Disclaimer : Each and every post and the content of this blog is meant for educational purpose ONLY. The posts are written to gain knowledge. Any illegal act such as hacking, phishing, etc., committed by any one after reading the posts; will NOT be the responsibility of the owner as well as any one related directly or indirectly to this website. It will be the sole responsibility of the person who carries out the act.

Google Hacking is a term that encapsulates a wide range of techniques for querying Google to reveal vulnerable Web applications & sometimes to pinpoint vulnerabilities within specific web applications. Besides revealing flaws in web applications, Google Hacking allows you to find sensitive data, useful for the “reconnaissance” stage of an attack, such as emails associated with a site, database dumps or other files with usernames & passwords, unprotected directories with sensitive files, URLs to login portals, different types of system logs such as firewall and access logs, unprotected pages that contain sensitive information such as web-connected printers or cameras with data about their usage status, location and so on.

Advanced operators for querying Google

Advanced operators allow you to get more specific search results from your queries.

Advanced operators usually take the form of operator:search-term and are directly written in your query string. There should be no space between the operator and the search term & the search term itself cannot contain spaces, or the query will fail. To use spaces, we would have to surround the phrase with quotation marks.

For example, by querying Google for site:tutorialspoint.com filetype:pdf , we use two advanced operators – the site operator which will limit the results to only those originating from the given website and the filetype operator which will return results limited to a certain file type (in this case, pdf).

Below is table that contains some of the commonly used Google operators and symbols for Google hacking:

Operator Explanation Example(s)
intitle: Searches in the title of the pages (the ‘title’ HTML element that is located in the ‘head’ element of the page’s markup). intitle:admin

intitle:index.of inurl:hits

intitle:index.of inurl:wp-content

intitle:index.of inurl:wp-content/uploads

inurl: Searches with the URL of the crawled web pages. inurl:wp-content/uploads filetype:sql

inurl:ssh intitle:index.of authorized_keys

intext: Searches within the text of the web pages (the text possibly seen by regular users browsing the web pages). intext:”powered by webcamXP 5″

intext:”Powered by net2ftp”

inurl:ftp

inurl:”server-status”

intext:”Apache Server Status”

allintext:/allinurl:/allintitle: All 3 operators work similarly to the ones mentionaed above except they do not work with other operators & look for all words after them in the text/url/title of the web page. allintext:”Please login to continue…” “ZTE Corporation. All rights reserved.”

allintitle:Welcome to Windows XP Server Internet Services.

filetype: Limits the results to web resources matching the desired file type (not always correct). filetype:xls

intext:email

intext:password

site: Limits the results to web resources within a given website. filetype:xls site:apple.com

intitle:”index.of” site:mit.edu

info: Shows additional links/actions which can be followed such as showing Google’s cache of the website, visiting similar pages, viewing pages which link to the given page and so on. info:apple.com
cache: Gets the cache that Google has for the given web page. cache:sitepoint.com/javascript/
Excludes the term/ operator from the results. inurl:citrix

inurl:login.asp – site:citrix.com

“search-term” Adding the phrase in quotation marks returns only results that are an exact match to what is sought for. inurl:”server-status”

intext:”Apache Server Status”

* A wildcard for any unknown/arbitrary words. It is not used for completing a word like foot* but pinpoints that any word could be at that search position. a * saved is a * earned.
+ The phrase that follows the + modifier must exist within the results. It can be used to include an overly common word which Google typically neglects in queries. “Machine Gun”+uzi
. A single character wildcard, any single character can be in that place. inurl:.ssh

intitle:index.of authorized_keys

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s