How to Use Google for Ethical Hacking

FacebookTwitterGoogle+LinkedInEmail
Description

Advanced resonance technique

In this section we will explore Google hacking, or Google reconnaissance, more deeply. As we saw in previous suggestions Google is useful for collecting emails and contact information, but it can also be used to collect more types of information.

If we enter something like “ssn filetype:exls” into Google, you will receive results containing .xls type files containing the keyword “ssn”. This will reveal a number of results that likely contain a myriad of social security numbers.

If we use the parameter “inurl”, for example “inurl:login.php”, we will receive results containing login pages. To specify a specific website, we can enter an additional “inurl:domain.com” to search specific websites for login pages.

A hacker by the name of Johnny Long popularized this method with his work “Google Hacking Database (GHDB)”. You can find information on these methods there and in the freely available “Google Hacking for Penetration Testers” book online. This book is very valuable resource for learning more about Google hacking.

Google is not just for collecting information; it is also useful for hacking. Anything that has an IP can be reached via Google. If your phone has an IP it can be reached from Google, VoIP addressed can be Googled to listen in on calls, and almost anything else with an IP can be found and compromised in this way. This is very useful for surveillance.

For instance, we can search “rdp ext:rdp” into Google to find pages that give you remote desktop access to machines connected to the internet. This is a very powerful tool that can lead to trouble if it is used without a full understanding of operational security and unintended repercussions.

Another useful resource for Google hacking can be found under the “Google Hacking Database” tab on https://www.exploit-db.com/. If you scroll down you can find a variety of techniques for collecting specific types of information like usernames and passwords. It is important to be careful while doing this as Google monitors your activities and will give you a warning from time to time if you are utilizing these techniques. Google is a very handy and powerful tool for hackers, and the book “Google Hacking for Penetration Testers” can help you to unlock and understand these methods. With this book you learn how to hack a wide variety of machines and systems.

Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.

JOIN CYBRARY

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel