Lab 4 - How to use Google dorks? Assignment Help

Lab 4 -How to use Google dorks?

Google is the most popular search engine that helps in information gathering & lots of other purposes. Cybersecurity professionals and cybercriminals both leveragethis search engine to do a lot of malicious actions & search lots of different sites and services that reside on the surface web & are crawled by the Google search engine's spider.

WhatisGoogle Dorking?

Google Dorking is a technique of hacking wherein the hacker can make advanced searches through specific queries in the search service to identify valuable data on the surface web or content that is hard to find through regular search. Often hackers call this technique Google hacking since they use the Google search engine to do the hack. At the core of this technique the hacker uses explicit modifiers to search queries.

Users can also leverage specific commands like "filetype", "intext", &"site"for getting various detailed search results. Security experts and cybercriminals can use this dorking technique to obtain or extract information about any target system or unauthorized data to exploit security vulnerabilities in apps and websites.

Howto use GoogleDorks?

It is easy to use Google dorks as we only need to write a dork in Google's search bar andpress'Enter.' There are different Google Dorking commands that help us search for any information on Google. The list of the most commonly used Google Dorks is as follows:

Google Dorks Queries:

  1. site:

"site:" is a command for the Google search engine. It helps search all the websites containing informationregardinganyspecificentity.IntheGooglesearchbar,wewilltype"site:"Wecan use other Google dorking commands to narrow our search results. Google will restrict the search results to those websites which provide us with the required information.

At this,we can take an example to know how this command works.Let us say a person wants to buy an android phone and is searching for a mobile phone,which is introduced laterin2022.

After getting a list from the search results,here viewed the pages and found that Xiaomi Redmi 102022,RealmeQ5Pro,SamsungGalaxyA13,etc.,aremostlypreferred.Hisnextstepwould be to collect more relevant information about these mobile phone brands from genuine websites. Here, the "site:" Google command will come into action. It will help him find the most relevant and accurate information by narrowing down the search to some specific websites only.

 

Let us take one more example of this Google Dorking command"helpsite:www.google.com," which will search for pages specifically about help in www.google.com. Also, the "help site: com" will search for pages about help service in ".com urls."

 

ImportantNote:We need to write the"site:"and the domain name with out any space between them, or it will not work.

 

Syntax:

https://i.stechies.com/1447x977/userfiles/images/google-dorks.png

 

  1. filetype:

File type is one of the popular fundamentals of Google Dorking. It helps to separate a large number of files.With the help of this command,we can easily find the pdf,jpeg,gif, etc., Google files. It can also filter log files for us.

Log files are advantage ousfor collecting information associated with an organization because the searethefilesthatmaintainrecordsofalltheeventsthattakeplaceinanorganization.We need to write the command mentioned below in the search bar to access the simple log files.

Syntax:

  
 Text Box: filetype:log

It willprovideuswithall typesoflogfiles.Butthiswillnotbeofgreathelpas long aswetry to narrow down our search using specific filters.3.

  1. intex tandallin text:

We can use this command to find any specific text within the search result of the web pages. Generally,wecanusethe"intext:"intwoways.Thefirstiswecangetasinglekeywordinthe search results and the second method is to obtain multiple keywords in the search.

 

Forthefirst method,the syntax forthe "intext:" command is:

  
 Text Box: intext:usernames

 

In the second method, we can use the "allintext:" command in place of "intext:" and separate the key words using a single space.Ifwetypeandenterthe"allintext"inthesearchbar,Google will add all the relevant pages in the search result with the keywords mentioned in the query. For this reason,we need to write these commands with appropriate keywords so that our search results do not lack the essential information.

Suppose we want to search for some web pages containing information related to usernames and passwords, and then we will write the query as follows:

  
 Text Box: allintext:"username""password"

 

Syntax:

intext:domainnameor allintext:domainname

  1. ext:

When we need to find out the documents of specific type, we can use the "ext:" dork. Ext is a command that we use to define file extensions. It functions like a "filetype:" command. For example: site:https://www.google.com/ ext:pdf

Google Search Operators:

  1. cache:

Google records both the current and previous versions of webpage sinitscache,and some times these pages can provide us with a lot of information about the various domains like technical, educational, and others. It also reveals information initially used for testing pursuits only, which were removed later in the later versions but are still available in these versions, which we can access through Google's cache.

The "cache:www.google.com web" will display the cached content with the term "web" highlighted. We can also access this functionalityof Google by clicking onthe "Cached" link on Google's main page with the search results. The query "cache:" will provide the version of the web page Google stored in its cache.

Syntax:

forfinding outGoogle'scacheonthe Google homepage

  
 Text Box: cache:www.google.com

 

  1. link:

This command helps find the list of all the relevant web pages that have links indicating the Facebook homepage.

 

Syntax:

  
 Text Box: link:www.facebook.com

 

  1. info:

Using this Google dorkquery,we can get there levant information about the domain name we will search for in the search bar.

Syntax:

  
 Text Box: info:www.twitter.com

 

  1. inurlandallinurl:

If we type "inurl:" in our query and press enter, Google will limit the results to documents having that word in the URL. For example, "inurl:facebook search" will provide those documents that mention the word"facebook"intheirURLand citetheterm"search"anywhere in those documents (URL). If we put "inurl:" before every word in the command is the same aswhenweput"allinurl:"atthefrontofthiscommand.Itmeans"inurl:facebookinurl:search" is the same as "allinurl: google search."

