Typically for anyone who uses a computer, Google is the most well-known name when it comes to searching for what you want on the Internet. Many people don’t realize that modern-day hackers also heavily rely on the search results that Google provides them.
When you type a search, it probably looks like this:
Hacker’s on the other hand realize the REAL potential behind a search engine and something they would search for might look like this:
The search example shown here (filetype:pwd service), will return results of servers/domains that run something called Microsoft FrontPage extensions. Basically, the results will look like (usernames and passwords; the passwords are of course encrypted):
Now with this information, Joe Hacker can now load a password cracker on his computer and crack the encrypted password. Once he has the username and password, he can pretty much “own” the website. Website defacement is illegal (obviously) and in the underground, we refer to this type of hacking as “script-kiddie” stuff. This type of search query in Google is just one example. I’ve compiled a short list below and the entire Google Hacking Database can be found in the link at the bottom of this post.
Examples Of Google Hacking Queries
filetype:xls username password email
Financial spreadsheets: finance.xls
The Google Hacking Database, created by Johnny Long, can be found here.