Google Dorking is a search technique that enables hackers to gain access to information that corporations and individuals did not intend to make publicly available. Using this technique, hackers are able to identify vulnerable systems and can recover usernames, passwords, email addresses, and even credit card details. Used effectively, Google Dorking is a valuable hacking shortcut to finding systems and data of interest.
Google Dorking is unusual in that it is not a hack, vulnerability, or an exploit; hackers are just making use of publicly available advanced search tools. It isn’t new either; attackers have been making excellent use of search provider data to gather intelligence on targets and find vulnerable systems for years. In fact, there are a number of websites and communities dedicated to the use and study of Google Dorking, many with example searches that date back more than 10 years.
How does Google Dorking work? Search engines crawl the Internet and index page titles, link data, and page contents, and store the data in a way that is optimal for satisfying search queries. Unfortunately, the crawlers also index other material they find, even if developers, administrators, and website owners did not intend it to be public. Malicious actors can craft queries that will find interesting or useful clues from this information, such as:
- Exposed critical directories
- Vulnerable files and servers
- Files containing usernames and passwords
- Sensitive online shopping info
The most concerning thing about Google Dorking is the sheer volume of online information that can help the uninitiated and skilled alike. Some of the resources are educational, some are nefarious. Either way, these resources put an astonishing amount of capability in the hands of anyone that is interested.
By way of an example, within 15 minutes of researching this blog, I discovered the Google Hacking Database website and was working with sample queries for files with usernames and passwords. Within 20 minutes, I found a webserver in the UK that was exposing bash history and directory contents to Google crawlers. Within 30 minutes, I found a file on that server containing the administrator username and password.
It is terrifying to think that almost anyone could have done this. I didn’t use skill or knowledge, I just clicked on links and found an opening in less than an hour. It is even more terrifying to think that the latest server operating system, security software, or hardware might not mitigate this particular attack. Poorly configured servers are just easy attack targets, and Google Dorking helps anyone find them quickly. If I wanted to, I could automate the approach and probably find many more servers to compromise.
There are a number of ways to mitigate Google Dorking, mostly enforcing enforce system best practices and improving granularity of access control:
- Keep Operating Systems, services and applications patched and up-to-date.
- Make use of security solutions that prevent intrusion and data egress.
- Understand how search engine crawlers work, know what is public, and audit your exposure.
- Move sensitive resources out of public locations.
- Block access to all non-essential resources from external or foreign identities.
- Perform frequent penetration testing.
Finally, dork yourself, often. There are a number of web resources you can use to learn about dorking, build queries to search for your vulnerabilities, and leverage tools to improve your security posture, such as https://www.exploit-db.com/google-hacking-database/, http://www.bishopfox.com/resources/tools/google-hacking-diggity/, and http://johnny.ihackstuff.com/ghdb/.