Using GOOGLE, you instantly become a hacker

This article is collected and organized on the Internet. If you have any vulnerabilities or problems, please kindly advise!

Google hacking is actually not a new thing. At that time, google hacking didn't pay much attention to this technology and thought that webshell or something didn't have much practical use. google hacking is actually not

So simple...

Simple implementation of google hacking

Some google syntaxes can be used to provide us with more information (and, of course, to those who are used to attack more people they want .), the following describes some common syntaxes.

Intext:

This means that a character in the body of a webpage is used as a search condition. For example, if you enter intext in google, the system will return all webpages whose body contains "".

. Allintext: The usage is similar to that of intext.

Intitle:

Similar to the intext above, search for any characters in the webpage title that we are looking for. For example, search: intitle: Security angel. The system will return all web pages whose titles contain "Security Angel ".

Page. Similarly, allintitle: is similar to intitle.

Cache:

Search for the cache of some content in google, and sometimes you may find some good stuff.

Define:

Search for the definition of a word. Search: define: hacker. The definition of hacker is returned.

Filetype:

I would like to emphasize on this, whether it's a network-based attack or what we will talk about later on the side of the special survey? Search for files of the specified type. For example, enter

: Filetype: doc. All file URLs ending with doc will be returned. Of course, if you are looking for. bak,. mdb, or. inc, you can also obtain more information.

Info:

Query the basic information of a specified site.

Inurl:

Search whether the specified character exists in the URL. For example, if you enter inurl: admin, N Connections similar to this will be returned: http://www.xxx.com/xxx/admin, which will be used to find the administrator login.

The URL is good. allinurl is similar to inurl, and multiple characters can be specified.

Link:

For example, search: inurl: www.4ngel.net can return all URLs connected to www.4ngel.net.

Site:

This is also useful. For example, site: www.4ngel.net. will return all URLs related to this site of 4ngel.net.

By the way, some * operators are also very useful:

+ Display columns that may be ignored by google as the query range

-Ignore a word

~ Word of consent

. Single wildcard

* Wildcard, which can represent multiple letters

"" Precise Query

Let's start with the actual application.

The following content is searched on google. For a tested attacker, he may be most interested in the password file. However, google often has powerful search capabilities.

Expose some sensitive information to them. Use google to search for the following content:

Intitle: "index of" etc

Intitle: "Index of". sh_history

Intitle: "Index of". bash_history

Intitle: "index of" passwd

Intitle: "index of" people. lst

Intitle: "index of" pwd. db

Intitle: "index of" etc/shadow

Intitle: "index of" spwd

Intitle: "index of" master. passwd

Intitle: "index of" htpasswd

"#-FrontPage-" inurl: service. pwd

Sometimes some important password files are exposed to the network without protection for various reasons. If they are obtained by someone with ulterior motives, the harm is very great.

You can also use google to search for programs with vulnerabilities. For example, ZeroBoard found a file code leakage vulnerability some time ago. You can use google to find websites that use this program on the Internet.

Point:

Intext: ZeroBoard filetype: php

Or use:

Inurlutlogin. php? _ Zb_path = site:. jp

To find the page we need. phpmyadmin is a set of powerful database * software, some sites due to configuration errors, we can directly access phpmyadmin without using the password

Line *. You can use google to search for program URLs with such vulnerabilities:

Intitle: phpmyadmin intext: Create new database

Also remember http://www.xxx.com/_vti_bin/..%5... ystem32/cmd.exe? Dir? Search by google. You may find many more

Antique machines. We can also use this to find pages with other cgi vulnerabilities. Allinurl: winnt system32

As mentioned above, google can be used to search for database files. Some syntaxes can be used to precisely search for more things (access database, mssql, mysql connection files ).

For example:

Allinurl: bbs data

Filetype: mdb inurl: database

Filetype: inc conn

Inurl: data filetype: mdb

Intitle: "index of" data // This problem often occurs on apache + win32 servers with incorrect configuration. Like the above principle, we can use google to find it.

Platform.

Google can be used to collect and penetrate information on a site. Next we will use google to perform a test on a specific site.

First, use google to check some basic information about the site (some details are omitted ):

Site: xxxx.com

Find the domain names of several school departments from the returned information:

Http://a1.xxxx.com

Http://a2.xxxx.com

Http://a3.xxxx.com

Http://a4.xxxx.com

By the way, the ping should be performed on different servers. Schools generally have a lot of good information. First, check whether there are any good things.

Site: xxxx.com filetype: doc