Google Hacking aka Google Dorking
Some hackers choose their victims for personal or political reasons, others take an approach that’s a bit less personal. Changing directions a bit, here’s a fun fact: while Google processes over 40,000 search queries every second, and not all are created equal. So, what exactly does that mean and how are these two things related? What does hacking have to do with a Google search?
While it may seem like there’s only one way to perform a search query, in 2002 a security expert named Johnny Long began to explore a more advanced search technique called Google Hacking. Google Hacking—also known as Google Dorking, in reference to those whose devices and vulnerabilities are unearthed through it—is a unique way of utilizing search operators to obtain results such as web server specifics, sites affected by vulnerabilities, login credentials, Personally Identifiable Information (PII), and even financial data.
So, instead of targeting a particular person, government, or corporation, an attacker can use these operators to find several targets, all suffering from the same vulnerability. Unfortunately, many servers are still operating on outdated standards, which puts them at risk. For example, entering the following string returns results of web servers still running one of the versions of SSL vulnerable to Heartbleed:
"OpenSSL" AND "1.0.1c Server at".
Exploit DB has integrated Long’s Google Hacking Database (GHDB) into their own site. From here, thousands examples of these search operators can be found. Results can be used to develop a list of targets vulnerable to specific exploits, for information theft, intelligence or espionage, or even cyber terrorism. However, while it may seem that the GHDB exists solely for the purpose of malicious behavior, security researchers and pen testers make use of it for exploit analysis and investigation.
Google hacking is also not just limited to available content. Users can tap into Google’s cache and access exposed data without ever touching the vulnerable server. Google’s search console (linked below) can assist in removing any cached content that should no longer be indexed.
Attackers don’t need fancy tools like those found in Kali or even an engine devoted to finding vulnerabilities, such as Shodan. They don’t need sophisticated or expensive tools and they don’t need a lot of expertise. All the information they need is just one Google search away.
Learn More:
https://www.internetlivestats.com/google-search-statistics
https://en.wikipedia.org/wiki/Johnny_Long
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
https://www.exploit-db.com/google-hacking-database
https://www.google.com/webmasters/tools/removals