Google Hacking Database
Google dork queries are used by IT officers, Security administrators and hackers. Security administrators use it in order to find vulnerability in their websites or server. Queries can be used as some sort of security tools but hackers can used them for finding vulnerabilities in a server or website.
Google hacking refers to art of reading complex search engine queries. Google has developed a few search parameters in order to improve targeted search. But they are abused by hackers to search for information and websites that are vulnerable to a numerous exploits and vulnerabilities and using which a hacker may be able to gather some very interesting information, including passwords, and discovering pages containing login portals, space containing network, advisories, vulnerable software, finding files, and directories that shouldn’t be visible.
This can be accomplished with Google hacking database (GHDB) also called Database of queries to identify sensitive data and Google operator can help finding required info by avoiding irrelevant data and using advanced Google operators, attackers can locate specific string of text, specific version of vulnerable applications.
Google hacking database is set up by the offensive security people, the ones behind the famous BackTrack distro. Google hacking database has a list of many Google dorks that could be used to find usernames, passwords, e-mail list, password hashes, and other important information.
https://www.exploit-db.com/google-hacking-database/
HOW GOOGLE SEARCH IS USED FOR HACKING
Google allows the use of certain operators to help refine searches. The use of advanced operators is very simple as long as attention is given to the syntax. The basic format is:
operator:search_term
Some dork queries from Google hacking database
· Search for confidential Excel spreadsheets the company inadvertently posted online by typing into Google search
filetype:xlssite:zaconfidential
· To find spreadsheets full of passwords in Russia type into Google
filetype:xlssite:ru login.
(Even on websites written in non-English languages the terms login, user id and password are generally written in English)
· Command to exploit misconfigured web servers that list the contents of directories not intended to be on the web
intitle:"index of"site:kr password
· This dork allows anyone to explore the Images and photos uploaded and saved in Directories from Nikon DSLRs and Camera
So these are just very few of the dorks that I mentioned here. GHDB is so full of dorks which can be used for various other purposes.
Google dork queryis a search string that uses advanced search operators to find information that is not readily available on a website.
SOME BASIC PARAMETERS:
Some basic parameters are shown in the image below using which desired information can be retrieved using Google search engine.
Site: find web pages on a specific domain.
Example -> site:alibaba.com
link:search webpages having a link to a specific URL
Basic syntax-> link:url
For example -> link:alibaba.com
Filetype: search only within files with specific extensions.
Basic syntax-> Filetype:search_term.extension type
Example->Filetype:cooking.pdfwill show only those results for pdf file related with cooking.
Finding Directory listings
Directory listing: Directory listing is a web server function that displays a list of all the files when there is not an index file, such as index.php and default.asp in a specific website directory.
Directory listings Vulnerability: Due to the vulnerability directory may expose such files that are not normally exposed through links on the web site.
Basic syntax-> Inurl:_____Intitle:index ofsite:_____
For example ->Inurl:musicIntitle:index ofsite:us
USING DORKS AVAILABLE ON GOOGLE HACKING DATABASE TO GET NETWORK CCTV CAMERAS
To get unsecured Cameras using GHDB
Step1:Open exploit database (https://www.exploit-db.com/google-hacking-database/) in browser. Type cctv in search box and press search.
Here is a sum-up about Google Hacking Database. Thanks
ReplyDeletehttps://www.fcodelabs.com/2019/02/07/Google-Hacking-Database/