Page 1
Dorking & Pentesting�with Tacyt
Chema Alonso @chemaalonso
Page 3
The target is the�“What” not the “Who”
Page 4
The Target is the Code
Page 6
Dorking with apps:�code & metadata
Page 7
1.- Infrastructure
Page 8
Infrastructure Surface
Page 17
3.- Third Party Credentials
Page 20
API Keys & Tokens
Page 21
4.- Bugs to get into
• SQL.asp/php/aspx/… • Query • ldapsearch • exec • sql • command • …
Page 22
(Blind) SQL Injection
Page 23
(Blind) SQL Injection 101
Page 25
(Blind) LDAP Injection 101
Page 26
Surprise me, baby!
Page 27
Questions? • Chema Alonso
– http://twitter.com/chemaalonso – chema@11paths.com – http://www.elladodelmal.com
• Disclaimer: Tacyt Service has been developed by Eleven Paths. All things working well are because of their hard work. All things *may* went bad on this talk were my fault.