Google Dorking
To-do List
- Insecure Deserialization
- Google Dorking.
- Notion Set Up
Insecure Deserialization
Oh man, this bug type is crazy! I spent my morning with it, and it almost drove me mad, seeing all those serialization and deserialization processes in PHP and Java. Today, I just played with PHP and explored those magic attributes (am I calling that right?). I solved one PortSwigger lab, which was actually simple, but it made me realize that I mostly ignore cookie values when testing targets. Like, I don’t even check cookies sometimes and jump straight into the response side. But after solving that lab, I can say I’ll take care of it from now on.
Since this bug type is so vast and needs proper time and understanding, I’ve moved it to tomorrow. I’ll be meeting my friend and using his laptop, which is faster, to do all the research.
Off Topic
Today, I woke up at 5 AM—yeah, pretty cool, right? The first thing in front of me was Hack The Box, calling me out. But I turned it off and checked out some targets and Twitter to see what others are doing. Man, everyone seems to be doing great, like no one is complaining. Twitter feels like a fake, just like Instagram. Anyway, I did all my side tasks this morning and then started with insecure deserialization. But around 7 or 8 AM, I stopped because my head was burning, and I couldn’t grasp anything I was reading. The problem with me is that I have to practice whatever I’ve read or know; otherwise, it goes to waste. After thinking a lot, I decided to stop overthinking and move on. But since this is Day 3, I remembered we haven’t talked about Google Dorking yet, so let’s dive into it.
Google Hacking
Google hacking, or Google Dorking, is something every hacker uses in daily life. This small thing sets us apart from regular Google users. I know no one talks about it, but I bet every hacker uses it every day. Even if you’re not using Google Dorks explicitly, you’re probably using them without realizing it. So let’s discuss this essential skill.
A bit of history: Google Dorking was introduced around 2022 (correct me if I’m wrong—I could Google it, but I’m too lazy). If I remember correctly, the technique was introduced in a Nikto scanner script, which then blew up, and everyone started using it. The best—or worst—part is that Google Dorks were used in significant attacks too, like when 70% of CIA servers were compromised. This is all on Wikipedia, so check it out if you’re interested.
Now, how to do this? I’ll start with basic Google Dorking to show how it works. I know everyone wants to see advanced stuff, but I’ll try to include that too if I can. I remember asking myself how long I would stick to the basics when it’s time to advance.
Let’s pick a target—hmmm, let’s take a university. I’m choosing mit.edu because I love it.
Step 1: Do a simple Google search with MIT in the search field.
You’ll get around 5,600,000,000 results (in 0.34 seconds). The first link should be https://www.mit.edu/. Open it and check out the website. What do we understand from this? Google searches? Yeah, it does. And what do we get? The MIT website.
Step 2: Now we’re on https://www.mit.edu/.
Let’s put this in the Google search bar: mit.edu. You’ll get about 5,500,000,000 results (in 0.38 seconds). Fewer than the first search, but we’re not stopping here.
Step 3: Focus on the official site.
MIT is a massive university, and we all love it, so let’s focus on the official site instead of side sites. Here’s the first Dork: site:mit.edu.
You’ll get about 3,720,000 results (in 0.23 seconds). Wow, way fewer results, but still enough. Now we’re getting all the results from the official site.
Step 4: What about subdomains?
MIT is a large university, so it will have subdomains, right? For games, tech, ninjas, or maybe even hackers. So why not search for them?
Use this Dork: site:*.mit.edu.
You’ll get about 3,630,000 results (in 0.24 seconds). Even fewer results. We’re getting closer. Wait, I have to eat dinner now—lol, I’ll be back.
Step 5: Subdomains of subdomains.
Dinner took longer because I got lost watching some dirt bike racing—lmao. If you need subdomains of subdomains, use this Dork: site:*.*.*.mit.edu.
You’ll get about 3,620,000 results (in 0.42 seconds). Even fewer results. Oh, by the way, * is called a wildcard. By using it, you can find cool stuff, like this: https://iris.pdos.csail.mit.edu/irisbib/papers/. Whole papers! I think this is public, but directory traversal is on, so maybe you can go further. But do report it after playing around.
Step 6: Use other methods.
We’ve seen the site: Dork. Now, there are others too, such as intext:, inurl:, filetype:, link:, etc. You can find a lot of them and combine them to create the perfect Dork.
Step 7: Go further.
I’ve only covered the basics, but you can go further. If you want to see all the advanced Dorks, I’ll leave this link here: https://web.archive.org/web/20140822191407/http://www.boris-koch.de/wp-content/uploads/2011/01/Liste-Google-Hacking.pdf.
Thanks to whoever archived it—it’s gold. I’ve had this stored on my PC for so long, and now it’s yours too.
Note: I’ll make a YouTube video on this on my channel “freyxfi” soon, once I fix my schedule. Maybe next Sunday. But for today, that’s it.
Python Tuples and Japanese
I completed the topic on tuples, including tuple unpacking, which is cool because we’re using a wildcard in it, just like we did in Google Dorking. I don’t know how my mind connects things like this. Today was busy, but yeah, I’m learning Japanese Hiragana. I think it’s the right move, as my Japanese friend says Hiragana is easy, unlike Katakana and Kanji, which are harder and not for beginners. So here I am, learning Hiragana.