Google Hacking PDF

Preview

Summary

Details ethical hacking guide...

Description

GOOGLE HACKING

Your Name Here [COMPANY NAME] [Company address]

Table of Contents: Introduction………………………………………………………………… …………………………Page 2 History………………………………………………………………………… …………………………Page 2 Basic Queries……………………………………………………………………… ………………….Page 3 Legality……………………………………………………………………… …………………………..Page 6 Google Hacking/Dorking Techniques………………………………………………………Page 7 Counter Measures against Google Hacking…………………………………………….Page 22 Conclusion…………………………………………………………………… …………………………Page 23 References………………………………………………………………… …………………………..Page 25

1

Introduction: What actually is hacking? Hacking is the process of looking for a weakness in mobile or web application and then using that weakness to get into the confidential database of the application to get your hands on useful data that can be used against any individual for any purpose. Hacking within a defined boundary is “ethical” but as soon as you go beyond that boundary you are entering the illegal territory and you are in danger of committing a crime. Google hacking is another type of hacking. The report goes through the history of Google hacking, right from the very start. Discovery the legality of google hacking in different parts of the world. The report also goes through how using google hacking you can target a specific individual while sitting at your home. You can get access to an individual’s credit card number, security pin, address etc. etc. The report discusses the number of techniques used to manipulate Google’s advanced search engine to perform a thorough test of a web application analyzing its week points and thus figuring out its vulnerability. I have also talked about the techniques one can use to protect themselves and their web applications from such attacks in a future where Google hacking can very much be used against anyone and anywhere. The report also lets you in on the basic queries you can use to perform advance google searches to find what you need. The report explore the syntax and gives a basic explanation of some of the queries a beginner can use.

History: Google hacking dates back to 2002. Johnny Long, also known as “j0hnny” or “j0hnnyhax”, is a computer expert, author and security expert in the United States of America. Johnny Long began to collect queries that looked for systems that were vulnerable to attacks. He also collected queries that would use Google’s advanced search engine to get hands of sensitive information. He labelled this collection of queries googleDorks.

2

As time passed people started to discover more queries that could be used to get their hands on new pieces of information and discover new types of vulnerabilities in system. To put it simply the art of Google hacking was evolving. Eventually there was a large enough dictionary of queries. On 5th October,2004 the Google Hacking database officially began. Queries were organized into the Google Hacking Database (GHDB). Google Hacking v1 was released by Johnny Long in 2005 followed by a Google Hacking v2 in 2007. These two books gave a picture of world of google hacking and explained some concepts to the casual audience. Later the hacks used in google hacking were extended to other search engines such as Bing and Shodan. Since then multiple tools has been released to help with the queries and there is massive query database that can be used to find whatever you want on the internet using any search engine.

Basic Queries: 1) intitle: Limits the search to the titles of the web pages. allintitle:- finds the pages where all the words that the user has specified makeup the title of the webpage. It is better to avoid this variation of the intitle query because it does not mix well with other syntaxes. Example:- intitle:”Donald Trump” allintitle:“NBA”economics

2) inurl: Limits your search to the URLs of the web pages. For finding the search and help pages this query works well because they are usually regular in composition. allinurl:- This variation of the query finds all the words that are in the URL. Example:- inurl:help allinurl:search help

3) intext: 3

Searches only the body of the webpage. Ignores the URL and title. Allintext is a variation. Example:- intext:”outlook.com”

4) inanchor: Searches for text in a page's link anchors. For example, the link anchor in the HTML code test.html Then, he uses a regex to parse the file and strip out email addresses. He also shows a list of emails found in a spreadsheet aptly named “emails.xlsx” (using a filetype directive).

3) Vulnerable Web Servers: To understand how we can use google dorking to expose the vulnerability of a web server we first need to know what is considered to be a vulnerability in a web server?

SQL Injection: SQL injections is the very first attack on a vulnerable website by cybercriminals. With this attack the attacker can gain access of the database, spoof a client’s identity or even destroy data in the database. SQL Injections are extremely dangerous because they can give access of credit card numbers, phone numbers, address etc. to dangerous individuals.

Cross Site Scripting: This sends malicious codes to the user by embedding them into the application. These are extremely dangerous because it can lead to customers being directly hit via your application.

Distributed Denial of Service Attacks (DDoS): DDoS generates requests from thousands of IP addresses and sends to the web server. Sites with vulnerabilities often do not have servers capable of handling thousands of requests at the same time. Thus, a DDoS attack cripples the server. DDoS attacks are very harmful and can be used to completely crash a website of the biggest companies in the world if they have vulnerabilities. 9

The below mentioned Google Dork can be used to search for vulnerable web servers over the internet. inurl:/proc/self/cwd

As we can see from the screenshot. The result has appeared of the web servers that are vulnerable to attacks. An expert cyber criminal can conduct any of previously discussed attacks on the web server. He can either choose to get his hands on the useful information of the customers of a company or he has the choice of completely crashing a website. It is upto him.

