Header Banner
Null Byte Logo
Null Byte
WonderHowTo Gadget Hacks Next Reality Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
how to

Hugging the Web (Part 3: The Google Bloodhound)

Oct 8, 2015 01:11 AM
Google search logo magnified through a lens

Hello, my web huggers! In today's tutorial we will learn how to use the Google Hacking Database (GHDB) developed by Exploit Database, to find vulnerable web servers and "juicy" information.

In today's modern age, it is important for the hacker to be able to dig up and find intelligence. Using the most popular search engine in the world as of 2015, the average hacker's job becomes easier. Not just easier, but very efficient.

Our friends over at Exploit Database have developed a library of "Google Dorks" that will pull up information on the spot. They are all user submitted, and frequently patched by companies all over the web, so it is important we know how to use this tool correctly. That is why today I present: The Google Bloodhound

Google search logo magnified through a lens.

Resources

First let's open up this library that is google hacking database and check out the layout.

Google Hacking Database (GHDB) search interface with recent entries listed.

As you can see, this is a very easy layout to use. If we click on the categories tab, we can see that we have plenty of options to choose from.

Take Note: You will often find google dorks that simply do not work. These are all user submitted, so this is normal.

For the sake of simplicity I chose "File containing passwords" to prove how easy it is to gain access to an unauthorized account. I also did not want to search for a specific key phrase in the search box so instead I didn't type anything in, and hit enter.

Google Is My Friend

Ah, yes! I finally found a dork that is perfect for this tutorial.

Here is the one I will be using:

site:pastebin.com intext:Username

From the looks of this dork, we already know a couple of things.

  1. We know that it will pull results from pastebin.com, a popular website known to hold the world's most notorious pastes.
  2. We know that it will search for the keyword, "Username"

As you can see, we are bombarded with results. 69,000 to be exact.

Hugging the Web (Part 3: The Google Bloodhound)

Upon clicking a "juicy" link, we are bombarded with even more usernames and passwords.

Hugging the Web (Part 3: The Google Bloodhound)

I have of course, edited out the actual passwords, but it is still surprising to see how many people are at risk. This is one link out of 69,000.

Conclusion

You, dear hacker, have found ways to creep in the dark corners of the internet through nothing but a google search. The moral of the story is not to actually be a creepy stalker, but to protect yourself.

Change passwords frequently.

Make sure you check to see if you have been "pwnd" at a very helpful website, http://www.haveibeenpwnd.com.

I hope you have enjoyed this tutorial, and please leave any questions or concerns in the comments.

You already know how to use your phone. With Gadget Hacks' newsletter, we'll show you how to master it. Each week, we explore features, hidden tools, and advanced settings that give you more control over iOS and Android than most users even know exists.

Sign up for Gadget Hacks Weekly and start unlocking your phone's full potential.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!