Google Hacking
What is Google dorking?
Google dorking is a term which is used to describe specific google searches that reveal certain information and files that normal term searching would not otherwise find. Security professionals use google dorking to see what potentially dangerous information there is published regarding an organization and attackers use it to find vulnerabilities to exploit.
The first google search I ran was the following
This returned log files that were unintentionally published on the internet. This file shows sensitive information like usernames and passwords which attackers can use to gain access to websites and servers.
The next search I ran was to find cameras running webcamXP5
This returned a bunch of webcams and cameras that have webcamXP 5 downloaded onto them. The permissions were never changed to restrict the camera’s connection to the internet allowing for people to view these webcams online.
The last search I ran was the following
This returned env files which contained more sensitive information like usernames and passwords for databases for different websites and applications. They were also published unintentionally.
Summary
This shows why people need to be careful about what information is published on the internet. Attackers use this information to gain access to sensitive information and exploit websites or applications.
Last updated
