Category Archives: Hacking

Google Hacking

What is Google Hacking?

Google hacking is the term used when a hacker tries to find vulnerable targets or sensitive data by using the Google search engine. In Google hacking hackers use search engine commands or complex search queries to locate sensitive data and vulnerable devices on the Internet.

google_hackGoogle advanced operators:

Google allows the use of certain operators to help refine searches. The use of advanced operators is very simple as long as attention is given to the syntax. The basic format is: operator:search_term



arguments required?

find search term only on site specified by search_term


search documents of type search_term


display the cached version of page


find sites containing search_term as a link


find sites containing search_term in the title of a page


find sites containing search_term in the URL of the page

1. site: find web pages on a specific web site:-

This advanced operator instructs Google to restrict a search to a specific web site or domain. When using this operator, an addition search argument is required.

Example: fees

This query will return results from that include the fees tuition anywhere on the page.
2. filetype: search only within files of a specific type.:-

This operator instructs Google to search only within the text of a particular type of file. This operator requires an additional search argument.

Example: filetype:pdf communication

This query searches for the word ‘communication’ within standard pdf documents. This query is very helpful for you to finding presentation, seminar etc.. In place of pdf you can give any extension which you want like doc,txt,ppt etc…
3. link: search within links:-

The hyperlink is one of the cornerstones of the Internet. A hyperlink is a selectable connection from one web page to another. Most often, these links appear as underlined text but they can appear as images, video or any other type of multimedia content. This advanced operator instructs Google to search within hyperlinks for a search term. This operator requires no other search arguments.


This query query would display web pages that link to’s main page.
4. cache: display Google’s cached version of a page:-

This operator displays the version of a web page as it appeared when Google crawled the site. This operator requires no other search arguments.


These queries would display the cached version of apple web page.
5. intitle: search within the title of a document:-

This operator instructs Google to search for a term within the title of a document. Most web browsers display the title of a document on the top title bar of the browser window.

Example: intitle:hack

This query would only display pages that contained the word ‘hack’ in the title.
6. inurl: search within the URL of a page:-

This operator instructs Google to search only within the URL, or web address of a document. This operator requires no other search arguments.

Example: inurl:download

This query would display pages with the word ‘download’ inside the web address. One returned result, ‘’ contains the word ‘download’ as the name of a directory.

The site: search is invaluable in all directed Google searches. Combined with a host or domain name, the results are listed in page-ranked order. Type into the Google search bar.

After, type in login | logon and run the search. login | logon finds login pages associated with any particular website – the significance of this is that login pages are the “front door” and often reveal the nature of the operating system, software, and even offer clues for gaining access to the site.

intitle: The intitle prefix will cause Google to search for any terms within the title (the html tag) of the document. As with inurl, intitle can be used with any other search term to produce useful results. intitle:index.of.config – These directories can give information about a web servers configuration, such as ports, security permissions, etc. intitle:index.of.etc – The /etc/ directory often contains password files which are usually protected with an md5 hash.

intitle:index.of mp3 jackson – Brings up listings of files and directories that contain “mp3” and “jackson.”

intitle:index.of passwd passwd.bak – similar to above, only with password files

intitle:error/intitle:warning – Finds error and warning pages, often revealing server version numbers

phonebook: – Gives the home phone and often the address of any name you put in.

“robots.txt” “disallow:” filetype:txt – searches for the text file “robots,” which specifies to the Google crawler what pages on a particular website the webmaster does not want searchable;
using this search returns a list of all those locations.

intitle:”Live View / – AXIS 206W”
WebcamXP – “powered by webcamXP” “Pro|Broadcast“

Above are some searches for servers with network cameras, including traffic, weather, office, and pet-cams. Unsecured cameras allow the camera to be tilted, panned, zoomed, etc. Look for results that use an IP address, beware of malware sites.

IP Spoofing

What Is IP Spoofing?

IP spoofing is a technique used to gain unauthorized access to computers, whereby the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host. There are a few variations on the types of attacks that using IP spoofing.

19366_23791_128_internet_globe_earth_terra_iconIP spoofing is a common method that is used by spammers and scammers to mislead others on the origin of the information they send.

An IP (Internet Protocol) address is the address that reveals the identity of your Internet service provider and your personal Internet connection. The address can be viewed during Internet browsing and in all of your correspondences that you send.

How IP Spoofing Works?
The Internet Protocol or IP is used for sending and receiving data over the Internet and computers that are connected to a network. Each packet of information that is sent is identified by the IP address which reveals the source of the information.

When IP spoofing is used the information that is revealed on the source of the data is not the real source of the information. Instead the source contains a bogus IP address that makes the information packet look like it was sent by the person with that IP address. If you try to respond to the information, it will be sent to a bogus IP address unless the hacker decides to redirect the information to a real IP address.

Why IP Spoofing is Used?
IP spoofing is used to commit criminal activity online and to breach network security. Hackers use IP spoofing so they do not get caught spamming and to perpetrate denial of service attacks. These are attacks that involve massive amounts of information being sent to computers over a network in an effort to crash the entire network. The hacker does not get caught because the origin of the messages cannot be determined due to the bogus IP address.

IP spoofing is also used by hackers to breach network security measures by using a bogus IP address that mirrors one of the addresses on the network. This eliminates the need for the hacker to provide a user name and password to log onto the network.

Spoofing Attacks:

1.Non-blind spoofing:
This attack takes place when the attacker is on the same subnet as the target that could see sequence and acknowledgement of packets. The threat of this type of spoofing is session hijacking and an attacker could bypass any authentication measures taken place to build the connection. This is accomplished by corrupting the DataStream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack

2.Blind spoofing:
This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target.

3.Man in the Middle Attack:
This is also called connection hijacking. In this attacks, a malicious party intercepts a legitimate communication between two hosts to controls the flow of communication and to eliminate or alter the information sent by one of the original participants without their knowledge. In this way, an attacker can fool a target into disclosing confidential information by spoofing the identity of the original sender or receiver. Connection hijacking exploits a “desynchronized state” in TCP communication. When the sequence number in a received packet is not the same as the expected sequence number, the connection is called
“desynchronized.” Depending on the actual value of the received sequence number, the TCP layer may either discard or buffer the packet. When two hosts are desynchronized enough, they will discard/ignore packets from each other. An attacker can then inject forged packets with the correct sequence numbers and potentially modify or add messages to the communication. This requires the attacker to be located on the communication path between the two hosts in order to replicate packets being sent. The key to this attack is creating the desynchronized state.

4.Denial of Service Attack:
IP spoofing is almost always used in denial of service attacks (DoS), in which attackers are concerned with consuming bandwidth and resources by flooding the target with as many packets as possible in a short amount of time. To effectively conducting the attack, attackers spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block the traffic.

Misconception of IP Spoofing:
A common misconception is that “IP Spoofing” can be used to hide your IP address while surfing the Internet, chatting online, sending e-mail, and so forth. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection. However, IP spoofing is an integral part of many networks that do not need to see responses.

Detection of IP Spoofing:
We can monitor packets using network-monitoring software. A packet on an external interface that has both its source and destination IP addresses in the local domain is an indication of IP spoofing. Another way to detect IP spoofing is to compare the process accounting logs between systems on your internal network. If the IP spoofing attack has succeeded on one of

your systems, you may get a log entry on the victim machine showing a remote access; on the apparent source machine, there will be no corresponding entry for initiating that remote access.

IP Spoofing Protection:
1. It is possible to protect a network against IP spoofing by using Ingress filtering which uses packets to filter the inbound traffic. The system has the capability to determine if the packets are coming from within the system or from an outside source.

2. Transmission Control Protocols can also be deployed through a number sequence that is used to create a secure connection to other systems. This method can be enhanced by disconnecting the source routing on the network to prevent hackers from exploiting some of the spoofing capabilities.

3. Configuring your network to reject packets from the Net that claim to originate from a local address.

4. If you allow outside connections from trusted hosts, enable encryption sessions at the router.

%d bloggers like this: