How to hack Google 😱

 

What Is A Google Hack?

Google hacking, additionally referred to as Google dorking, is a data collecting method used by an aggressor making use of advanced Google searching approaches. Google hacking search queries can be used to perceive security flaws in net programs, gather facts for self-assertive or singular objectives, find out error messages revealing touchy statistics, and discover documents containing certifications and other sensitive facts.

An assailant's high level hunt string might be seeking out a susceptible version of a web utility, or a selected record kind (.Pwd,.Sq....) to in addition slim the inquiry. The inquiry can also be limited to pages on a specific webpage, or it can look for express statistics across all websites, returning a list of destinations that include the information.

For instance, the following search query will list SQL files (filetype:sql) available that have been indexed by Google on websites where directory listing is enabled (intitle:"index of").

intitle:"index of" filetype:sql

Similarly, the following search query will list publicly accessible phpMyAdmin installations.

"phpMyAdmin" "running on" inurl:"main.php"

Logical operators and symbols in Google Search

Attackers can take advantage of Google search logical operators such as AND, NOT and OR (case sensitive) as well as operators such as ~, – and *. The following table provides additional information on these operators.

Logical Operator	Description	Examples
AND or +	Used to include keywords. All the keywords need to be found.	web AND application AND security web +application +security
NOT or –	Used to exclude keywords. All the keywords need to be found.	web application NOT security web application –security
OR or |	Used to include keywords where either one keyword or another is matched. All the keywords need to be found.	web application OR security web application |security
Tilde (~)	Used to include synonyms and similar words.	web application ~security
Double quote (“)	Used to include exact matches.	“web application security”
Period (.)	Used to include single-character wildcards.	.eb application security
Asterisk (*)	Used to include single-word wildcards.	web * security
Parenthesis (())	Used to group queries	(“web security” | websecurity)

Advanced search operators

The advanced Google operators assist the user in refining search results further. The syntax of advanced operators is as follows.

operator:search_string_text

The syntax consists of three parts, the operator, the colon (:) and the desired keyword to be searched. Spaces may be inserted by using double quotes (“).

Google search identifies the above pattern and restricts the search using the information provided. For instance, using the previously mentioned search query, intitle:"index of" filetype:sql, Google will search for the string index of in the title (this is the default title used by Apache HTTP Server for directory listings) of a website and will restrict the search to SQL files that have been indexed by Google.

The table below lists some advanced operators that can be used to find vulnerable websites. For more search operators see Google’s Advanced Search page.

Advanced Operator	Description	Examples
site:	Limit the search query to a specific domain or web site.	site:example.com
filetype:	Limit the search to text found in a specific file type	mysqldump filetype:sql
link:	Search for pages that link to the requested URL	link:www.example.com
cache:	Search and display a version of a web page as it was shown when Google crawled it.	cache:example.com
intitle:	Search for a string text within the title of a page.	intitle:”index of”
inurl:	Search for a string within a URL	inurl:passwords.txt

Preventing Google Hacking Attacks

Google Hacking is nothing more than a reconnaissance method for attackers to discover potential vulnerabilities and misconfigurations. Therefore, testing websites and web applications for vulnerabilities and misconfigurations and then proceeding to fix them, not only removes the enumeration risk, but also prevents exploitation.

Naturally, routine manual testing of vulnerabilities that can be picked up by a Google search is lame and very time consuming. On the other hand, this is the sort of task at which a comprehensive automated web vulnerability scanner excels at.

The following is an example of a Google Hacking query that would find exposed PHPinfo files.

"PHP Credits" "Configuration" "PHP Core" filetype:php inurl:info

Scanning a website with an exposed PHPinfo file would be identified as follows in Acunetix.

Ideally such files are removed, however, if these pages are absolutely required, you should restrict access to these pages by for example, making use of HTTP Authentication.

The Google Hacking Database

A SQL infusion on any platform can be done in 0.2 Google seconds using Google. Dorks, or google dorks, are unusually formed terms sent to Google as a contribution. These dorks can be utilized to uncover weak servers on the Internet, to assemble touchy information, weak records that are transferred, sub-areas, etc. Viable use of Google Hacking can make the pentest interaction significantly simpler.

Classification Descriptions

• Tractions

Questions that can help an aggressor acquire a traction into a web server.

• Web Server Detection

Google’s wonderful capacity to profile web workers.

• Delicate Directories

Assortment of sites sharing delicate directories.

• Files Containing Username

Documents contain usernames, yet no passwords.

• Touchy Data

Documents Containing for example passwords, usernames, reinforcements, touchy data, config files.

• SQL infusion

Weaknesses to sidestep application safety efforts.

• Weak Files

Weak documents that Google can discover on websites.

• Files Containing Passwords

Records contain passwords.

• Weak Servers

Searches uncover workers with explicit vulnerabilities.

• Pages Containing Login Portals

Login pages for different administrations, front entryway of a sites with more delicate capacities.

• Blunder Messages

Verbose blunder messages that incorporate for example username, secret key…

• Advisories and Vulnerabilities

Searches find weak workers, different security warning posts, and as a rule are item or rendition explicit.

• Organization or Vulnerability Data

Contain such things as firewall, honeypot, IDS logs, network data…

• Files Containing Juicy Info

No usernames or passwords, however intriguing stuff none the less.

