Google search URL & components
After having a look at the operators, let’s have a basic idea of the Google search URL and its components.
Suppose, I make a search of ethical hacking using my Chrome Default Google search. My Google search URL generated is http://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=ethical+hacking
Looking closely, we can say that http://www.google.co.in/search is the base Google search URL, to which more parameters will be added on, depending on the search and personalization.
sourceid =chrome tells me that the source of the query is a Chrome Browser. Had my browser been Opera, the source id would be “opera” instead of “chrome”.
ie refers to the input encoding, which in our case is UTF-8 (we will be learning about encodings later in this book)
q refers to the search query, which here is the term “Ethical Hacking”. A ‘+’ or ‘%20’ could be used to represent spaces on web.
There may be other parameters in the search URL of Google.
One may also use Google as a to view web pages anonymously. To do this, the hacker would use “Google Translate” service to view the website intended, and convert the website from English to English (considering the original website is in English). While using the translate feature, the IP on the logs of the website visited, will be of Google’s server instead of the actual attacker.
This method used to work till some time back, since then Google has stopped translation of webpages with both the input and output language being the same.
Footholds : Examples of queries that can help a hacker gain a foothold into a web server
Files containing usernames : Files containing usernames
Sensitive Directories : Google's collection of web sites sharing sensitive directories. The files contained in here will vary from sensitive to uber-secret!
Web Server Detection These links demonstrate Google's awesome ability to profile web servers.
Vulnerable Files: HUNDREDS of vulnerable files that Google can find on websites...
Vulnerable Servers: These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the "Vulnerable Files" section.
Error Messages: Really retarded error messages that say WAY too much!
Files containing juicy info: No usernames or passwords, but interesting stuff none the less.
Files containing passwords: PASSWORDS, for the LOVE OF GOD!!! Google found PASSWORDS!
Sensitive Online Shopping Info : Examples of queries that can reveal online shopping info like customer data, suppliers, orders, credit card numbers, credit card info, etc
Network or vulnerability data: These pages contain such things as firewall logs, honeypot logs, network information, IDS logs... all sorts of fun stuff!
Pages containing login portals: These are login pages for various services. Consider them the front door of a website's more sensitive functions.
Various Online Devices: This category contains things like printers, video cameras, and all sorts of cool things found on the web with Google.
Advisories and Vulnerabilities: These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases is product or version- specific.
We will have a look at few of them now. However, at the end of the day, the usage of Google in hacking depends solely on the user’s creativity of using the search operators and queries.