Gather Information Using Google Hacking

As a part of our chapter on Footprinting and Reconnaissance, this article is to make you aware about how to gather information using Google search. We have seen earlier on how to search google servers that deep to get direct download links. Ever though what was it?

We have been using Google search for a long time but none of us tried to search deep in server. Just we clicked on the website link that google showed to us but instead we can try Google search to modify results according to our needs. These all can be done using Google Dorks - also known as google commands or filters. So, let us start understanding what Google Dorks is and how to use them.

Google Dorks can be used as per our wish:

• For Hacking
• For Normal Uses

It depends on individual how he/she uses this function. Let us start understanding the term and its uses.

Basics

Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results.

Examples

• Some of the more popular examples are finding specific versions of vulnerable Web applications.
• Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode=" will find public web cameras.
• Another useful search is following intitle:index.of followed by a search keyword. This can give a list of files on the servers. For example, intitle:index.of mp3 will give all the MP3 files available on various servers. We have seen this technique to get direct download links of movies, PDFs, songs and more..

History

Everytime the history seems to us. But here, this is not the case. It is the case were a computer expert turned into a hacker.

The concept of "Google Hacking" dates back to 2002, when Johnny Long began to collect interesting Google search queries that uncovered vulnerable systems and/or sensitive information disclosures - labeling them googleDorks.

The list of googleDorks grew into large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004. In short, GHDB is an extended version of Google Dorks.

After the release of GHDB, Johnny Long wrote his own book on Google Hacking popularly known as Google Hacking for Penetration Testers.

Introduction

A misconfigured server may expose several business information on Google. It is difficult to get access to files from database sites through Google. We can use as an example, the use of “cache” Google, where it stores older versions of all sites that were once indexed by their robots. This feature allows you to have access to pages that have already been taken from the air, since they already exist in the database of Google. To read more on Google cache and to know how to use it, click here..

What kind of data can be exploited?

We all know that Google spies on us by keeping a record of what we search or what we do..! Similarly, Google keeps a spy of various servers too. It maintains the information either in its storage server or in its server cache. Hence, many a times, important data of a server gets leaked unknowingly.

You might have heard of performing SQL injection using Google search. Here are many other data that we can obtain from Google using GHDB.

 

Advisories and Vulnerabilities 

These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases are product or version-specific. 

Error Messages

Really retarded error messages that provide us more of the information. When we come to know that a website is not properly configured, we can start searching for the mistake in the site which can be used as a vulnerable part to whole website. Sometimes, error message provide us this kind of information.

Files containing juicy info

No usernames or passwords, but interesting stuff which has same value as usernames and passwords. 

Files containing passwords

Google search can also provide us passwords form its database if we use Dorks correctly.  

Files containing usernames

These files contain usernames, but no passwords...

Footholds

Queries that can help a hacker gain a foothold into a web server

Pages containing login portals

These are login pages for various services. Consider them the front door of a website's more sensitive functions.

Pages containing network or vulnerability data

These pages contain such things as firewall logs, honeypot logs, network information, IDS logs... all sorts of fun stuff!

Sensitive Directories

Google's collection of web sites sharing sensitive directories. The files contained in here will vary from sesitive to top-secret!

Various Online Devices

This category contains things like printers, video cameras, and all sorts of cool things found on the web with Google.

Vulnerable Files

HUNDREDS of vulnerable files that Google can find on websites...

Vulnerable Servers

These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the "Vulnerable Files" section. 

Tools which help to perform Google Hacking

There are two official websites which help us perform google hacking:

• http://www.hackersforcharity.org/
• https://www.exploit-db.com/

Also there is an app available on playstore named "Google Dorks" which can be used to learn basics of GHDB.

There are so many things to learn in GHDB and all of them cannot be mentioned in a single article. Hence, I am looking forward to open a new tab in this blog specially for GHDB. So, keep in touch..!