Shulou(Shulou.com)06/01 Report--

Search is an art.

Speaking of Google, it can be said that everyone knows. As the number one search engine in the world, its powerful search function allows you to find everything you want in an instant. But for the average computer user, Google is a powerful search engine; for *, it may be an excellent tool. Because of the powerful retrieval ability of google, * can construct special keywords and use Google to search for relevant private information on the Internet. Google,*** can even hack a website in a matter of seconds. This process of using Google to search for relevant information and conduct sex is called Google Hack.

In the process of using the search engine, we usually input the keywords that need to be searched into the search engine, and then start a long process of information extraction. In fact, Google provides a variety of syntax for search keywords, reasonable use of these syntax, we will get more accurate search results. Of course, Google allows users to use these grammars in order to get more accurate results, but * can use these grammars to construct special keywords so that most of the search results are vulnerable sites.

Common syntax:

Intitle: search for pages with specific characters in the title of the page. For example, enter "intitle: cbi" so that pages with cbi in the title will be searched.

For example: "site: login in the background"

Inurl: search for URL that contains specific characters. For example, enter "inurl:cbi" and you can find the URL with the cbi character. Like inurl:asp?id=.

Find an injection vulnerability in a specific site: site:sohu.com inurl:php?id=

Intext: searches for specified characters in the body of a web page, such as typing "intext:cbi". This syntax is similar to the "article content search" function that we usually use in some websites.

Filetype: searches for files of the specified type. For example, entering "filetype:cbi" returns all files that end in cbi, URL.

Site: find the URL associated with the specified website. For example, enter "Site:family.chinaok.com". All URL associated with this site will be displayed.

These are the common grammars of Google and the required grammars of Google Hack. Although this is only a small part of Google syntax, the proper use of these grammars will produce unexpected results. For example: "College site:pku.edu.cn", you can search all his colleges.

Find webshell left by others: many people get webshell after * sites, but they don't remove some keywords of *, but keep them, so we can use the search function of Google to search. Many * have keywords such as "absolute path, input saved path, input file content" and so on. The default file name is diy.asp, and the search content is "enter the content of the saved path input file inurl:diy.asp".

Finally, you should need a × × software, personally recommend the blue light, if there is anything else, use something else. Here I recommend a website to learn google hacking.

Https://www.exploit-db.com/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.