3/16/21
Smarter Web Surfing with Google Dorks
Google "hacking" is something that just about every cyber security news site has done an aritcle on, and while it can be pretty useful when searching a website for vulnerablities, the most practical use for it is finding resources and information online without the clutter that comes with most websites. Before we go any further into this, I want to make it clear that typing some things into a google search bar is not "hacking". In fact, Google Dorking is 100% legal. If it's open to the web, then it's fair game. The only time that web surfing becomes illegal is when you sign into an account you do not own.
Getting Started with Dorking
Google "Dorking" is when you use Google's built-in search operators
(aka dorks) to target specific content in your searches. To
follow along with this tutorial/guide, you might want to first look over
a list of the basic dorks, which you can find
here. For simplicity's sake, I'm going to just list out a few dork examples
that I've used previously when browsing the web.
- intext:"steam" intext:"username" intext:"password" filetype:txt‐ Usually you can find a couple of free account dumps using this, but if you're using Google dorks to find account lists, you're not gonna find high level Steam accounts with hundreds of games on them. Chances are, you'll find some level 0 VAC banned accounts, but if you're looking for thousands of steam accounts for some reason, this is your answer. Of course, you can always just replace steam with pretty much any other high profile platform, or you can straight up drop that part to see which idiots are storing passwords in plain text. If you also don't feel like typing out all those intext dorks, you can just use allintext, but I find this to be far less reliable than seperating it.
- intitle:"index of" hacking‐ I personally find that it's much easier to dig through peoples' indexes of their files rather than browse the cluttered site to find the information. For extra bonus points, you can drop the "hack" part of the search to just dig through random shit that people have on their servers. For example, moments ago I found an instruction manual for a DCD-1 Data Cartridge Drive as well as pictures that the owner took of it.
- intext:"@gmail.com" filetype:txt‐ If you're looking to do some phishing or just looking for some emails to try to brute force, this can be a good way to build up a long list of emails, especially if you use a little bit of automation.
Story time
*For legal reasons, I cannot confirm or deny the validity of this story*
I've honestly already gotten bored with this article, dorking is covered so often that anything I say is redundant at this point.
So that means we get to skip straight to the funny Google dorking story. Around two years ago, I was using Google dorks to find old account dumps to scrape
through, when I found this Indian site that was storing passwords in plain text. I don't remember what exactly the site was for, but it was created for a bunch
of Indian college graduates over in California. Back to the story, as soon as I found this pdf of credentials, the first thing I did was sign into that shit.
Once you actually logged into the site, there wasn't much to do besides change the account details of whichever account I was logged into. However, I had recently
been watching up some Computerphile videos on cross‐site scripting, and I thought that I would give it a try on this site. Now on this site, there was
a big page of people's information so that you could browse through and get in contact with each other. Taking advantage of this, I wrote up a webpage that was
basically a clone of a Google sign in page with a little bit of php on the backend to log credential info. I put that webpage up on some free server hosting platform
and then signed back into one of the accounts on the Indian website. From there, I just replaced the name field of the account with a JS redirect that
took you to my Google sign in page. So anytime that a person went to the people page, it redirected them to my shitty sign in page. Of course, after having the
redirect up for no longer than an hour, 16 year old me was terrified, so I took down the Google webpage. The only issue was, the JS redirect worked on the
page to change your account information as well, so I would be redirected before I could remove the JS. Let's just say, I was paranoid for a couple of months after
that. Last time I checked (about a year ago), the redirect had yet to be taken down and was still redirecting people to freewebhosting's 404 page.
TLDR: 16 year old me used Google dorking and cross‐site scripting to become a cyber criminal.