7 Buscas Perigosas no Google | Google Hacking | Aulão 08

Introduction

This tutorial will guide you through advanced and potentially risky Google search techniques, commonly referred to as Google Hacking. You will learn how to utilize specific search queries, or "dorks," to uncover sensitive information, such as leaked passwords, confidential documents, and even exposed devices. This knowledge is valuable for professionals in cybersecurity, law enforcement, or anyone interested in enhancing their online investigative skills.

Step 1: Understanding Google Hacking

• Google Hacking involves using advanced search operators to find specific information on the internet.
• It can help uncover sensitive data that may not be easily accessible through regular search queries.
• Familiarize yourself with basic search operators like site:, filetype:, and inurl: to improve your search efficiency.

Step 2: Searching for Specific File Types

• Use the filetype: operator to find specific types of files.
  • Example: To find Excel files related to environmental data, use:

    environmental filetype:xls
    

• This technique can help locate sensitive documents that should not be publicly available.

Step 3: Exploring Amazon AWS Buckets

• Search for publicly accessible Amazon S3 buckets by using the following query:

  site:s3.amazonaws.com
  

• Look for filenames that may contain sensitive data, keeping in mind that many AWS buckets are misconfigured and accessible to the public.

Step 4: Finding Leaked Email Passwords

• Search for leaked email passwords using the following structure:

  "password" "email" 
  

• Be cautious when using this technique, as it can lead to accessing personal and sensitive information.

Step 5: Locating Identification Numbers

• Use the search query for CPF (Brazilian individual taxpayer registry) or RG (general registry) numbers:
  • Example for CPF:

    "CPF" "number"
    

• This method can reveal sensitive personal information, so exercise ethical judgment when using it.

Step 6: Utilizing URL Structures for Information

• Inspecting URL structures can reveal hidden parameters that may lead to sensitive information.
• Use queries like:

  inurl:admin
  

• This may expose administration panels of websites that are not secured properly.

Step 7: Combining Keywords for Targeted Searches

• Create complex queries by combining multiple keywords and operators to refine your search results.
• Example:

  site:gov "confidential" "report"
  

• This can help you find specific government documents that may not be indexed under normal search conditions.

Step 8: Filtering for Confidential Documents

• Use Google’s advanced search filters to narrow down results to confidential documents.
• You can refine searches by using:

  filetype:pdf "confidential"
  

• This can help locate documents that contain sensitive information, particularly in PDF format.

Conclusion

By mastering these Google Hacking techniques, you can enhance your ability to uncover hidden information on the internet. Always remember to use these techniques responsibly and ethically, as they can lead to accessing sensitive personal or confidential data. For further development of your skills, consider joining online communities or forums related to cybersecurity and ethical hacking.