Skip to main content

What is Google Hacking?

As an ethical hacker we have need to follow some general steps to be a good ethical hacker. Such that steps/stages can be listed as follows. But these steps are not a defined one. We can change them according to our needs.
1    . Reconnaissance – Gathering the information which are having the security vulnerability.
2   . Scanning - Examine/explore a target machine/network for the vulnerability that can be make use to go inside.
3    .Gaining Access – After scanning process make use of the vulnerability and attempt to move inside to the system to exploit.
4    . Maintaining Access – After moved into the machine/network hacker needs to make some backdoor to gain the access again.
5    . Clearing Tracks (unethical) – Clearing the traces of all the activities what they done in their hacking process.
6    . Reporting – End of the ethical hacking process in order to make some notes on the findings, things done in the hacking process, tools used, success rate, vulnerability found and the exploit.

According to those stages “Google Hacking” is under the first stage. In other word we can say this “Google Hacking” is limited to the first ethical hacking attack.

In the first stage we are gathering the information based on the security vulnerability. Generally there are 2 types of vulnerabilities can be found in web, they are software vulnerability and misconfigurations. When it comes to web it is easy to move with a search engine, such as Google. If it is a search engine proxy servers and cache are having major roles in tracing and storing the information. Proxy server is acting as an intermediary between request and resources and when a request is made, it searches from in its cache to previously used resources (web pages). If it finds the resource, then there won’t be any forward request to the Internet.

Google is also functioning as a proxy and its cache function is make use to the ethical hackers to gain the required information. Google takes a snapshot of each webpage as backup and they are become part of Google’s cache. Google as a search engine by using its cache it is gathering the information and it can be access by the ethical hacker (we can access the information without opening the site/target). We can able to collect lot of information (sensitive) which can be useful for the intruder and they can collect them from the Google cache. These kind of advance searching mechanism in Google is known as “Google Hacking/Google Dorking”. By those collected/gathered information we can find the security vulnerabilities in the web applications.

For this “Google Hacking” the attacker/hacker needs to know some search tags/terms.

Example: By searching intitle:"index of"filetype:sql   we can able to access the websites databases which are vulnerable and make use for the hacking (which sites phpMyAdmin can be publically access).
Click here to see more tags on the “Google Hacking

How to Prevent the Google Hacking Attacks?
1 . Test the websites and web applications for vulnerabilities and misconfigurations and take ant i-measures on them if they have such kind issues.  
2  . Reduce sharing things in public web folders of your web site. Because Google can also share it whether you like it or not.
3  . You can visit "Remove information from Google"(click here) and remove your cashed information from the Google’s database.   

Foot note:
Meanings for the hard words
Reconnaissance - region that is directly under the observation for the attack
Exploit - Make full use and derive benefits from the resource 
©IT Today

Comments

Post a Comment

Popular posts from this blog

1st Program in Maven @ Ubuntu

Maven What is Maven? It is a Build tool – building a code in a development environment Project management tool – it helps to generate reports, helps in the dependency management, etc. Maven as a Build tool. Why we are using Maven? To reduce the common problems and activities which are needed, when we are developing applications. 1. Multiple jars – Program may contain one/many frameworks and frameworks are need to include it all the required “jar”. “jar” are need to available in compile time, need to bundle them in the distribution. (We can miss something/ we don’t know what is jar?) 2. Dependencies and versions – a jar can depend on another jar, so we have need to make sure that all my dependencies are closed and make sure that I have supplied all the dependencies. Dependencies could differ bases on the versions. 3. Project structure – Proper structure for the application. (E.g. Directories, libraries , etc.) 4. Building, publis...
Post a Comment
Read more

'OpenID Connect' Client App Creation on Auth0

If we are going to use OIDC (OpenID Connect), we have need to know the definitions of OAuth and OIDC. Because OAuth is for authorization and OIDC is on top of OAuth to provide authentication. So, OIDC is providing authorization and authentication.   What is OAuth? The OAuth 2.0 authorization framework enables third-party applications to obtain limited access to a web service. [To see more on OAuth itwithcs.blogspot.com: Click here ] What is OpenID Connect? OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. It uses simple JSON Web Tokens (JWT), which you can obtain using flows conforming to the OAuth 2.0 specifications. What are Identity Servers? Identity server are the core part of any identity and access control i...
Post a Comment
Read more