Google Dorks and Hacking Commands

An overview of Google Dork

The sets of information above are protected by certain ethical barriers. No ordinary citizen is supposed to get access to them. However, what if you are a detective, newsroom journalist or an auditor of some government agency? How do you get access to these tiny yet essential details? That is where Google dorking is important. It is a method employed by ethical hackers to make queries on search engines when they are sourcing for very delicate pieces of information. Examples of these pieces of information include the tax files of certain big organizations, the data set of certain victims covered up by the government or pretty much any piece of info you would not find when you just conduct any normal search.

Not to create too much tension, this is not like some sort of secret exclusive to a certain cult. No! Pretty much anyone with the knowledge of basic search engine queries can carry out a Google Dorking operation. Besides, it does not require pulling a technical stunt or possessing a Harvard degree in cyber security. It all boils down to understanding some basic methods and instructing the computer to execute some basic commands.  It allows any individual to be able to use the World Wide Web to its full capacity.

‍

Dorking as a Cyber Security Tool

You may be wondering what possible advantage dorking could have in the sphere of cyber security. Dorking can be useful for a pen-tester in the analysis of the vulnerabilities of a specified web application. Furthermore, it can assist in providing deep insight when it comes to security and safety analysis of an existing web security structure – the loopholes, strengths, and even possible attack signs erstwhile hidden from the system administrator.

SO, WHAT ARE GOOGLE DORKS?

Google dorks are special search terms that are used to access specific sets of information that are not available with normal queries. The implication of this is that, there are some search terms that hold real importance to the Google search engine. The search box automatically assumes the functions of a command line when these search terms are input into it.

Of course, there is no limit to the kind of information that can be accessed through a thoroughly crafted dork. However, you should know that Google doesn’t just pull information out of thin air. These texts or images or documents or codes or videos must have been exposed mistakenly at one point or the other. The sole fact of mistaken exposure (and of course, sensitivity) goes to explain the reason for the subsequent obscurity.

There is a downside to Google Dorking and safety though; it can be pulled off by anyone who is privy to the specific line of commands. Not just ethical hackers.

Google Hacking Techniques

There are quite a number of methods of getting different types of information using specific keywords:

1. Use keywords, file type and site type – Since there are different types of file formats, if you want to get information in a document, you could combine the Specific keywords (budget, revenue), the file type (csv, xlsx) with the site type. Here is an example: [file type: csv site:za budget] . Make sure to write it in the order to get your results.
2. Inserting multiple words or phrases – In some instances, instead inserting just one keyword in your search time, you could try a combination that confers more specificity. For instance, instead of just confidential, you can write not to be shared, not to be made public. This gives your query an edge.
3. Searching for documents with login info – In this case, you just need to follow the procedures mentioned above. That is, file type, keywords and site type. The only difference would be that, the keywords would be login information. You will be surprised that even big organizations save these things in English language. This is an example: [file type: PDF site: co login].
4. Wrongly configured web servers – Often times than not, you will find some directories that are not supposed to be on the net on Google.  More than you will get on single pieces of information; directories serve as huge sources of information. To access such you can make your query with these search terms [intitle:”index of’ site:kr password]
5. Numrange searches – This type of searches are known to be very specific. Also, depending on the reason behind the search (and the amount of information you also have access to before the search), it could be scary. In a Numrange, you insert two numbers separated by only two periods (as in dots) and no spaces. This is usually done alongside other keywords to display results that falls between the ranges of numbers in your initial query. For instance, [site: www.pocoapoco.com 123..150]
6. Searching to access contents without registration – Businesses and website applications are known to target lead generation more often. Due to that, you may be limited from accessing some of their contents if you do not register. However, in situations like this, you could enter a Google hack query to bypass these restrictions.  Depending on what is it you are looking for, your search terms could be:

[Site: www.thenameofthecompany.com inurl: database]
[Site: www.thenameofthecompany.com inurl: directory]
[Site: www.thenameofthecompany.com inurl: index]

7. Native language searches – This could be applied to enquiries on localized contents. You are more likely to find the results you are expecting if you conduct your searches in the applicable local language. This is especially more feasible considering the decreased reliance on English language and the openness of the Google intelligence to other languages.