4) Open FTP Servers: HTTP servers are not the only ones indexed by google, FTP servers are also indexed. With the dork below, can open FTP servers which can often lead us to uncovering interesting information. intitle:"index of" inurl:ftp

10

5) ENV Files: .env files are the ones where the general variable and configurations are declared for the online and local development environment. These files are used by some of the most popular development frameworks. It is highly recommended for the developer to move these .env files to somewhere safe and away from public access. Despite these instruction most of the web developers nowadays do not care about such stuff and place the env files on the public website directory. This makes it easy to trace and find them through google dorks. Since this is very critically information the exact method to find the env files is not found easily on the internet because it can reveal passwords, emails etc. with ease. Here is a screenshot of the results you are expected to find with the query:

11

As you can clearly see just by looking at the google search results, the unencrypted usernames, passwords and IP addresses are available to us. We don’t even need to click the link in most cases. 6) SSH Private Keys: Some sort of information is always exchanged using the SSH protocol. This information is always encrypted. SSH private keys are used to decrypt that information. From a security point of view we should keep the SSH keys on the system that is being used to access the remote SSH server and should not be shared with ANYONE. With the below mentioned dork you can find SSH keys indexed by Google. intitle:index.of id_rsa -id_rsa.pub If you are using windows operating system using PUTTY SSH client then programs will always log the username of your SSH connections. We can use a simple dork to find SSH username for PUTTY logs: filetype:log username putty

12

7) Email Lists: As we have mentioned and discussed on multiple occasions in this report, we can find a list of emails on google with ease. There is a google dork that gives you a list of excel files with a list of emails in it: filetype:xls inurl:"email.xls"

13

if you cleverly apply some filters and go into the .edu domain you can find out the emails and passwords of students and teachers from different universities. site:.edu filetype:xls inurl:"email.xls The real advantage of google dorks is that as long as you keep changing the combinations and use the new ones you will keep finding out valuable information. This is what most of the google hackers do all day, keep changing and using different combination, applying different filters and expand their list of emails to spam.

8) Live Cameras: Not even the security cameras are safe from google dorks. The private cameras that can be accessed by you can be watched by anyone on the internet. Private cameras that have no IP restrictions can be accessed through google dorks. inurl:top.htm inurl:currenttime To find WebcampXP-based transmission: 14

intel:"webcamXP 5"

For live general cameras: inurl:"lvappl.htm" You can watch any part of the world using different combinations of dorks. One can find government, education and even military cameras that have no IP restrictions. In some scenarios you can perform white hat penetration testing on these cameras. You can easily take control of the admin panel of these cameras and even reconfigure them according to your will.

9) Zoom Videos: During the lockdown in 2020, almost everyone was using Zoom for online meetings.”Zoom bombing” became a pretty popular concept to disrupt zoom meeting. Although later on the company imposed restrictions which made it harder to disrupt meetings but even now if the URL of the meeting is made public you can use google dorks to cause disruptions and headaches. inurl:zoom.us/j and intext:scheduled for

15

Only con of this is that the speed of indexing is very slow. The time taken by google to index the website is too much. In that time the meeting might already be over. Using this dork we can disrupt any university, government, company or even military meetings. Even though most of the universities have moved onto Microsoft teams there are still a good number of school and other institutes that are using Zoom even in 2021.

10)

MP3, Movies and PDF files:

After apps like Patari, Gaana, Soundcloud, Spotify and Apple Music came into the market people have stopped downloading music. Majority of the people prefer to use an app that uses internet to listen to the music. 5 or 6 years ago majority would prefer downloading mp3 files and saving them in their phone. Back then internet wasn’t very easy to access thing. If you are still that same individual and do not prefer to use spotify or apple music you can use google dorks to find out legal to download mp3 files on the internet.

16

intitle: index of mp3

intitle: index of pdf

17

11)

House Prices:

Using google dorks we can find out the prices of houses in any city in the world. From London to New York to New Dehli, we just need to use the right combination of our advanced google search query.

12)

Site Crawling:

A person performs numerous searches on google everyday but we do not know how does google get the results for our searches. Google uses web crawlers to find the websites relevant to our search. The web crawlers go around website looking for our keywords in the search and show the website in the search results if they find something relevant. Google dorks can be used to use site crawling and narrow down our results to a certain website, domain or subdomain.

18

site:microsoft.com

13)

Port Scanning:

There are ways to do basic port scanning with google dorks. Combine the inurl search for a port with the name of a service that listens to that port. Another way of doing port scanning is using inurl for the port and combining it with negative intext search of that port. This search will find us the servers listening on the port mentioned in the search. inurl:8080 -intext:8080

19

14)

Database Digging:

SQL Injection Hints: Using google dorks we can find weather or not a website is vulnerable to sql injection attack or not. First we will use the query: inurl:.php?id=1

To check whether any of these websites is vulnerable or not we need to go to these website and edit their URL by adding a single quotation mark at the end.

20

If the website shows an error like this then the site is vulnerable to sql injection attack. SQL Password: We can find files that have clear text password ready for any hacker to use that and login to the database.

