Google Hacking
Google hacking, most commonly misunderstood words
by newbies as making queries on Google search to find out songs and movies. But
it is just part of scope that Google hacking covers, experienced hackers will
find this article as incomplete though it is stuffed with lot of things.
What is Google hacking:
Google hacking is term given to create and use
complex queries on search box to get expected results from Google. But in
reality it includes using each and every tool that is provided by Google as
hacking weapon. Did I forget to mention Google Hacking is part of
Reconnaissance, that means if you have skipped previous posts then it will be
harder for you to understand power of Google Hacking. In this section I 'll
show you using some of its applications as hacking related tool rest is left to
your creativity.
Cached Pages:
I know each and everyone of you have some day used
Google in spite of what your favorite search engine is. You must have seen a
link to “Cached Similar” pages whenever you run any search query. Cached pages
store history pages for its users like you and me. Cached pages is good source
of tracking down website activities. Suppose site contains a file whose link is
removed from main website, now you want access to that file, cached pages can help
you out.
OK now please type “DAYS OF LIFE OF DEVIL” in
Google and browse for cached pages, note differences between main site and
cached site.
Google Translator:
You might not be knowing but you don't need proxy
servers to bypass security because we already have a online proxy tool known as
“Google Website Language Convertor”. This is Google’s online tool for
converting language of website to your native language(The Language Convertor you
can see on this website is nothing but derivative of this tool), the powerful
feature of this Google applications is that it can be used as proxy server.
When you'll type “Google Website Language Convertor” it'll open for you
following link,
Now type URL of website you want
select language conversion and press enter, if your page is already in language
you want to browse it then select any language from “from” section and select
your language in “to” section.
Basic Search Queries:
link:
This query searches for all links
that ends to site mentioned after query.
inurl:
This query will search
occurrences of word specified in URL 's.
Syntax: inurl:“NRUPEN”
site:
This query is used by combining
it with other queries. So we will discus it later.
Intitle:
This query will search occurrences
of word specified in title or website.
Syntax: intitle:“NRUPEN”
filetype:
This query will search
occurrences of filetype specified.
Syntax: filetype:doc
“Google hacking”
Directories And Files
Listing:
Apache server by default uses
“Index of ” type title to transverse navigation which can be exploited using
Google queries to get specific file or folder.
Syntax: intitle:index.of
“songs”
Now try to figure out what what
above query will do.
Grabbing Banner:
Banner Grabbing is method in
Scanning phase which is used for getting type and version of application. Here
for now, we will skip it and will open our look for it while discussing
scanning phase.
Combining Queries:
Now all above queries mentioned
above can be combined to get powerful information from search engine via
victim. It can open nearly everything about victim about software, hardware,
documents if victim is unprotected against Google Crawlers. Depending upon your
skills we leave how to use them combined for purpose but will show you how to
combine them.
Try following one by one, one you
use them you'll know which combination can be used when,
site:nrupentheking.blogspot.com +
inurl:hacking
site:nrupentheking.blogspot.com
inurl:hacking
inurl:admin inurl:php
Johnny Long:
Johnny Long maintains a website
which keeps a brief database of using Google search queries. Browse for his
name and you'll be lead to his website were you can click on Google Hacking Database to learn more than what we
discussed here.
Google Hacking Tools:
There are several search quires
that you can make using Google but remembering them is not that easy task so we
have some ready made tools that do our job for us. Following are some of them,
Site Digger Tool: Uses Google
hacking database to give out results from caches and also traces errors.
Gooscan: This tool also
uses Google Hacking database and is also able to mark out vulnerabilities.
Google Hacks: It is one
the most used Google hacking tools. Have very easy and understandable user
interface, can solve all your download needs, must use tool for everyone.
Note: Please
be sure we have not covered everything related to Google Hacking. I just gave
some brush up so that you can practice them then I 'll cover Advanced Google
Hacking, please note that maximum of our Google hacking queries are formed
using above search queries so please practice, advanced Google hacking will be
covered at last stage of reconnaissance phase. Please don't forget to ask
whatever you were unable to understand in this post. Thanks for reading and
keep visiting.
very nice brother
ReplyDeletecurrent affairs
Nice post...
ReplyDeleteWe are providing the best master data services around the world....visit our website for more information....
data management services
master data management in sap
data cleansing tools
Master Data Governance
Data Cleansing Services
data classification tools
Master Data Management Solutions
data transformation service
Material Master Data Management
Master Data Dictionary