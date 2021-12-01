



Preface

Have you ever searched for information online (via Google or a popular search engine) and couldn’t find it? It makes you one of many people. Let’s dig into what seems to be the inside story of this.

There are many search engines that give you access to Worldwide Wild. However, Google is by far the most used search engine on the Internet today. Indeed, search engines are the gateway to a vast library of information on databases called the Internet. With so much information available on the Internet today, it’s no wonder users face the question of which sources to choose and which to believe. It was also a problem to navigate a large amount of information to get a quick and concrete response. For this reason, search engines like Google have created solutions that sort a myriad of information and present the most relevant information to users.

Apart from the above issues, given the extent to which relevant information exists in the global balance, there was no way to ascertain the confidentiality of the information to which users were exposed. In addition, there are user safety and information credibility. All of this was the basis for the algorithm that sorts these pieces of information to work. For all that, when you search a search engine, some datasets naturally become unavailable. What is not available will be very difficult to find.

Doesn’t that seem like another problem? However, like all masterpiece security systems, there is always a backdoor that bypasses the algorithm. In the Google example, one of the available backdoor mechanisms is Google Doking. If you are interested in how this system works, get on board.

What is Google Dork?

The above set of information is protected by certain ethical barriers. The general public is not expected to access them. But what if you’re a detective, a newsroom journalist, or a government auditor? How do you access these small but important details? That’s where Google Dorking becomes important. This is the method adopted by ethical hackers to query search engines when they have very sensitive information. Examples of this information include tax files for a particular large organization, a dataset for a particular victim hidden by the government, or almost all information that cannot be found by performing a regular search. ..

Don’t be too nervous, this isn’t like some sort of secret limited to a particular cult. number! Most people with basic search engine query knowledge can perform Google Dorking operations. Plus, you don’t have to draw technical stunts or get a Harvard degree in cybersecurity. That is, understanding some basic methods and instructing your computer to execute some basic commands. This will enable all individuals to get the most out of the World Wide Web.

Dorking as a cyber security tool

You may be wondering what benefits Dorking can bring in the field of cybersecurity. Dorking is useful for penetration testing when analyzing vulnerabilities in a particular web application. It also helps provide deep insights into loopholes, strengths, and signs of attacks that may have been hidden from system administrators when it comes to analyzing the security and security of existing web security structures.

So what is Google Douk?

Google Dok is a special search term used to access a specific set of information that is not available in regular queries. What this means is that there are some search terms that are really important to the Google search engine. When you enter these search terms, the search box automatically takes over command-line functionality.

Of course, there are no restrictions on the type of information that can be accessed through a thoroughly crafted dok. However, you need to be aware that Google does more than just pull information out of the sky. These texts, images, documents, codes, or videos must have been accidentally published somewhere. The only fact of false exposure (and of course sensitivity) will explain the reason for the subsequent ambiguity.

However, there are drawbacks to Google Dorking and security. Anyone familiar with a particular command line can do it. It’s not just ethical hackers.

Google hacking technique

There are many ways to get different types of information using specific keywords.

There are different types of file formats that use keywords, file types, and site types, so if you want to get information in a document, combine specific keywords (budget, revenue), file types (csv, xlsx) with your site. can do. type. Here is an example: [file type: csv site:za budget] .. Be sure to write it so that you can get the result. If you want to insert multiple words or phrases, you can try more specific combinations instead of inserting just one keyword in your search time. For example, you can write sensitive information as well as not to share or publish it. This gives the query an edge. Searching for documents that contain login information In this case, you need to follow the steps above. That is, file type, keyword, and site type. The only difference is that the keyword is the login information. Even large organizations will be surprised to find these things stored in English. This is an example: [file type: PDF site: co login].. Misconfigured Web Server In many cases, there are some directories that shouldn’t be on Google’s net. More than you get a single piece of information. Directories serve as a huge source of information.To access such things, you can run your query using these search terms [intitle:index of site:kr password]Numrange Search This type of search is known to be very specific. It can also be scary, depending on the reasons behind the search (and the amount of information that can be accessed before the search). Numrange inserts two numbers separated by just two periods (like dots), not spaces. This is typically done with other keywords and displays results that are within the numerical range of the first query. for example, [site: www.pocoapoco.com 123..150]Search companies and website applications for accessing content without registration are known to target potential customers more often. Therefore, if you do not register, access to some contents may be restricted. However, in these situations, you can enter a Google hacking query to get around these restrictions. Depending on what you are looking for, your search terms will be: [Site: www.thenameofthecompany.com inurl: database]