21

Countermeasures against Google Hacking: Google dorks is serious threat to everyone’s websites these days. If it is as easy as combining different operators to get access of sensitive information then there is no security that your website, your personal information wont be used by the hackers. There are many things you can put in place to defend yourself or your website from these sort of attacks. 1) Ronot.txt files: These files specify different locations that the google search engine does not explore and store in its cache. To protect yourself use robot.txt files to avoid indexing. Examples of robot.txt files: If we want the robots to stay out of the infosec directory we can use: User-agent: * Disallow: /infosec/

2) Searching for your own website: We can use different searching methods to see how vulnerable our own website is and then use automated or manual testing to get those vulnerabilities out of the website. Many developers themselves do not know about google hacking so how are they supposed to defend themselves from it? We need to make sure that we have enough knowledge about our enemy. The more knowledge we have the more well prepared we are to tackle the threat. This is why we need to search our own website looking for vulnerabilities so we can get rid of them AND know how google dorking actually works.

3) Google Hack Honeypot: Google hack honeypot is an invisible link on your website. It can be detected through google’s search operators. Google hack honeypot acts like a live system for an attacker. What google hack honeypot does is that when an attacker is trying to access confidential information, it does not actually give them access to it. Google hack honeypot sends a PHP script link to the attacker instead and that script logs the

22

attackers activity. All of this is done by configuring google hack honeypot in such a way that it does not give the attacker any idea that his actions are being monitored.

4) Personal Information: Try to avoid putting your personal information over the internet. Try to remain as anonymous as possible. Even if you are shopping online use the most secure websites such as Amazon and Noon. Do not enter your credit card details anywhere without checking whether their payment methods are the most secure or not. Websites with “Sign in with Google” or “Sign in with Facebook” are also very fishy. Try to avoid them at all costs. Make sure to use your alternate email addresses if it is an urgent work on that specific website. Avoid clicking on links that do not feel right. Some of the hacking links can be sent to a large number of people via facebook or whatsapp that can make people click on them and steal their username and password and other valuable information. Never click on link unless you are sure where that link takes you.

Conclusion: The most popular, important and used search engine in the world is google search engine. It has the ability to index our website unless we deny it. In the report we learned about the history of the Google Hacking Database and from when and how it originated. The report goes in depth of the legality of the whole thing using different examples and perspectives on the matter. We discussed multiple techniques that can be used to extract information of your liking from any server that is vulnerable. From Sql injections to Sql password extraction to .env file hacking we discussed each and every bit of detail in the document. Even though google dorking is completely legal as long as you do not use the data for illegal means, it is still pretty unsettling to know that someone out their can hack your website or get hands on your personal information just by the combinations of google search operators. The document also goes in depth on what countermeasures you can use to nullify the affect of google dorking on your website. The document comprehensively covers all aspects of google dorking and provides a good amount of context and history. 23

References: Francis, Brown and Rob Rogan (2013) Google Hacking, Orlando, FL: InfoSec World 24

(July 29, 2020) SmartSearching with GoogleDorking, Available at: https://exposingtheinvisible.org/guides/google-dorking/ (Accessed: 3rd May, 2021). Hari Krishnan (May 31, 2012) Defending Yourself From Google Hackers, Available at: https://resources.infosecinstitute.com/topic/defending-from-google-hackers/ (Accessed: 3rd May, 2021). () Google Hacking: What is Google Hacking?, Available at: https://www.acunetix.com/websitesecurity/google-hacking/ (Accessed: 3rd May, 2021). Kathakali Banerjee (12 April, 2016) Google Hacking: How To Save Yourself From Google Dorking, Available at: https://www.digit.in/features/general/google-hacking-how-to-saveyourself-from-google-dorking-29755.html (Accessed: 2nd May, 2021). Tianna Haas (July 11, 2019) Web Crawler 101: What Is a Web Crawler and How Do Crawlers Work?, Available at: https://www.webfx.com/blog/internet/what-is-a-webcrawler/ (Accessed: 2nd May, 2021). Securelca (January 22, 2020) Exploring Google Hacking Techniques using Dork, Available at: https://medium.com/infosec/exploring-google-hacking-techniques-using-google-dork6df5d79796cf (Accessed: 1st May, 2021 Emily Pribanic (June 29, 2020) Web Server Vulnerabilities Attacks: How to Protect Your Organization, Available at: https://www.techfunnel.com/information-technology/webserver-vulnerabilities-attacks-how-to-protect-your-organization/ (Accessed: 1st May, 2021). Esteban Borges (March 29, 2021) Exploring Google Hacking Techniques - Top Google Dorks, Available at: https://securitytrails.com/blog/google-hacking-techniques (Accessed: 1st May, 2021). Buddy Jericho (December 31, 2019) Google Dorking and “Google Hacking”: What Are They?, Available at: https://echoanalyticsgroup.com/google-dorking/ (Accessed: 1st May, 2021).

25...