A blog On Ethical Hacking and Cyber Security.

We are currently working on an awesome new site, won't be long!

  • 00

    days

  • 00

    hours

  • 00

    minutes

  • 00

    seconds

Sign up here to be one of the first to know when it's ready.

Tuesday, 19 March 2013

Method to FIND/USE Google Dorks [SQLi]


A Brief For Beginners:-
A method of finding websites vulnerable to SQL injection is using what we call "dorks"
Dorks:They are like search criteria in which a search engine returns results related to your dork.
The process can be a little time consuming, but the outcome will be worth it after learning on how to use dorks


For this tutorial, the search engine we'll be using is Google
   "Credits to those who are mentioned in this tutorial


Step1: Finding your dorks i.e. the criteria you'll be using
Dork List compiled by kobez-
Code:
http://pastebin.com/0FqmasC7

Dork List by Sidesipe-
Code:
http://pastebin.com/x1rtqktj

Dork List by .Newsletter'
Code:
http://pastebin.com/APxqavu9

For this tutorial, we'll be using this dork "inurl:index.php?id="


Step2: Making use of your Dorks with the help of Google

Here's what you do:
  • Go to http://www.google.com
  • Type the dork in the search bar "inurl:index.php?id=" (with or without quotes)
  • Now you'll find a whole lot of links in your results

Here's how you can speed up your process:
In your mouse, there should be a scroll button right?
Hover your mouse on each link and hit the scroll button so that it'll open on a new tab. (Lets say you can open about 10 links at a time)


Step3: Vulnerability approach

Now to see whether the website is vulnerable to SQL injection or not, we simply put in a quote " ' " at the end of the url address.
So our site will look like this
Code:
http://www.site.com/index.php?id=123'
Extra Notes: Hunting for specific websites with specific domains
Ever want to hack a government website, or an organization website?
It's simple. All you have to do is improvise your dorks.
First off, here are some common domains
.gov = Government websites
.edu = Educational websites
.org = Organizational websites
.com = Commercial websites
.info = Informative websites
.net = Networking websites ( similar to .com)

Alright now you know some specific domains, lets add them to our dork shall we? Smile

Follow this formula-like dork

Code:
"inurl:."domain"/"dorks" "
So you would normally understand it like this:
"inurl" = input URL
"domain" = your desired domain ex. .gov
"dorks" = your dork of your choice
Now for an example, lets say you want to hack government websites
Here's how it'll look
"inurl:.gov/index.php?id="
Once you search that up, you'll find a lot of government websites on your results

Changing "inurl" and using another one
Yes, you can change that too.
Google has a lot of functions you can come up with
Some of them are below where you can change "inurl" and make another dork
 
Code:
intitle:
intext:
define:
site:
info:
link:
_______________________________________________
__________________________________________________________
__________________________________________________________________

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete

By Team Hackups. Powered by Blogger.

Sponsors

categorymenu

Join us on Facebook

Random Post

Recommended for you

Random Post

Trending Topic

Trending Topic

Follow by Email

Popular Post

Search This Blog

Loading...

Copyright © Hackup's | Design by Akshay Rana |