Advanced Google Hacking Operators

This is next part to Google Hacking, here we will discus some more search queries used for foot-printing. So following are your new queries, don't just read them practice them, you'll need a good practice of advanced operators just because they are more prone to give false positives.

Related:
This query will search web pages for the word specified after related. Please copy paste example in search engine and press enter.

Example: related:bill gates

define:
This query not only brings you definition and dictionary meaning of word but can also reveal you information about victims company. Try following query.

define:microsoft
define:your name
define:google

info:
This query is used to reveal history geography of word typed after it. Try following queries,

info:days of life of devil
info:microsoft
info:google

intext:
This will search every occurrence of word typed after it, it will not only search URL and title but also the text in body. Try this,

intext: google hacking
intext:days of life of devil

links:
This will search links to the URL that you will specify after it. Try following queries,

links:http://nrupentheking.blogspot.com
links:links:google.com

Now following are some other queries try them and see results yourself,

cache:http://nrupentheking.blogspot.com
phonebook:bill gates
stocks:microsoft
stocks:linux
intitle:linux
inurl:linux

Please try them and let me know if you are facing any problem or any of those queries are not performing as you expected. Once you are good enough to use them we will discus how to use search queries to find files, folders, songs, movies, user-names and passwords.

Google hacking

Google hacking, most commonly misunderstood words by newbies as making queries on Google search to find out songs and movies. But it is just part of scope that Google hacking covers, experienced hackers will find this article as incomplete though it is stuffed with lot of things.

What is Google hacking:
Google hacking is term given to create and use complex queries on search box to get expected results from Google. But in reality it includes using each and every tool that is provided by Google as hacking weapon. Did I forget to mention Google Hacking is part of Reconnaissance, that means if you have skipped previous posts then it will be harder for you to understand power of Google Hacking. In this section I 'll show you using some of its applications as hacking related tool rest is left to your creativity.

Cached Pages:
I know each and everyone of you have some day used Google in spite of what your favorite search engine is. You must have seen a link to “Cached Similar” pages whenever you run any search query. Cached pages store history pages for its users like you and me. Cached pages is good source of tracking down website activities. Suppose site contains a file whose link is removed from main website, now you want access to that file, cached pages can help you out.

OK now please type “DAYS OF LIFE OF DEVIL” in Google and browse for cached pages, note differences between main site and cached site.

Google Translator:
You might not be knowing but you don't need proxy servers to bypass security because we already have a online proxy tool known as “Google Website Language Convertor”. This is Google’s online tool for converting language of website to your native language(The Language Convertor you can see on this website is nothing but derivative of this tool), the powerful feature of this Google applications is that it can be used as proxy server. When you'll type “Google Website Language Convertor” it'll open for you following link,
http://www.google.com/language_tools?hl=EN
Now type URL of website you want select language conversion and press enter, if your page is already in language you want to browse it then select any language from “from” section and select your language in “to” section.

Basic Search Queries:

link:
This query searches for all links that ends to site mentioned after query.
Syntax: link:“http://nrupentheking.blogspot.com”

inurl:
This query will search occurrences of word specified in URL 's.
Syntax: inurl:“NRUPEN”

site:
This query is used by combining it with other queries. So we will discus it later.

Intitle:
This query will search occurrences of word specified in title or website.
Syntax: intitle:“NRUPEN”

filetype:
This query will search occurrences of filetype specified.
Syntax: filetype:doc “Google hacking”

Directories And Files Listing:
Apache server by default uses “Index of ” type title to transverse navigation which can be exploited using Google queries to get specific file or folder.

Syntax: intitle:index.of “songs”

Now try to figure out what what above query will do.

Grabbing Banner:
Banner Grabbing is method in Scanning phase which is used for getting type and version of application. Here for now, we will skip it and will open our look for it while discussing scanning phase.

Combining Queries:
Now all above queries mentioned above can be combined to get powerful information from search engine via victim. It can open nearly everything about victim about software, hardware, documents if victim is unprotected against Google Crawlers. Depending upon your skills we leave how to use them combined for purpose but will show you how to combine them.

Try following one by one, one you use them you'll know which combination can be used when,

site:nrupentheking.blogspot.com + inurl:hacking

site:nrupentheking.blogspot.com inurl:hacking

inurl:admin inurl:php

Johnny Long:
Johnny Long maintains a website which keeps a brief database of using Google search queries. Browse for his name and you'll be lead to his website were you can click on Google Hacking Database to learn more than what we discussed here.

Google Hacking Tools:
There are several search quires that you can make using Google but remembering them is not that easy task so we have some ready made tools that do our job for us. Following are some of them,

Site Digger Tool: Uses Google hacking database to give out results from caches and also traces errors.

Gooscan: This tool also uses Google Hacking database and is also able to mark out vulnerabilities.

Google Hacks: It is one the most used Google hacking tools. Have very easy and understandable user interface, can solve all your download needs, must use tool for everyone.

Note: Please be sure we have not covered everything related to Google Hacking. I just gave some brush up so that you can practice them then I 'll cover Advanced Google Hacking, please note that maximum of our Google hacking queries are formed using above search queries so please practice, advanced Google hacking will be covered at last stage of reconnaissance phase. Please don't forget to ask whatever you were unable to understand in this post. Thanks for reading and keep visiting.

