Skip to main content

What is Google Hacking?

As an ethical hacker we have need to follow some general steps to be a good ethical hacker. Such that steps/stages can be listed as follows. But these steps are not a defined one. We can change them according to our needs.
1    . Reconnaissance – Gathering the information which are having the security vulnerability.
2   . Scanning - Examine/explore a target machine/network for the vulnerability that can be make use to go inside.
3    .Gaining Access – After scanning process make use of the vulnerability and attempt to move inside to the system to exploit.
4    . Maintaining Access – After moved into the machine/network hacker needs to make some backdoor to gain the access again.
5    . Clearing Tracks (unethical) – Clearing the traces of all the activities what they done in their hacking process.
6    . Reporting – End of the ethical hacking process in order to make some notes on the findings, things done in the hacking process, tools used, success rate, vulnerability found and the exploit.

According to those stages “Google Hacking” is under the first stage. In other word we can say this “Google Hacking” is limited to the first ethical hacking attack.

In the first stage we are gathering the information based on the security vulnerability. Generally there are 2 types of vulnerabilities can be found in web, they are software vulnerability and misconfigurations. When it comes to web it is easy to move with a search engine, such as Google. If it is a search engine proxy servers and cache are having major roles in tracing and storing the information. Proxy server is acting as an intermediary between request and resources and when a request is made, it searches from in its cache to previously used resources (web pages). If it finds the resource, then there won’t be any forward request to the Internet.

Google is also functioning as a proxy and its cache function is make use to the ethical hackers to gain the required information. Google takes a snapshot of each webpage as backup and they are become part of Google’s cache. Google as a search engine by using its cache it is gathering the information and it can be access by the ethical hacker (we can access the information without opening the site/target). We can able to collect lot of information (sensitive) which can be useful for the intruder and they can collect them from the Google cache. These kind of advance searching mechanism in Google is known as “Google Hacking/Google Dorking”. By those collected/gathered information we can find the security vulnerabilities in the web applications.

For this “Google Hacking” the attacker/hacker needs to know some search tags/terms.

Example: By searching intitle:"index of"filetype:sql   we can able to access the websites databases which are vulnerable and make use for the hacking (which sites phpMyAdmin can be publically access).
Click here to see more tags on the “Google Hacking

How to Prevent the Google Hacking Attacks?
1 . Test the websites and web applications for vulnerabilities and misconfigurations and take ant i-measures on them if they have such kind issues.  
2  . Reduce sharing things in public web folders of your web site. Because Google can also share it whether you like it or not.
3  . You can visit "Remove information from Google"(click here) and remove your cashed information from the Google’s database.   

Foot note:
Meanings for the hard words
Reconnaissance - region that is directly under the observation for the attack
Exploit - Make full use and derive benefits from the resource 
©IT Today

Comments

Post a Comment

Popular posts from this blog

Bandit Wargame – Documentation

Basically wargames are providing the basic knowledge on the security concepts. It is a game that contain many tricks to break the borders to gain the access especially passwords (commands are mostly on the Linux CLI). You can find many wargames through the Internet and they are very interest and fun full too. “Bandit” is also a wargame which is for the beginners. You all can access that through the link given bellow. And this article is an document for this game. I have used Ubuntu as the operating system. Bandit – Clickhere . Level 0: Case study → Clickhere Here we have need to connect the host through the SSH (secure socket shell) server. The informations are provided as follows. Host name: bandit.labs.overthewire.org Port No: 2220 User name: bandit0 Password: bandti0 There are many ways to connect through the SSH server. Method 1: Download and run the “PuTTY SSH client”. ( https://the.earth.li/~...
Post a Comment
Read more

How OIDC run on top of OAuth - Demo by a maven web application

As I said in the previous blog about OIDC, OIDC is running on top of OAuth in-order to provide authentication and authorization. When it comes to real scenario, we have need to clearly understand the flows between authorization server, and resource server. For OAuth it needs token introspection endpoint in-order to validate the token. But, in OIDC it doesn't need to have this introspection endpoint because OIDC response token (JWT) it contains the idtoken which contains information about the token to validate by the resource server. OIDC is running as authorization grant type is pretty much safe way for the web applications. Let's see how a real world application using this OIDC on top of OAuth. Note: I have created an sample application to provide the graphical interface for this explanation. When you are trying to login a online web application account you may see another login options also available. For example, login with Google, login with Facebook,etc. Those ...
Post a Comment
Read more

Introduction to OAuth

What is OAuth? OAuth is a protocol that allows distinct parties to share information and resources in a secure and reliable manner. OAuth needs to consider the 2 concept to provide the informations in secure and reliable manner. They are authentication and authorization. Authentication -> Validating the person/system who need the information Authorization -> After authentication what action can be performed by the person/system. By maintaining this 2 concept OAuth is providing federated identity and delegated identity. Federated identity -> User can use his/her one application account to login another application. [Example: If a user having Facebook account then he can login Instagram with the same login as Facebook] Delegated identity -> One service can access another service resources. [Example: When creating a Facebook account with eMail address that will suggest the contacts in the eMail to add as friends] Without OAuth With OAuth User ...
Post a Comment
Read more