Short Bytes: Google Hacking is the method to access information that’s publicly available, but not intended for public distribution. Using certain intelligent search techniques, one can land unexpected results on Google search page. Here, we’ve compiled a list of the most popular Google Hacking techniques mentioned in NSA’s hacking eBook. These methods include the use of file types, stock phrases, numrange etc. in the search process.

In the past, we have told you about many Google search tricks and tips to up your game and find content effectively on the web. The government cyber spies and hackers also use these search engines to extract useful information.

Obviously, these search tricks are a little bit more advanced. Back in 2013, the National Security Agency released an eBook, uncovering new methods to search the intelligence information on the web.

Named Untangling the Web: A Guide to Internet Research, this 643-page guide is full of useful advice regarding how to use the Internet Archive, search engines, public websites etc. The most interesting part of this book is titled “Google Hacking”.

What is Google Hacking? How does it work?

The NSA’s guide describes Google ( or any search engine) Hacking as follows:

It’s basically a clever and legal method of finding information that’s not available on the public internet.

If you want to understand how Google Hacking works, you need to read how search engines work. Thanks to its spiders, a search engine like Google can access and index all the parts of a website if a “door” is open. With the help of a Robot.txt file, webmasters have the power to restrict the search engine spiders.

Very often a webmaster fails to configure the Robot.txt file properly. This situation worsened a couple of years ago when Google started indexing file types like PDF, Word, Excel, Access, Excel etc.

Many of the organizations still don’t prevent their sensitive data and files. Thus, tons of useful information is bound to appear in Google’s database.

The information accessed using Google Hacking:

What if I tell you that you can get your hands on a plenty of shocking information using Google hacking? This data usually falls under these categories:

• Personal and financial info
• User ID, computer account logins, passwords
• Private, or proprietary company data
• Sensitive government information
• Flaws in websites and servers

Common Google Hacking techniques:

These techniques are an excellent and unconventional method to discover sensitive information. Let’s tell you about some of the most common ones.

Search using file types, keyword, and site type:

Many websites and organizations store their financial, personnel, etc., data in Microsoft Excel format. So, here’s how you need to look for some sensitive information of a South African company. Don’t forget to include keywords like Confidential, Budget etc.

Use stock words and phrases:

Along with file types like Excel, Word, or PowerPoint, you are also advised to use stock words and phrases like do not distribute, confidential, proprietary, not for distribution, etc.

Look for files containing login information:

You need to search for files containing login, password, and userid information. It’s interesting to note that even foreign websites usually use these terms in English. So a search for a spreadsheet file might look like:

Misconfigured web servers:

Very often Google contains directories that are not intended to be on the web. In Google Hacking, these servers provide a rich set of information. To exploit this error, one should use this format:

Numrange search:

NSA describes Numrange search as one of the “scariest searches available through Google. It uses 2 number separated by 2 dots and no spaces. A user can use it with search keywords and other search options. For example:

For more detailed information on these searches, you read the Google Hacking chapter in NSA’s eBook.

Google Hack to search inside websites requiring registration:

Very often some websites ask you to register to view its contents. For that, you can use Google hacking to view contents without registration. You can try these queries or something similar:

Search in the native language:

With more and more people on the internet, people are becoming lesser dependent on English. Now millions of websites don’t use languages written in the Latin alphabet. So, a search made in native language has the more probability of returning the expected result.

The NSA eBook explains more techniques that could be applied to any search engine. You can find the eBook here and learn some new Google Hacking tricks.

Did you find this article interesting? Don’t forget to drop your feedback in the comments section below.

Thanks to Jimmy Ruska's video on YouTube, there are several quirks about phrasing search queries for Google that can find you files in a jiffy. I will detail the method and include it as a Firefox bookmark first, and then I'll follow up with detailed information on the actual query.

Here's the process to have a bookmark in Firefox such that you can search for an MP3 song in Google by just typing 'music yourSongTitle' in the Firefox address bar.

1. Create a new bookmark

• Select 'Bookmarks' from menu.
• Select 'Organize Bookmarks...'
• Click on the 'New bookmark button' (below the files menu)

2. Fill in the following for the fields in the window that appears

• Name: Enter the name for bookmark. e.g. : Directory Listing
• Location: Here, copy and paste the following Google query (an explanation follows)

'http://www.google.co.in/search?hl=en&q=intitle%3A%22index.of%22+%28mp3%29+%s+-html+-htm+-php+-jsp&btnG=Google+Search&meta='

(Include the whole query, without the quotation marks)

• Keyword: This is the word you will use in the address bar to invoke the results for a song title (in our example, it is 'music')
• Description: Give a description or leave empty

3. Now open a new tab and type 'music yourSongTitle' and viola! — you will see links of directory listing for the MP3 you wanted

The crux of this hack is the clever usage of Google search tags for narrowing the result to only directory listings with keywords 'MP3' and negating results that include html, htm, php or jsp as directory listings.

Here is the break up of the query and the meaning of the tags:

• intitle:'index of': This searches for the 'index of' keyword in title of files. This is usually the directory file that contains the list of all files.
• (MP3): This tag implies a search for files with the keyword 'MP3' in the file name. To add more formats to search, include them separated by the OR (' ') separator.
• %s: This is where the yourSongTitle you enter gets inserted. A clever innovation here is to separate the keywords in your song name with '.' so that single character separations, such as underscores ('_') between words, are also included in results.
• -html -htm -php -jsp: This basically tells the search engine that you don't want (negate) html, htm, php or jsp files that give directory listings.

You can modify the same query for searching pdfs or any other file format. Also, there are few more keywords to limit the search to a particular site (site:siteName) or a filetype(filetype:pdf). I am no promoter of media piracy and the use of Google tag words makes search all the more effective and productive for daily use. Jimmy has also uploaded a new video on the implementation with few more features on his own site.

Do you find this Google hack useful? Well, I hope so.

————————————————————————————————————————

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!