Getting Whois/Domain Information

As mentioned earlier reconnaissance/foot-printing is very first step in hacking. In involves gathering all potential information about target system that may help attacker plan and execute attack. It is not bluff that attacker spends 90% of his/her time for this phase only then uses his/her technical skills to find and exploit weakness in system according to his/her conclusion.

Even foot-printing/reconnaissance involves various things depending on type of victim you are planning to attack. In this post we'll discuss how you can extract information like domain name, domain name provider, owner of domain, his/her name, address telephone number etc..

Whenever we purchase a domain it must be registered, this registry of domain names and their owner is known as domain information database and it is shared over internet for other users to get information about whether a domain is available for them or not. This information is also known as whois information of a domain. Here you will learn how to extract this information from database stored over network. Following is list of websites and tools that can help you extract this information.

Sam Spade (tool)
Smart Whois (tool)
http://samspade.org
http://whois.domaintools.com/
http://robtex.com

You'll not require any skills to use these tools. They are very easy  to operate as taking a lolly pop from a kid, what really difficult is to analyze the information you will be getting after using them. In Sam Spade type name of domain you want to get information for example www.google.com and press enter.

My next choice is Smart Whois which also works like Sam Spade but the fact is that usually all prefer Sam Spade, even I am not exception. When Sam Spade will fetch you results look on left side, there you'll find several options try them one by one and analyze the result it had fetched for you.


Next is using websites that can fetch you that result. As you can see I mentioned three online tools but before you read further I must tell you there are thousands of websites and tools that can fetch you whois information, the one that are mentioned here are my personal preferences. Type domain name in search box of http://robtex.com and press “Lucky” and inhttp://whois.domaintools.com type domain name in search box and press lookup.

Do it yourself and ask if you encounter any problem.

From Where Spammers Get You E-mail Ids

I know many of you always receive a special kinda e-mail with advertisements known as spam and you might be asking yourself from where a spammer might have got your e-mail ID. So here's the answer, following are some of the methods via which spammers gets your email ids.

Social Networking Sites:
If you are a social network animal then you might be knowing that sometimes we just add anyone as our friend without even knowing who the person is. Reason, most of us just wanna show off that we have a big friend list. But there are some people who are actually preparing this friend list to get your e-mail ids. People hardly care about privacy settings and leave their telephone numbers and e-mail ids open for spammers to have a look on. Now how they extract your email ids, all major e-mail clients like gmail and yahoo provide their users with API(Application Programming Interface) to pull e-mail ids of friend list available on social networking sites. Once all emails are pulled spammer download this email list as excel sheet and your e-mail ids are now ready to get spammed.

Online Applications:
If you have ever used facebook then you might be knowing whenever you access any facebook application it asks for access to all your private data, once you allow application access you give your e-mail to them, now they can use it for any purpose.

Online Games And Contests:
Many people have habit of playing games online and contests that appears free with prize. The fact is that many people might be playing those games and only one gets prize via lucky draw. How much legitimate that appears. These contests are nothing but sure shot fundas of companies to grab personal details of people visiting their sites. How this pays them, this list helps them prepare job lists for eligible and needy persons thus they don't pay a penny for job recruitment and also gets an employee ready to work on minimum payments. Next they can use this list to spam you with advertisement of their own products or they may even plan to sell their e-mail list to spammers for hefty amount.

Job/Technology/Career/Game Fairs:
You might have seen many people standing with some kinda forms in these kinda fairs to lure people with job opportunity, free stuff delivery or contest, which actually never is the case. Such fairs are good targets since by spending just few bucks a contact list with several thousand e-mail IDS and phone numbers is built that too without anyone suspecting.

Online Forums:
Hey don't worry I don't mean they sell e-mail ids or their database are hackable. While on forums many people unknowingly don't set privacy settings, also they post their e-mail ids as it is as comment or reply. These e-mail ids can be extracted using software used for extracting e-mail ids.

Web Mail Extractors:
Web Mail Extractors are software that search websites for patterns like this “@domain.com/@domain.net,/@domain.org etc”. Once found they extract complete email ids and save them in their database. One such tool is “Web e-mail Miner”. For today I would advise you to download it and try to find out how it works. Don't worry about how to use it, you just have to enter name of site and press enter and it'll pull email for you. Try a name of famous online forum, guaranteed to get a list with more than thousand e-mails.

Improperly Configured or Unprotected Servers:
Usually company uses two kinds of domains/servers one valid of all and one valid only for their employees and customers. Sometimes these two are interconnected with each other for employees to make changes to website that is public. The internal server for employees usually contains lot of information about their employees and job recruitment in excel sheets or PDF files which can be opened using browser. If they are not configured properly “Web Mail Extractors” can easily crawl in revealing thousands of quality e-mail ids.

Knowingly or unknowingly we might have made many of above mistakes which has lead our e-mail ids open to spammers. To next section to this we'll learn how we can keep ourselves safe from getting spammed. Feel free to comment about what you think about above information. Thanks for visiting, have a nice time and keep visiting.