nerdexam
GIAC

GPEN · Question #136

GPEN Question #136: Real Exam Question with Answer & Explanation

The correct answer is D. Google. Google can be used as a reconnaissance tool (Google Dorking) to find sensitive files like password files exposed in web server directory indexes using advanced search operators. This technique leverages Google's indexing of publicly accessible files.

Question

You want to retrieve password files (stored in the Web server's index directory) from various Web sites. Which of the following tools can you use to accomplish the task?

Options

  • ANmap
  • BSam spade
  • CWhois
  • DGoogle

Explanation

Google can be used as a reconnaissance tool (Google Dorking) to find sensitive files like password files exposed in web server directory indexes using advanced search operators. This technique leverages Google's indexing of publicly accessible files.

Common mistakes.

  • A. Nmap is a network scanning tool used to discover hosts, open ports, and services on a network, and does not perform web content or file searches across multiple web sites.
  • B. Sam Spade is an OSINT and network utility tool focused on DNS lookups, WHOIS queries, and traceroutes, and is not designed to search web server directory indexes for files.
  • C. Whois is a protocol and tool for querying domain registration and ownership information, and provides no capability to search for or retrieve files from web server directories.

Concept tested. Google Dorking for exposed web server files

Reference. https://www.exploit-db.com/google-hacking-database

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice
You want to retrieve password files (stored in the Web server's... | GPEN Q#136 Answer | NerdExam