VIRTUAL CYBER LABS

GOOGLE HACKING

Dipanshu Parashar
Founder
Google Hacking
Google hacking refers to art of reading complex search engine queries. Google has developed a few
search parameters in order to improve targeted search. But they are abused by hackers to search for
information and websites that are vulnerable to a numerous exploits and vulnerabilities and using which
a hacker may be able to gather some very interesting information, including passwords, and discovering
pages containing login portals, space containing network, advisories, vulnerable software, finding files,
and directories that shouldn’t be visible.
This can be accomplished with Google hacking database (GHDB) also called Database of queries to
identify sensitive data and Google operator can help finding required info by avoiding irrelevant data
and using advanced Google operators, attackers can locate specific string of text, specific version of
vulnerable applications.

Google Hacking Database

Google hacking database is set up by the offensive security people, the ones behind the famous
BackTrack distro. Google hacking database has a list of many Google dorks that could be used to find
usernames, passwords, e-mail list, password hashes, and other important information.

https://www.exploit-db.com/google-hacking-database/
 Google Dork
Queries

Above screen shot shows different categories containing different Google dorks
 HOW A GOOGLE SEARCH WORK
Google has a network of linked computers that work together to provide the user with the best
search results possible.

Different types of computers make up Google Network

• Web servers
GOOGLE USER QUERY GOOGLE WEB SERVER
• Web spiders

• Index servers
DOC SERVERS
INDEX SERVICES
• Doc servers

Google’s web spiders crawl and cache the internet. The crawl is indexed using Google’s
patented Page Rank technology, which determines the importance of each page.

PageRank is a link analysis algorithm and it assigns a numerical weighting to each element of
a hyperlinked set of documents, such as the World Wide Web. In simple words it is a voting
system. The more pages that link to you, the higher rank you receive. PageRank takes the votes
and determine the actual ranking of each page using an advanced proprietary algorithm. When
search results are displayed, the higher ranking pages are displayed at the top of the page.

TITLE

URL

DESCRIPTION

WHEN SEARCHING GOOGLE FOR ANYTHING, GOOGLE GIVES 10 RESULTS IN EVERY PAGE AND IN EVERY 10
RESULTS THERE IS 3 INFORMATION BLUE-> TITLE, GREEN-> URL, BLACK -> DESCRIPTION.
HOW GOOGLE SEARCH IS USED FOR HACKING
Google allows the use of certain operators to help refine searches. The use of
advanced operators is very simple as long as attention is given to the syntax. The
basic format is:

operator:search_term

Some dork queries from Google hacking database

• Search for confidential Excel spreadsheets the company inadvertently posted online
by typing into Google search

filetype:xls site:za confidential

• To find spreadsheets full of passwords in Russia type into Google

filetype:xls site:ru login.

(Even on websites written in non-English languages the terms login, user id and
password are generally written in English)

• Command to exploit misconfigured web servers that list the contents of directories
not intended to be on the web

intitle: "index of" site:kr password

• This dork allows anyone to explore the Images and photos uploaded and saved in
Directories from Nikon DSLRs and Camera

inurl:htm -inurl:html intitle:"index of" NIKON

So these are just very few of the dorks that I mentioned here. GHDB is
so full of dorks which can be used for various other purposes.
Google dork query is a search string that uses advanced search operators to find
information that is not readily available on a website.
Google dork queries are used by IT officers, Security administrators and hackers. Security
administrators use it in order to find vulnerability in their websites or server. Queries can be
used as some sort of security tools but hackers can used them for finding vulnerabilities in a
server or website.

SOME BASIC PARAMETERS:

Some basic parameters are shown in the image below using which desired information can be
retrieved using Google search engine.
Site: find web pages on a specific domain.
Example -> site: alibaba.com
<number1>...<number2> Used to locate specific numbers in your
searches

Example: $50…$100 it will only show results with value 50 and 100 in
it.
link: search webpages having a link to a specific URL
Basic syntax-> link:url
For example -> link:alibaba.com
Filetype: search only within files with specific extensions.
Basic syntax-> Filetype:search_term.extension type
Example-> Filetype: cooking.pdf will show only those results for pdf file related
with cooking.

Example-> filetype: clients.xls will show only those results xls file (excel
document) related with clients.
Inurl: find sites containing search term in the URL of the page

Basic syntax-> Inurl:search_tearm

Example-> Inurl:”alienware dell”
Intitle: find sites containing search term in the title of a page. Used to
find the directory list.

Basic syntax-> Intitle:search term

For example -> intitle:iphone7 price
Info: Info about a page
For example -> info:en.ustc.edu.cn
GOOGLE DORKS FOR FINDING SITES VULNERABLE TO SQL INJECTION

STEP: 1 Open Google and type inurl:php?id=1. Random url with php?id=1 will
appear as a result.
In case a particular country’s websites is to be found so in that case type
inurl:php?id=1 site:uk. Site:uk operator will show results with.uk as extension
only
STEP2: Select a target website for finding vulnerability.

TERGET
WEBSITE

Normal website

Clearly it can be seen that website is vulnerable and using sql injection techniques an attacker
can proceed further and do much more.
 Vulnerable column

Using vulnerable columns an attacker can find database name and can get into
database easily and see or steal information stored there.
 Finding Directory listings
Directory listing: Directory listing is a web server function that displays a
list of all the files when there is not an index file, such as index.php and
default.asp in a specific website directory.

Directory listings Vulnerability: Due to the vulnerability directory may

expose such files that are not normally exposed through links on the web
site.

Basic syntax-> Inurl: _____ Intitle:index of site:_____

For example ->Inurl:music Intitle:index of site:us

Using dork

Inurl:music
Intitle:index of

Site:us
So this is how dorks can be used to get into directory of such websites which
have misconfigured web servers or have directory listing vulnerability
USING DORKS AVAILABLE ON GOOGLE HACKING DATABASE TO GET
NETWORK CCTV CAMERAS

To get unsecured Cameras using GHDB

Step1: Open exploit database ( https://www.exploit-db.com/google-hacking-

database/ ) in browser. Type cctv in search box and press search.
 Dork for cctv in GHDB database

STEP2: Clicking the dork link will take you to next page of GHDB.

Dork for cctv camera

Description about dork

Result after clicking the cctv dork in GHDB

Open first link

Result: After opening the selected link.

So this is how using GHDB is used for getting security camera and
much more can be done using dorks available on GHDB.