The fundamentals of Google Hacking

Rafael Souza (CISOof hackers online club) introduces the fundamentals of Google Hacking

ABSTRACT

Readers, I introduce a little about a very interesting technique that is Google Hacking, is a key to investigate if we are doing a pentest, or protecting our organization or individual item. Google Hacking is the activity of using the site search capabilities, aiming to attack or better protect information of a company. The information available on the company’s web servers are likely to be in the databases of Google.

INTRODUCTION

Explaining… A misconfigured server may expose several business information on Google. It is difficult to get access to files from database sites through Google. We can use as an example, the use of “cache” Google, where it stores older versions of all sites that were once indexed by their robots. This feature allows you to have access to pages that have already been taken from the air, since they already exist in the database of Google.

EVOLUTION OF THOUGHT

Let’s imagine that at some point in the history of an organization’s site, a more sensitive information was available. After a while, the webmaster has been alerted that information removed from the site. However, if the page on the site has already been indexed by Google, it is possible that even having been altered or removed, can still access it using the Google cache feature.  A simple example of what we can find on Google, and you can come back to haunt the person who provided such information online is as follows: type in the search box cpf + curriculum. Certainly will return multiple results with links where we can find full name, address, phone, social security number, identity and some more information from people who publish their data on the internet. Having knowledge of how these data can be used in a malicious way, we can be more aware to publish any information on our internet.

COMMANDS TO USE GOOGLE

 intitle, allintitle

Search content in title (tag title) of the page .

When using the intitle command, it is important to pay attention to the syntax of the search string, since the word that follows soon after the intitle command is regarded as the search string. The “allintitle” breaks this rule, telling Google that all the words that follow are to be found in the title of the page, so this last command is more restrictive.

inurl, allinurl

Find text in a URL. As explained in the intitle operator may seem a relatively simple task using the inurl operator without giving more attention to it. But we must bear in mind that a URL is more complicated than a simple title, and operation of the inurl operator can also be complex.  Just as the intitle operator, inurl operator also has a companion who is allinurl , which works identically and restrictively, showing results only when all the strings were found.

Filetype

Search for a particular type of file. Google search more than just web pages. You can search many different file types, including PDF (Adobe Portable Document Format) and Microsoft Office. The filetype operator can assist you in finding specific types of files . More specifically, we can use this operator to search for pages ending in a particular extension.

Allintext

Finds a string of text within a page. The allintext operator is perhaps the simplest to use as it performs the function of most known search engines like : locate the term in the page text.  Although this operator can be used for broad opinion, is useful when you know that the search string can only be found in the page text. Using allintext operator can also serve as a shortcut to find the string anywhere, except in the title, URL and links.

Site

Directs the research to the content of a particular website. Although technically a part of the URL, the address ( or domain name ) of a server can be better researched with the website operator. The site allows you to search only the pages that are hosted on a particular server or domain.

Link

Searching for links to a given page. Instead of providing a search term, the operator needs a URL link or server name as an argument.

Inanchor

This operator can be regarded as a companion to the link operator, since both seek links. The inanchor operated , however , search the text representation of a link , not the current URL. Inanchor accepts a word or expression as argument, as inanchor:click ou inanchor:oys. This type of search is useful especially when we began to study ways to look for correlations between sites.

Daterange

Search for pages published within a “range” of dates.

You can use this operator to find pages indexed by Google in a given date range. Every time Google crawls a page, the date in your database is changed. If Google finds some dark Web site, you can happen to index it only once and never return to it. If you find that your searches are clogged with these types of dark pages, you can remove them from your search (and more updated results) through the effective use of daterange operator.

Cache

Shows the version of a given page cache. As discussed, Google keeps “snapshots” of pages indexed, and that we can access via the cached link on the search results page. If you want to go straight to the online version of a page cache , without first making a query to Google to get the cached link on the results page, you can simply use the cache operator in a query.

Info

Existing content shows the summary of information from Google. The operator info shows the summary information of a site and provides links to other Google searches that may belong to this site. Informed of this operator parameter must be a valid URL.

HOW TO USE GOOGLE

Searching for files database on government websites:

site:gov.pl

Searching for a specific server

inurl:”powered by” site:test.com

Search search files in email format . MDB

inurl:e-mail filetype:mdb

This research seeks phones available on the intranet found Google

nurl:intranet + intext:”phone”

Conducting research in this way it is possible to identify many of subdomains Oracle

site:oracle.com -site:www.oracle.com

Detecting systems using port 8080

inurl:8080 –intext:8080

Finding VNC

intitle:VNC inurl:5800 intitle:VNC

Finding VNC

intitle:”VNC Viewer for Java”

Finding Active Webcam

“Active Webcam Page” inurl:8080

Finding Apache 1.3.20 :

“Apache/1.3.20 server at” intitle:index.of

Asterisk VOIP Flash Interface

intitle:”Flash Operator Panel” -ext:php -wiki -cms –inurl:as

Possible flaws in web applications :

allinurl:”.php?site=”

➢ allinurl:”.php?do=”

➢ allinurl:”.php?content=”

➢ allinurl:”.php?meio=”

➢ allinurl:”.php?produto=”

➢ allinurl:”.php?cat=”

Readers could continue citing many “google dorks” but I specified the most important, google can help them find the other… It is worth mentioning the importance of this research to test tool is the best search engine today.

CONCLUSION

Google has many features that can be used during a penetration test, and rightfully so is considered the best tool for hackers because it allows access to any type of information you want. Google is the main tool for collecting information from our target. It is the best one to use the public system for information about anything regarding our target: sites, advertisements, partners, social networks, groups, etc.