logo

About Us

Ranger Exploit Community is an one of a kind corner to get simple and yet effective exploits for your own personal needs.
We aim to provide high quallity exploits with friendly and professional support.
If you have any question let us know immediatly by contacting us from the contact page.
Find us on social media

: ranger.exploit

: support@ranger-exploit.com

© Copyright 2017 Ranger Community.
All Rights Reserved

Google Hacking for PenTester

Ranger Exploit Community > Tips & Tricks  > Google Hacking for PenTester
Google Hacking for PenTester

Google Hacking for PenTester

Google Hacking the meaning of the original use of Google Google search engine to search for information technology and behavior, now refers to the use of various search engines to search for information technology and behavior.Google Hacking is not really anything new, in fact A few years ago I have seen in some foreign sites related to the introduction, but because at that time did not attach importance to this technology, that is only used to find the most unnamed mdb or others left the webshell or something, not too Big practical use.But some time ago carefully nibbled some information to suddenly find Google Hacking is not so simple.

[all]inurl
[all]intext
[all]intitle
site
ext,filetype
symbol: – . * |
boolean Epression: and or not
lang:”c++” define

Privacy Information

1. The user name and password

“create table” insert into” “pass|passwd|password” (ext:sql | ext:dump | ext:txt)
“your password * is” (ext:csv | ext.doc | ext:txt)

2. Key

“index of” slave_datatrans OR from_master

3. Privacy Password

“Begin (DSA | RSA)” ext:key
“index of” “secring.gpg”

4. An encrypted message

-“public | pubring | pubkeysignature | pgp | and | or |release” ext:gpg
-intext:”and” (ext:enc | ext:axx)
“ciphervalue” ext:xml

5. Chat Logs

“session start” “session ident” thomas ext:txt

6. Personal letters / e-mail

“index of” inbox.dbx
“To parent directory” inurl:”Identities”

7. Confidential files and directories

“index of” (private | secure | geheim | gizli)
“robots.txt” “User-agent” ext:txt
“this document is private | confidential | secret” ext:doc | ext:pdf | ext:xls
intitle:”index of” “jpg | png | bmp” inurl”personal | inurl:private

8. Online Webcam

intitle:”live View/ -AXIS” | inurl:view/view.shtml
inurl:”ViewFrame?Mode=”
inurl:”MultiCameraFrame?Mode=”
inturl:”axis-cgi/mjpg”
intext:”MOBOTIX M1″
intext:”Open Menu”
inurl:”view/index.shtml”

9. Description Identification private information

  1. allintext: name email phone address intext:”thomas fischer” ext:pdf
  2.    Twiki inurl:”View/Main” “thomas fischer”
  3. intitle:CV OR intitle:Lebenslauf “thomas fischer”
  4.    intitle:CV OR intitle:Lebenslauf ext:pdf OR ext:doc

10. username

ntitle:”usage Statistics for” intext:”Total Unique Usernames”

11. Unreliable procedures to disclose information

“php version” intitle:phpinfo inurl:info.php

12. SQL injection vulnerabilities and weak opening path

  1. “advanced guestbook * powered” inurl:addentry.php
  2. intitle:”View img” inurl:viewimg.php

13. Security Scan Report

“Assessment report” “nessus” filetype:pdf

14. Database program and error files

  1. “Welcome to phpmyadmin ***” “running on * as root@*” intitle:phpmyadmin
  2. “mysql error with query”

15. find records of these sites robots.txt screening

  1. “robots.txt” “disallow:” filetype:txt

16. Use this search string, you can get a lot of passwords and login account, search for these files password and account have not had encrypted

nurl:_vti_pvt “service.pwd”

17. VNC user info

  1. “vnc desktop” inurl:5800

18. View public network shared printer, you can check their status, set up, you can use some of them to print their own stuff

nurl:”port_255″ -htm

19. php admin access

  1. intitle:phpMyAdmin “Welcome to phpMyAdmin ***” running on * as root@*”

Some search engine parameter on Google

intext

This is the text content of the web page in the search conditions such as a character in google, enter: intext: Mobility will return all of the body of the page with “Mobility” website .allintext:. Use and intext similar.

intitle

And that almost intext search page title if there is we’re looking for character, for example search above: intitle:Safety Angel, will return all the page title contains the “Security Angels” website empathy allintitle: Similar with intitle

cache

search google cache in on something, and sometimes may be able to find some good things

define

The definition of a word search, search for: define: hacker, the hacker’s definition of return.

filetype

I recommend this to focus on, whether it is net attacks or behind us to say collect information on specific targets need to use this type of search for the specified input file, for example: filetype:. doc will return all doc ending file URL. of course, if you find .bak, .mdb, or .inc is also possible, the information obtained may be richer ?

info

Find some basic information about the specified site.

inurl

We search the specified character exists in the URL, for example, enter: inurl: admin. allinurl with similar inurl, you can specify more than one character.

site

This is also useful, for example: site: kali-linux.co returns all URL .

You can view video demo

 

  • Use automatic tools to check your system(e.g. gooscan,sitedigger,goolink)   
  • Install and manage Google Honeypot

 

No Comments

Post a Comment