Although Google Hacking Techniques are against Google Terms of Service and Google Blocks well-known Google Hacking Queries, nothing can stop Hackers from Crawling Websites and Launching Google Queries.
I am going to Explain Some Operators used in Google Hacking.
intitle:
Syntax: intitle:operator
This will return all the pages that have word entered after the intitle (as we used operator here) in the title of the page. If you want to check for multiple keywords in title use allintitle in place of intitle.
allintitle:operator1 operator2....
inurl:
Syntax: inurl:operator
This will return all the pages that have word entered after the inurl in the url of a page. If you want to check for multiple keywords in url use allinurl in place of inurl
allinurl:operator1 operator2 ....
site:
Syntax: site:Domain
This will return all the pages that have certain keywords in that particular site or domain.
link:
Syntax: link:URL
This will list down webpages that have links to the specified webpage.
intext:
Syntax: intext:operator
This will return all the pages that have word entered after the intext in the particular website. If you want to check for multiple keywords in website use allintext in place of intext.
allintext:operator1 operator2 ....
related:
Syntax: related:URL
The “related:” will list web pages that are "similar" to a specified web page. For Example:
“related:www.ethicalhack4u.blogspot.com” will list web pages that are similar to the
ethicalhacking homepage
Note: There can be no space between the "related:" and the web page url.
cache:
Syntax: cache:URL [highlight]
The cache operator will search through google’s cache and return the results based on those documents. You can alternatively tell cache to highlight a word or phrase by adding it after the operator and URL.
info:
Syntax: info:URL
This tag will give you the information that Google has on the given URL.
filetype:
Syntax: filetype:keyword
This will restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.
Looking for Vulnerable Sites or Servers using “inurl:” or “allinurl:”
Using “allinurl:winnt/system32/” will list down all the links to the server which gives you access to those
restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and are able to execute it then you can go ahead in further escalating your privileges over the server and compromise it.
Using “inurl:.bash_history” will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.
Using “inurl:config.txt” will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials. For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file.
Other Queries
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
Using allintitle: "index of /root” will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Using allintitle: "index of /admin” will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Other Queries
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
To Search for Sites Vulnerable to Cross-Sites Scripting (XSS) Attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable to SQL Injection attacks:
Refer to Our Earlier Post: Find Vulnerable Websites Using Google for SQL Injection
Posts
1 comments:
This Site is very essential for me. Because I have got many information from here.Thank You .......... Free online jobs
Post a Comment