Advanced Google Hacking...???
Results 1 to 6 of 6

Thread: Advanced Google Hacking...???

  1. #1
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065

    Post Advanced Google Hacking...???

    I am in no way, shape, or form responsible for what you do with this information, this information is soley for educational purposes only.

    Introduction

    Well, you look at the title and I’m sure your all like “Not another google hacking tutorial…”. You might all think that google hacking is pretty much dead, admins have gotten smart. Well, the fact of the matter is, Google hacking is very far from dead, and a lot of admins are super far from being smart. The new virus that uses google’s searching power to find vulnerable sites just proves this point.

    Now I have realized that there is a good tutorial on Google Hacking on AO already, and if you have not seen it you can find it here:

    http://www.antionline.com/showthread...readid=257512&

    This tutorial is different then that one and many others though, I am not simply going to show you what google can be used for, that has already been covered a ton of times. I am not going to simply show you “Index of” +htpasswd either, that to has been shown tons of times. I’m not going to teach you basic google operators and commands. Those have already been covered numerous times on AO and on google itself. They can be found here:

    http://www.google.com/help/refinesearch.html

    and here:

    http://www.google.com/help/operators.html

    So What The Hell Is This Tutorial About?

    In this tutorial I am going to cover an advanced side to google hacking… If that makes sense… I see a lot of google tutorials telling you to go for the “Index of” +htpasswd and other password files. Most of these are shadowed anyway. Well, I’m going to base this tutorial on combinations. That’s right, combinations.

    Combinations

    You can’t Google Hack like you used to these days. A couple years ago all you had to do was search for inurl:admin.asp and you would have gotten hundreds of sites that were vulnerable. But these days that just gives you a bunch of crap, like companies trying to sell you their administrator software and such… Now you have to think of a combination of search commands and keywords to craft together to get what you want.

    Now lets think about this for a minute… What exactly do we want? Admin login pages? Nah… Password lists? Maybe but… nah… Ah! I know… Lets try for administration pages! You know, the pages that allow the administrator to edit, delete, and configure things on their website?
    First things first, we need a base keyword, how about:

    inurl:edit

    Not much luck. Lets try adding something to it, but what? We obviously want something that will edit a site. How about we add +intitle:admin to the search?

    inurl:edit +intitle:admin

    Hmm... Doesn't look good. Looks like just a bunch of manuals and instructions. You might find something there but doubtful, there's just to much junk there. Looks like we need to add in a couple of things. Lets look for a specific file extention. We do this with the filetype command. How about we add the command filetype:asp.

    inurl:edit +intitle:admin +filetype:asp

    Now what we are doing is searching for only files that are asp's and have "edit" in the url and "admin" in the title. We enter this in google and we do get some administration areas, but there is still alot of demos and manuals and other junk. We also get alot of Admin login's, which aren't bad, but we want to bypass the login screen. How do we do that? Well lets add a -login -password to the search:

    inurl:edit +intitle:admin +filetype:asp -login -password

    BINGO! This search gives you a bunch of sites that you can get admin access to. We are happy with those results, but you should try to spice things up a bit. Like adding quotes and *'s to some things:

    inurl:"*edit*" +intitle:"*admin*" +filetype:asp -login -password

    This gives you some other intersting things as well. I think everyone knows what the quotes do, but I don't think alot of people know what the *'s do. Well, when they are added that means as long as "edit" is within ANYTHING google will show it. Like for instance:

    inurl:"*edit*"

    Might bring up a site with the url as /frontpage_edit .asp. Get the point? This could be used to find a certain software your trying to exploit. For example:

    intext:"Powered by*"

    The possibilities are endless!

    Conclusion

    Well, thats that. I wrote this tutorial to kind of be an extension of the one written before here on AO and to once again show the power of google and at the same time show that google hacking is not dead. There is so much more to explain, so many other ways to do such things and even more! Go and explore on your own using different combinations. Look at all the poorly configured sites. But don't exploit them! Just because you can copy and paste that search string and then find a vulnerable site and deface them or steal information does not make you some super l33t h4ck3r d00d. I almost didn't write this tutorial because I was afraid it would to easy for a dishonest person on this site to mess things up. We don't need any more skiddies defacing sites and yappin their gums off about their political views (dr. toker will agree ). If you want to be a true white hat contact the admin and tell him of his problem.

    BTW, if you guys were interested, that worm that used google to spread did a real number! Google this:

    intitle:"This site is defaced!!!" intext:"NeverEverNoSanity WebWorm generation"
    I am the uber duck!!1
    Proxy Tools

  2. #2
    Banned
    Join Date
    Apr 2004
    Posts
    410
    well this is some thing that i din't know about.

  3. #3
    Member
    Join Date
    Dec 2004
    Posts
    45
    Very interesting tutorial. Good Write up.

  4. #4
    Senior Member
    Join Date
    Jan 2005
    Posts
    128
    This gives you some other intersting things as well. I think everyone knows what the quotes do, but I don't think alot of people know what the *'s do. Well, when they are added that means as long as "edit" is within ANYTHING google will show it. Like for instance:

    inurl:"*edit*"
    Question: I dont really know what the quotes mean. I thought they ment keep those words together, but because your only quoting one word, it wouldn't make a difference.

    Unless you can only place *'s with "" ?
    Or Google uses quotes to only search displayed text ?
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Go Here: http://johnny.ihackstuff.com/ for all Google hacking needs.
    Quis custodiet ipsos custodes

  6. #6
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Question: I dont really know what the quotes mean. I thought they ment keep those words together, but because your only quoting one word, it wouldn't make a difference.

    Unless you can only place *'s with "" ?
    Or Google uses quotes to only search displayed text ?.
    double cut, you are correct about the quotes. I just find that using quotes with the "inurl" command and other commands produces cleaner results. It's really kind of my personal searching habits, and good habits at that .

    And no, you can use the *'s in and without quotes.
    I am the uber duck!!1
    Proxy Tools

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •