Many of people are very eager to learn Google hacking. But in reality its nothing related to hacking. Google hacking is simply a using google in smart way.Its a art of finding desire information from search engine through a specific format.
We refer it terms as google hacking is just because of we can find very confidential information by a search engine. Using a search engine as an hackig tool which can also be says as Google hacking
Anonymity using caches of Search engine :
Hackers can get a copy sensitive data even if plug on that pesky Web server is pulled off and they can crawl into entire website without even sending a single packet to server. If the web server does not get so much as a packet, it can not write any thing to log files so through
this there is no chance of leaving any foot print.
Using Google as a Proxy Server :
Google some times works as a proxy server which requires a Google translated URL and some minor URL modification
Translation URL is generated through Google’s translation service, located at www.google.com/translate_t
If URL is entered in to “Translate a web page” field, by selecting a language pair and clicking on Translate button, Google will translate contents of Web page and generate a translation URL.
Directory Listings :
A directory listing is a type of Web page that lists files and directories that exist on a Webvserver.It is designed such that it is to be navigated by clicking directory links, directory listings typically have a title that describes the current directory, a list of files and directories that
can be clicked.
Since directory listings offer parent directory links and allow browsing through files and folders, attacker can find sensitive data simply by locating listings and browsing through them Locating directory listings with Google is fairly straightforward as they begin with phrase “Index of,” which shows in tittle
An obvious query to find this type of page might be ” ntitle:index.of “, which can find pages with the term “index of” in the title of the document
intitle:index.of “parent directory” or intitle:index.of “namesize”
queries indeed provide directory listings by not only focusing on index.of in title but on keywords often found inside directory listings, such as parent directory, name, and size.
To locate “admin” directories that are accessible from directory listings, queries such as “ intitle:index.of.admin “ or ” intitle:index.of inurl:admin “ will work well, as shown in the following figure
Site Operator :
The site operator is absolutely invaluable during the information-gathering phase of an assessment Site search can be used to gather information about the servers and hosts that a target hosts. Using simple reduction techniques, you can quickly get an idea about a target’s online presence
Consider the simple example of site:washingtonpost.com – site:www.washingtonpost.com
This query effectively locates pages on the washingtonpost.com domain other than www.washingtonpost.com
Error | warning :
Error messages can reveal a great deal of information about a target Oft Often overlooked, error messages can provide insight into the application or operating system software a target is running, the architecture of the network
username | userid | employee.ID :
“your username is”
There are many different ways to obtain a username from a target system Even though a username is the less important half of most authentication mechanisms, it should at least be marginally protected from outsiders
password | passcode | “your password is”
The word password is so common on the Internet, there are over 73 million results for this one-word query. During an assessment, it is very likely that results for this query combined with a site operator will include pages that provide help to users who have forgotten their passwords
In some cases, this query will locate pages that provide policy information about the creation of a password. This type of information can be used in an intelligent-guessing or even a brute-force campaign against a password field
” inurl:temp | inurl:tmp |
inurl:backup | inurl:bak “
The inurl:temp | inurl:tmp | inurl:backup | inurl:bak query, combined with the site operator, searches for temporary or backup files or
directories on a server, Although there are many possible naming conventions for temporary or backup files, this search focuses on the most common terms.Since this search uses the inurl operator, it will also locate files that contain these terms as file extensions, such as index.html.bak
Log in Page
For using a SQL injection, we have to find the log in page of website, so for this purpose we also use the search engine we giving a specific queries.
There is also a various tool which have a large collection of specific queries for finding the desired result.And these tool is in GUI form , you can use all quieries with just click the option.And here i am not going to provide any link regarding google hacking tool, you just read about google hacking so do some Googling for the tool.