Here’s How You Can Use Google For Hacking
Well, we have shared many Google search tricks and tips like how to use Google to find the key file of any software, or how to use Google to get direct download links to movies. Do you know, government cyber spies and hackers also use Google search engine to get some useful information?
Cyber spies and hackers use Google search, but they are the little bit more advanced compared to the regular user. National Security Agency released an eBook in the year 2013, in which they discussed some methods to search for information on the web.
The eBook was named Untangling the Web: A Guide to Internet Research, this ebook consists 643 pages of useful advice regarding how to properly use the Internet archive, search engines, public websites, etc. The book also has an important part which named as “Google Hacking.”
The book describes Google hacking as “Google hacking” involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.”
Thanks to Google’s spiders which let Google index all the parts of any website if a ‘door’ is open. Google spiders can only be restricted using Robot.txt file. If webmaster fails to configure the Robot.txt file correctly then the situation can be worsened like a couple of years ago Google started indexing files like Word, PDF, Excel, Access, etc.
However, most of the time organizations didn’t protect their sensitive data and files. Thus, useful information started to appear in Google’s search results. You can get your hands on pieces of information using Google hacking: This data usually falls under these categories:
- User ID, computer account logins, passwords
- Private, or proprietary company data
- Personal and financial info
- Sensitive government information
- Flaws in websites and servers
These Google hacking methods will be excellent if you want to discover sensitive information. Here are some of the most common ones.
Search Using File Types:
We already mentioned earlier that many organization saved their financial data in Microsoft Excel format. So, you need to search for the file types in Microsoft Excel format
[filetype:xls site:za confidential]
Filetype: you can search for different file types like Excel, Word or Powerpoint
Site: here you need to enter the name of a company or the URL of the enterprise and don’t forget to include stock words and phrases like do not distribute, proprietary, etc. at the end.
Looking for Login Information
If you need to search for login credentials, then let me tell you that foreign sites usually use these terms in English. So, search for a spreadsheet file might look like:
[filetype:xls site:ru login]
Looking for Passwords:
Well, sometimes Google shows such directories in the search results that are not intended to be on the web. These misconfigured web servers provide some comprehensive set of information. You can use this format to exploit this error:
[intitle:”index of’ site:za password]
Numrange Searches:
NSA describes Numrange searches as one of the “scariest searches available through Google.” This numrange search uses two numbers which are separated by two dots and no spaces in between. For example:
[site:www.thisismydadsbank.com 617..780]
You need to read Google hacking chapter in NSA’s eBook to get the detailed information regarding this searches.
Bypass the Registration process:
We often deal with some websites which ask us to register to view its contents. So, you can use Google Hacking trick to bypass the registration process. Try these queries or something similar in Google search:
[site:www.companyname.com inurl:database][site:www.companyname.com inurl:directory][site:www.companyname.com inurl:index][site:www.companyname.com inurl:companies]
The NSA eBook have some more techniques that can be applied to any search engine. Therefore, grab the eBook from here and learn some more Google Hacking techniques
What do you think about this? Share your views in the comment box below.
EmoticonEmoticon