Tutorials | Challenges | Tools | Downloads | Resources | Documentaries

Google Hacking | Google Dorks (Part 2)

google dorks hacking


In part 1, we visited Google and typed a command (Google Dork) into it's search engine, that showed us usernames and passwords for a random website.

In this tutorial, we will focus on using Google dorks to only leak information about the site that we are targeting.

Due to us targeting just one particular site, it's less likely that an individual Google dorks will leak information. Therefore, we are going to have to use more than one. In fact, we may have to use thousands of Google Dorks in order to get leaked information!

That means, if we type each Google Dork into the Google search engine one-by-one, it will be unbelievably time consuming.

To solve that time consumption problem, we are going to boot up Kali Linux and use recon-ng.


Let's open up our terminal and type recon-ng

Now we are greeted by this screen:

recon-ng


From this display, we need to type: show modules

recon-ng




There are many great modules in recon-ng, but for this tutorial, we will stay focused on using Google Dorks.

we need to type: use recon/domains-vulnerabilities/ghdb


Then type: show options

As you can see in the following image, there are many Google Dorks that you can change to true or false. For this tutorial, I'm only going to change usernames to true.
To do that type: set GHDB_FILES_CONTAINING_USERNAMES true
 
As we are targeting only one site, we need to add it as the SOURCE
I've chosen a random website: horizonpvp.com
Now we type: set SOURCE horizonpvp.com
Lastly, type: run
recon-ng


The Google Dorks start running one-by-one
recon-ng




The only interruption that we'll receive is Google asking us to type in a CAPCHA code.
As you can see in the below image, recon-ng has a solution to the problem.
Having said that, we need to be consistent at type typing in the CAPCHA when requested, so we'll have to make the sacrifice of paying attention to our screen in order to make sure the process doesn't time-out.



recon-ng



There are only 17 Google Dorks in the category of 'username' so it doesn't take too long.

The process has finished, so we can type: show vulnerabilities to see if google leaks any information.

recon-ng

recon-ng replies with No data returned
Given how many Google Dorks there are, this isn't too much of a let down! As we discovered in part 1, we can still find other various kinds of sensitive information.
All we need to do is retype: show options, then change some other categories to true.
Google is likely to leak some form of information.
Labels:
Reactions:

Post a Comment

[blogger]

GrayHatHackers

{twitter https://twitter.com/ghhackers}

Contact Form

Name

Email *

Message *

Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget