Breaking

SPACE FOR ADS

Sunday, 28 May 2017

How to Use google to hack (GoogleDorks) || Search Like a Pro


The concept of "Google Hacking" dates back to 2002, when Johnny Long began to collect interesting Google search queries that uncovered vulnerable systems and/or sensitive information disclosures - labeling them "Google Dorks". some people call it google hacking.

In my opinion A Google dork is an employee who unknowingly exposes sensitive corporate information on the Internet.
As a passive attack method, Google dorking can return usernames and passwords, email lists, sensitive documents, personally identifiable financial information (PIFI) and website vulnerabilities.

That information can be used for any number of illegal activities, including cyberterrorism, industrial espionage,identity theft and cyberstalking.

Earlier this year, a cyberattack by suspected Iranian hackers made headlines when they used a simple technique called Google Dorking to access the computer system that controlled a water dam in New York. Google Dorking is readily available and has been used by hackers for many years to identify vulnerabilities and sensitive information accessible on the Internet.


Google Dorking, however, isn’t as simple as performing a traditional online search. It uses advanced operators in the Google search engine to locate specific information (e.g., version, file name) within search results. The basic syntax for using an advanced operator in Google is Operator_name: keyword.


The use of advanced operators in Google is referred to as “Dorking” and the strings themselves are called “Google Dorks.” Dorks can be as basic as just one string, or they can be a more complex combination of multiple advanced operators in a single search string. Each Dork has a special meaning to the Google search engine that enables hackers and others to filter out unwanted results and significantly narrow down search results. For example, Google Dorks can be used to find administrator login pages, user names and passwords, vulnerabilities, sensitive documents, open ports, email lists, bank account details, and more.

OPERATORS


 Google dorks also has its operators, I will not be able to show all operators but here are the most commonly used Operators.

Lets take a look at the special google search operators that are used to construct those high powered google hack search terms.


intitle

 Specifying intitle, will tell google to show only those pages that have the term in their html title. For example intitle:"login page" will show those pages which have the term "login page" in the title text.


allintitle

Similar to intitle, but looks for all the specified terms in the title.


inurl

Searches for the specified term in the url. For example inurl:"login.php".

allinurl

Same as inurl, but searches for all terms in the url.


filetype
Searches for specific file types. filetype:pdf  will looks for pdf files in websites. Similarly filetype:txt looks for files with extension .txt
 
ext

Similar to filetype. ext:pdf finds pdf extension files.

intext

Searches the content of the page. Somewhat like a plain google search. For example intext:"index of /".
 
allintext


Similar to intext, but searches for all terms to be present in the text.

site
Limits the search to a specific site only. site:cyberhackersz.tk
THE FORMULA OF GOOGLE DORKS

Dorks : They are like search criteria in which a search engine returns results related to your dork.
The process can be a little time consuming, but the outcome will be worth it after learning on how to use dorks.

Basic Formula of dork,

"inurl:."domain"/"dorks" "
So you would normally understand it like this:
"inurl" = input URL
"domain" = your desired domain ex. .gov
"dorks" = your dork of your choice

Here is another example of that
You can use following words instead of inurl :
intitle:
inurl:
intext:
define:
site:
phonebook:
maps:
book:
froogle:
info:
movie:
weather:
related:
link:
All these also help yo find other things then vulnerables.

Anyway now I am going to explain you how to use some for finding vulnerability in websites.

INTITLE:
You can use the intitle to find anything in the title of the website. Which also could be usefull to find downloads or anything else.
intitle: index of mp3
This is an example to download mp3 songs for free.


INURL:
The inurl basicly looks for anything after the : in the site urls.
inurl:index.php?id=
INTEXT:
you can find literally everything using intext, you could even use the inurl dorks whit this.
intext:"Design & Developed By Seawind Solution Pvt.Ltd."
Google will give you all the websites created by IT Masons taht recently has bypass Admin Page Vulnerability in some websites,
to try just choose a target from google and add this to the url /adminpanel/
And fill username and password like the information below :
Username : '=' 'OR'
Password : '=' 'OR'
and you will get the admin panel of the website some example:
http://www.vulnerablewebsite.com/adminpanel/index.php

DEFINE
Google will define this massage and will look for what had this error for example,
define:"sql syntax error"

SITE:
Obvious, when we will use it, google will looks for a site .
site:cyberhackersz.tk
Google will look for any site related with cyberhackersz.