‍

Google Dorking Commands

LOG FILES - Log files are like databases (or more appropriately records).  The existence of log files is a pointer to the ease of getting sensitive information on website. In most instances, some of a website’s sensitive logs can be found in the transfer protocol of these websites. Access to these logs gives access to the version of PHP and backend structure a particular website uses.  The search terms for getting these logs are allintext: username file type (csv, PDF, xlsx): log

SUSCEPTIBLE WEB SERVERS – There are certain web servers that contain loopholes. Some web servers too have been hacked in. You can identify the examples of these websites by entering this search terms inurl: /proc/sef/cwd/

EXPOSED FTP SERVERS – Since File transfer protocols may also contain certain sensitive information and they are not normally meant to be exposed, you could use the Google dork written below to access these transfer protocols.

[Intitle: index of inurl: ftp]

ENV FILES – Some website developers sometimes ignore the best practices and leave the .env files in a place that is publicly accessible. Certain Google Dorks are used to access these files and they often contain very sensitive information about site safety framework

NB: Env files are used to define configurations and variables for web development work spaces.

SSH PRIVATE KEYS – Certain information is shared on the SSH protocol and the keys used in this process are generally not meant to be disclosed. With the help of this Dork, you will be able to find some of these keys that have been filed into an index by Google.

Intitle: index.of id_rsa -id_rsa.pub

EMAIL LISTS – These are unbelievably easy to find with Google dorks. Most spammers use this trick to add unlimited number of Email addresses to their spam list. To access email lists, here is a format of how your dork should appear like

Site: .com filetype: csv inurl: email.csv

LIVE CAMERAS – If you intend to monitor certain areas, Google dorking can help you locate and watch live cameras with no significant IP restrictions. Depending on how creative you can get, there are many Google Dorks that give you access to various live cameras globally including those of the military or the government.  To access IP based Cams, here is the Dork [Inurl: top. Htm inurl: currenttime].  In a situation where you want to access webcam transmitted coverage, here is the dork

[intitle: Webcam XP 5]

MP3, MP4, PDF – If you intend to download any files on the internet without accessing them through a streaming platform or an online library, you could use the Google dorks specified below

[Intitle: index of (filetype)]

WEATHER DORKS – Weather dorks gives you access to any weather measuring device that is connected to the internet from anywhere around the globe. To get this information, here is the search query to enter

[intitle: weatherwing WS2]

ZOOM BOMBS – Zoom bombs are dorks used to disrupt online video meetings inasmuch as URLs are distributed. To do this, here is the search query to enter

[inurl: zoom.us/j and intext: scheduled for]

DATABASE DUMPS – What better way is there to get information if not from wrongly configured databases? Some SQL files have been wrongly dumped on servers and can be accessed through a domain. This leaves these database open to anyone with the right search term.

[Index of database.sql.zip]

WORDPRESS ADMIN LOGIN – With the aid of a Google dork, it is very easy to find an index of word press administrative login pages and even access the login information of those pages.

[Intitle: index of wp-admin]

APACHE 2 – Apache is an example of a server. Just like any other type of vulnerable web server, Apache 2 servers are can also be gotten through the right Google dork.

[Intitle: Apache2 Ubuntu Default Page: It works]

GOVERNMENT DOCUMENTS – These documents – although meant to be restricted from public view – are not very difficult to find with the help of Google dorks. To get these files, here is the dork query to enter

[allintitle: restricted filetype: doc site: gov]

‍

How to Prevent Google Dork Infiltration

1. ENCRYPTION – You could prevent your files from being infiltrated through a Google Dork by encrypting very sensitive information on your web server or your website application.
2. LOOPHOLE ACCESSMENT – Cyber security has also evolved to allow you run Google dork specific loophole scans. On the same note, you can also carry out dork searches targeted at your website and your server.
3. REMOVE SENSITIVE INFORMATION FROM AREA OF EXPOSURE – Just in case you discover the exposure of sensitive information, you can request (through Google Search Console) that Google removes them.
4. IP BASED RESTRICTIONS – You can leverage on IP based limitations to protect some private aspects of your database.  Coupled with this, you could also use password authentication methods for the sole aim of confirmation.
5. ROBOTS. TXT CONFIGURATION – This is a very useful means of protecting hackers from exploiting your private space through any directory in your website that may be indexed by the Google search engine.  To do this, these are the configuration terms you will need to enter to your backend.

User –agent: *

Disallow: /

The disallow sub-column would contain any specific sort of directory you would like to block out.

Conclusion

Google dorks are the holy grail of Google search queries. They allow anyone to have access to any type of information given that he or she has the right search terms. Therefore, as an administrator, it is important that you take active measures to protect infiltration to your website by protecting it. On the other hand, you could also leverage on this knowledge to gain certain information that is useful to you in any field of professionalism.