Google Hacking
Encyclopedia
Google hacking is a computer hacking
technique that uses Google Search
and other Google
applications to find security holes in the configuration
and computer code
that website
s use.
to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web application
s. The following search query would locate all web pages that have that particular text contained within them. It is normal for default
installations of applications to include their running version in every page they serve, e.g., "Powered by XOOPS 2.2.3 Final".
The following search query will locate all websites that have the words "admbook" and "version" in the title of the website. It also checks to ensure that the web page being accessed is a PHP
file.
intitle:admbook intitle:version filetype:php
Another technique is searching for insecure coding practices in the public code indexed by Google Code Search
or other source code search engines.
One can even retrieve the username and password list from Microsoft FrontPage
servers by inputting the given microscript in Google search field:
"#-Frontpage-" inurl:administrators.pwd
Devices connected to the Internet can be found. A search string such as
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
technique that uses Google Search
Google search
Google or Google Web Search is a web search engine owned by Google Inc. Google Search is the most-used search engine on the World Wide Web, receiving several hundred million queries each day through its various services....
and other Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
applications to find security holes in the configuration
Computer configuration
In communications or computer systems, a configuration is an arrangement of functional units according to their nature, number, and chief characteristics. Often, configuration pertains to the choice of hardware, software, firmware, and documentation...
and computer code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
that website
Website
A website, also written as Web site, web site, or simply site, is a collection of related web pages containing images, videos or other digital assets. A website is hosted on at least one web server, accessible via a network such as the Internet or a private local area network through an Internet...
s use.
Basics
Google hacking involves using advanced operators in the Google search engineWeb search engine
A web search engine is designed to search for information on the World Wide Web and FTP servers. The search results are generally presented in a list of results often referred to as SERPS, or "search engine results pages". The information may consist of web pages, images, information and other...
to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web application
Web application
A web application is an application that is accessed over a network such as the Internet or an intranet. The term may also mean a computer software application that is coded in a browser-supported language and reliant on a common web browser to render the application executable.Web applications are...
s. The following search query would locate all web pages that have that particular text contained within them. It is normal for default
Default (computer science)
A default, in computer science, refers to a setting or value automatically assigned to a software application, computer program or device, outside of user intervention. Such settings are also called presets, especially for electronic devices...
installations of applications to include their running version in every page they serve, e.g., "Powered by XOOPS 2.2.3 Final".
The following search query will locate all websites that have the words "admbook" and "version" in the title of the website. It also checks to ensure that the web page being accessed is a PHP
PHP
PHP is a general-purpose server-side scripting language originally designed for web development to produce dynamic web pages. For this purpose, PHP code is embedded into the HTML source document and interpreted by a web server with a PHP processor module, which generates the web page document...
file.
intitle:admbook intitle:version filetype:php
Another technique is searching for insecure coding practices in the public code indexed by Google Code Search
Google Code Search
Google Code Search is a free beta product from Google which debuted in Google Labs on October 5, 2006 allowing web users to search for open-source code on the Internet. Code Search will be shut down along with the Code Search API on January 15, 2012....
or other source code search engines.
One can even retrieve the username and password list from Microsoft FrontPage
Microsoft FrontPage
Microsoft FrontPage was a WYSIWYG HTML editor and web site administration tool from Microsoft for the Microsoft Windows line of operating systems. It was branded as part of the Microsoft Office suite from 1997 to 2003...
servers by inputting the given microscript in Google search field:
"#-Frontpage-" inurl:administrators.pwd
Devices connected to the Internet can be found. A search string such as
inurl:"ViewerFrame?Mode=" will find public web cameras.Google Hacking Tools
External links
- "Google Help: Cheat Sheet", Google (printable)
- "Google Hacking & Deep Web", GERMAN