• Different Online Devices

Contains things like printers, camcorders, and a wide range of cool things.

• Sensitive Online Shopping Info

Inquiries that can uncover web based shopping infomation like client information, providers, orders, charge card data…

‍

Google Search Logical Administrators and Symbols

Assailants can use Google search consistent administrators, such as AND, NOT, or potentially (case sensitive), just as administrators, such as, –, and *. More information on these managers can be found in the list that follows.

1. AND or  +

Depiction: Used to incorporate watchwords. Every one of the catchphrases should be found.

Model: web AND application AND security, web +application +security

2. NOT or –

Depiction: Used to bar catchphrases. Every one of the catchphrases should be found.

Models: web application NOT security, web application – security

3. OR or |

Portrayal: Used to incorporate catchphrases where it is possible that some watchword is coordinated. Every one of the watchwords should be found.

Models: web application OR security, web application |security

4. Tilde (~)

Depiction: Used to incorporate equivalents and comparative words.

Models: web application ~security

5. Double quotation (")

Depiction: Used to incorporate definite matches.

Models: "web application security"

6. Period (.)

Portrayal: Used to incorporate single-character trump cards.

Models: .eb application security

7. Asterik (*)

Depiction: Used to incorporate single-word special cases.

Models: web * security

8. Bracket (())

Depiction: Used to bunch questions

Models: ("web security" | websecurity)

‍

Identifying Google Dorks Operators

High-level Google administrators assist the customer in further optimizing indexed lists. The following is the language framework of cutting-edge administrators.

The administrator, the colon (:), and the perfect catch to be looked at are the three parts of the linguistic structure. The use of twofold statements can be used to embed spaces (").

The pattern mentioned above is recognized by Google, which narrows the search based on the information given. For example, Google will look for the string file of in a site's title (this is the default title used by Apache HTTP Server for catalog postings) and restrict the search to SQL documents listed by Google using the recently cited inquiry query intitle:"index of" filetype:sql.

Let's start by looking at the incredible Google search managers who are responsible for those strong Google hack search words.

intitle – Specifying intitle, will advise google to show just those pages that have the term in their html title. For instance intitle:"login page" will show those pages which have the expression "login page" in the title text. 
allintitle – Similar to intitle, however searches for every one of the predetermined terms in the title. 
inurl – Searches for the predefined term in the url. – For instance inurl:"login.php" or inurl:login.jsp intitle:login.
allinurl – Same as inurl, yet looks for all terms in the url.
filetype – Searches for explicit record types. filetype:pdf will searches for pdf records in sites. Also filetype:txt searches for records with expansion .txt – For instance "delicate however unclassified" filetype:pdf
ext – Similar to filetype. ext:pdf finds pdf expansion documents.
intext – Searches the substance of the page. Fairly like a plain google search. For instance intext:"index of/" or Host=*.* intext:enc_UserPassword=* ext:pcf
allintext – Similar to intext, however looks for all terms to be available in the content.
site – Limits the pursuit to a particular site as it were. – For instance site:example.com

In the event that a programmer wishes to look by a field other than the URL, the accompanying can be successfully subbed:

• intitle:
• inurl:
• intext:
• characterize:
• site:
• phonebook:
• maps:
• book:
• froogle:
• information:
• film:
• climate:
• related:
• connect:

These alternatives will assist a programmer with revealing data about a site that isn't promptly obvious without a Google Dork. These choices additionally offer approaches to examine the web to found hard to track down content.

‍

How to prevent Google hacker attacks

Sadly, because confidential data is publicly available on the Internet and thus accessible via a web index, an expert data digger would almost inevitably get their hands on it, since Google Hacking is essentially a surveillance technique used by attackers to detect expected vulnerabilities and misconfigurations. In any case, there are a few precautions that can be taken to avoid web index-related incidents. Avoidance includes making certain that a web search tool does not collect sensitive data. A feasible Web Application Firewall should include a highly configurable feature, such as the ability to associate client specialist IP addresses from web indexes or a variety of web search tools with designs on solicitations and responses that trace sensitive data, for instance, non-public organizer names like "/and so on" and designs that resemble Visa numbers, and then obstructing answers if there is a risk of spillage. Johnny's I Hack Stuff assets even have several examples of documents.

The discovery of sensitive information appearing in a web search incorporates checking Google on a regular basis to see if data has been spilled. Accessible devices based solely on that endeavor, for example, GooScan and the Goolag Scanner, can be found on the Internet.

Things to note

Hacking of the Google web search tool or other Google items is not referred to as "Google hacking." Google, on the other hand, welcomes white-hat programmers and provides bounties if you can boost the security of their web applications by hacking them.

Since it affects all web crawlers, Google hacking can really be referred to as search engine hacking. Explicit requests for other web search tools can, of course, be exceptional.

Conclusion

Google Hacking isn't just a fantastic way to find and view website pages without being presented to the targeted frameworks, but it's also a legitimate method of revealing data in a typical Information Gathering period of an assault. It is an unquestionable requirement for most Information Security assessments and can yield extraordinary results when executed properly. Many questions are openly partaken in the GHDB for anyone to find and analyze, while explicit, customized tests against destinations can be made using advanced administrators.