Until now we have concentrated our efforts on simple file finding methods using the google search engine and certain search commands.
Our goal now is to give you a wider understanding of a thing called “google hacking”. This time we will give you a basic understanding of whats possible and how to achieve this.
Before we start with the essay I want you to make sure that you understand that every move you make on the internet leaves traces that can be used to identify you. I will write a tutorial about “anonymous surfing” soon. This article encourages no one to hack into servers that you don´t own or have the permission to hack.
Lets start by asking some questions. Besides Google and the knowledge of search commands – what do you need to do some hacking with google ?
The answer is simple, you need a vulnerability that you can search for. There are lots of sites that posts vulnerabilities, also known as exploits. I will name two that you can use as a start, you know how to use google to find more.
Packetstormsecurity.org
Securiteam.com
Lets use the packetstorm site as an example. When you open it you see lots of tables starting with filename ending with MD5 Checksum. Whats interesting to us is a) the filename and b) the description.
The description gives a short exerpt of what this exploit is about. Interessing for google hacking are only eploits that are web based or web connected. That means the first exploit for winrar 3.5 is not what we are looking for. The second in the list is more of our liking.
The description read “e107 content management system versions 0.617, 0.6171, 0.6172 resetcore.php utility SQL Injection, login bypass, remote code execution, and cross site scripting exploit.”
When we click the filename we see a textfile with lots of information about this exploit. I won´t give you information about the type of exploit (sql injection) because this time I only explain how you find new exploits and search for them using google.
The interesting line for us atm is “move to http://[target]/[path]/e107/e107_files/resetcore.php” and “e107 0.617 stable/ 0.6171 / 0.6172″
we see a filename and some folder names. in the first one and release numbers in the second one.
Using this information we open up google and enter one of the following strings, think of more if you like.
inurl:resetcore.php
“e107 powered website v0.617″
If you search for the first line make sure you check the version of the script first, second line automatically looks for the script that is vulnerable, you will have to navigate manually to the resetcore.php file
Thats all there is to do, you know now where to look for new vulnerabilities and how to use google to find vulnerable files.
There are other ways of looking for exploits, but those are for the advanced users, they find their own, for example by looking at the source code files.
If you really want to learn more try to find some sites with other exploits using google. You can also lookup what SQL Injection for instance means.
let me know if you have any problems following this article or comments about it.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Google Real-Time SpamGoogle Real-Time Search
Google Hacking Diggity Project, Vulnerability Alerts Per RSS
Google Launches Real-time Search
Google+ Rolls Out Hashtag and Real-time Search Support