About Google Hacking

About Google Hacking | The use of attack | Examples | Defence against attacks


Google Hacking - this attack relies on finding sensitive data via google search. Search engines to index everything they encounter on the Web server. Or so to index the data that we have provided accidentally (eg. Lists of users and passwords, lists of employees, important business documents, databases, etc..). Usually from a web page these data are not visible. It seems that the user does not have access to them (eg. Would have to know the name of the file). However, if you type in the search engine google the appropriate request we can easily find these files.

Thanks to Google, we can find not only information publicly, but also places that we should not know: files with passwords and names of active users, sites with gaps, server information, and much more. The aforementioned things are only a handful of search engine capabilities referred to. The trick is to find an appropriate query. Now to get the interesting result we have to choose appropriate search operators questioning, it is in them lies the whole power of the search engines.


allintitle - returns results that contain all keywords in the page title. operator is not suitable for use with other syntax elements
allinurl - returns results that contain all of the address searched words, this operator is not suitable to combine with other elements of syntax
cache - displays a copy of a page or document that stores google. The document or the page does not need to exist in the network, but can still be indexed in google.
daterange - limit the search to a certain date or time interval in which the page was crawled by the search engine Google
define - searches for definitions
filetypesearches for files with the specified extension
inanchorreturns documents containing links that contain the content of links containing search words
info - feature that shows us information about a page (a copy image supplied by google sites similar to it, including links podstorny, search pages).
intext - returns results that contain specified keywords in the content of the page
intitle - displays the results containing specified keywords in the page title
inurl - returns pages that contain the address of the search words
link - displays the backlinks to that lead to your site
numrange - restrict the search to results that contain numbers in a given range
related - display the sites that are thematically similar to your site
site - narrows down the list of results to a particular site, domain or group of domains
+ (plus) - given expression [expression] must be included on the page, even if you ignore google this word because of the universality of
- (minus) - the search results will be deducted pages with a specific word
" " - in the search results takes into account all given phrases, not just single words contained in the search phrases
Tilde (~)word, which is inserted before, can be replaced by the synonym
. (dot) - after laying the command [expr1]. [word2], Google will search for us [expr1] - [word2], [expr1] [word2], [expr1] 1 [word2], etc.. performance.
(OR) - after laying the query [expr1]. [word2], Google will search for us [expr1] - [word2], [expr1] [word2], [expr1] 1 [word2], etc.. performance.
* - after laying the query [expr1] * [word2], Google will search for us [expr1] or [word2], [expr1] and [word2], [expr1] in [word2], [expr1] in [word2], [expr1] the [word2], etc.. performance.


What you need to remember?

1 Google algorithm restricts the placing to 10 words in a query, including logical operators (if the number of operators, together with the words exceed the number of 10, they will not be taken into account).
2 You can use the operator * (use words substitute) which is not taken into account.
3 Operate with the multi-lingual, so that will increase the search box.
4 The sequence of typed words, and the amount of typing the same words have meaning in the search.
5 If a page or document no longer exists, click on the copy of this document, for about 95% of google enable you looking.

For ease you can use the program GoogleHack - download here

Examples of the use of attack can be found in the website The use of attack"
If you want to learn more about the attack and see additional examples to check out the links, or use the following publication:

Joshua Brashars - Google Hacking Search Engine Black-Ops
Paul Bausch, Tara Calishain, Rael Dornfest - Google Hacks
Google_Hacking_without_faces
google-hacking-for-penetration-testers-volume-2

Source: http://www.guardians.pl/artykuly.php?art=propl_06Jul30235330.pro&cate=hacking