The hackers used a method known as Google Dorking which has been used ever since Google was launched.
Through this article we take the proficiency of Google as a hacking tool.
If you have a PC/laptop, it is guaranteed that you have used Google for searching answers.
This can be accomplished by using the advanced operator features of Google.
The basic syntax for using advanced operator in Google is as follows.
Using such a query in Google is called Dorking and the strings are called Google Dorks a.k.a Google hacks.
Dorks come in two forms vis-a-vis Simple dorks and complex dorks.
Each keyword/advance operator has a special meaning to the Google engine.
Lets take few examples of simple dorks.
Simple Google Dorks:
Lets see an illustration as to what this really means.
A single query can be used to get a particular result.
The above two diagrams illustrate few of the dorks in a pictorial manner.
The same can be analogous to other advanced operators.
So what can we find out using Google?
This is an example of a simple query.
Next, lets see some juicy stuff, which comes in handy due to the efficiency of Google crawlers.
This can also be used in user profiling which seems to be in demand in the underground market.
The above queries where just simple dorks which gave out sensitive information.
Another dork can be used to glean emails ids from Google.
Dork: intext:@gmail.com filetype:xls
Similarly we can use Google for site crawling/web link mapping.
We use few other keywords to achieve this feat.
What is so special about site crawling/online grid mapping i.e.
enumerating domain and hostnames?
Well, all this is done without any probing at the target.
The possibilities for automation and online grid mapping using Google are infinite.
Dork: inurl:8443 -intext:8443
This dork lists all the sites running on port 8443.
An automated scan on important ports can give interesting results.
This is the power of Google.
If you like the article we will bring another one detailing advanced Google dorking techniques.
source: www.techworm.net
