Google HACKING (use google search to HACK!)

Google HACKING (use google search to HACK!)

26.Jul.2021

you can do some crazy hacking stuff just
by searching on Google like check this
out
webcams are perfectly safe right wrong
look at all these webcams I can just
jump into like check this out someone's
like dog clinic or something that's
crazy
let's try it this one here someone's
like house what the heck I can even
change cameras what the heck that's not
scary what about this one it's a
supermarket well what the heck there's a
guy he's wearing a mask good job guy
anybody know where this is let's try to
find some passwords and look at that
database passwords all over the stake in
place just by a google search a scary
you need to learn learn learn cocky
[Music]
hey what's going on guys welcome back to
network chuck I hope you have your
coffee ready because in this video we're
talking about Google hacking or Google
Dorking
what some people call it this is a legit
thing that hackers actually use and I'm
gonna show you how to do it but why am I
talking about hacking
well I'm becoming a hacker this video is
actually part of a series where I'm
showing you how I'm going to become a
hacker and a huge massive shout out to
IT Pro TV who's sponsoring this part of
my hacking journey I'm actually using
them as my primary learning source right
now so if you want to check them out
I've got a discount code Network Chuck
and a link below you get 30% off
everything they have forever and they
have a lot of stuff not just hacking but
like CCNA CCNP a plus everything now
again google hacking is a real thing
that real hackers use so first question
is this legal like will the FBI come
bust down your door as soon as you try
this in most cases no what I'm about to
show you is actually legal well up to a
point you can cross that line and I can
show I'll show you the line don't worry
what it is still legit hacking is one of
the first steps that any hacker will
take when they decide to hack a target
and of course I'm talking in the context
of being an ethical hacker a hacker who
does things for good not for bad you see
the first step that any good hacker is
gonna take when they're about to hack
somebody as we're gonna try and learn as
much information about their target as
they can this is often referred to as
recon or reconnaissance or you might see
it as footprinting or even
fingerprinting again just means
gathering information gathering Intel
because the more you know about your
target the better you can hack and later
on with other hacking techniques now a
big reason why what we're doing is not
illegal is because we're doing passive
recon which in most cases means that
we're just trying to get information
that's been made public that's publicly
available which in most cases it's gonna
be something we can just google search
that just comes up and what we're hoping
as hackers is that this information was
made public by accident so one may have
accidentally exposed their passwords or
maybe left their webcam open to the
Internet that's what we're hoping for
when we're doing these searches and if
we search in just the right way using
the right keywords and some Google
search operators which I'll talk about
here in a moment we can find some crazy
crazy stuff now again you can take what
we're doing here and make it illegal
real fast I'll show you where that line
is here in a moment and don't ever cross
that line so keep that in mind now some
people might find this step in the
hacking process kind of boring because
you're just gathering information like
Daniel over IT Pro TV and I will be
quite honest with you this is probably
at least for myself and I've anecdotally
found this to be true with others in my
experience there's our food printing
it's kind of boring right but you know
what Daniel I think this part is
actually pretty stinkin fun so ignore
Daniel let's go have fun
oh hey and I have a challenge for you
two people will win a network Chuck mug
us only if you perform a task based on
the contents in this video so be looking
for that challenge is coming up here in
a moment now most of us already know how
to use Google and we want to find
something we type it in maybe I'm
searching for my favorite coffee brewing
method French press and I'll get a ton
of results from the internet everyone
but as a hacker we don't want to search
like this we want to narrow down our
search and find just what we're looking
for we can do this with Google search
operators the first one we're gonna use
is called site just like that
maybe I don't want to see French press
results for the entire internet maybe I
want to narrow it down to one particular
website so I'll use the search operator
site colon and then specify the website
I want to search in maybe Starbucks
Starbucks comm boom
what just happened well if I scroll
through here you can see that when I
search French press it only pulled up
sites that were Starbucks dot-com that's
it so what's happening here I've got my
search operator site : notice no space
and then my domain right there and then
this is just my search term over here
all by itself go ahead try it you can do
that with any site it's really cool but
this isn't hacking you're right let's
let's hack let's become a bit more
nefarious but still legal let's try it
out let's say that we still want to
search these sites Starbucks but I don't
care about French press anymore because
now I'm hacking I'm going to use another
search operator to see if I can find
something this next one is called in URL
so if I go back here and I type in in
URL : I'll search for a keyword like
maybe admin and let's see what happens
hmm what is this new user request huh
store development resource center now
this is kind of interesting I don't
think customers were supposed to be able
to find this let's go back what did I do
here so same deals before
site is Starbucks calm but then I use
the in your L
sir operator and I put a keyword in
admin so let's say I jump into the next
URL I'll just copy this URL real quick
so you can see it better this match my
search because Starbucks comm is the
site and inside this URL I have a
keyword admin now why would I search for
that well hopefully I can find a site
