Google Hacking - The Basics

8/14/2019 Google Hacking - The Basics

1/32

Google Hacking - The Basics

Maniac


2/32

Hacking - The Basics

What exactly is Google Hacking?

Google Hacking involves using the Google search engine to identifyvulnerabilities in websites.


3/32


Ok, so you use Google to nd all of this stuff, but how do you?

Google supports a multitude of operators and modiers that add a ton ofpower to google searching.


4/32


Mmmmmm....operators and modiers! I want them!


5/32


cache:

Syntax: cache:URL [highlight]

The cache operator will search through googles cache and return theresults based on those documents. You can alternatively tell cache tohighlight a word or phrase by adding it after the operator and URL.


6/32


link:

Syntax: link:URL

Sites that have a hyperlink to the URL specied will be returned in thesearch results.


7/32


related:

Syntax: related:URL

The related operator will return results that are similar to the page that wasspecied.


8/32


info:

Syntax: info:URL

This tag will give you the information that Google has on the given URL.


9/32


site:

Syntax: site:Domain

This modier will restrict results to those sites within the domain given.


10/32


allintitle:

Syntax: allintitle: oper1 [oper2] [oper3] [etc..]

Google will restrict the results to those that have all of the words enteredafter the modier within the title. NOTE: This modier does not play wellwith others.


11/32


intitle:

Syntax: intitle:operator

Google will return only results that match the word or phrase entered afterthe modier within the title of the page.


12/32


allinurl:

Syntax: allinurl: oper1 [oper2] [oper3] [etc...]

This modier is similar to allintitle: in that it will use the rest of the query andlook for all the words or phrases in the URL that was specied. NOTE: Alsolike allintitle:, this modier doesnt play well with others.


13/32


inurl:

Syntax: inurl:operator

Here is the single operator version of allinurl:. Will return anything that hasthe operator in the URL.


14/32


allintext:

Syntax: allintext: oper1 [oper2] [oper3] [etc...]

Just like not using any operators....


15/32


intext:

Syntax: intext:operator

Ok, ok, Ill let you guess on this one.


16/32


Are you done yet? That seemed like a lot, and what the hell was with all theapple stuff?

Almost there. Now its time to start mixing and matching these modiersand operators.

The four most commonly used will be intitle:, intext:, inurl:, and letype:

Also note, you can use OR and + and - signs.


17/32


mixing in intext:, inurl:, and intitle: and looking for default drupal sites thathavent been congured yet.

-inurl:drupal.org intext:"Welcome to your new Drupal-powered website."intitle:drupal


18/32


"display printer status" intitle:"Home"


19/32


Whoa! a Xerox printer!


20/32


"#mysql dump" letype:sql 21232f297a57a5a743894a0e4a801fc3

21232f297a57a5a743894a0e4a801fc3 is the MD5sum foradmin


21/32


"Certicate Practice Statement" inurl:(PDF | DOC)

CAs are the formal requests that are made to get a Digital Certicate.


22/32


"Network Vulnerability Assessment Report"


23/32


"Thank you for your order" +receipt letype:pdf


24/32


"robots.txt" + "Disallow:" letype:txt


25/32


26/32


"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"


27/32


"social security number" "phone * * * "address *" "e-mail *" intitle:"curriculumvitae" letype:pdf site:.edu


28/32


ext:vmx vmx


29/32


30/32


letype:xls inurl:"email.xls"


31/32


intitle:"Index of" nances.xls


32/32

Google Hacking - The Basics

Documents

Transcript of Google Hacking - The Basics