This article was collected and compiled online by me. If there are loopholes or incomplete areas, please give me some advice!
Google hacking is not actually a new thing. At that time, it was not valued. It was believed that webshell or something had no practical use. google hacking was not actually
So simple...
Simple implementation of google hacking
Using some syntax in Google can provide us with more information (of course, it also provides more what they want to those who are accustomed to attacking.), let’s introduce some commonly used syntaxes below.
intext:
This is to use a character in the main content of the web page as a search condition. For example, enter:intext:Dongwang in Google. It will return all web pages containing "Dongwang" in the main part of the web page.
.allintext: The usage method is similar to intext.
intitle:
It is similar to the above intext, search for whether there are the characters we are looking for in the web page title. For example, search for: intitle: Security Angel. It will return to all web page titles containing "Safe Angel"
Page. Similar to allintitle: Similar to intitle.
cache:
Search Google for caches about certain content, and sometimes you may find some good things.
define:
Searching for the definition of a certain word, searching for:define:hacker, will return the definition of hacker.
filetype:
I would like to recommend this, whether it is a net attack or what we will talk about later, search for a file of the specified type. For example, enter
:filetype:doc. will return all file URLs ending with doc. Of course, if you look for .bak, .mdb or .inc, the information you get may be richer.
info:
Find some basic information about the specified site.
inurl:
Search for whether the character we specified exists in the URL. For example, enter: inurl:admin, and N connections similar to this:/xxx/admin are returned to find the administrator to log in.
Lu's URL is good. Allinurl is similar to inurl, and can specify multiple characters.
link:
For example, search: inurl: can return all URLs that have been linked.
site:
This is also useful, for example: site:. will return all URLs related to this site.
By the way, there are some * talismans that are also very useful:
+ Put the font columns that Google may ignore, such as query scope
- Ignore a word
~ Agree
.Single wildcard
* Wildcard symbols, which can represent multiple letters
"" Accurate query
Let’s start talking about practical applications
All the following contents are searched on Google. For an attacker with ulterior motives, he may be most interested in password files. And Google's powerful search capabilities often
Disclose some sensitive information to them. Use Google to search for the following content:
intitle:"index of" etc
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of"
intitle:"index of"
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of"
intitle:"index of" htpasswd
"# -FrontPage-" inurl:
Sometimes for various reasons, some important password files are exposed to the Internet without protection. If they are obtained by people with ulterior motives, then the harm is very great.
You can also use Google to search for some programs with vulnerabilities. For example, ZeroBoard found a file code leak some time ago. You can use Google to find websites that use this program online.
point:
intext:ZeroBoard filetype:php
Or use:
?_zb_path= site:.jp
Let's find the page we need.phpmyadmin is a powerful database software. Due to configuration errors in some sites, we can directly enter phpmyadmin without using password.
Let's do it. We can use Google to search for the program URL with such a vulnerability:
intitle:phpmyadmin intext:Create new database
Remember /_vti_bin/..%5 ... ystem32/?dir? Use Google to search, you may find a lot more.
Antique-grade machine. We can also use this to find pages with other cgi vulnerabilities. allinurl: winnt system32
I have briefly mentioned earlier that you can use Google to search database files, and use some syntax to accurately find more things (access database, mssql, mysql connection files.
So for an example:
allinurl:bbs data
filetype:mdb inurl:database
filetype:inc conn
inurl:data filetype:mdb
intitle:"index of" data //This often happens on some servers with incorrect configurations of apache+win32. Like the above principle, we can also use Google to find it.
tower.
Using Google can completely collect and penetrate information on a site. Let’s use Google to test a specific site.
First, use Google to view some basic situations of this site (some details are omitted):
site:
From the returned information, find the domain names of several departments and colleges of the school:
By the way, I pinged it, it should be on different servers. Schools usually have a lot of good information. Let's see if there is any good stuff.
site: filetype:doc
Google hacking is not actually a new thing. At that time, it was not valued. It was believed that webshell or something had no practical use. google hacking was not actually
So simple...
Simple implementation of google hacking
Using some syntax in Google can provide us with more information (of course, it also provides more what they want to those who are accustomed to attacking.), let’s introduce some commonly used syntaxes below.
intext:
This is to use a character in the main content of the web page as a search condition. For example, enter:intext:Dongwang in Google. It will return all web pages containing "Dongwang" in the main part of the web page.
.allintext: The usage method is similar to intext.
intitle:
It is similar to the above intext, search for whether there are the characters we are looking for in the web page title. For example, search for: intitle: Security Angel. It will return to all web page titles containing "Safe Angel"
Page. Similar to allintitle: Similar to intitle.
cache:
Search Google for caches about certain content, and sometimes you may find some good things.
define:
Searching for the definition of a certain word, searching for:define:hacker, will return the definition of hacker.
filetype:
I would like to recommend this, whether it is a net attack or what we will talk about later, search for a file of the specified type. For example, enter
:filetype:doc. will return all file URLs ending with doc. Of course, if you look for .bak, .mdb or .inc, the information you get may be richer.
info:
Find some basic information about the specified site.
inurl:
Search for whether the character we specified exists in the URL. For example, enter: inurl:admin, and N connections similar to this:/xxx/admin are returned to find the administrator to log in.
Lu's URL is good. Allinurl is similar to inurl, and can specify multiple characters.
link:
For example, search: inurl: can return all URLs that have been linked.
site:
This is also useful, for example: site:. will return all URLs related to this site.
By the way, there are some * talismans that are also very useful:
+ Put the font columns that Google may ignore, such as query scope
- Ignore a word
~ Agree
.Single wildcard
* Wildcard symbols, which can represent multiple letters
"" Accurate query
Let’s start talking about practical applications
All the following contents are searched on Google. For an attacker with ulterior motives, he may be most interested in password files. And Google's powerful search capabilities often
Disclose some sensitive information to them. Use Google to search for the following content:
intitle:"index of" etc
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of"
intitle:"index of"
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of"
intitle:"index of" htpasswd
"# -FrontPage-" inurl:
Sometimes for various reasons, some important password files are exposed to the Internet without protection. If they are obtained by people with ulterior motives, then the harm is very great.
You can also use Google to search for some programs with vulnerabilities. For example, ZeroBoard found a file code leak some time ago. You can use Google to find websites that use this program online.
point:
intext:ZeroBoard filetype:php
Or use:
?_zb_path= site:.jp
Let's find the page we need.phpmyadmin is a powerful database software. Due to configuration errors in some sites, we can directly enter phpmyadmin without using password.
Let's do it. We can use Google to search for the program URL with such a vulnerability:
intitle:phpmyadmin intext:Create new database
Remember /_vti_bin/..%5 ... ystem32/?dir? Use Google to search, you may find a lot more.
Antique-grade machine. We can also use this to find pages with other cgi vulnerabilities. allinurl: winnt system32
I have briefly mentioned earlier that you can use Google to search database files, and use some syntax to accurately find more things (access database, mssql, mysql connection files.
So for an example:
allinurl:bbs data
filetype:mdb inurl:database
filetype:inc conn
inurl:data filetype:mdb
intitle:"index of" data //This often happens on some servers with incorrect configurations of apache+win32. Like the above principle, we can also use Google to find it.
tower.
Using Google can completely collect and penetrate information on a site. Let’s use Google to test a specific site.
First, use Google to view some basic situations of this site (some details are omitted):
site:
From the returned information, find the domain names of several departments and colleges of the school:
By the way, I pinged it, it should be on different servers. Schools usually have a lot of good information. Let's see if there is any good stuff.
site: filetype:doc