Google Hacking

Google HackingGoogle Hacking Database (GHDB) originally created by Johnny Long of Hackers for Charity.

Using Google, an SQL injection on a random website can be performed within 0.2 Google seconds. Specially crafted words given as input to Google are named as dorks, or google dorks. These dorks can be used to reveal vulnerable servers on the Internet, to gather sensitive data, vulnerable files that are uploaded, sub-domains, and so on. Effective usage of Google Hacking can make the hacking process considerably easier.

Category Descriptions

Footholds
Queries that can help an attacker gain a foothold into a web server.
Web Server Detection
Googles awesome ability to profile web servers.
Sensitive Directories
Collection of web sites sharing sensitive directories.
Files Containing Username
Files contain usernames, but no passwords.
Vulnerable Files
Vulnerable files that Google can find on websites
Files Containing Passwords
Files contain passwords.
Vulnerable Servers
Searches reveal servers with specific vulnerabilities.
Pages Containing Login Portals
Login pages for various services, front door of a websites with more sensitive functions.
Error Messages
Verbose error messages that include e.g. username, password, …
Advisories and Vulnerabilities
Searches locate vulnerable servers, various security advisory posts, and in many cases are product or version-specific.
Network or Vulnerability Data
Contain such things as firewall, honeypot, IDS logs, network information, …
Files Containing Juicy Info
No usernames or passwords, but interesting stuff none the less.
Various Online Devices
Contains things like printers, video cameras, and all sorts of cool things.
Sensitive Online Shopping Info
Queries that can reveal online shopping infomation like customer data, suppliers, orders, credit card info, …

 

Understanding Google Dorks Operators

Lets take a look at the special google search operators that are used to construct those high powered google hack search terms.

intitle – Specifying intitle, will tell google to show only those pages that have the term in their html title. For example intitle:”login page” will show those pages which have the term “login page” in the title text.

allintitle – Similar to intitle, but looks for all the specified terms in the title.

inurl – Searches for the specified term in the url. – For example inurl:”login.php” or inurl:login.jsp intitle:login.

allinurl – Same as inurl, but searches for all terms in the url.

filetype – Searches for specific file types. filetype:pdf will looks for pdf files in websites. Similarly filetype:txt looks for files with extension .txt – For example “sensitive but unclassified” filetype:pdf

ext – Similar to filetype. ext:pdf finds pdf extension files.

intext – Searches the content of the page. Somewhat like a plain google search. For example intext:”index of /” or Host=*.* intext:enc_UserPassword=* ext:pcf

allintext – Similar to intext, but searches for all terms to be present in the text.

site – Limits the search to a specific site only. – For example site:example.com

If a hacker wishes to search by a field other than the URL, the following can be effectively substituted:

  • intitle:
  • inurl:
  • intext:
  • define:
  • site:
  • phonebook:
  • maps:
  • book:
  • froogle:
  • info:
  • movie:
  • weather:
  • related:
  • link:

These options will help a hacker uncover a lot of information about a site that isn’t readily apparent without a Google Dork. These options also offer ways to scan the web to located hard to find content.