Using Google, an SQL injection on a random website can be performed within 0.2 Google seconds. Specially crafted words given as input to Google are named as dorks, or google dorks. These dorks can be used to reveal vulnerable servers on the Internet, to gather sensitive data, vulnerable files that are uploaded, sub-domains, and so on. Effective usage of Google Hacking can make the hacking process considerably easier.[wpdatatable id=1]
Queries that can help an attacker gain a foothold into a web server.
|Web Server Detection
Googles awesome ability to profile web servers.
Collection of web sites sharing sensitive directories.
|Files Containing Username
Files contain usernames, but no passwords.
Vulnerable files that Google can find on websites
|Files Containing Passwords
Files contain passwords.
Searches reveal servers with specific vulnerabilities.
|Pages Containing Login Portals
Login pages for various services, front door of a websites with more sensitive functions.
Verbose error messages that include e.g. username, password, …
|Advisories and Vulnerabilities
Searches locate vulnerable servers, various security advisory posts, and in many cases are product or version-specific.
|Network or Vulnerability Data
Contain such things as firewall, honeypot, IDS logs, network information, …
|Files Containing Juicy Info
No usernames or passwords, but interesting stuff none the less.
|Various Online Devices
Contains things like printers, video cameras, and all sorts of cool things.
|Sensitive Online Shopping Info
Queries that can reveal online shopping infomation like customer data, suppliers, orders, credit card info, …
Understanding Google Dorks Operators
Lets take a look at the special google search operators that are used to construct those high powered google hack search terms.
intitle – Specifying intitle, will tell google to show only those pages that have the term in their html title. For example intitle:”login page” will show those pages which have the term “login page” in the title text.
allintitle – Similar to intitle, but looks for all the specified terms in the title.
inurl – Searches for the specified term in the url. – For example inurl:”login.php” or inurl:login.jsp intitle:login.
allinurl – Same as inurl, but searches for all terms in the url.
filetype – Searches for specific file types. filetype:pdf will looks for pdf files in websites. Similarly filetype:txt looks for files with extension .txt – For example “sensitive but unclassified” filetype:pdf
ext – Similar to filetype. ext:pdf finds pdf extension files.
intext – Searches the content of the page. Somewhat like a plain google search. For example intext:”index of /” or Host=*.* intext:enc_UserPassword=* ext:pcf
allintext – Similar to intext, but searches for all terms to be present in the text.
site – Limits the search to a specific site only. – For example site:example.com
If a hacker wishes to search by a field other than the URL, the following can be effectively substituted:
These options will help a hacker uncover a lot of information about a site that isn’t readily apparent without a Google Dork. These options also offer ways to scan the web to located hard to find content.