We use little-known Google features to find hidden things. How to use the Google Chrome search engine Search for news for a specific location
In this lesson we will look at searching by photo using the Google Images service. Let's learn how to search by keywords, by a photo from a computer or phone, or an image on a website.
By keywords
1 . Open the website images.google.ru. In the search bar we type what we want to find and press the Enter key on the keyboard.
2. Photos and drawings found by request will appear. We go lower using the wheel on the mouse or the slider on the right side.
3. To see the image in normal (large) size, left-click on it. As a result, it increases.
4 . To download it, right-click inside and select “Save picture as...” or a similar item from the list. A small window will appear in which we select a suitable location on the computer for this photo and click the “Save” button.
From a picture from your computer
How it works. You add a photo or drawing from your computer to the service, and Google finds copies of it, as well as similar images, on the Internet.
When needed. For example, to find out who exactly is shown in the picture or to find similar photographs. And also to find the same photo, but in a larger size.
This method also helps to recognize a fraudster. For example, when meeting someone on a social network, you can check whether the photo really belongs to this person.
Method 1
- Go to images.google.ru
- Open the folder on your computer where the photo is. For convenience, we make the window smaller (not full screen).
- Left-click on the file and, without releasing it, drag it into the search window.
The image is added and the results are shown immediately. There will be duplicates of the photo (if they are on the Internet), as well as pages where it appears, and similar images. In general, different information about this file.
Method 2
If you can’t drag the photo into the window, you can add it there in another way:
1 . Open the website images.google.ru
2. Click on the camera icon at the end of the search line.
3. In the window, select the “Upload file” tab and click on the “Select file” button.
4 . A small window will open, through which we find and open the desired image from our computer (to do this, simply double-click on it with the left mouse button).
From a photo from a website or social network
It happens that you need to find an image not from your computer, but from some site. For example, from news on the Internet or from a page on a social network. Of course, you can first save it to your computer and then add it to Google. But there is an easier option.
1 . Expanding the image. To do this, move the cursor over it and, if its appearance has changed to a hand with an outstretched finger, click once with the left mouse button.
2. Right-click on it (inside) and select “Copy image URL” or “Copy image address” from the list.
History of creation
The Google search engine was created as an educational project by Stanford University students Larry Page and Sergey Brin. They worked on the BackRub search engine in 1995, and in 1998, based on it, they created the Google search engine.
Website indexing
Ranking algorithm
The Keywords meta tag is not taken into account when ranking sites.
PageRank
Google uses an algorithm to calculate the authority of a page, PageRank. PageRank is one of the auxiliary factors in ranking sites in search results. PageRank is not the only, but very important way to determine the position of a site in Google search results. Google uses the PageRank of pages found for a query to determine the order in which those pages appear in search results to a visitor.
Search queries
Query syntax
Google's interface contains a fairly complex query language that allows you to limit your search to specific domains, languages, file types, etc. For example, searching for "intitle:Google site:wikipedia.org" will return all Wikipedia articles in all languages that have the word in the title Google.
Search found
For some search results, Google provides a repeat search field that allows the user to find what they are looking for within a specific website. This idea came from the way users used search. According to software engineer Ben Lee and product manager Jack Menzel, "teleporting" on the web is what helps Google users complete their searches. Google has taken this concept a step further, and instead of simply “teleporting,” which means users only need to type part of the website name into Google to find the site they want (they don’t have to remember the entire address), users can enter keywords to search within the selected site. It turned out that users often have a hard time finding what they are looking for inside a corporate website.
Although this search tool is new to users, it has caused controversy among some publishers and distributors. Google search results pages display paid (pay per click) advertisements from competing companies that base their advertisements on brands. "While the service could help increase traffic, some users are being 'leaked' as Google uses brand recognition to sell advertisements, usually to rival companies." To smooth out this conflict, Google proposed disabling this feature for companies who wish to do so.
Notes
see also
Links
| Google Inc. | |
|---|---|
| Advertising | |
| Communications | |
| BY | |
| Platforms | |
| Under development tools |
|
| Publication | |
| Search(PageRank, manuals) |
|
| see also | |
Wikimedia Foundation. 2010.
Guys, we put our soul into the site. Thank you for that
that you are discovering this beauty. Thanks for the inspiration and goosebumps.
Join us on Facebook And In contact with
In the era of digital technology and high-speed Internet, you can find out any information. In a few minutes we find recipes for a delicious pie or get acquainted with the theory of wave-particle duality.
But often the necessary information has to be sifted out bit by bit and spend more than one hour on it. website I have collected for you the most effective methods that will help you find precious materials in a couple of clicks.
1. Either one or the other
Sometimes we are not exactly sure that we remembered or heard the right information correctly. No problem! Just enter several suitable options using the “|” icon. or English "or", and then select the appropriate result.
2. Search by synonym
As you know, the great and mighty Russian language is rich in synonyms. And sometimes this is not at all beneficial. If you need to quickly find sites on a given topic, and not just a specific phrase, use the "~" symbol.
For example, the results of the query “healthy food” will help you learn the principles of healthy eating, introduce you to healthy recipes and products, and also suggest visiting healthy restaurants.
3. Search within the site
4. Star power
When an insidious memory fails us and hopelessly loses words or numbers from a phrase, the “*” icon comes to the rescue. Just put it in place of the forgotten fragment and get the desired results.
