We are going to start by explaining what Google Hacking is to be clear about the concept. Then we will explain some simple ways we have to practice it and we will end by explaining how it affects users.
What is Google Hacking
Google Hacking We can define it as a computer technique that uses operators or commands to filter the information we receive from the Google search engine. It can also be used to find security holes in the configuration and source code used on websites.
This word began to be used in 2002 by Johnny Long. At that time, he began to collect queries that worked in Google search and with which he could find vulnerabilities or discover sensitive or hidden information. At the time they were labeled Google Dorks, so this term is also sometimes used to refer to these issues. Later this ended up becoming a huge database and eventually organized into the Google Hacking database.
Refering to how to use Google Hacking we can use it for various purposes. One of them would be for search Google more precisely using a series of operators. It can also be used to perform an activity ethical hacking to identify server vulnerabilities and then notify those responsible so that they can correct the problem. Besides, also could be used by cybercriminals to obtain information that they could then take advantage of in their attacks and operations.
Google Advanced Operators and a Usage Example
If we want to carry out Google Hacking we are going to have to use the advanced operators of the Google search engine. Its objective is to find specific strings of text within the results that the search offers us. The queries we made in Google would be in charge of finding all the web pages through a kind of filters that would be the operators.
Now, the first thing we are going to do is open the browser and go to the web page where the Google search engine is located. The next step we are going to take is to make the following inquiry by writing this query: Windows 10 command prompt commands.
In this case, it has offered us 5,670,000 results, so we have many options. This can sometimes cause an excess of information that can end up saturating us. To prevent this from happening, we could use one of Google’s advanced operators. One of the ones we are going to use is intitle so that you can find us that article, news, tutorial etc. have that title. The other command that we are going to use is filetype to refer that we want the result to be a file of that type.
Thus, what we are going to look for now are the Windows 10 symbol commands in a pdf file so that we can download it and consult it when we need it. In this case we would have to do the search by typing intitle: command prompt windows 10 filetype: pdf.
As you can see, even having used the same search string, the results are very different. Thus, we have gone from having more than 5 million results to only 475, with which, the change is very notable.
As for “filetype” it is very easy to use if you are used to and know the file extensions. Thus, for example, for Word (doc, docx), Excel (xls, xlsx), Web sites (html, htm), text documents (txt), MP3 audio (mp3) and AVI videos (avi).
Keywords to improve our searches
We have already seen that Google, using operators, gives us more precise searches. However, there is still room for improvement if we choose the right keywords. Some keywords that we could use would be: dictionary, manual, form, course, how to do, review notes, tutorial, poster, study guide, works and letter.
As for keyword examples with Google operator, we could use two:
- How to do site: www.youtube.com– to find a way to do something on YouTube.
- How to make filetype: doc: to learn how to do something and that the result is in a Word file.
The most important basic commands or operators
Without a doubt, the best way to do Google Hacking is to know the advanced operators that we can use. Here you have a selection of the most important:
- ” ” (quotation marks): it would show the results that contain the exact phrase that we have written.
- and or not: logical operators “and” or “not”.
- + and -: include and exclude some word respectively. For example, if we put black car – white, here it will match all black car matches and ignore references to the word white.
- * (asterisk): it is used as a wildcard, of a single word.
- . (point): can be used as a wildcard for one or more words.
- intitle or allintitle: to get results that contain the word in the title. In the second section of this tutorial you have an example of use.
- inurl or allinurl: displays results that contain the word in the url.
- if you: offers results from a specific web page, for example site: www.youtube.com.
- filetype: is used to search for files by putting the extension. Combined with keywords as we saw earlier it will improve search results.
- link: it is used to display the links to a page.
- inanchor: returns results that contain the searched keyword in the anchor text of the link.
- cache: shows the result in the Google cache of a website.
- related: Search for web pages related to a specific one.
The dangers of Google Hacking and how it affects users
Currently we have more and more IoT (Internet of Things) devices, home automation and more connected to the Internet. The problem they have is that they are handled by people who do not have enough knowledge or that this device is not equipped with the necessary security measures. Then we find bugs such as default passwords, bad configurations and devices that, due to the lack of updates, become increasingly insecure.
Some examples that could be affected are video surveillance cameras, smart TVs, printers and more. For example, for video surveillance cameras we could use:
- camera linksys inurl: main.cgi
- intitle: ”toshiba network camera – User Login”
Instead, for printers:
- inurl: webarch / mainframe.cgi
- intitle: ”network print server” filetype: shtm
Other Google Hacking functions that we could perform through the use of operators would be:
- Look for outdated and vulnerable servers.
- Perform user and password searches of websites, servers and databases.
To finish with Google Hacking, it should be noted that this information is available due to the bad configuration of the server or device, its lack of updates and also because Google sometimes indexes information that it should not.