Google Hacking
Google hacking, most commonly misunderstood words by newbies as making queries on Google search to find out songs and movies. But it is just part of scope that Google hacking covers, experienced hackers will find this article as incomplete though it is stuffed with lot of things.
What is Google hacking:
Google hacking is term given to create and use complex queries on search box to get expected results from Google. But in reality it includes using each and every tool that is provided by Google as hacking weapon. Did I forget to mention Google Hacking is part of Reconnaissance, that means if you have skipped previous posts then it will be harder for you to understand power of Google Hacking. In this section I 'll show you using some of its applications as hacking related tool rest is left to your creativity.
Cached Pages:
I know each and everyone of you have some day used Google in spite of what your favorite search engine is. You must have seen a link to “Cached Similar” pages whenever you run any search query. Cached pages store history pages for its users like you and me. Cached pages is good source of tracking down website activities. Suppose site contains a file whose link is removed from main website, now you want access to that file, cached pages can help you out.
OK now please type “DAYS OF LIFE OF DEVIL” in Google and browse for cached pages, note differences between main site and cached site.
Google Translator:
You might not be knowing but you don't need proxy servers to bypass security because we already have a online proxy tool known as “Google Website Language Convertor”. This is Google’s online tool for converting language of website to your native language(The Language Convertor you can see on this website is nothing but derivative of this tool), the powerful feature of this Google applications is that it can be used as proxy server. When you'll type “Google Website Language Convertor” it'll open for you following link,
Now type URL of website you want select language conversion and press enter, if your page is already in language you want to browse it then select any language from “from” section and select your language in “to” section.
Basic Search Queries:
link:
This query searches for all links that ends to site mentioned after query.
inurl:
This query will search occurrences of word specified in URL 's.
Syntax: inurl:“NRUPEN”
site:
This query is used by combining it with other queries. So we will discus it later.
Intitle:
This query will search occurrences of word specified in title or website.
Syntax: intitle:“NRUPEN”
filetype:
This query will search occurrences of filetype specified.
Syntax: filetype:doc “Google hacking”
Directories And Files Listing:
Apache server by default uses “Index of ” type title to transverse navigation which can be exploited using Google queries to get specific file or folder.
Syntax: intitle:index.of “songs”
Now try to figure out what what above query will do.
Grabbing Banner:
Banner Grabbing is method in Scanning phase which is used for getting type and version of application. Here for now, we will skip it and will open our look for it while discussing scanning phase.
Combining Queries:
Now all above queries mentioned above can be combined to get powerful information from search engine via victim. It can open nearly everything about victim about software, hardware, documents if victim is unprotected against Google Crawlers. Depending upon your skills we leave how to use them combined for purpose but will show you how to combine them.
Try following one by one, one you use them you'll know which combination can be used when,
site:nrupentheking.blogspot.com + inurl:hacking
site:nrupentheking.blogspot.com inurl:hacking
inurl:admin inurl:php
Johnny Long:
Johnny Long maintains a website which keeps a brief database of using Google search queries. Browse for his name and you'll be lead to his website were you can click on Google Hacking Database to learn more than what we discussed here.
Google Hacking Tools:
There are several search quires that you can make using Google but remembering them is not that easy task so we have some ready made tools that do our job for us. Following are some of them,
Site Digger Tool: Uses Google hacking database to give out results from caches and also traces errors.
Gooscan: This tool also uses Google Hacking database and is also able to mark out vulnerabilities.
Google Hacks: It is one the most used Google hacking tools. Have very easy and understandable user interface, can solve all your download needs, must use tool for everyone.
Note: Please be sure we have not covered everything related to Google Hacking. I just gave some brush up so that you can practice them then I 'll cover Advanced Google Hacking, please note that maximum of our Google hacking queries are formed using above search queries so please practice, advanced Google hacking will be covered at last stage of reconnaissance phase. Please don't forget to ask whatever you were unable to understand in this post. Thanks for reading and keep visiting.
THanks For Yewr Feed Back :)
ReplyDelete