Hey guys ,it seems to be quite interesting that you can hack with the help of google.yes,it can be done with the use of google dorks.Google dork is the easy way to find the websites for hacking concerned with specific vulnerabilities.
In this tutorial I will show you how to hack websites with the help of google dorks. It is just the collection of search queries available throughout the google.This type of hacking technique was evolved in 2002 and it is still ruling as a major medium of hacking in the web.Dork often refers to the odd interests. In the same way a dork is a list of websites with similar vulnerabilities.
It is a simple concept that an employee of a company is leaking their sensitive datas. Google dorking not only lists the vulnerable websites but also returns the username ,passwords,email lists and sensitive documents. The operators are the basic characters that are used in the dork search.
I will list out some operators that will be useful for searching the dorks that you wish and you can construct the own search queries for hacking.
Intitle: specifying intitle:”string” in your query will list the with the list of websites that contains the string in their html title.
Inurl: this operator will find the specific term in the url.
Intext: searches for the context of the page as in normal google search.
Site: the query will only look around the site that you specify here.
So,whenever you search for a google dorks it is recommendable to start with the operator. The basic syntax for a google dork goes like this… “inurl:domain/dork”. This can also be used for searching a movie or an application that is hard to find.
For example , if you are interested in searching a newly released movie,than you can go with the operator “movie:” which returns you the direct result for your search.
Now I will you give a short note on how to use this dorks for hacking purpose. Lets move with the vulnerability oriented dork search. First I choose to begin with sql injection vulnerability. the best site for moving with the google dorking is exploitdb.com
If you have searched the dork for sql vulnerable websites ,you should make sure with the working of the vulnerability.you can add “ at the end of the url and check whether it displays the sql syntax error in the web page.
Like wise you have to make sure that the vulnerability is for sure and should start doing the further process associated with the vulnerability. Let us look up with the zero day google dork discovered recently intext:”This login can be used only once “ (drupal dagger)
This is a search result for the above specified dork which lists you the sites concerned with the intext operator as i said already.
This dork will lists you the sites that uses the drupal cms with the possibility of changing the drupal users password without knowing the old password. In the same way the another dork for getting premium license for avast antivirus is here.
So the easy way of starting the penetration testing is to go with the google dork first and then feel cool with the exploiting tools.
Happy dorking 🙂