on a Web server Based on various response codes, the scanner could detect the presence of these potentially vulnerable f l l bl files A CGI scanner can list vulnerable files and directories in a data file, such as: Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
53.
A Single CGI
Scan-Style Query Example: search for inurl:/cgi-bin/userreg.cgi Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
54.
Tracking Down Web
g Servers, Login Portals, and Network Hardware Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
55.
Finding IIS 5.0
Servers Query for “Microsoft-IIS/5.0 server at” Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
56.
Web Server Software
Error g Messages Error messages contain a lot of useful information, but in the context of locating specific servers, you can use portions of various error messages to locate servers running specific software versions f i The best way to find error messages is to figure out what messages the server is capable of generating You could gather these messages by examining the server source code or configuration files or by actually generating the errors on the server yourself The best way to get this information from IIS is by examining the source code of the error pages themselves IIS 5 and 6, by default, display static HTTP/1.1 error messages when the server encounters some sort of problem These error pages are stored b d f l i the %SYSTEMROOT%h l ii H l Th d by default in h %SYSTEMROOT%helpiisHelpcommon directory Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
57.
Web Server Software
Error Messages ( (cont’d) ) A query such as intitle:”The page cannot be found” “please following” “Internet * Services” can be used to search for IIS servers that present a p 400 error Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
58.
IIS HTTP/1.1 Error
Page Titles Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
59.
IIS HTTP/1.1 Error
Page Titles (cont d) (cont’d) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
60.
“Object Not Found”
Error Message Used to Find IIS 5.0 5 Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
61.
Apache Web Server
Apache Web servers can also be located by focusing on server-generated error messages Some generic searches such as “Apache/1.3.27 Server at” -intitle:index.of intitle:inf” or “Apache/1.3.27 Server at” -intitle:index.of intitle:error Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
62.
Apache 2.0 Error
Pages Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
63.
Application Software Error
Messages Although this ASP message is fairly benign, some ASP benign error messages are much more revealing Consider the query “ASP.NET_SessionId”“data source=”, which locates unique strings found in ASP.NET application state dumps Error These dumps reveal all sorts of information about the running application and the Web server that hosts that app cat o application An advanced attacker can use encrypted password data and variable information in these stack traces to subvert the security of the application and perhaps the Web h f h l d h h b server itself Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
64.
ASP Dumps Provide
Dangerous Details Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
65.
Many Errors Reveal
Pathnames and Filenames Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
66.
CGI Environment Listings
Reveal Lots of Information Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
67.
Default Pages
Another way to locate specific types of servers or Web software i t search f d f lt W b pages ft is to h for default Web Most Web software, including the Web server software itself, ships with one or more default or test pages These pages can make it easy for a site administrator to test the installation of a Web server or application Google crawls a Web server while it is in its earliest stages of installation, still displaying a set of default pages In these cases there is generally a short window of time between the moment when Google crawls the site and when the intended content is actually placed on the server Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
68.
A Typical Apache
Default Web Page Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
69.
Locating Default Installations
of IIS 4.0 on Windows NT 4.0/OP / Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
70.
Default Pages Query
for Web Server Many different types of Web server can be located by querying for default pages as well Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
71.
Outlook Web Access
Default Portal Query allinurl:”exchange/logon.asp” Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
72.
Searching for Passwords
Password data, one of the “Holy Grails” during a penetration test, should be p protected Unfortunately, many examples of Google queries can be used to locate passwords on the Web Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
73.
Windows Registry Entries
Can Reveal Passwords Query like filetype:reg intext: “internet account manager” could reveal interesting keys containing password data Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
74.
Usernames, Cleartext Passwords,
and Hostnames! Search for password information intext:(password | information, passcode | pass) intext:(username | userid | user), combines common words for passwords and user IDs into one query Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
75.
Google Hacking Tools
l ki l Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
76.
News
Source: http://www.computerworld.com/ Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
77.
Google Hacking Database
(GHDB) The Google Hacking Database (GHDB) contains queries that identify sensitive data such as portal logon p g , logs with network security p g pages, g y information, and so on Visit http://johnny.ihackstuff.com Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
78.
Google Hacking Database
(GHDB) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
79.
SiteDigger Tool
SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information and interesting security nuggets issues information, on websites Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
80.
Gooscan
johnny.ihackstuff.com Gooscan is a tool that automates queries against Google search appliances But it can be run against Google itself in direct violation of their Terms of Service For the security professional, gooscan serves as a front end for an external server assessment and aids in the information-gathering phase of a vulnerability assessment For the web server administrator, gooscan helps discover what the web community may already know about a site thanks to Google's search appliance Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
81.
Goolink Scanner
It removes the cache information from your searches and only collects and displays the links This is very handy for finding vulnerable sites wide open to google and googlebots Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
82.
Goolag Scanner
Goolag Scanner enables everyone to audit his/her own web site via Google It uses one xml-based configuration file for its settings Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
83.
Tool: Google Hacks
code.google.com/p/googlehacks/ code google com/p/googlehacks/ Google Hacks is a compilation of carefully crafted Google l k i il i f f ll f d l searches that expose novel functionality from Google's search and map services You can use it to view a timeline of your search results, view a map, search for music, search for books, and perform many other specific kinds of searches You can also use this program to use google as a proxy Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
84.
Google Hacks: Screenshot
Google Hacks Input Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
85.
Google Hacks: Screenshot
Google Hacks Output Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
86.
Google Hack Honeypot
Google Hack Honeypot is the reaction to a new type of malicious web traffic: search engine hackers It is designed to provide reconnaissance against attackers that use search engines as a hacking tool against resources Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
87.
Google Hack Honeypot:
Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
88.
Tool: Google Protocol
Google Protocol is a little app that when installed, registers two extra protocols similar to the http: and the ftp: protocols under windows, namely google: and lucky: Urls starting with the ‘google:’ refer to the corresponding google search Urls starting with the ‘lucky:’ refer to the top Google result l Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
89.
Google Cartography
Google Cartography uses the Google API to find web pages referring to street names Initial street and region criteria are combined to form a search query, which is then executed by the Google API Each URL from the Google results is fetched and the content of the pages converted into text The text is then processed using regular expressions designed to capture information relating to the relationship between streets Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
90.
Google Cartography: Screenshot
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
91.
Summary
In this module, Google hacking techniques have been reviewed The following Google hacking techniques have been discussed: • Software Error Messages • Default pages p g • Explanation of techniques to reveal password • Locating targets • Searching for passwords Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
92.
Copyright © by
EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
93.
Copyright © by
EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Descargar ahora