We call them ‘googledorks’ (gOO gôl’Dôrk, noun, slang) : An inept or foolish person as revealed by Google.
Google dorks are the center of the Google Hacking. Many hackers use google to find vulnerable webpages and later use these vulnerabilities for hacking. 
Google Dorks. That's what they call you if you've left sensitive data available for Google's bot to see and index. These "Google Hackers" use long, complex and very specific search strings in Google's search engine to find this information right in Google search results. While fortunately it is very difficult to find data for specific individuals this way they can find passwords, bank account numbers, credit card numbers, etc for random individuals. These data miners don't need to find many victims to show a huge profit.
Example Dorks:-
1. CGI directories contain scripts which can often be exploited by attackers.
Click here for the Google search ==> “index of cgi-bin”
This way you will find many CGI directories some of them may be vulnerable. 
2. Another famous Google Dork is the PhpMyAdmin Dork. phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security mechanism is to leave it up to the admin of the website to put a .htaccess file in the directory of the application. Well gues what, obviously some admins are either too lazy or don’t know how to secure their directories.
Click here for the Google search ==> “Welcome to phpMyAdmin” ” Create new database”
This way you may find some vulnerable pages to gain access to someone’s PhpMyAdmin.
Honeypots
Honeypot or Honeypages are webpages designed to attract Google Dorkyz or Google Hackers. If you search for “index of /etc/passwd” on google. The first link you find is a very famous gray-world.net honeypot. 
http://johnny.ihackstuff.com/ghdb/
No comments:
Post a Comment