
software that’s in use on a target and to locate links and documentation that
might provide useful information for an attack. In addition, if an attacker has an
exploit for a particular piece of software, and that software provides a login
portal, the attacker can use Google queries to locate potential targets.
Some login portals, like the one shown in Figure 8.20, captured with
allinurl:”exchange/logon.asp”, are obviously default pages provided by the software
manufacturer—in this case, Microsoft. Just as an attacker can get an idea of the
potential security of a target by simply looking for default pages, a default login
portal can indicate that the ...