that they don't want me to see that
maybe I could find vulnerabilities let's
try another one this one is in text so
looking back at our Google search
instead of searching for any URL I'll
put in text and I'll search let's just
say also for admin and this maybe
reveals some fun stuff let's take a look
I don't know what this is prospectus and
I think that's German that's interesting
here's a lease from 2007 2008 so what is
the search doing well the in text search
operator searches for anything on these
pages that has the keyword admin inside
of it on Starbucks com more specifically
as searching inside the body of the
webpage
I'm gonna go through a few more options
but then I'll show you some crazy stuff
we can find with the Google hacking
database yep it's a thing I'll show you
but first let's try changing the in text
to and title we can actually search by
the website's title this is helpful for
maybe when you want to find all the
login pages so I don't know what
papercut login is let's go here but
where that searching is right here with
the title which might be kind of hard
for you to see but papercut login that's
what it's looking for login in the web
page title and typically most login
pages will have that and then one more
fun one which i think is probably one of
the coolest as you can search Starbucks
com four types of files so let's try
file type that's our search operator and
I'll specify let's try PDFs find all the
PDS at Starbucks and what I get is every
publicly available PDF we can find on
Starbucks calm that domain and all other
subdomains and you might be able to find
something interesting I mean here's a
confidentiality NDA from Starbucks
here's a court case that's interesting I
haven't found a bike to work list now
this might seem silly like Chuck this is
not hacking we're just looking up
information on companies that's the
point though you see this information
while it might seem silly and and not
harmful at all it can be I can take all
this information I'm learning about
these companies and use it and further
attacks maybe I want to use some social
engineering buddy up with some bikers on
the way to these locations and I could
try to treat them to give me some
confidence
information you never know now I want to
warn you real quick this is where you
gotta be careful what we just did is not
legal but it's right there on the line
but how do you cross that line when do
you become an unethical hacker and
blackhat it's when you take that
information we're learning about this
company and try to use it against them
maybe you use that information to try
and get more information out of them or
you could use it for another attack at
that point unless you have permission
that is illegal but again what we've
been doing is just passive passive
footprinting or passive recon meaning
we're just accessing stuff that's made
publicly available and where that
becomes valuable for us as pentesters
ethical hackers is that some information
might be accidentally made available now
if you flip a switch and did active
recon or active foot printing which
means we're actively trying to reach out
to the company and learn information
about them using a variety of techniques
maybe we're gonna use social engineering
and try to go to a Starbucks store and
try to talk to somebody or connect with
someone on LinkedIn and try to to get
them to give us information that would
then the active recon and that is
illegal unless you have explicit
permission from the company to do this
so keep it passive people unless you
have permission now let's check out the
Google hacking database and we will
Google the Google hacking database best
way to find it first thing that pops up
and this is incredibly cool because
here's all it is it's a database of
potential Google search strings using
those same Google search operators we
talked about and they could expose
potential vulnerabilities passwords
usernames emails anything you could
possibly imagine we can use these to
discover information it's using
techniques like these like we saw at the
beginning in the video that we can
discover some pretty crazy stuff like if
you search webcam they give you a
variety of searches you can use to find
webcams that are just open and out there
I'll search this BAM we get some webcams
and it's it's kind of scary kind of
weird and it's using what we just talked
about here we have the end-tidal search
operator and we're looking for anything
that has webcam seven in it and then
this is actually kind of new we're using
the in URL search operator but then we
have the dash sign in front of it or
negative sign and that basically means
don't include anything that has the
admin HTML and the URL the same thing
goes for the password I uncovered we're
doing a search for file type which is an
EMV file and if
publicly available can reveal database
passwords and usernames which is
obviously a bad thing now again don't go
take these and then try to use them
that's that's the line you don't want to
cross it's not illegal to find it but
it's illegal to use it here's another
fun one let's use this we're searching
for this string right here and the file
type is going to be a log so we're
searching for log files that contain
failed login attempts which can give us
some extremely valuable information as a
hacker so let's click on the first one
here
it's from FSU edu which i think is
Florida State and we get a bunch of
information now here's another one and
you know again this might not seem like
valuable just at first glance this can
help you with your hacks down the road
with other techniques this one's pretty
fun too this is searching for registry
files file type registry and then here's
the keyword search and as you may know
the registry file is how your Windows
system is configured your windows server
is configured and it might not be
helpful to have that exposed to the
Internet so like here's an example some
fun stuff in here from MIT again I don't
know how dangerous it is for them to
have this available but any information
can reveal things they may not have
intended to reveal and just a few more
these are just fun this one is cool
because it's very revealing what is this
in title we're including the nessus can
