Posts
What is Google Dorks ?
We call them ‘googledorks’ (gOO gôl’Dôrk, noun, slang) : An inept or foolish person as revealed by Google.
Google dorks are the center of the Google Hacking. Many hackers use google to find vulnerable webpages and later use these vulnerabilities for hacking.
Example Dorks:-
1. CGI directories contain scripts which can often be exploited by attackers.
Click here for the Google search ==> “index of cgi-bin”
This way you will find many CGI directories some of them may be vulnerable.
2. Another famous Google Dork is the PhpMyAdmin Dork. phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security mechanism is to leave it up to the admin of the website to put a .htaccess file in the directory of the aplication. Well gues what, obviously some admins are either too lazy or don’t know how to secure their directories.
2. Another famous Google Dork is the PhpMyAdmin Dork. phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security mechanism is to leave it up to the admin of the website to put a .htaccess file in the directory of the aplication. Well gues what, obviously some admins are either too lazy or don’t know how to secure their directories.
Click here for the Google search ==> “Welcome to phpMyAdmin” ” Create new database”
This way you may find some vulnerable pages to gain access to someone’s PhpMyAdmin.
Honeypots
Honeypot or Honeypages are webpages designed to attract Google Dorkyz or Google Hackers. If you search for “index of /etc/passwd” on google. The first link you find is a very famous gray-world.net honeypot.
Honeypot or Honeypages are webpages designed to attract Google Dorkyz or Google Hackers. If you search for “index of /etc/passwd” on google. The first link you find is a very famous gray-world.net honeypot.
Google dorking is the way to query google in a way that would retrieve what you really want from Google. For example you want to search for a presentation about some book and you know the author name? If you simply put the query Presentation author name you would get millions of result which will place you to no where and you will end up asking your fellows to give you the presentation” isn’t it ? Where as the nice way to search for the presentation would be to ask the search engine what actually you want?
Let say you wanna search a presentation of marketing book author Philip kotler A query like
“intext:marketing inurl:kotler filetype:ppt”
Would retrieve all the powerpoint presentations Where in text marketing would be written and the url would have kotler in it nice isnt it. The way to explore things via search engine is the way
Now that you have noted what was written in the presentation you know the file format Fire up the query in google search and you would surely get a result
Next few post i will tried to cover complete google hacking commands and dorks ... stay with my blogs
Few useful post click to read
Few useful post click to read
Google Hacking Commands
Google Dorks for SQL
- Google Dorks for sql injection
Google Dorks for ASP
Protecting Yourself from Google Hackers
Google Hacking Commands
Google Dorks for SQL
Google Dorks for ASP
Protecting Yourself from Google Hackers
• Keep your sensitive data off the web! Even if you think you're only putting your data on a web site temporarily, there's a good chance that you'll either forget about it, or that a web crawler might find it.Consider more secure ways of sharing sensitive data, such as SSH/SCP or
encrypted email.
Protecting Yourself…
• Googledork! Use the techniques outlined in this article (and the full Google Hacker's
Guide) to check your site for sensitive information or vulnerable files.
• SiteDigger from FoundStone automates
• SiteDigger from FoundStone automates
this.
– Uses the Google API so…
• Only 1000 searches on Google per day
No comments:
Post a Comment