↩ Main
Google Hacks (Dorks) uncover secret excel sheets, pdf files, word documents for thousands of websites
By Elmalla A. on January 13, 2018
Originally written for A.
Btion
Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. The following search query would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final"
intitle:admbook intitle:Fversion filetype:php
One can even retrieve the username and password list from Microsoft FrontPage servers by inputting the given microscript in Google search field:
"#-Frontpage-" inurl:administrators.pwd or filetype:log inurl password login
Devices connected to the Internet can be found. A search string such as inurl:"ViewerFrame?Mode=" will find public web cameras.
Another useful search is following intitle:index.of [1] followed by a search keyword. This can give a list of files on the servers. For example, intitle:index.of mp3 will give all the MP3 files available on various servers.
Google dorks: Hackers Weapon ?
In October 2013, unidentified attackers used Google dorks to find websites running vulnerable versions of a proprietary internet message board software product, according to security researchers,” the FBI warning says.
After searching for vulnerable software identifiers, the attackers compromised 35,000 websites and were able to create new administrator accounts.
A simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.
Shock as web users employ ‘search’
The warning also offers a useful link to Google’s own testing centre for pre-empting such attacks, the Google Hacking Database. Webmasters can use this to check whether files are “visible” to Google dorks, then hide them if they wish.
Ars Technica points out that the warning refers to “malicious cyber actors” and refers to a notorious case in which reporters were accused of “hacking” a website by using freely available information and an automated tool, GNUGet.
However, as Ars explains, the warning is not really meant to highlight a “new” technique, i.e Google dorks, but to warn webmasters to make their websites more secure.
In a restricted intelligence document distributed to police, public safety, and security organizations in July 2014, the Department of Homeland Security warned of a “malicious activity” that could expose secrets and security vulnerabilities in organizations’ information systems. The name of that activity: “Google dorking.
How can check if my Website is Google hacked ?
Although there is thousands of exploit testing possibilities as listed in the above mentioned exploit DB link, but an initial check for your website, could be as explained below
Search Google with this query intitle:"index.of /" site:yourdomain.com and don't forget to replace "yourdomain.com", with your actual site.
If you saw your website private directories listed in the search results, it means that your site might be exposed to malware attacks, and many other vulnerabilities.
Solution
You should protect your website using a website firewall (WAF), Top WAF market Leaders report for Q4 2017. We recommend you to try incapsula WAF, 15 Days FREE trial. Using incapsula WAF, you can look into :
1) Header Data
2) IP and ASN Verification
3) Behavior Monitoring
4) IP Reputation
5) Client Technology Finger Printing
Also incapsula offer a CDN as part of their WAF solution, beside Distributed denial of service DDos attacks protection.
Elmalla A. (@elmalla) is Chief Sales Officer at i-AWCS, which focuses on web application security solutions.