Search the Community

How To Make Hq Parameters For Dorking (New Method) [Hidden Content]

Welcome to another hacking tutorial. Today you will learn how to use google to hack passwords and accounts. Not only that you can also hack web servers and find email lists webcams and so on. This technique is called google dorks or Google Dorking. This includes the use of google search operators to find log files. You may not know this but Google has a bad habit of indexing everything. I mean literally everything. With the right dorks, you can hack devices just by Googling the correct parameters and you will have passwords to log in. Below I will show you a demo of how I was able to find passwords of PayPal accounts which were stored openly. So what is Google Dorking and Google Hacking? Google Dorking is an advanced application of Google search operators — using google search operators to hunt for specific vulnerable devices, exploitable files, sensitive data and so on through specific search strings. So basically we can find log files password files email lists etc. openly on the web. What Kinds of Things Do Dorks Connect to the Internet? You would be amazed as to what you can find connected and lying on the internet. Everything from controllers to nuclear stations. Luckily people are implementing security measures with the rise of security threats. So how is it relevant to you? Imagine getting a new house with security cameras or smart IoT devices that provide the ability to control everything via your phone whenever you want. You set it up, connect it to your Wi-Fi and can manage everything. What’s going on in the background isn’t so simple. The devices call a server stored on the internet and streams video and data in real-time, allowing you to control That server may require no password to access the files from your server so that they can access files making your smart home accessible to anyone who searches for text via the server. And google just goes and finds all the devices connected on the internet. So without further ado, let’s begin the tutorial. Finding FTP Servers & Websites Using HTTP To start, we will be using the following dork to search for FTP servers that are open. Searching for these servers can allow us to find internal files and data as shown below: intitle:"index of" inurl:ftp intitle:"index of" inurl:http These servers are public because the index file of their FTP and the HTTP server is the kind of thing that Google loves to scan and index— a fact many people tend to forget. Google’s scanning leads to a complete list of all the files contained within the server being publically available on Google. If we want to start attacking some hacking targets, we can be more specific and search for online forms still using HTTP by changing the text in the search title. intitle:"forum" inurl:http inurl:"registration" Here you can see we’ve found a list of vulnerable online forums using HTTP which can easily be hacked and compromised. Find Log Files with Passwords and username Now we will search for files of the .log type. Searching for LOG files will allow us to look for clues about what the username password to the systems or admin accounts is. The dork we’ll be using to do this is as follows. allintext:password filetype:log allintext:username filetype:log With these dorks, you can easily find usernames and passwords for hacking. Check below I just found a log with all the usernames and passwords for Paypal account and server login and password. Find Configuration Files with Passwords Configuration files should never be public but people never really learn and .ENV files are the best examples of this. If we search for .ENV files that contain a string username and password, we instantly find the accounts. This is how hackers make leaked username password lists. filetype:env "DB_PASSWORD" Find Email Lists on the internet Email lists are a great way of scraping email addresses for phishing and other campaigns used by hackers. These lists are frequently exposed by companies or schools that are trying to organize email lists for their members who forget to implement even the most basic security. filetype:xls inurl:"email.xls" Find Open Cameras If you thought Shodan was scary then your so wrong. Google is scarier. Camera login and viewing pages are usually HTTP, meaning Google always indexes them. One of the common formats for webcams is searching for “top.htm” in the URL as shown below: inurl:top.htm inurl:currenttime While you can easily view the cameras as I did without a password; many dorks look for webcam login pages that have a well-known default password. This tactic is illegal since you logged in using a password, it allows easy access to many webcams not intended for public viewing. Meaning you can spy on people and find things you shouldn’t be found. admin and 12345 are the most common passwords for hacking webcams found by google Dorking. Which Dorks Are the Most Dangerous? By far, the most severe kind of danger is the exposed files and configurations being available openly. We can credential important configurations as well as other sensitive data and account information or the entire service itself via google search operators. This happens in one of two ways. A server or other service is set up incorrectly and exposes its administrative logs to the internet directly. When passwords are changed, or a user fails to log in correctly, these logs can leak the credentials being used to the internet openly as shown in the demo using Google Dorking.

