Use Google like a Dork!

Written By Alex Phinn

Today we are going to hack google…..well, not really. What we are actually doing is using the built-in search filtering of Google, Bing, and other search engines.

How does a web search engine work?

A search engine is a program that takes in a word or phrase that you input and then scans the internet for websites, images, and documents that have keywords that match. It then lists the results on the webpage. 

This scanning process is also known as crawling, because the program that is scanning is called a spider.

Engineers like puns. Get it a spider crawling the World Wide Web.


What is Google Dorks?

Google Dorking/ Google Hacking is a technique the uses phases called operators to look for specific information on the internet. 

Below is the Wikipedia site that has a list of the operators.

https://en.wikipedia.org/wiki/Google_hacking


Lets get to dorking

In this example, We are looking for documentation about a Tp-link Archer router. Below is the initial search.

Screen Shot 2020-06-26 at 12.30.08 PM.png

We get a large number of results returned in our search.

A good start, but we do not want to spend time clicking through the site to find our documents. So let us narrow the search a bit with the operators inurl: and filetype:

Screen Shot 2020-06-26 at 12.36.10 PM.png



Nice we are no down to 366 and the search finished quicker 0.12 seconds. Looking further down the page we have a direct link to the pdf we want to download for the 3rd choice (You always want the latest documentation). Easy!!

The reason that this was faster is because we gave the search engine a specific set of parameters to look for. Telling it to skip urls that don’t match the inurl: parameter and are not PDF documents (filetype:).

I use this most of the time to find documents for devices I have where I threw them out or if the Ikea instructions are missing.


Why should you worry about this?

Like all things hacking, there is a dark side. Google Dorking is how some scam artist gets their information about their targets. Imagine if someone searches for a resume. Now they can get a personal email address or even guess a work email to send malicious emails.


They can even use this to find IoT devices like a nest with weak security protocols to hack into.

https://www.hackread.com/printers-hacked-to-promote-pewdiepie-youtube-channel/

Even some companies have gotten hacked from theses techniques. Because hackers found "hidden" login pages with weak/default passwords to get into their websites and databases.

https://www.welivesecurity.com/2018/02/22/unsecured-amazon-s3-buckets-expose-private-data/


Knowledge is power. Use that power to keep yourself safe.

Alex Phinn
Previous

VPNs What? why? where?
Next

The best trick to troubleshooting