The advanced search string crafted by an attacker could be searching for the vulnerable version of a web application, or a specific file-type (.pwd, .sql…) in order to further narrow the search. The search can also be restricted to pages on a specific site, or it can search for specific information across all websites, giving a list of sites that contain the information.
For instance, the following search query will list SQL files (filetype:sql) available that have been indexed by Google on websites where directory listing is enabled (intitle:”index of”).
intitle:”index of” filetype:sql
Logical symbols and operators in Google Search
Attackers can take leverage of Google search logical operators such as AND, NOT and OR (They are case sensitive) and also operators such as ~, – and *. The following table provides us additional information on these operators.
|AND or +||Used to include keywords. All the keywords need to be found.||
|NOT or –||Used to exclude keywords. All the keywords need to be found.||
|OR or |||Used to include keywords where either one keyword or another is matched. All the keywords need to be found.||
|Tilde (~)||Used to include synonyms and similar words.||
|Double quote (“)||Used to include exact matches.||
|Period (.)||Used to include single-character wildcards.||
|Asterisk (*)||Used to include single-word wildcards.||
|Parenthesis (())||Used to group queries||
Advanced search operators
The advanced Google operators assist the user in refining search results. The syntax of advanced operators is ” operator:search_string_text”
The syntax consists of 3 parts, the operator, the colon (:) and the desired keyword to be hunted. Spaces may be inserted by using double quotes (“).
Google search analyzes the above pattern and restricts the search using the information provided. For instance, using the previously mentioned search query, intitle:”index of” filetype:sql, Google will search for the string index of in the title (this is the default title used by Apache HTTP Server for directory listings) of a website and will restrict the search to SQL files that have been indexed by Google.
The below table lists some of the advanced operators that can be used to find vulnerable websites and information.
|site:||Limit the search query to a specific domain or web site.||
|filetype:||Limit the search to text found in a specific file type||
|link:||Search for pages that link to the requested URL||
|cache:||Search and display a version of a web page as it was shown when Google crawled it.||
|intitle:||Search for a string text within the title of a page.||
|inurl:||Search for a string within a URL||
How to prevent Google Hacking Attacks
Google Hacking is nothing more than a reconnaissance method for attackers to discover potential vulnerabilities and misconfigurations. Therefore, testing websites and web applications for vulnerabilities and misconfigurations and further proceeding to fix them, it not only removes the enumeration risk, but it also prevents exploitation.
Naturally, conventional manual testing of vulnerabilities that can be picked up by a Google search is sore and very much time consuming. On the other hand, this is the sort of task at which a comprehensive automated web vulnerability scanner excels. Identically you should restrict access to these pages by for example, making use of HTTP Authentication.
Thank You for your valuable time. I hope i was informative in this blog about the Google hacking.