www.i4info.org

i4info Provides the best hacking Material. Latest hacking tutorials and tools are available here. It is the best place for hackers.

Latest topics

» BitCoin Wallet stealor New
Yesterday at 7:46 pm by Admin

» Muhammad Shahroze Rashid | Marketing Consultant
Yesterday at 1:48 pm by Admin

» Muhammad Shahroze Rashid | Sharp Mind, Sharp Innovations
Yesterday at 1:47 pm by Admin

» How to design an effective job ad
Yesterday at 1:45 pm by Admin

» Teen Patti Gold Hack & 3 Patti Chips Code Extra Bonus 2016
Tue Dec 06, 2016 4:38 am by shoytan er lara

» Content Marketing | Promotional Video
Fri Dec 02, 2016 2:45 pm by Admin

» How to start an Online Business | Complete Guide
Fri Dec 02, 2016 2:30 pm by Admin

» Zeeshan Bhatti
Wed Nov 30, 2016 3:18 pm by Admin

» USAA letter for scam page
Tue Nov 29, 2016 4:20 am by Hardyjsh1966

December 2016

MonTueWedThuFriSatSun
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendar Calendar

Affiliates


free forum

Forumotion on Facebook Forumotion on Twitter Forumotion on YouTubeForumotion on Google+

Visitors Counter


Flag Counter

About Author

Muhammad Shahroze Rashid
i4info
Web Developer
Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Auditor, a keen Security researcher.
samanabad
lahore, Punjab
54000
Pakistan
[email protected]
03064904829
DOB: 05/25/1992
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid is a Web Developer and Designer, Android Developer, InfoGrapher, IT consultant and Researcher
Reviewed by Google
Google
Date published: 01/19/2016
9 / 10 stars
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Audito
samanabad
lahore
Punjab
54000
Pakistan

How To Use Google For Hacking?

Share

Admin
Admin

Posts : 455
Reputation : 5
Join date : 2014-12-10
Age : 24
Location : Pakistan

How To Use Google For Hacking?

Post by Admin on Fri Sep 02, 2016 12:37 am






Google Hacking is the method to access information that’s publicly available, but not intended for public distribution. Using certain intelligent search techniques, one can land unexpected results on Google search page. Here, we’ve compiled a list of the most popular Google Hacking techniques mentioned in NSA’s hacking eBook. These methods include the use of file types, stock phrases, numrange etc. in the search process.



In the past, we have told you about many [You must be registered and logged in to see this link.]to up your game and find content effectively on the web. The government cyber spies and hackers also use these search engines to extract useful information.Obviously, these search tricks are a little bit more advanced. Back in 2013, the National Security Agency released an eBook, uncovering new methods to search the intelligence information on the web.

Named [You must be registered and logged in to see this link.], this 643-page guide is full of useful advice regarding how to use the Internet Archive, search engines, public websites etc. The most interesting part of this book is titled “Google Hacking”.

What is Google Hacking? How does it work?


The NSA’s guide describes Google ( or any search engine) Hacking as follows:

“Google hacking” involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.”


It’s basically a clever and legal method of finding information that’s not available on the public internet.

If you want to understand how Google Hacking works, you need to read [You must be registered and logged in to see this link.]. Thanks to its spiders, a search engine like Google can access and index all the parts of a website if a “door” is open. With the help of aRobot.txt file, webmasters have the power to restrict the search engine spiders.

Very often a webmaster fails to configure the Robot.txt file properly. This situation worsened a couple of years ago when Google started indexing file types like PDF, Word, Excel, Access, Excel etc.

Many of the organizations still don’t prevent their sensitive data and files. Thus, tons of useful information is bound to appear in Google’s database.

The information accessed using Google Hacking:


What if I tell you that you can get your hands on a plenty of shocking information using Google hacking? This data usually falls under these categories:

  • Personal and financial info

  • User ID, computer account logins, passwords

  • Private, or proprietary company data

  • Sensitive government information

  • Flaws in websites and servers


Common Google Hacking techniques:[You must be registered and logged in to see this link.] 300w" alt="google hacking 3" width="578" height="443" />


These techniques are an excellent and unconventional method to discover sensitive information. Let’s tell you about some of the most common ones.

Search using file types, keyword, and site type:


Many websites and organizations store their financial, personnel, etc., data in Microsoft Excel format. So, here’s how you need to look for some sensitive information of a South African company. Don’t forget to include keywords like Confidential, Budget etc.

[filetype:xls site:za confidential]


[You must be registered and logged in to see this link.] 300w, [You must be registered and logged in to see this link.] 768w, [You must be registered and logged in to see this link.] 600w" alt="google hacking 3" width="563" height="393" />

Use stock words and phrases:


Along with file types like Excel, Word, or PowerPoint, you are also advised to use stock words and phrases like do not distribute, confidential, proprietary, not for distribution, etc.

Look for files containing login information:


You need to search for files containing login, password, and userid information. It’s interesting to note that even foreign websites usually use these terms in English. So a search for a spreadsheet file might look like:

[filetype:xls site:ru login]


Misconfigured web servers:


Very often Google contains directories that are not intended to be on the web. In Google Hacking, these servers provide a rich set of information. To exploit this error, one should use this format:

[intitle:”index of’ site:kr password]


[You must be registered and logged in to see this link.] 300w, [You must be registered and logged in to see this link.] 768w, [You must be registered and logged in to see this link.] 600w" alt="google hacking 3" width="562" height="379" />

Numrange search:


NSA describes Numrange search as one of the “scariest searches available through Google. It uses 2 number separated by 2 dots and no spaces. A user can use it with search keywords and other search options. For example:

[site:[You must be registered and logged in to see this link.] 617..780]


For more detailed information on these searches, you read the Google Hacking chapter in NSA’s eBook.

Google Hack to search inside websites requiring registration:


Very often some websites ask you to register to view its contents. For that, you can use Google hacking to view contents without registration. You can try these queries or something similar:

[site:[You must be registered and logged in to see this link.] inurl:database]



[site:[You must be registered and logged in to see this link.] inurl:directory]



[site:[You must be registered and logged in to see this link.] inurl:index]



[site:[You must be registered and logged in to see this link.] inurl:companies]


Search in the native language:


With more and more people on the internet, people are becoming lesser dependent on English. Now millions of websites don’t use languages written in the Latin alphabet. So, a search made in native language has the more probability of returning the expected result.

The NSA eBook explains more techniques that could be applied to any search engine. You can [You must be registered and logged in to see this link.]and learn some new Google Hacking tricks.











    Current date/time is Thu Dec 08, 2016 10:46 am