How to use Google like a pro using Google Dorking
We know how Iranian Hackers were able to glean information from Google about the dams in US cities in order to infiltrate and flood the cities. The hackers used a method know as Google Dorking which has been used ever since Google was launched.
It is well know that the Internet is a reservoir of vast information but it is out there in split format. Google Dorking enables user to stitch their queries together in a long query and get hitherto unknown information from Google. Through this article we take the proficiency of Google as a hacking tool.
If you have a PC/laptop, it is guaranteed that you have used While we perform relatively simple search queries, what most of don't realize that Google can be used for far better advanced search. In fact, if used properly, Google can reveal sensitive information that can be used to perform a successful attack. This can be accomplished by using the advanced operator features of Google. The basic syntax for using advanced operator in Google is as follows.
Operator_name:keyword
The syntax show above is Google advanced operator followed by a colon, which is again followed by the keyboard without any space in the string. Using such a query in Google is called Dorking and the string are called Google Dorks a.k.a Google hacks. Dorks come in two forms vis-a-vis Simple dorks and complex dorks.
The above syntax uses a single command so it is called as simple dork whereas using multiple advanced operators put together in a single search string is called as advanced dork. Each keyboard/advanced operator has a special meaning to the Google engine. It helps you filter out the unwanted results and narrows your search by a great margin when these dorks are used. Let's take few example of simple dorks.
Simple Google Dorks:
Allintext | Search for occurrences of all the keyboards given
Intext | Search of the occurrences of keyboards all at once or one at a time
A single query can be used to get a particular result. But many single queries can be put into one bigger query and using higher degree of filtration we can get almost any information from a particular website.
The same can be analogous to other advanced operators. So what we find out using Google?
- Admin login pages
- Username and passwords
- Vulnerable entities
- sensitive documents
- Gov/military data
- E-mail lists
- Bank account details and lots more
This is an example of example query. Next, let's see some juicy stuff, which comes in handy hue to the efficiency of Google crawlers.
Dork:
inurl:group_concat(username, filetype:php intex:admin)
In the above screenshot, we were able to tap in to some of the SQL injection results done by somebody else on the sites.
By now, I'm sure; you would have got an idea as to how dangerous a tool Google can be. The usernames and passwords got from here can be used to strengthen our dictionary attacks by adding these used passwords to the list we already have. This can also be used in user profiling which seems to be in demand in the underground market. The above queries where just simple dorks which gave out sensitive information. Another dork can be used to glean emails ids from Google.
