How Google Hacking can put you at risk;
Every once in a while I stop to think; “should I even write this post?”. The issue being that sometimes highlighting something might give the baddies ideas, even though we’re trying to educate folks against the risk. The last time we ventured into that realm was a post a wile back on how hackers were hiding scripts in PNGs to inject links into a site
Today is another one of those moments as we’ll be talking about ‘Google Dorks’, also known as Google Hacking. I prefer the dork version because you’d have to be a “dork” to leave this kind of information out there for Google to digest.. Here’s more legit definition from Wiki;
“Google hacking, also named Google dorking, is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.” – Wikipedia . It was originally named as such by good ol’ Johnny Long (those that know their history of the dark-kside, should remember him).
Accessing Sensitive Documents
The reason I decided to write about this is because I was showing my wife and a friend the power of it the other night and they were a bit amazed. I realized that it might not be as commonly known about as I thought it was. So, let’s go look at a few examples;
Google Query; filetype:pdf not for public release
And with that simple one we can see some documents from;
- The Australian government
- Standford
- New Zealand Treasury dept
- Canadian Gov
- And lots more…
But hey, that one is fairly simple. So, let’s step up our game a bit shall we?
Google query; filetype:”xls | xlsx | doc | docx | ppt | pptx | pdf” site:gov “FOUO” | “NOFORN” | “Confidential”
This time we can see some documents from locales such as;
- Nasa
- NJ Government
- US courts Gov
- Oregon Gov
You get the idea. Of course if we wanted to target some more specific sites we could add in the inurl: modifier to tighten up the results we’re after. In short, there is no limit to the combinations of advanced search operators we can play with here.
Website Hacking
Another way that this can be used for evil, that’s directly important to YOU, the website owner or manager, is actually hacking your website. This is far more common a use for Google Dorking (also know as Google hacking). You’d be surprised at how easy this is.
To really get a sense of it, you really should go spend some time looking about the Google Hacking Database; go here to get started
As an example, let’s go find some unprotected PHPmyAdmin (from which we can create our own database on a site);
Google Query; “Welcome to phpMyAdmin” AND ” Create new database”
Want more? Try these…
- Want to find some live camera views? Try; inurl:”viewerframe?mode=motion”
- Running a server on your local computer? No probs… intitle:”index of” “parent directory” “desktop.ini” site:dyndns.org
- How about accessing some personal directories? Sure, why not… intitle:”index.of.personal”
Again, this is just a few simple examples… there’s far more in the GHDB.
As you can see there is a TON of ways that this can be used. Be afraid… be VERY afraid lol. There are also a TON of resources on that site from tools to various research papers. It’s entertaining and frightening all at the same time lol.
Protecting yourself
So, what can you do to protect your website from these types of malicious attacks? Let’s look at some…
- txt – make sure that Google is blocked from ALL sensitive directories
- Go Dork yourself – easy enough, use the site: operator and some Dorks on your own site
- Site Digger – apparently it’s hooked up to the Google Hacking DB- here and here
- Google Hack HoneyPot – another tool that you can use
- Pentest also has a tool to dig into a specific domain
- Avoid putting sensitive information online
- Keep software up to date
- Employ protection tools such as WordFence etc
- Use a VPN or IP filters on sensitive directories
- Password protected directories
- Make sure your hosting isn’t crap lol
And there we have it folks. This is some serious and important stuff that I really felt you might want to know about. It’s been around a LONG time and isn’t going away anytime soon. Be aware and be vigilant.
Oh and don’t shit on my head for publishing some of the examples, it’s publicly available and these peeps shouldn’t be such Dorks… (see what I did there? Hehe)
More stuff;
- More Google Dorks
- Google Advanced operators
- Larger list of advanced operators
- FBI Memo from 2014 about it
- Homeland security info on it
Happy Dorking everyone!!