Ethical Hacking

Ethical Hacking Using Google

In this article, I will explain the basic concepts of Google Dorking. This is the exploitation of search parameters for OSINT, and interfacing with internet-accessible devices.

Important Disclaimer: This tutorial is not intended nor condoning the illicit collection of data, or surveillance of private areas. The functionality of this article only works on publicly accessible devices, and data posted and crawled by Google. Any use of this article for malicious purposes is outside of the responsibility of the poster.

What Is Google Dorking?

Google “Dorking” is the act of using search parameters provided by Google for its browser. You can use this to find files, websites relating to a topic, or message groups. However, this feature lets you conduct OSINT data collection and ethical research as well.

All of the files, addresses and data collected via this is public. Only data that has been posted/published/indexed by google is accesible. However, certain addresses may violate a copyright agreement and Google will filter it out.

Example 1 – “filetype:”

Let us begin with an example using the first search parameter, filetype.

The following search term will return any .env (environment/log) files which contain the string db_password. Often times, these files never show up search results and may contain now public information such as database passwords and even educational log files.

Here is an example of a .env file located by that search term:

Valid passwords were stored on the page! For security reasons, I marked them out.

Example 2 – “intitle/inurl”

Intitle and Inurl can be used to locate strings of text on Google, either in the title or the url of the address itself. In this example, we will attempt to look for any exposed FTP servers:

Here, we look for the string “index of” in any site which contains “ftp” in its URL. This should return any index page of FTP servers. In this case, we received 740,000 results. Here is an example FTP server, crawled by Google, that was located:

This was an astronomical data server from NASA.gov, earliest update was 2005

Example 3 – Webcam XP5

The following example is an interesting one. By using “intitle”, you can access internet-open webcams that require no login and are indexed by google. These include surveillance cameras of roads, server rack security cameras and many others internationally.

Now, The following search gave only 14,000 results, however other internet-default webcams may be active with a different alias. Most of the webcams were run by a WebcamXP Server which used JavaScript/Some defunct Shockwave Flash code. As far as I know, Google does not support flash.

Beware, however, when viewing these pages. Should SWF be disabled on your browser, Chrome and Edge automatically attempts to download SWF macros sent by the site. This may be a reverse connection point from a smart enough hacker.

An example found by searching. It seems to be a security camera for an alleyway in a european country. Combined with a RIPE record, the camera is from the Netherlands.

Conclusion

In this short article, I hope I have given you some insight as to how to use these search terms to “dork” googles engine, and to retrieve/crawl pages which may be useful to ethical hackers.

The deeper you get in Google with Dorking, the more mystery there may be lying on the surface web. Browse responsibly. Thank you for reading, and consider following Batch-Man for future content.

3 thoughts on “Ethical Hacking Using Google

  1. Woooah! Awesome information. I was esecially shocked by the webcams being available openly. It is quite fascinating as well as scary at the same time.

    Thank you for sharing this.

    1. Very welcome. Most of the WebCam’s are actually security/town footage, but there are some odd ones out there. You can find a lot of old information with this.

Leave a Reply