How i get p1 to p4 Using Google Dork Some Google Dork Which Give You All Secrets

PJBorah
4 min readMay 6, 2021

--

Greeting Everyone ! Hope Everything Is Going Well Today in this Blog we will Explore A hidden Way to find Critical Information . Here We Will utilize Search engine Through Google dork . How Google dork Help You to find Secret Organization’s data . I encountered Different Critical Bug p1 to p4 Using Google dork , Here about My Story ……

Most Of You know about google dork Which call as Google hacking which is basically a search string that uses advanced search query to find information that are not easily available on the websites which hidden . It is also used as illegal google hacking activity which hackers often uses for if Your Doing Web Application Testing Google dorking can give You more information about target which is secret or confidential .

We Don’t Need to Explain More about google Dork queries If Your New Visit

Here We will Find Out confidential Data using google dork :

site:http://s3.amazonaws.com confidential OR “top secret”

Thanks To for tips

Site: which contains Site which contain Keyword confidential OR “top secret”

As above If we want to search confidential data against Our Organization we add inurl:tesla

As above picture we see We able to Manipulate Confidential Data which stored On aws server using google dork query .

I Found This On Bugcrowd private Program

Now Lookup xls files Which Exist On target xls files caries Sensitive Information Such as User details , customer details or different PII Info .

Here Will Use Google Query :

Site:tesla.com filetype:xls Or We can use ext:xls

As above Picture We See Query manipulate xls Files Which Exisit on Our target .

Now ,basically I start My google dorking using query filetype:php As we know php Application Are most vulnerable so I look for php extension Against Target using :

Site:*facebook.com filetype:php OR ext:php

As above picture we see it manipulate all pages from facebook.com and its domain which has .php extension make Sure if your finding data for single target we will use

Site:target.com

For All subdomain we will use :

Site:*.target.com

I encountered 2 p1 Using This Google dork :

Now look for yml which Mostly Contain backend Structure such as credentials , users etc

Here we will use dork ext:yml inurl:Orgname

As Result We See yml file and we found LDAP Data credentials Leak through yml file . Here we can use different ext type yml conf js .

I found LDAP Credentials Leak Using this Dork :

This Is how We can Utilize Our Google Hacking Skill In Next level Google Hacking is First Step While We doing recon Against our target we have Some Other Most useful google dork that may give Us More Result:

ext:txt | ext:log | ext:cfg | ext:yml "administrator:500:"intitle:"index of" "password.yml
filetype:xls inurl:”email.xls”

Conclusion:

Google Dorking Which help A tester to find Sensitive Or Secret Data which an normal user can’t found Through website google hacking is art of exploitation Which carries deep data about Organization .

Thank For Reading ………………….

My linkedin : https://www.linkedin.com/in/pallab-jyoti-borah-20874a181

My twitter : https://twitter.com/@cyberTEACH2

My Youtube: https://www.youtube.com/channel/UCN5YKR8q7TObhymuftzvvkw

Buy me a coffee: https://www.buymeacoffee.com/Pjborah

--

--

PJBorah
PJBorah

Written by PJBorah

I am pallab jyotti borah From Assam ! I am Professionally VAPT Analyst as Part time Bugbounty hunter

Responses (3)