Google Hacking Techniques

 

Google Hacking Techniques

There are quite a number of methods of getting different types of information using specific keywords:

1. Use keywords, file type and site type – Since there are different types of file formats, if you want to get information in a document, you could combine the Specific keywords (budget, revenue), the file type (csv, xlsx) with the site type. Here is an example: [file type: csv site:za budget] . Make sure to write it in the order to get your results.
2. Inserting multiple words or phrases – In some instances, instead inserting just one keyword in your search time, you could try a combination that confers more specificity. For instance, instead of just confidential, you can write not to be shared, not to be made public. This gives your query an edge.
3. Searching for documents with login info – In this case, you just need to follow the procedures mentioned above. That is, file type, keywords and site type. The only difference would be that, the keywords would be login information. You will be surprised that even big organizations save these things in English language. This is an example: [file type: PDF site: co login].
4. Wrongly configured web servers – Often times than not, you will find some directories that are not supposed to be on the net on Google.  More than you will get on single pieces of information; directories serve as huge sources of information. To access such you can make your query with these search terms [intitle:”index of’ site:kr password]
5. Numrange searches – This type of searches are known to be very specific. Also, depending on the reason behind the search (and the amount of information you also have access to before the search), it could be scary. In a Numrange, you insert two numbers separated by only two periods (as in dots) and no spaces. This is usually done alongside other keywords to display results that falls between the ranges of numbers in your initial query. For instance, [site: www.pocoapoco.com 123..150]
6. Searching to access contents without registration – Businesses and website applications are known to target lead generation more often. Due to that, you may be limited from accessing some of their contents if you do not register. However, in situations like this, you could enter a Google hack query to bypass these restrictions.  Depending on what is it you are looking for, your search terms could be:

[Site: www.thenameofthecompany.com inurl: database]
[Site: www.thenameofthecompany.com inurl: directory]
[Site: www.thenameofthecompany.com inurl: index]

7. Native language searches – This could be applied to enquiries on localized contents. You are more likely to find the results you are expecting if you conduct your searches in the applicable local language. This is especially more feasible considering the decreased reliance on English language and the openness of the Google intelligence to other languages.

‍

Google Dorking Commands

LOG FILES - Log files are like databases (or more appropriately records).  The existence of log files is a pointer to the ease of getting sensitive information on website. In most instances, some of a website’s sensitive logs can be found in the transfer protocol of these websites. Access to these logs gives access to the version of PHP and backend structure a particular website uses.  The search terms for getting these logs are allintext: username file type (csv, PDF, xlsx): log

SUSCEPTIBLE WEB SERVERS – There are certain web servers that contain loopholes. Some web servers too have been hacked in. You can identify the examples of these websites by entering this search terms inurl: /proc/sef/cwd/

EXPOSED FTP SERVERS – Since File transfer protocols may also contain certain sensitive information and they are not normally meant to be exposed, you could use the Google dork written below to access these transfer protocols.

[Intitle: index of inurl: ftp]

ENV FILES – Some website developers sometimes ignore the best practices and leave the .env files in a place that is publicly accessible. Certain Google Dorks are used to access these files and they often contain very sensitive information about site safety framework

NB: Env files are used to define configurations and variables for web development work spaces.

SSH PRIVATE KEYS – Certain information is shared on the SSH protocol and the keys used in this process are generally not meant to be disclosed. With the help of this Dork, you will be able to find some of these keys that have been filed into an index by Google.

Intitle: index.of id_rsa -id_rsa.pub

EMAIL LISTS – These are unbelievably easy to find with Google dorks. Most spammers use this trick to add unlimited number of Email addresses to their spam list. To access email lists, here is a format of how your dork should appear like

Site: .com filetype: csv inurl: email.csv

LIVE CAMERAS – If you intend to monitor certain areas, Google dorking can help you locate and watch live cameras with no significant IP restrictions. Depending on how creative you can get, there are many Google Dorks that give you access to various live cameras globally including those of the military or the government.  To access IP based Cams, here is the Dork [Inurl: top. Htm inurl: currenttime].  In a situation where you want to access webcam transmitted coverage, here is the dork

[intitle: Webcam XP 5]

MP3, MP4, PDF – If you intend to download any files on the internet without accessing them through a streaming platform or an online library, you could use the Google dorks specified below

[Intitle: index of (filetype)]

WEATHER DORKS – Weather dorks gives you access to any weather measuring device that is connected to the internet from anywhere around the globe. To get this information, here is the search query to enter

[intitle: weatherwing WS2]

ZOOM BOMBS – Zoom bombs are dorks used to disrupt online video meetings inasmuch as URLs are distributed. To do this, here is the search query to enter

[inurl: zoom.us/j and intext: scheduled for]

DATABASE DUMPS – What better way is there to get information if not from wrongly configured databases? Some SQL files have been wrongly dumped on servers and can be accessed through a domain. This leaves these database open to anyone with the right search term.

[Index of database.sql.zip]

WORDPRESS ADMIN LOGIN – With the aid of a Google dork, it is very easy to find an index of word press administrative login pages and even access the login information of those pages.

[Intitle: index of wp-admin]

APACHE 2 – Apache is an example of a server. Just like any other type of vulnerable web server, Apache 2 servers are can also be gotten through the right Google dork.

[Intitle: Apache2 Ubuntu Default Page: It works]

GOVERNMENT DOCUMENTS – These documents – although meant to be restricted from public view – are not very difficult to find with the help of Google dorks. To get these files, here is the dork query to enter

[allintitle: restricted filetype: doc site: gov]

‍

How to Prevent Google Dork Infiltration

1. ENCRYPTION – You could prevent your files from being infiltrated through a Google Dork by encrypting very sensitive information on your web server or your website application.
2. LOOPHOLE ACCESSMENT – Cyber security has also evolved to allow you run Google dork specific loophole scans. On the same note, you can also carry out dork searches targeted at your website and your server.
3. REMOVE SENSITIVE INFORMATION FROM AREA OF EXPOSURE – Just in case you discover the exposure of sensitive information, you can request (through Google Search Console) that Google removes them.
4. IP BASED RESTRICTIONS – You can leverage on IP based limitations to protect some private aspects of your database.  Coupled with this, you could also use password authentication methods for the sole aim of confirmation.
5. ROBOTS. TXT CONFIGURATION – This is a very useful means of protecting hackers from exploiting your private space through any directory in your website that may be indexed by the Google search engine.  To do this, these are the configuration terms you will need to enter to your backend.

User –agent: *

Disallow: /