 

Syntax:

  
 Text Box: inurl:domainnameinurl:search allinurl:domainname search

 

  1. intitleandallin title:

The intitleisa command which we use when we need to separate the documents dependingon thetitlesofHTMLpages.TheHTMLpagescontainthosekeywordsintheirtitlethatdescribes the whole document. We can specifically use this Google Dork query to get what we want.

 

If we add "intitle:" in our query, Google will limit the results to documents having that word (words which we will use after the Google Dork query) in the title. When we put "intitle:" before every word in the command is the same as when we put "allintitle:" at the front of this command. It means"intitle:facebook intitle:search"is the same as “allintitle: google search.”
 

Thequery"intitle:facebooksearch"willreturndocumentsthatexplicitlycitetheword"facebook" in their title and mention the term "search" anywhere in those documents (URL).

Syntax:

  
 Text Box: intitle:domainnameinurl:search allintitle:domainname search

 

  1. define:

The query "define:" will provide us with definitions of those terms we enter after the query, collected from different online references. This definition will have all the terms in the exact order we typed them, i.e., the result will be for the whole phrase entered.

Syntax:

  
 Text Box: define:cybercriminals
  1. stocks:

Google treat so therqueriesas stocktickersymbols when using the"stocks:"query.Itwilllink to those webpages having stock nformation for those symbols.For example, "stocks:GOOGL"will show information about Google.

 

Note:We need to type the ticker symbol of the domain, not the company name.

Syntax:

stocks:ticker symbol of any domain

How to access online cameras using Google Dorks?

We can access live camera web pages that do not have IP to restrict using Google hacking techniques.I fa person is creative enough to work with Google Dork,they can also take control of the entire admin panel remotely. Even they can re-configure the cameras as they want to.

Syntax:

intitle:webcamXP5 
inurl:top.htminurl:currenttime
inurl:"lvappl.htm"

When we uset he "top. htm"intheURLwith the current date and time,we can fetch the list of live cameras that are publicly exposed.

Dork Command using Multiple Google Dorks:

We can used ifferent Google Dorks individually,where as we can also use more than one dork at atime.Itis known as composing multiple Google Dorks.Suppose we can use the"intitle:" querywith"filetype:"Itwillfilteroutallthedocumentsthatcontainthetitleandmentioned file format. For example, intitle:google filetype:pdfwhere Google will restrict the search result with documents satisfying the above queries.

We can also add other Google Dorks when we need further information, such as "allintext:" with “filetype:”

How to Explore LOG files for Login Credentials?

We can use this technique to find the .LOG files accidentally disclosed on the internet. It is generally a LOG file having indications about what the credentials of any system might be or information regarding various admin or user accounts that are present in the system.

Syntax:

How to Explore Open FTP Servers?

There are several reasons behind the cause of the internal information of the FTP(FileTransfer Protocol) getting published unintentionally. It is because of the absence of setting access permissionsintheFTP. We will be able to readily explore the publicly disclosed FTP Servers using the following dork command,which can also help to explore many other relevant pieces of information.

Syntax:

intitle:"indexof"inurl:ftp 
intitle:"indexof"inurl:httpafter:2021 
intitle:"forum"inurl:httpafter:2021 
    

Google Dorks for Hacking Purposes:

ThecybercriminalsandattackerswhowishtosearchbyadomainotherthantheURLcanuse theadvantageofGoogledorkqueries.ThelistoftheGoogleDorksforhackingpurposesisas follows:intitle:

  • intext:
  • inurl:
  • site:
  • define:
  • info:
  • link:
  • maps:
  • book:
  • weather:
  • movie:
  • phonebook:
  • related:

Questions:

  1. Find the page with title “admissions requirements” on your university website (sistc.edu.au). Once you found the page in the results, type in your full name before the command in the Google’s search box and take a screenshot as evidence. (use site and intitle commands)
  2. Find the pages that are linked to your university website (sistc.edu.au). Once you found the pagesintheresults,typeinyourfullnamebeforethecommandintheGoogle’ssearchboxand take a screenshot as evidence. (use link command)
  3. Find the login page on your university website (sistc.edu.au). Once you found the page in the results, type in your full name before the command in the Google’s search box and take a screenshot as evidence. (use site and inurl commands)
  4. Find all links to the PDF files on your university website (sistc.edu.au). Once you found the pagesintheresults,typeinyourfullnamebeforethecommandintheGoogle’ssearchboxand take a screenshot as evidence. (use site and filetype commands)

*The screenshots which do not show your name are not a cceptable.

Rubricin scale of 100

 ThequestionsareThequestionsareThequestionsareThequestionsareThequestionsare
 clearlyansweredandansweredandsupportedansweredandsupportedansweredandansweredwithout
 supportedwithwithevidencewithevidencesupportedwithevidence(screenshots)
Instructed activitiesevidence(screenshots)

(screenshots)with

minorerrorsand/oromissions

(screenshots)with one

majorerrorand/oronemajoromission

evidence

(screenshots)withmorethanonemajor

withmajorerrorsandomissions
    errorand/ormore 
    thanonemajor 
    omission 
 HD(85-100%)D(75-84%)C(65-74%)P(50-64%)F(0-49%)

 

Example invalid form file feedback

Join our 150К of happy users

Get original papers written according to your instructions and save time for what matters most.