PHONEBOOK:
It will look for the phone number related to me, so use your victims name or yours instead.
phonebook:Mr Ayush Saini

MAPS:
Google will look on google maps for your search.

BOOKS:
Google has an online library store. If you want to find interesting books use this dork.
book:java language
This will look for any book google has indexed whith java language in it.

FROOGLE:
Used for froogle search instead of google.

INFO:
google looks for anything you inputted but only information about string which you have puted next to info: .
info:firefox
Above dork will show you alot off things about firefox like what is firefox etc.

MOVIE:
You can find information about movies on google using this dork.
movie:watch Transformers online

WEATHER:
You can find information about weather on google using this dork.
weather: 01/08/2015 london


RELATED:
This will look for anything related to what you have entered next to related: .
related:hacking
Google responds whith sites about hacking stuffs.

LINK:
This one will works better instead of only looking in search url, it will also look in the site for urls that possibly are vulnerable.
link:index.php?id=
This is very usefull I would say even more then inurl.

Vulnerability Approach :
Once you search website using above dorks, now its time to check whether the website is vulnerable to SQL injection or not, we simply put in a quote " ' " at the end of the url address.
So our site will look like this,
http://www.site.com/index.php?id=123;
i will explain how to proceed advanced sqli in the next tutorial


As far as i researched Google Dorks can help us getting the data of many websites.
These are some Google Dorks which can affect our online business:
site:.com intitle:"Thank You For Your Order" intext:Click Here to Download
site:.com intitle:"Thank You For Your Purchase" intext:Click Here to Download
intitle:Thank you for your Purchase! intext:PLR OR MRR OR Package OR Bonus
inurl:/thankyou.html intitle:Thank you for your order! intext:Click Here to Download



Google dorks are very important, so I advise before you start your exploits against a particular victim the best way is to use google and see what you can find about the victim, and believe me, byt using google, a lot of times I did not even turn on Linux kali, by simple search on google, I found the password of my victim.


As far as i researched the best website for fresh google dorks is the exploit db website https://ww.exploit-db.com

here you will find fresh google dorks and you can also submits yours.

another cool website is http://www.google-dorking.com

you can also mention some websites here

to say that the best way to learn is by teaching, so I'm here to share what I know, and as always

I hope you will make correction where I'm wrong, because it is from mistakes that we learn ..

 

37 comments:

  1. Such a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. Massaggi a Pescara

    ReplyDelete
  2. Thanks for the blog loaded with so many information. Stopping by your blog helped me to get what I was looking for. kt blogger

    ReplyDelete
  3. Great post, and great website. Thanks for the information! pakistani smm panel

    ReplyDelete
  4. Even if you are armed with an abundance of knowledge in SEO, you may still need the services of a professional SEO company. Having strong knowledge of SEO is hardly sufficient in some cases. Zoekmachine optimalisatie

    ReplyDelete
  5. Your personal life must not seep into your work, especially when your marketing efforts start to get distorted in the process. Webdesign

    ReplyDelete
  6. thanks for this usefull article, waiting for this article like this again. general

    ReplyDelete
  7. I read this article. I think You put a lot of effort to create this article. I appreciate your work. acheter des abonnés instagram

    ReplyDelete
  8. exciting life experiences in these beautifully written romantic short stories, haikus and love poems. Make Out Bars volume 1 through 4 is a collection of these fine works for readers to enjoy. Kakashi's best kept secret has just been brought to life!! Jiraiya

    ReplyDelete
  9. Going to graduate school was a positive decision for me. I enjoyed the coursework, the presentations, the fellow students, and the professors. And since my company reimbursed 100% of the tuition, the only cost that I had to pay on my own was for books and supplies. Otherwise, I received a free master’s degree. All that I had to invest was my time. business blogs

    ReplyDelete
  10. They ensure that the site has a unique setting that attracts Internet users. Search engine optimization experts apply the newest analytics service, which has a positive impact on a website. Webdesign Antwerpen

    ReplyDelete
  11. Majority of the SEO players offer onsite optimization with 91% of the SEOs practicing this. Google+ optimization has also a good number of SEOs practicing it as 86% claimed to be offering this service to their clients. For affiliate marketing, only a small percentage (11%) of SEOs are offering this service to their clients. Webdesign

