Cyber Buddy : Cybersecurity and Ethical Hacking Course

Google Hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.

In its malicious format, it can be used to detect websites that are vulnerable to numerous exploits and vulnerabilities as well as locate Private, sensitive information about others, such as credit card numbers, social security Numbers, and password.

Google hacking involves using Google operators to locate specific strings of text within search results.

Hackers can get a copy of sensitive data even if plug on that vulnerable web server is pulled off and
they can crawl into entire website without even sending a single packet to server by the method of Google Hacking.

Using Google as a Proxy Server.

Google sometimes works as a proxy server which requires a Google translated URL and some minor URL modification.

Translation URL is generated through Google’s translation service located at www google com/translate service, located at www.google.com/translate _ t

If URL is entered in to “Translate a web page” field, by selecting a language pair and clicking on Translate button Google will language pair and clicking on Translate button, Google will translate contents of Web page and generate a translation URL

Google Web page translation.

Directory Listings.

In Google Hacking A directory listing is a type of Web page that lists files and directories that exist on a Web server.

It is designed such that it is to be navigated by clicking directory links, directory listings typically have a title that describes the current directory, a list of files and directories that can be clicked.

Just like an FTP server, directory listings offer a no-frills, easy-install solution for granting access to files that can be stored in categorized folders

Problems faced by directory listings are:

They do not prevent users from downloading certain files or accessing certain directories hence they are not secure.
They can display information that helps an attacker learn specific technical details about Web server.
They do not discriminate between files that are meant to be public and those that are meant to remain behind the scenes.
They are often displayed accidentally, since many Web servers display a directory listing if a top-level index file is missing or invalid.

Google directory listings.

Locating Directory Listings.

Since directory listings offer parent directory links and allow browsing through files and folders, attacker can find sensitive data simply by locating listings and browsing through them

Locating directory listings with Google is fairly straightforward as they begin with phrase “Index of,” which shows in tittle

An obvious query to find this type of page might be intitle:index.of, which can find pages with the term “index of” in the title of the document

intitle:index.of “parent directory” or intitle:index.of “name size” queries indeed provide directory listings by not only focusing on index.of I title but on keyboard =s often found inside directory listings, such as parent directory, name, and size.

Locating Directory Listings.

Finding Specific Directories.

This is easily accomplished by adding the name of the directory to the search query.

o locate To locate admin directories that are “admin ” directories that are accessible from directory listings, queries such as intitle:index.of.admin or intitle:index.of inurl:admin will work well, as shown in the following figure.

Locating Specific Directory

Finding Specific Files.

As the directory listing is in tree style, it is also possible to find specific files in a directory listing.

To find WS_FTP log files, try a search such as intitle:index.of ws_ftp.log, as shown in the Figure below:

Finding Specific Files

Google Hacking-Advanced Operator.

intitle:index.of

intitle:index.of is the universal search for directory listings. In most cases, this search applies only to Apache-based servers, but due to the overwhelming number of Apache derived Web servers on the Internet, there is a good chance that the server you are profiling will be Apache-based.

Intile:index.of

List of Advance Operators for google hacking

Google Advance operator.

There number of operators for Google hacking. One should know to use these operators wisely to get the maximum data from the query on the search bar.

CYBER BUDDY

Google Hacking - Everything to wanted to about.

Google Hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.

Using Google as a Proxy Server.

Directory Listings.

Locating Directory Listings.

Finding Specific Directories.

Finding Specific Files.

Google Hacking-Advanced Operator.

intitle:index.of

Post a Comment

0 Comments

Popular Posts

What are DOS and DDoS Attacks ? - with Practicals.

Kick anyone out from a Wi-Fi Network (DeAuth Attack)

7 Easiest Ways to Make Money Online from Home

Featured Post

Kick anyone out from a Wi-Fi Network (DeAuth Attack)

Recent Posts

Categories

Footer Menu Widget

CYBER BUDDY

Google Hacking - Everything to wanted to about.

Google Hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.

Using Google as a Proxy Server.

Directory Listings.

Locating Directory Listings.

Finding Specific Directories.

Finding Specific Files.

Google Hacking-Advanced Operator.

intitle:index.of

Related Posts

Post a Comment

0 Comments

Popular Posts

What are DOS and DDoS Attacks ? - with Practicals.

Kick anyone out from a Wi-Fi Network (DeAuth Attack)

7 Easiest Ways to Make Money Online from Home

Featured Post

Kick anyone out from a Wi-Fi Network (DeAuth Attack)

Recent Posts

Categories

Footer Menu Widget