[Site: www.thenameofthecompany.com inurl: directory]

[Site: www.thenameofthecompany.com inurl: index]Native Language Search This can be applied to inquiries about localized content. Searching in your local language is likely to give you the results you expect. This is especially feasible given the reduced reliance on English and the openness of Google Intelligence to other languages. Google docking command

Log files-Log files are like databases (or more preferably records). The presence of log files indicates that a website can easily retrieve sensitive information. In most cases, some of the sensitive logs for these websites are in the forwarding protocol of these websites. Accessing these logs gives you access to the PHP version and backend structure used by a particular website.The search term for retrieving these logs is allintext: username file type (csv, PDF, xlsx): log

There are certain web servers that contain sensitive web server loopholes. Some web servers have also been hacked. Examples of these websites can be identified by entering the following search terms: / proc / sef / cwd /

Published FTP server file transfer protocols may also contain certain sensitive information and are not normally intended to be published, so use the Google Douk described below to transfer these. You can access the protocol.

[Intitle: index of inurl: ftp]

ENV files Some website developers may ignore best practices and leave .env files in publicly accessible locations. Access to these files uses certain Google dokes and often contains highly sensitive information about your site’s security framework.

Note: Env files are used to define the configuration and variables of your web development workspace.

SSH Private Key Certain information is shared over the SSH protocol, and the keys used in this process are usually not intended to be disclosed. With the help of this Dork, you can find some of these keys submitted to the index by Google.

Intitle: index.of id_rsa -id_rsa.pub

Mailing Lists These are incredibly easy to find on Google Douk. Most spammers use this trick to add an unlimited number of email addresses to their spam list. To access the mailing list, you need to display:

Site: .com File type: csv inurl: email.csv

Live Camera If you want to monitor a specific area, Google Dorking allows you to find and watch your live camera without any significant IP restrictions. Depending on how creative you are, there are plenty of Google Dorks that have access to a variety of live cameras around the world, including military and government cameras. To access IP-based cams, here’s Dork [Inurl: top. Htm inurl: currenttime]..In situations where you want to access the coverage sent by your webcam, here’s the dok

If you want to download files on the Internet without accessing them via MP3, MP4, PDF streaming platforms or online libraries, you can use the Google Dok specified below.

[Intitle: index of (filetype)]

WEATHER DORKS Weather dorks gives you access to any weather measurement device connected to the internet from anywhere in the world.To get this information, enter the following search query

[intitle: weatherwing WS2]

Zoom Bomb A zoom bomb is a dok used to thwart online video conferences as long as the URL is distributed.To do this, I have a search query to enter here

[inurl: zoom.us/j and intext: scheduled for]

Database Dump Is there a better way to get the information if it’s not from a misconfigured database? Some SQL files have been accidentally dumped to the server and can be accessed through the domain. This makes these databases available to anyone with the right search terms.

[Index of database.sql.zip]

You can also use WORDPRESS ADMIN LOGIN Google dork to easily find the index of your WordPress admin login pages and access the login information for those pages.

[Intitle: index of wp-admin]

APACHE 2 Apache is an example of a server. Like other types of vulnerable web servers, Apache2 servers can be retrieved via the appropriate Google Dok.

[Intitle: Apache2 Ubuntu Default Page: It works]

Government Documents These documents are intended to limit the open house, but are not too difficult to find with the help of Google Douk.I have a dork query to enter here to get these files

[allintitle: restricted filetype: doc site: gov]How to prevent Google Dork intrusion You can prevent files from invading through Google Dork by encrypting highly sensitive information on your ENCRYPTION web server or website application. Access to loopholes Cyber ​​security has also evolved to allow you to perform loophole scans specific to Google Douk. Similarly, you can perform a dok search that targets your website or server. Removing Sensitive Information from Public Areas You can request Google to remove it (via the Google Search Console) in case you discover that your sensitive information has been published. they. IP-based limits You can take advantage of IP-based limits to protect some private aspects of your database. Coupled with this, password authentication methods can also be used for verification purposes only. robot. TXT CONFIGURATION This is a very useful way to prevent hackers from misusing your private space through any directory in your website that could be indexed by Google search engines. To do this, these are the configuration conditions that you need to enter in the backend.

User agent: *

Ban:/

The disallow subcolumn contains the specific type of directory you want to block.

Conclusion

Google Douk is the Holy Grail of Google Search Queries. Anyone with the right search terms can access all kinds of information. Therefore, as an administrator, it is important to take proactive steps to protect your website by protecting it. On the other hand, you can also use this knowledge to obtain specific information that is useful in all areas of professionalism.

