How to Find Passwords in Exposed Log Files with Google Dorks

How to Find Passwords in Exposed Log Files with Google Dorks

You may not have thought of dorks as powerful, but with the right dorks, you can hack devices just by Googling the password to log in. Because Google is fantastic at indexing everything connected to the internet, it's possible to find files that are exposed accidentally and contain critical information for anyone to see.

The advanced application of Google search operators is Google Dorking — using search operators to hunt for specific vulnerable devices through targeted search strings. If we assume that Google has indexed most devices accidentally exposed to the internet, we can use the text we know appears in their login or administrative pages to find them.

What Kinds of Things Do Dorks Connect to the Internet?

You would be amazed. Everything from the pool controller of Yachts in the ocean to configuration interfaces for critical systems is connected to the internet by well-meaning people with the assumption that no one will ever find them.

So how could this happen to you? Imagine getting a new security camera that provides the ability to watch it on your phone whenever you want. You set it up, connect it to your Wi-Fi, and download an app that asks for you to sign in. After that, you can access your camera from anywhere!

What's going on in the background isn't so simple. The camera calls a Chinese server and streams video in real-time, allowing you to log in by accessing the video feed hosted on the server in China from your phone. That server may require no password to access the feed from your webcam, making your camera accessible to anyone who searches for text contained in the viewing page of ..