{"id":880,"date":"2020-05-09T04:08:47","date_gmt":"2020-05-09T03:08:47","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=880"},"modified":"2020-09-28T18:07:40","modified_gmt":"2020-09-28T17:07:40","slug":"google-dorks-hackings-new-door","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/google-dorks-hackings-new-door\/","title":{"rendered":"Google Dorks – Hacking\u2019s New Door"},"content":{"rendered":"

Summary :<\/strong><\/p>\n

The \u201cGoogle Dorks\u201d is a technique that uses google searches to find security holes and sensitive information that is not readily available on a website. It is one of the most effective technique to find sensitive information of any website. It is also know as passive information gathering technique.<\/p>\n

Google Dorks<\/em><\/strong>\u00a0gives you the information which is difficult to locate through simple search queries. That description includes information that is not intended for public viewing but that has not been adequately protected.<\/p>\n

Google Dorks<\/em><\/strong>\u00a0can return usernames and passwords, email lists, sensitive documents, API keys, personally identifiable information, website vulnerabilities etc. That information can be used for any number of illegal activities like cyber terrorism, identity theft, cyber stalking etc.<\/p>\n

Basics :<\/strong><\/p>\n

Google Dorks\u00a0<\/em><\/strong>uses advanced operators in the Google search engine to locate specific strings of text within search results. Some of the popular examples for finding websites that are vulnerable to SQL injection, XSS, API keys etc. are<\/p>\n

    \n
  1. Dork for SQL Injection\u00a0–<\/strong>\u00a0inurl: .php?id=<\/strong><\/li>\n<\/ol>\n
    \n
    \n
    \n
    \n
    \n
    <\/div>\n

    <\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>

    SQL Injection<\/figcaption><\/figure>\n

    2. Dork for XSS\u00a0–<\/strong>\u00a0inurl:\u201d.php?searchst\u00adring=\u201d<\/strong><\/p>\n

    \n
    \n
    \n
    \n
    \n
    <\/div>\n

    <\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>

    XSS<\/figcaption><\/figure>\n

    3. Dork for API keys\u00a0– intitle:\u201dindex of\u201d api_key OR \u201capi key\u201d OR apiKey<\/strong><\/p>\n

    \n
    \n
    \n
    \n
    <\/div>\n

    <\/p>\n<\/div>\n<\/div>\n<\/div>

    API Key<\/figcaption><\/figure>\n

    Above are the most common examples of finding some common vulnerabilities on the websites, but this aren\u2019t the limited one.<\/p>\n

    NOTE : You can check here for more dorks :\u00a0https:\/\/www.exploit-db.com\/google-hacking-database<\/strong><\/a><\/p>\n

    This was the basics to find the information or vulnerabilities using\u00a0Google Dorks,\u00a0<\/em><\/strong>now lets look at some of the advance and \u201cnot so popular\u201d techniques of finding sensitive information.<\/p>\n

    Advance :<\/strong><\/p>\n

    You guys are might be aware about\u00a0HTTP VERBS<\/strong><\/a>.\u00a0<\/strong>There are many http verbs out of which\u00a0GET<\/strong>\u00a0&\u00a0POST<\/strong>\u00a0are the most commonly used. Now we all know that the\u00a0GET<\/strong>\u00a0method is not suitable for passing sensitive information such as the username and password, because these are fully visible in the URL query string as well as potentially stored in the client browser\u2019s memory as a visited page.<\/p>\n

    Still there are many websites that are passing sensitive information using\u00a0GET<\/strong>\u00a0method, to make it secure you can use the blocking rules. Commonly, the blocking rules could be setup easily by write some \u201cDisallow\u201d rules at robots.txt file.<\/p>\n

    \n
    \n
    \n
    \n
    \n
    <\/div>\n

    <\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>

    Blocking Rules<\/figcaption><\/figure>\n

    While hunting on a private program I found a request where they were using\u00a0GET\u00a0<\/strong>parameter which contained email, some key, ID, my country name etc. So I tried finding email\u2019s of other users on the same site and I got some yahoo email ID\u2019s<\/p>\n

      \n
    1. Dork Used for yahoo :\u00a0<\/strong>site:target.com inurl:\u2019@yahoo.co\u2019 (which will give me .com and .co.in) emails of yahoo<\/li>\n<\/ol>\n
      \n
      \n
      \n
      \n
      <\/div>\n

      <\/p>\n<\/div>\n<\/div>\n<\/div>

      Yahoo<\/figcaption><\/figure>\n

      I got an excel sheet containing yahoo emails and phone numbers of the users of that site.<\/p>\n

      Now I wanted to find some more emails so I enumerated further and got emails of outlook.live and gmail.com<\/p>\n

      2. Dork Used for outlook<\/strong>\u00a0: site:target.com inurl:\u2019@live.com\u2019<\/p>\n

      \n
      \n
      \n
      \n
      <\/div>\n

      <\/p>\n<\/div>\n<\/div>\n<\/div>

      Outlook<\/figcaption><\/figure>\n

      3. Dork Used for gmail :\u00a0<\/strong>site:target.com inurl:\u2019@gmail.com\u2019<\/p>\n

      \n
      \n
      \n
      \n
      <\/div>\n

      <\/p>\n<\/div>\n<\/div>\n<\/div>

      Gmail<\/figcaption><\/figure>\n

      Some more useful dorks :<\/strong><\/p>\n

        \n
      1. site:<Website> inurl:<GET Parameter><\/li>\n<\/ol>\n

        Example<\/em>\u00a0:<\/p>\n

        i) site:target.com inurl:api_key<\/p>\n

        ii) site:target.com inurl:email<\/p>\n

        iii) site:target.com inurl:amount<\/p>\n

        2. intitle:\u201dindex of\u201d \u201c\/etc\/mysql\/\u201d<\/p>\n

        3. site:\u201dtarget.com\u201d database.yml<\/p>\n

        4. inurl:group_concat(username, filetype:php intext:admin<\/p>\n

        5. inurl:\/wwwboard\/passwd.txt<\/p>\n

        6. filetype:reg reg HKEY_CLASSES_ROOT -git<\/p>\n

        7. inurl:\/database* ext:sql intext:index of -site:target.com<\/p>\n

        This are some of the not so common but useful\u00a0Google Dorks<\/em><\/strong>\u00a0to find sensitive information of the website. You can also modify this dorks and you can also use more dorks with this dorks.<\/p>\n

        NOTE<\/strong>\u00a0: You can prevent a page from appearing in Google Search by including a \u201cnoindex\u201d meta tag in the page’s HTML code, or by returning a ‘noindex’ header in the HTTP request.<\/p>\n

        Thank You \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"

        Summary : The \u201cGoogle Dorks\u201d is a technique that uses google searches to find security holes and sensitive information that<\/p>\n","protected":false},"author":1,"featured_media":881,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[51],"tags":[],"yst_prominent_words":[1278,1272,1268,1269,1277,1270,561,1271,1266,265,1264,284,1273,261,1274,1267,1275,1265,1276,217],"class_list":["post-880","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials"],"_links":{"self":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/comments?post=880"}],"version-history":[{"count":0,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/880\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media\/881"}],"wp:attachment":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media?parent=880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/categories?post=880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/tags?post=880"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}