anonav
01-06-2019, 05:49 PM
Today i will show you how to make unique dork and try to give you an idea that how important is it in hacking area.
So now i am going to explain you how hacker use these google dorks to create complex query to google search engine to extract the results that normal user can’t.
Lets assume hacker wants to find admin login page of all the site, so we have dork for this inurl because hacker wants to search admin login page and generally admin login page’s name look like adminlogin, admin, login etc.
so we write dork : inurl:/admin
It will show you the admin dir. of sites. Its a simple dork.
inurl means in the URL, if we want to search on in text then we should write intext: comment.
Lets try another.
Code:
intext:”Hikvision” inurl:”login.asp”
The above dork will give us the login page of hikvision cameras which is installed like cctv.
Lets try some more complex and interesting:
Code:
intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) VALUES -github
The above dork is finding sql dump files which are dumped file of databse of the website. so Here u can see all password and usernames also and all sensitive information which reside on the database.
Another interesting example:
Code:
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
The directory “http:/xxx/fpdb/” is the database folder used by some versions of FrontPage. It contains many types of Microsoft Access databases. It contains customer info like phone numbers but also plain text passwordsRemove the shop.mdb part to see the complete list of databases.
Code:
ext:log “Software: Microsoft Internet Information Services *.*”
Above google dork will give you the log files of the sites which has microsoft internet information server installed.This file include ftp usernames, password, path informations, database names.
Code:
intitle:”WSO 2.4? [ Sec. Info ], [ Files ], [ Console ], [ Sql ], [ Php ], [ Safe mode ], [ String tools ], [ Bruteforce ], [ Network ], [ Self remove ]
The above dork will find the ESO 2.4 shells uploaded by the hacker on any server.
Code:
allintitle:”index.of” “backup files”
The above dork will give you the backup files of the server.
Code:
intitle:”apache 1.3 documentation”
The above dork will show you the apache 1.3 documentation page directly.
--------------------------------------------------------------------------------------------------------------------------
Now come to the point. We all need credit card related dork.
so we need to find that kinds of site that store & save CC data.
Suppose we need credit card data, now if we target ebay.com then will we really get cc info from EBAY DATABASE ?
you will wonder we will not, We will get ebay users and theirs products info, etc etc.
We will not find anythings because ebay use paypal gateway, we input our cc data in paypal.com, so they store on paypal DATABASE not on EBAY.
I Give this example for those people who think only on shopping site contain users cc info. Its not correct idea. Shopping site didnt store it because its risky for them to give its security thats why they use a external payment gateway.
If you want to get some fresh cc , want wo build up a cc shop then it will better to target payment gateway , not shopping site.
For this you may write a dork like this :
Code:
intext:CVV2 inurl:checkout.php site:net
--------------------------------------------------------------------------------------------------------------------------
If we want to Target a site of a specific country u can use this "site:" comment.
Like this,
HTML Code:
inurl:checkout.php site:in
So now i am going to explain you how hacker use these google dorks to create complex query to google search engine to extract the results that normal user can’t.
Lets assume hacker wants to find admin login page of all the site, so we have dork for this inurl because hacker wants to search admin login page and generally admin login page’s name look like adminlogin, admin, login etc.
so we write dork : inurl:/admin
It will show you the admin dir. of sites. Its a simple dork.
inurl means in the URL, if we want to search on in text then we should write intext: comment.
Lets try another.
Code:
intext:”Hikvision” inurl:”login.asp”
The above dork will give us the login page of hikvision cameras which is installed like cctv.
Lets try some more complex and interesting:
Code:
intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) VALUES -github
The above dork is finding sql dump files which are dumped file of databse of the website. so Here u can see all password and usernames also and all sensitive information which reside on the database.
Another interesting example:
Code:
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
The directory “http:/xxx/fpdb/” is the database folder used by some versions of FrontPage. It contains many types of Microsoft Access databases. It contains customer info like phone numbers but also plain text passwordsRemove the shop.mdb part to see the complete list of databases.
Code:
ext:log “Software: Microsoft Internet Information Services *.*”
Above google dork will give you the log files of the sites which has microsoft internet information server installed.This file include ftp usernames, password, path informations, database names.
Code:
intitle:”WSO 2.4? [ Sec. Info ], [ Files ], [ Console ], [ Sql ], [ Php ], [ Safe mode ], [ String tools ], [ Bruteforce ], [ Network ], [ Self remove ]
The above dork will find the ESO 2.4 shells uploaded by the hacker on any server.
Code:
allintitle:”index.of” “backup files”
The above dork will give you the backup files of the server.
Code:
intitle:”apache 1.3 documentation”
The above dork will show you the apache 1.3 documentation page directly.
--------------------------------------------------------------------------------------------------------------------------
Now come to the point. We all need credit card related dork.
so we need to find that kinds of site that store & save CC data.
Suppose we need credit card data, now if we target ebay.com then will we really get cc info from EBAY DATABASE ?
you will wonder we will not, We will get ebay users and theirs products info, etc etc.
We will not find anythings because ebay use paypal gateway, we input our cc data in paypal.com, so they store on paypal DATABASE not on EBAY.
I Give this example for those people who think only on shopping site contain users cc info. Its not correct idea. Shopping site didnt store it because its risky for them to give its security thats why they use a external payment gateway.
If you want to get some fresh cc , want wo build up a cc shop then it will better to target payment gateway , not shopping site.
For this you may write a dork like this :
Code:
intext:CVV2 inurl:checkout.php site:net
--------------------------------------------------------------------------------------------------------------------------
If we want to Target a site of a specific country u can use this "site:" comment.
Like this,
HTML Code:
inurl:checkout.php site:in