gh-dork – Github dorking tool Supply a list of dorks and, optionally, one of the following: a user (-u) a file with a list of users (-uf) an organization (-org) a file with a list of organizations (-of) a repo (-r) You can also pass: an output directory to store results (-o) a filename to store valid items, if your users or the org file may contain nonexistent users/orgs (-vif) All input files (dorks, users, or orgs) should be newline-separated. [hide][Hidden Content]]

Dorking is the art of understanding and utilizing a search engine to emit the desired results. If I wanted to find a file on anonfile; I can go on Google and use this search query, inurl:anonfile.com + Target File. I can find a Tweet with the exact same syntax, and I can repeat this for almost any target that is at public discretion and isn’t banned from Google. Here we post one of the best dorking tutorial book. What is a Dork? A Dork is a search query that a search engine can read and interpret to provide the most precise URLs that correlate to that query. Why do we use Dorks? Cracking is, at its simplest form, finding basic, unprotected sites, compromising its security measures or lack of; exporting information of which is desired and then use them for other purposes. This is important because this next part will be complementary to our injection criteria. Chapters Chapter 1 : Dorking What is a Dork? Why do we use Dorks? Forms Keywords Page Extensions Files Page Types and Page Extensions Chapter 2 : Syntax (Google) Quotation Syntax Ordering & Capitalization Ordering Extended Search Operators Syntax Search Operator List Search Functions Chapter 3 : Let’s get Started Basic Dorks Complex Dorks The Big Questions How to make Dork Types Keywords and Parameters More Advanced Keywords Parameters Parameters Detailed Testing Parameters Parameter Methods Advanced Dorking Chapter 4 : Syntax Google Regex System Regex Wildcards Regex Groups Regex Escape GRS Advanced Explanation and Usage for GRS Wildcards Regex Groups Breaking Regex & Syntax Chapter 5 : Extensive Google Syntax Basics and Rules Testing Dorks Regex Dorking Targeting Parameters Page Extensions | When to Target Bypassing Google Bot-Detection Chapter 6 : Google Search Settings INURL Chapter 7 : Numeric Dorks Chapter 8 : Database Errors | Vulnerability Method Most Known SQLi Error Vulnerability (Stupidity Error) Less Known Error Dorking True Error | Unsearched but Practical Chapter 9 : Stringed / Extended Dorks Stringed Dorks Extended Dorks Chapter 10 : Dork Types | The Right : The Wrong : And The Bullshit Chapter 11 : Google Search Exploits Anti-Parameter Dorks Comma Dorks inurl: Spaces via Regex Exploit Chapter 12 : Dorking for Plugins and Drivers Chapter 13 : Email Access Dorks |Exposure | Psychographic Psychographic Understanding Chapter 14 : Default Directory Dorks | Common Directory Chapter 15 : Bing vs Google Chapter 16 : Generating vs Handwriting What are Generated Dorks? Problem 1 | Mismatch Combinations Problem 2 | Invalid Dorks (Killing Proxies) Handwritten Dorks What are Handwritten Dorks? Problems Chapter 17 : Exploitation Targeting on Google Chapter 18 : Administrator Panel Targeting Chapter 19 : Bing A-Z Chapter 20 : Post SQLi Targeting Chapter 21 : LFI Targeting Chapter 22 : Public WWW | Vulnerability & Exploit Targeting Chapter 23 : Google vs Google API (Custom Search Engine) Chapter 24 : GitHub Dorking [hide][Hidden Content]]

[hide][Hidden Content]]

GRecon (Greei-Conn) is a simple python tool that automates the process of Google-Based Recon AKA Google Dorking The current Version 1.0 Run 7 Search Queries (7 Micro-Plugins) on the specified Target Providing Awesome Results Current Version Run Google Search Queries to find : Subdomains Sub-Subdomains Signup/Login pages Dir Listing Exposed Docs pdf…xls…docx… WordPress Entries Pasting Sites Records in patsebin,Ghostbin… [hide][Hidden Content]]

Content: [SQLMAP] [MANUAL] [HAVIJ] All_In_One_Dorks_Making_From_Beginner_to_Expert_E-Book_The_HQ_Ever_by_Don_1 DUMP DATABASES LIKE A PRO How to make Own HQ dorks _ 2020 _ All about Dorks _ Cracking Tutorial How To Setup SIB Panel & Dump Combos In 2020 hq_dork_leak LEARN DORKING Make HQ dorks get HQ databases MANUAL SQL INJECTION SQLMAP [hide][Hidden Content]]