Welcome to another hacking tutorial. Today you will learn how to use google to hack passwords and accounts. Not only that you can also hack web servers and find email lists webcams and so on. This technique is called google dorks or Google Dorking. This includes the use of google search operators to find log files.
You may not know this but Google has a bad habit of indexing everything. I mean literally everything. With the right dorks, you can hack devices just by Googling the correct parameters and you will have passwords to log in. Below I will show you a demo of how I was able to find passwords of PayPal accounts which were stored openly.
So what is Google Dorking and Google Hacking?
Google Dorking is an advanced application of Google search operators — using google search operators to hunt for specific vulnerable devices, exploitable files, sensitive data and so on through specific search strings.
So basically we can find log files password files email lists etc. openly on the web.
What Kinds of Things Do Dorks Connect to the Internet?
You would be amazed as to what you can find connected and lying on the internet. Everything from controllers to nuclear stations. Luckily people are implementing security measures with the rise of security threats.
So how is it relevant to you? Imagine getting a new house with security cameras or smart IoT devices that provide the ability to control everything via your phone whenever you want. You set it up, connect it to your Wi-Fi and can manage everything.
What’s going on in the background isn’t so simple. The devices call a server stored on the internet and streams video and data in real-time, allowing you to control That server may require no password to access the files from your server so that they can access files making your smart home accessible to anyone who searches for text via the server.
And google just goes and finds all the devices connected on the internet. So without further ado, let’s begin the tutorial.
Finding FTP Servers & Websites Using HTTP
To start, we will be using the following dork to search for FTP servers that are open. Searching for these servers can allow us to find internal files and data as shown below:
intitle:"index of" inurl:ftp
intitle:"index of" inurl:http
These servers are public because the index file of their FTP and the HTTP server is the kind of thing that Google loves to scan and index— a fact many people tend to forget. Google’s scanning leads to a complete list of all the files contained within the server being publically available on Google.
If we want to start attacking some hacking targets, we can be more specific and search for online forms still using HTTP by changing the text in the search title.
intitle:"forum" inurl:http inurl:"registration"
Here you can see we’ve found a list of vulnerable online forums using HTTP which can easily be hacked and compromised.
Find Log Files with Passwords and username
Now we will search for files of the .log type. Searching for LOG files will allow us to look for clues about what the username password to the systems or admin accounts is.
The dork we’ll be using to do this is as follows.
With these dorks, you can easily find usernames and passwords for hacking.
Check below I just found a log with all the usernames and passwords for Paypal account and server login and password.
Find Configuration Files with Passwords
Configuration files should never be public but people never really learn and .ENV files are the best examples of this. If we search for .ENV files that contain a string username and password, we instantly find the accounts. This is how hackers make leaked username password lists.
Find Email Lists on the internet
Email lists are a great way of scraping email addresses for phishing and other campaigns used by hackers. These lists are frequently exposed by companies or schools that are trying to organize email lists for their members who forget to implement even the most basic security.
Find Open Cameras
If you thought Shodan was scary then your so wrong. Google is scarier. Camera login and viewing pages are usually HTTP, meaning Google always indexes them.
One of the common formats for webcams is searching for “top.htm” in the URL as shown below:
While you can easily view the cameras as I did without a password; many dorks look for webcam login pages that have a well-known default password. This tactic is illegal since you logged in using a password, it allows easy access to many webcams not intended for public viewing. Meaning you can spy on people and find things you shouldn’t be found.
admin and 12345 are the most common passwords for hacking webcams found by google Dorking.
Which Dorks Are the Most Dangerous?
By far, the most severe kind of danger is the exposed files and configurations being available openly. We can credential important configurations as well as other sensitive data and account information or the entire service itself via google search operators.
This happens in one of two ways. A server or other service is set up incorrectly and exposes its administrative logs to the internet directly. When passwords are changed, or a user fails to log in correctly, these logs can leak the credentials being used to the internet openly as shown in the demo using Google Dorking.