Google Hacking , also called Google dorking , is a computer hacking technique that uses Google Search and other Google apps to find security holes in the configuration and computer code that websites use.
Video Google hacking
Basics
The Google Hack involves the use of advanced operators in the Google search engine to find specific text strings in the search results. A few more popular examples are finding specific versions of vulnerable Web applications. The following search query will find all web pages that have certain text contained therein. It is normal for app installations by default to include their running versions on every page they serve, for example, "Powered by XOOPS 2.2.3 Final"
intitle: admbook intitle: Fversion filetype: php
You can even retrieve a list of usernames and passwords from the Microsoft FrontPage server by entering them into the Google search field:
"# - Frontpage-" inurl: administrator.pwd or filetype: login log inurl password
The device connected to the Internet can be found. Search strings like inurl: "ViewerFrame? Mode ="
will find a public web camera.
Another useful search is to follow intitle: index.of
[1] followed by search keywords. It can provide a list of files on the server. For example, intitle: index.of mp3
will provide all the MP3 files available on various servers.
Maps Google hacking
Advanced operator
There are many similar sophisticated operators that can be used to exploit unsafe websites:
"Links:" search operators once used by Google, have now shut down (2017).
Google Hacking History
The concept of "Google Hacking" dates back to 2002, when Johnny Long started collecting interesting Google search questions that found vulnerable systems and/or disclosure of sensitive information - their labels googleDorks .
The googleDorks list grew into a large dictionary of questions, finally organized into Google Hacking Database (GHDB) in 2004. This Google hacking technique is the focus of a book released by Johnny Long in 2005, called Google Hacking for Penetration Tester , Volume 1 .
Since its heyday, the concept explored in Google Hacking has been expanded to other search engines, such as Bing and Shodan. Automated attack tools use custom search dictionaries to find vulnerable systems and disclosure of sensitive information in public systems that have been indexed by search engines.
For a full visual timeline, breaking down major events and developments in Google Hack from 2002 to Now, see Google's Hacking History by Bishop Fox .
References
External links
- Google Hacking Hacking Project - Bishop Fox - a dedicated research and development initiative to investigate the latest techniques that leverage search engines (like Google, Bing, and Shodan) to quickly identify vulnerable systems and sensitive data on public networks. A free attack and defense toolbox associated with search engine hacking is available for download.
- Google Hacking Database (GHDB) - REBORN - 09Nov2010 - Exploit-db.com people take efforts to maintain and add to the original GHDB created by Johnny Long.
- "Google Hacking:.pdf Document", boris-koch.de (can be printed,.pdf)
- "Google Hacking:.pdf Document", boris-koch.de (can be printed,.pdf)
- "Google Help: Cheat Sheet", Google (printable)
- Google Hacking for Penetration - Using Google as a Security Test Tool, Introduction by Johnny Long
- Google Dorking - Extraction of information from Google Dorking usage.
Source of the article : Wikipedia