Shodan and Google Hacking Lab Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

2 hours 37 minutes
Video Transcription
Hey, welcome back to the course. In the last video, we talked about Showdown, which again is commonly known as a hacker's search engine.
And in that video, we were able to look up some various information about Cisco devices. If you recall, we just went ahead and search for the word Cisco and found whatever information came back to us. Now, if you haven't watched that video yet, go ahead and pause this. Want to go back to it? We're kind of doing a progression here throughout this lab.
All right, in this video, we're gonna cover the Google Hacking database. We'll take another high level. Look at this, but feel free to play around with this on your own.
So as mentioned before for this lab, all you need is a web browser. So it doesn't matter if you use of fire Fox, Google, chrome In this example, I'm using fire Fox. You could use, uh, safari, etcetera, etcetera. So a lot of different search engines you can use. So it's kind of up to your personal preference.
All we're gonna do once we open our web browser, where to type in the search box? We're just going to search for a Google hacking database.
So Google hacking database
and you see as you start typing and it'll actually pull up since people commonly look for this.
All right, it's gonna pull up several search results for us. But generally speaking, the website we want should be near the top of the search results. And in this case, it is
what is gonna go ahead and click on that.
My take a moment. Somebody's gonna pull up the web site for us,
All right. You could also just click the link I've listed here in the lab document. Again. These lab documents are available for download on the supplement of Resource is section. So just download that and you'll be able to go through all the labs in this course.
And once we pull out the page, we're going to see a search result. Excuse me. A search box in the top right of the screen. Now, one thing I want to mention is the databases has been updated so traditional, like in the past, you could search, you know, like Microsoft word. You know, excel. Whatever.
Now you have to search for by the file type. So in this lab will search for an excel file.
Um, but, you know, just keep that in mind. Is researching through this if it's been a while, if you've done this before, but it's been a while, there's been that minor change.
The other thing is, this is a little more user friendly. So if you want to get like, you know, files and contained, you see info, for example, you can go look, look up there is you know, you'll be able to see the category which each thing is in. So I personally like the new layout of it, but it's kind of up to you on your personal preference.
But in any event, none of that's relevant to our lab. The only relevant portion of that was actually the fact that you you no longer concerns for, like excel. We have to actually put in the file type. So the XL SX
So let's go back to our lab document.
So, as I mentioned, we're going to search for the Excel files who will tie Pin Excel S X in the search box
and then just press enter into keyboard. So l x l s X
in this press enter and you see, as you start typing it, it kind of sorts. That search results for you.
So let's go back to our lab document.
So now what I want you to do is just click on any of the search results So it doesn't matter which one you actually pick. And again, this is gonna be This database gets updated relatively frequently, depending on the particular vulnerability they're finding or the particular you know, string that you can use. You'll see these air from 2018. But generally speaking,
most of the time it's updated. Ah, weekly or monthly just again depends on what you're searching for. So, like the XL stuff I've noticed takes anywhere from 2 to 6 months. It's updated, like in that time frame, but some other ones are updated more frequently.
All right, so we're gonna choose any other search results so that we can learn a little more about that particular chosen command. And then what we're gonna do is we're gonna copy that particular string. You know, you could also just type it out yourself if you want to. I always just copy and paste. It makes life a lot easier. And then from there we're gonna put that in a google
dot com search and we'll take a look and see what kind of information we get back.
So let's go ahead and just click on any random thing here. Let's see if I could find a good one. Let's just go ahead and see if we can. We'll grab one of these juicy info one see what that's all about, so just go ahead and click on whichever one you choose.
And a lot of times they don't tell you some basic information about that particular string. So you can know, like, Okay, this is gonna search for these things. So you'll see here that this individual Bruno, has been kind enough to give us a little information here stating that you know this this particular thing will give you information regarding the company's I T migration process.
Um, so that way we could potentially see if our target is, you know, migrating something. Or we If we were looking for a new target,
we could see if they were, you know, in the midst of a migration, and that might allow us to do some chaotic things to them.
All right, So let's go back to our lab documents a mention. We're gonna click on that and find it. Now, we're at step seven here, so we're gonna copy that command, and then we're gonna go to google dot com and just paste it in there.
So let's go and do that now. So you just grab it from anywhere. You could even just click right here, and I'll take you to the Google search. I would like to do it the old fashioned way. So I'm just gonna copy and paste it
and open a new ah
browser tab is go to google dot com.
All right, so we're just gonna paste it in there and hit, enter
and see what kind of information we get back. So you'll see that we get some information, Obviously, where we just came from, it's gonna be linked generally someplace near the top of the search results.
But sometimes it's not something. It's on page two or three where you see the page. You were just on.
But what you will see here is that we do have some things hitting back on our search. Here we get some information about Hey there. Maybe there's a migration. There were, at least in mentions, migration. You know, again, a lot of this, at least that I'm glancing at right now.
Isn't that helpful for us?
It's mostly about some common like, Hey, here's Ah, It's like a user's guide to migration. Something about it, Maybe an article about migration. So, really, this isn't the best
straight to probably use because it doesn't really tell me a whole lot of stuff. So if I was a criminal hacker, I wasn't getting a lot of information about this.
So let me go see if I can find a better string. It all
that might be a little more meaningful for us.
All right. So what? I'm just gonna copy this one as well. So if I get any better results back, you know, if you got good results on your end, you can just stick with the one you did. But if not, feel free to grab another one to just play around to see if you get any good information back
now. Sometimes you and actually, a lot of times you have to dig through the searchers all pages, so In most cases, you won't get something juicy right on the first page. Unless you're looking for, like, a document that contains passwords but otherwise most generalized stuff in these searches, you're probably gonna find it At least 5 to 6 pages in
it all just kind of depends. So it's a lot of looking through stuff to see
what's going on Now, what you could also do You could just write a script and include all these commands and there and have that run against Google. However, keeping in mind that
after a certain number of these, Google will catch on to you and give you ah little thing to make sure you're a human so you can keep that in mind as well. I mean, it seems like that various, like I've done like three of these in a row, and it's triggered that verify many human. And then I've also done, you know, like 20 of them in a row. And finally it verifies on the human. So
there's a big, very Inserra measure what algorithm cuckold uses to make sure you're a human.
Just keep that in mind this Well, if you're doing these,
all right, so again, you don't question number one here.
What results are you seeing in your particular search? Now I do wanna stress that if it's illegal to do Google hacking or Google dorkiness is commonly called in your want to do this. If it's also illegal to or if it's illegal to, you know, you know it's fine to do this, but then it's illegal to actually click on any of these.
Then, by all means do not do that.
You know, there's no sense in getting in trouble just to practice something. So keep that in mind. Keep in mind your jurisdiction. I know there's some countries that are very strict out there. Of course, most people watching this are likely in the U. S. Word or in most jurisdictions, there's nothing wrong with doing this, but again, just keep it in mind and make it applicable to your particular location.
All right, so in this video, we cover the Google Hacking database at a very high level. We ran a quick search me noticed I ran a couple of them to try to find a little better information, but feel free to play around in that and practice at a little bit. It's definitely a valuable tool that you could use this part of the foot printing process
in the next video. We're just gonna do a some searching in just a regular search engine. Now, long use Google for mine. You're welcome to use being or Yahoo or whichever one a duct upto duck duck, go. Excuse me, Any search engine that you want to use feel free to use it, and we'll cover that in the next video.
Up Next