    ReplyDelete
  12. Not all colors work well on the Internet. Generally, selecting a few colors is the best path to take. Your web designer can help you select quality colors that will come together in a design that you will be proud to show off. Webdesignerwebsite.be

    ReplyDelete
  13. Hey there. I discovered your website by way of Google even as searching for a similar matter, your web site came up. It seems to be great. I have bookmarked it in my google bookmarks to come back later. truskin vitamin c-plus super serum

    ReplyDelete
  14. It’s not easy, but i believe you just have to be objective about your self and realize that occasionally when somebody is criticizing they are only giving cost of Cocaine rehab

    ReplyDelete
  15. I can see that you are an expert at your field! I am launching a website soon, and your information will be very useful for me.. Thanks for all your help and wishing you all the success in your business.cyber security consultant

    ReplyDelete
  16. I consider something genuinely interesting about your website so I bookmarked. mindfulness bracelets

    ReplyDelete
  17. stuff and wondering if there is anyway i can subscribe to get more posts from yourself? mindfulness bracelets

    ReplyDelete
  18. SEO provides you opportunity to make your site visible in search engines. There are many SEO packages available in market but you have choose which SEO packages suites your business needs. https://www.seoservicesindelhi.in/

    ReplyDelete
  19. I have read your blog it is very helpful for me. I want to say thanks to you. I have bookmark your site for future updates. google ads tricks

    ReplyDelete
  20. Thank you for taking the time to publish this information very useful! Antonio Vega Quimagro

    ReplyDelete
  21. Google Alternative I might suggest solely beneficial in addition to trusted facts, and so find it:

    ReplyDelete
  22. Succeed! It could be one of the most useful blogs we have ever come across on the subject. Excellent info! I’m also an expert in this topic so I can understand your effort very well. Thanks for the huge help. sim card duplicator

    ReplyDelete
  23. This blog is really great. The information here will surely be of some help to me. Thanks!. google ads accounts

    ReplyDelete
  24. You’ve got some interesting points in this article. I would have never considered any of these if I didn’t come across this. Thanks!. PhD Thesis Writing Service UK

    ReplyDelete
  25. I haven't any word to value this post.....Really i am awed from this post....the individual who make this post it was an extraordinary human..thanks for imparted this to us.
    comment pirater un compte instagram

    ReplyDelete
  26. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... Slice invite code

    ReplyDelete
  27. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. BioHazard Cleanup

    ReplyDelete
  28. Thanks for a wonderful share. Your article has proved your hard work and experience you have got in this field. Brilliant .i love it reading. https://site-7292086-2773-3965.mystrikingly.com

    ReplyDelete
  29. The website is looking bit flashy and it catches the visitors eyes. Design is pretty simple and a good user friendly interface. security company

    ReplyDelete
  30. Best work you have done, this online website is cool with great facts and looks. I have stopped at this blog after viewing the excellent content. I will be back for more qualitative work. cambodia security company

    ReplyDelete
  31. Thank you because you have been willing to share information with us. we will always appreciate all you have done here because I know you are very concerned with our. security company in cambodia

    ReplyDelete
  32. I definitely enjoying every little bit of it. It is a great website and nice share. I want to thank you. Good job! You guys do a great blog, and have some great contents. Keep up the good work. private security company

    ReplyDelete
  33. Love to read it,Waiting For More new Update and I Already Read your Recent Post its Great Thanks. https://penzu.com/p/ce7d37f9

    ReplyDelete
  34. I definitely enjoying every little bit of it. It is a great website and nice share. I want to thank you. Good job! You guys do a great blog, and have some great contents. Keep up the good work. security company phnom penh

    ReplyDelete
  35. Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! khmer security company

    ReplyDelete
  36. To buy google play developer account is to take a significant step toward establishing your presence in the digital marketplace. With this account, you gain access to a host of features designed to enhance your app's visibility and performance. Google Play offers developers a range of tools for optimizing app listings, analyzing user behavior, and improving app quality, all of which are crucial for driving user acquisition and retention. Moreover, the account allows you to monetize your apps through various methods, including in-app purchases, subscriptions, and ads, providing a steady revenue stream. The ability to continuously improve and profit from your apps makes the Google Play Developer account an invaluable asset.

    ReplyDelete