Welcome,
There are many times which a hacker is at home and ... trying to dinf sometrhing interesting to do.
Here a simple tutorial about how we can exploit google with some useful google dorks.If you don't know what google dorks are just read the following lines.
With google dorks you can find many vulnerabilities via searching on google.You type some specific commands in google search bar and then you can find some vulnerabilitites to many sites for many different vulns.
So have a look:
You will see something like this in your screen
check the screenshot
We have found a file 'phpinfo.php'
in Index Of of a site...
You can also check the Apache version...It's an information!
So it's time to make a try for finding sqli vulnerabilities(Sqli Wikipedia)
There are some simple commands you can 'run' for finding sqli vulnerabilities.
ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad
So the most common dorks are 'inurl' which is searching for a keyword in the url, 'intext' which is searching for a text lines/keywords in the whole webpage , 'intitle' which is searching for a keyword in the webpage title, 'filetype' which is searching for a specific file type like .pdf .exe and more.You can use them for many reasons.They are very useful too..
So the final exaple is an example for 'Password files dorks'
Here are some dorks:
allinurl: auth_user_file.txt <=== This Dork is searching for auth_user_file.txt
filetype: xls inurl: "password.xls" <===This dork is searching for a file 'password.xls'
intitle:index.of pwd.db <== searching for password databases
index.of passlist.txt <=== searching for password list
There are many times which a hacker is at home and ... trying to dinf sometrhing interesting to do.
Here a simple tutorial about how we can exploit google with some useful google dorks.If you don't know what google dorks are just read the following lines.
With google dorks you can find many vulnerabilities via searching on google.You type some specific commands in google search bar and then you can find some vulnerabilitites to many sites for many different vulns.
So have a look:
The following command is searching in Index Of of a site for 'phpinfo.php' file..
intitle:"Index of" phpinfo.php
You will see something like this in your screen
check the screenshot
We have found a file 'phpinfo.php'
in Index Of of a site...
You can also check the Apache version...It's an information!
So it's time to make a try for finding sqli vulnerabilities(Sqli Wikipedia)
There are some simple commands you can 'run' for finding sqli vulnerabilities.
ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad
With this command we are searching for sql vulnerability ,we are searching for @gmail.com in the page and finally we are searching for 25d55ad283aa400af464c76d713c07ad which is an encrypted hash(12345678)
Also you can search for 'ext:sql intext:"INSERT INTO" intext:@gmail.com intext:password'
which is searching for INSER INTO in a webpage , for a gmail account and for password.You can replace gmail with hotmail/live/windowslive/yahoo and more.
So the most common dorks are 'inurl' which is searching for a keyword in the url, 'intext' which is searching for a text lines/keywords in the whole webpage , 'intitle' which is searching for a keyword in the webpage title, 'filetype' which is searching for a specific file type like .pdf .exe and more.You can use them for many reasons.They are very useful too..
So the final exaple is an example for 'Password files dorks'
Here are some dorks:
allinurl: auth_user_file.txt <=== This Dork is searching for auth_user_file.txt
filetype: xls inurl: "password.xls" <===This dork is searching for a file 'password.xls'
intitle:index.of pwd.db <== searching for password databases
index.of passlist.txt <=== searching for password list
There are many more.Just make a complex of keywords and use them.
Thank you
Nikos Danopoulos