Hello everyone. Valentine here with another tutorial. I would like to apologize for my absence for those that where interested in my last set of tutorials. I am back, for now.
Anyways, on a more serious note. The topic of this tutorial is a very simple (not), but a very powerful tool, Google’s search engine. This tutorial is not Google Dorking, that tutorial has already been done and I am to lazy to reinvent the wheel. Instead the point of this tutorial is to show to beginners the power of simply typing in a Ip in the search bar and the wealth of informtion one can gain from a simple search. I don’t claim any responsibility if this information is used for malicious purposes.
Google is probably the most popular website (yes Google is website), but Google’s intent was never for their precious lines of code to be used as a weapon or as a tool for clever intentions. As usual, something innocent has the potential to be used maliciously, but if one knows what to look for.
For new comers and also oldies, don’t ever underestimate a tool no matter how innocent it looks. With a bit of intelligence and creativity anything can be molded into what one wants it to accomplish. Google is such one tool.
In my previous tutorials I’ve shown how to scan for information if a Ip with Nmap, but where do you start? What if there’s a unknown security in place that you don’t have any knowledge of or can’t seem to punch through? How does one pick a target to attack? The answer is quite simple, the internet.
The internet has a wealth of information that even I was just discovering the potential of. This is where Google comes into play. Every website has a Ip which is connected to more Ips forming a network. This network is known as a block. Every block is assigned and kept track of by ARIN. Thankfully, ARIN being a government site has allowed the access of their databases that has almost every single Ip block. Why is this important knowledge? As I said earlier, one Ip address is connected to many Ip addresses. The block of Ip addresses can be scanned for a vulnerable system on that network.
Where does Google fall underneath all of this? You can simply type in the information of the Ip or block into a search engine and then a ton of results should show up telling you websites that will give you information, but don’t stop at one search. Usually the information of a Ip could reveal some interesting information. Google anything and everything until you know more than even the administrators.
Most websites are run by third party companies. What now? Google the website and search for domain. Type in those domains in the URL bar to see what you come up with. Why is this significant? What if you figure out the email domain looks something like this:
You type in that address and you figure out it is Outlook. Why is this significant? Outlook has a weakness, it doesn’t protect the sender’s interal Ip via a SMTP server. Why is this significant? You can now use social engineering to obtain the internal Ip address. Although, That is a tutorial for another day.
Let me recap a bit. Every system has a Ip, I mean even the internet has it’s own Ip (yes the internet is several computers), but my point is, every Ip is most likely connected to other Ip whether physically or virtually. ARIN keeps track of these Ips in what is known as blocks. This information can be used to scan for vulnerable systems on that network, but if it is a website than there’s a probability that it is run by a third party company. This is where Google comes in handy to discover domains on the website which can reveal vulnerabilities. If there’s any confusion please ask down below but either way there’s bound to be a weakness somewhere, just think and be creative.
Sigh. This is bad but it’s late and I honestly don’t care at the moment. Cheers.