Hello guys and welcome !
In this tutorial we will be sliding trough the basic use of google dorks using Google hacking database (Exploit database) for our searches.
First you need to know that advanced search parameters are Legal to use, they are allowed and encouraged.
However everything you find on exploit-db isnt. But for the sake of penetration testing (or similar) you need to know this.
Please do not do anything illegal with this information, do not use dorks on tor ’cause you might get yourself into trouble.
So lets show some examples:
-If i want to find pdfs about dogs i will use
dog filetype:pdf
-This is not hacking, this is allowed.
-But if i want to find sites that have a creds.txt file somewhere stored open to the internet i can use:
intitle:index.of “creds.txt”
-You can navigate the google hacking database using filters.
-Then lets find configs of databases “db.conf” files:
intitle:”index of””db.conf”
-Or lets add a country tag
intitle:”index of””db.conf” site:.hr
-This way we are looking for sites with extension .hr
-If you wanna search for HR as in human resources and not Croatian website extension you can use:
intitle:”index of””db.conf” hr
-Simple as that!
-Then i showed how to use dorks without actually using dorks haha; Basically i showed how you can find vulnerable information on ANY search engine. I used ahmia to show you:
wp-content
-Wrote this and saw some links i can click on
-Now, if you know anything about wordpress you know this isnt really sensitive data. But i did want to show it works. (If wp-content works so does other stuff 😉 )
-And thats basically it. Thank you so much for watching and have a nice day.
-Hox
