Currently, Google is undoubtedly the most used Internet search engine at the moment. In addition, it has other complementary services for email such as Gmail or to work in the cloud such as Google Drive. What not everyone knows is that, using the Google search engine, cybercriminals can obtain valuable information. Then, based on this data, they can carry out their attacks and prepare them more effectively. In this tutorial we are going to talk about what Google Hacking is and how it affects users.
We are going to start by explaining what Google Hacking is to be clear about the concept. Then we will explain some simple ways we have to practice it and we will end by explaining how it affects users.
What is Google Hacking
Google Hacking can be defined as a computer technique that uses operators or commands to filter the information we receive from the Google search engine. It can also be used to find security holes in the configuration and source code used on websites.
This word began to be used in 2002 by Johnny Long. At that time he began to collect queries that worked in Google search and with which he could find vulnerabilities or discover sensitive or hidden information. At the time they were labeled Google Dorks, so this term is also sometimes used to refer to these issues. Later on, this ended up becoming a huge database and eventually organized into the Google Hacking database.
As for how to use Google Hacking, we can use it for various purposes. One of them would be to search Google more precisely using a series of operators. It can also be used to carry out ethical hacking activity to identify server vulnerabilities and then notify those responsible so that they can correct the problem. Furthermore, it could also be used by cybercriminals to obtain information that they could then exploit in their attacks and operations.
Google Advanced Operators and a Usage Example
If we want to carry out Google Hacking we will have to use the advanced operators of the Google search engine. Its objective is to find specific strings of text within the results that the search offers us. The queries that we made in Google would be in charge of finding all the web pages through a kind of filters that would be the operators.
Now, the first thing we are going to do is open the browser and go to the web page where the Google search engine is located. The next step we are going to take is to make the following inquiry by typing this query: Windows 10 command prompt commands .
In this case, it has offered us 5,670,000 results, so we have many options. This can sometimes cause an excess of information that can end up saturating us. To prevent this from happening, we could use one of Google’s advanced operators. One of the ones that we are going to use is intitle so that it looks for us that article, news, tutorial etc. have that title. The other command that we are going to use is filetype to indicate that we want the result to be a file of that type.
Thus, what we are going to look for now are the Windows 10 symbol commands in a pdf file so that we can download it and consult it when we need it. In this case, the search would have to be done by typing intitle: command prompt windows 10 filetype: pdf .
As you can see, even having used the same search string, the results are very different. Thus, we have gone from having more than 5 million results to only 475, with which, the change is very notable.
As for “filetype” it is very easy to use if you are used to and know the file extensions. Thus, for example, for Word (doc, docx), Excel (xls, xlsx), Web sites (html, htm), text documents (txt), MP3 audio (mp3) and AVI videos (avi).
Keywords to improve our searches
We have already seen that Google, using operators, gives us more precise searches. However, there is still room for improvement if we choose the right keywords. Some of the keywords that we could use would be: dictionary, manual, form, course, how to do, review notes, tutorial, poster, study guide, papers and letter.
As for keyword examples with Google operator, we could use two:
- How to do site: www.youtube.com : to find a way to do something on YouTube.
- How to do filetype: doc : to learn to do something and that the result is in a Word file.
The most important basic commands or operators
Without a doubt, the best way to do Google Hacking is to know the advanced operators that we can use. Here you have a selection of the most important:
- ”” (Quotation marks) : it would show the results that contain the exact phrase that we have written.
- and or not : logical operators “and” or “not”.
- + and -: include and exclude a word respectively. For example, if we put black car – white, here it will match all black car matches and ignore references to the word white.
- * (asterisk): used as a wildcard, single word.
- . (period): can be used as a wildcard for one or more words.
- intitle or allintitle: to get results that contain the word in the title. In the second section of this tutorial you have an example of use.
- inurl or allinurl: show results that contain the word in the url.
- site: offers results from a specific web page, for example site: www.youtube.com.
- filetype: it is used to search for files by putting the extension. Combined with keywords as we saw earlier it will improve search results.
- link: it is used to show the links to a page.
- inanchor: returns results that contain the searched keyword in the anchor text of the link.
- cache: shows the result in the Google cache of a website.
- related: searches web pages related to a specific one.
The dangers of Google Hacking and how it affects users
Currently we have more and more IoT (Internet of Things) devices, home automation and more connected to the Internet. The problem they have is that they are handled by people who do not have enough knowledge or that this device is not equipped with the necessary security measures. Then we find errors such as default passwords, bad configurations and devices that, due to the lack of updates, become increasingly insecure.
Some examples that could be affected are video surveillance cameras, smart TVs, printers and more. For example, for video surveillance cameras we could use:
- camera linksys inurl: main.cgi
- intitle: ”toshiba network camera – User Login”
Instead, for printers:
- inurl: webarch / mainframe.cgi
- intitle: ”network print server” filetype: shtm
Other Google Hacking functions that we could perform through the use of operators would be:
- Look for outdated and vulnerable servers.
- Perform user and password searches of websites, servers and databases.
To finish with Google Hacking, it should be noted that this information is available due to the bad configuration of the server or device, its lack of updates and also because Google sometimes indexes information that it should not.