report Nessus is a vulnerability
scanning tool it'll scan your system and
tell you why how you're vulnerable and
we're searching for that in the title
and then the keyword this file was
generated by necess so just scrolling
through here like galaxy park park Linda
edu we've got their Nessus can and we
can see hey maybe they have some
vulnerabilities that we can possibly
exploit and it's just in a nice format
for us maybe we look at it let's see
there's another one yeah yeah it just
tells us maybe what they're vulnerable
with and we can exploit those I mean we
shouldn't you shouldn't you're an
ethical hacker you might want to let
them know report this to them but you
can see how this is crazy bad for them
but very viable for us now there are a
ton of google dorks in here or google
hacks notice they are called dorks here
you can filter these by category you can
go through here and say I want to see if
there's some vulnerable servers or let's
just look at files containing usernames
and you'll be amazed at what you can
find with all these oh let's do one more
maybe a couple more this is fun let's
search for this one's actually really
cool what this is doing it's using the
search operator all and URL which is the
same as in URL but it's just going to
include everything you include after it
it's kind of like doing quotes on a
search so just know what's doing the
same thing as an URL but what this is
coming up with is terminal services or
remote desktop as you can already see
here web pages that are set up for you
to log into a organization's remote
desktop terminal let's jump into one of
these right now yep we can try to remote
into one of these machines now we may
not have a login information right now
but it's something we could try to
brute-force later yeah sure this up it's
just crazy
it's crazy what you can find New
Testament church don't work
Windows 2000 shame on you okay I'm gonna
stop you can have hours of fun doing
this and you probably will let me know
how it goes for you actually I would
love to see some search strings below
let me know what you try cuz have you
creative enough you can find some pretty
crazy things but again this is only one
tool we can use to gather information
about companies so as you learn about
footprinting and recon learn about the
other tools one of the biggest tools at
your disposal and actually this is kind
of a valuable tool for a job searching
as well it's just being able to find
these companies on LinkedIn or dice or
any of these job boards because you can
find some pretty revealing stuff for
example let's do site linkedin.com I'll
do entitle is Starbucks looking in the
title of the page Starbucks and then
I'll search for keyword maybe I don't
know network engineer and let's see what
happens well looky here
we found a few things like a few network
engineers at LinkedIn now why do we care
how does it help us well look at mr.
Dave grace here Dave if you're watching
hi we should talk actually he's the
senior network engineer been there since
2014 and we can look at a skill set bgp
OSPF ansible
asher AWS cisco arista why do we care
about all that well he's been there for
five years and nine months we can assume
that he uses all those skills
so we can assume that Cisco uses all
these things as a pen tester we just
gave some valuable information about our
hacking target or our client because
you're an ethical hacker we can start to
form an idea a profile of who were who
were dealing with here we can maybe
search for a Cisco vulnerabilities we
could exploit some ansible things the
more you know the more you can hack and
now that you know a few employees at
Starbucks maybe you can go on Twitter
and try to find these people and try to
find the photos they post maybe they've
posted something with a a badge that you
can see or maybe they have their monitor
in the background you can see some
information on the monitor you see the
majority of these hacks can happen
because of the mistakes of just people
people doing people things no one's
perfect and you can expose that and
beyond social engineering we have a
bunch of other tools we can use like
there's one called the harvester which I
learned about from IT Pro TV thanks guys
let's try it out real quick and I'll
show you what we can find out we'll
specify
Starbucks comm as our domain our source
let's just say Google for now let's take
a look we already found a few emails
which is crazy helpful when we're trying
to do hacking and we found some
subdomains and their respective IP
addresses what is this one CoV ID one
dot and test well that's interesting
actually I'm curious what is this let's
go to it let's see what they've been up
to
yeah well it's not going to it oh well
and we can change it the source like we
can use a tool called a net craft which
will do something very similar it gave
us a lot more subdomains a lot more host
that's crazy look at all that now I just
showed you a few of the ways you can
gather information about your targets if
you want to learn more check out IT Pro
TV and they're certified ethical hacking
course which you can check out the link
below you'll get 30% off forever so
check it out and again huge thanks to IT
Pro TV for sponsoring this part of my
journey because I'm gonna do it I'm
becoming a hacker step-by-step and I
hope you come along with me if you like
what I'm doing here hit that subscribe
button hit that like button cuz it does
help out and at that little notification
icon so you can know when I'm talking
about stuff and when I go live like I do
on Mondays well guys that's about all I
have actually you know what I've got a
challenge for you I want you to test out
the skills we just talked about the
first two people to comment below with
the correct answer to this question will
win a network shucks mug us only so keep
that
mind but here's the question or the task
I would like to know the senior network
engineer at Walt Disney Animation
Studios find that out for me post below
who it is and also the stream you use
the Google search string to find that
information first - to do that will win
a network Chuck bug alright guys that's
all I got
keep studying keep learning and keep
hacking I'll catch you guys later

We are social