5. Lots of missing words
But if not just one word, but half a phrase has been lost from memory, try writing the first and last word, and between them - AROUND (the approximate number of missing words). For example, like this: “I didn’t really love you AROUND(7).”
6. Time frame
Sometimes we desperately need to get acquainted with the events that occurred in a certain period of time. To do this, we add a time frame to the main phrase, written through an ellipsis. For example, we want to know what scientific discoveries were made between 1900 and 2000.
Obtaining private data does not always mean hacking - sometimes it is published publicly. Knowledge of Google settings and a little ingenuity will allow you to find a lot of interesting things - from credit card numbers to FBI documents.
WARNING
All information is provided for informational purposes only. Neither the editors nor the author are responsible for any possible harm caused by the materials of this article.Today, everything is connected to the Internet, with little concern for restricting access. Therefore, many private data become the prey of search engines. Spider robots are no longer limited to web pages, but index all content available on the Internet and constantly add non-public information to their databases. Finding out these secrets is easy - you just need to know how to ask about them.
Looking for files
In capable hands, Google will quickly find everything that is not found on the Internet, for example, personal information and files for official use. They are often hidden like a key under a rug: there are no real access restrictions, the data simply lies on the back of the site, where no links lead. The standard Google web interface provides only basic advanced search settings, but even these will be sufficient.
You can limit your Google search to a specific type of file using two operators: filetype and ext . The first specifies the format that the search engine determined from the file title, the second specifies the file extension, regardless of its internal content. When searching in both cases, you only need to specify the extension. Initially, the ext operator was convenient to use in cases where the file did not have specific format characteristics (for example, to search for ini and cfg configuration files, which could contain anything). Now Google's algorithms have changed, and there is no visible difference between operators - in most cases the results are the same.
Filtering the results
By default, Google searches for words and, in general, any entered characters in all files on indexed pages. You can limit the search area by top-level domain, a specific site, or by the location of the search sequence in the files themselves. For the first two options, use the site operator, followed by the name of the domain or selected site. In the third case, a whole set of operators allows you to search for information in service fields and metadata. For example, allinurl will find the given one in the body of the links themselves, allinanchor - in the text equipped with the tag , allintitle - in page titles, allintext - in the body of pages.
For each operator there is a lightweight version with a shorter name (without the prefix all). The difference is that allinurl will find links with all words, and inurl will only find links with the first of them. The second and subsequent words from the query can appear anywhere on web pages. The inurl operator also differs from another operator with a similar meaning - site. The first also allows you to find any sequence of characters in a link to the searched document (for example, /cgi-bin/), which is widely used to find components with known vulnerabilities.
Let's try it in practice. We take the allintext filter and make the request produce a list of numbers and verification codes of credit cards that will expire only in two years (or when their owners get tired of feeding everyone).
Allintext: card number expiration date /2017 cvv 
When you read in the news that a young hacker “hacked into the servers” of the Pentagon or NASA, stealing classified information, in most cases we are talking about just such a basic technique of using Google. Suppose we are interested in a list of NASA employees and their contact information. Surely such a list is available in electronic form. For convenience or due to oversight, it may also be on the organization’s website itself. It is logical that in this case there will be no links to it, since it is intended for internal use. What words can be in such a file? At a minimum - the “address” field. Testing all these assumptions is easy.
Inurl:nasa.gov filetype:xlsx "address"
We use bureaucracy
Finds like this are a nice touch. A truly solid catch is provided by a more detailed knowledge of Google's operators for webmasters, the Network itself, and the peculiarities of the structure of what is being sought. Knowing the details, you can easily filter the results and refine the properties of the necessary files in order to get truly valuable data in the rest. It's funny that bureaucracy comes to the rescue here. It produces standard formulations that are convenient for searching for secret information accidentally leaked onto the Internet.
For example, the Distribution statement stamp, required by the US Department of Defense, means standardized restrictions on the distribution of a document. The letter A denotes public releases in which there is nothing secret; B - intended only for internal use, C - strictly confidential, and so on until F. The letter X stands out separately, which marks particularly valuable information representing a state secret of the highest level. Let those who are supposed to do this on duty search for such documents, and we will limit ourselves to files with the letter C. According to DoDI directive 5230.24, this marking is assigned to documents containing a description of critical technologies that fall under export control. You can find such carefully protected information on sites in the top-level domain.mil, allocated for the US Army.
"DISTRIBUTION STATEMENT C" inurl:navy.mil 
It is very convenient that the .mil domain contains only sites from the US Department of Defense and its contract organizations. Search results with a domain restriction are exceptionally clean, and the titles speak for themselves. Searching for Russian secrets in this way is practically useless: chaos reigns in domains.ru and.rf, and the names of many weapons systems sound like botanical ones (PP “Kiparis”, self-propelled guns “Akatsia”) or even fabulous (TOS “Buratino”).
By carefully studying any document from a site in the .mil domain, you can see other markers to refine your search. For example, a reference to the export restrictions “Sec 2751”, which is also convenient for searching for interesting technical information. From time to time it is removed from official sites where it once appeared, so if you cannot follow an interesting link in the search results, use Google’s cache (cache operator) or the Internet Archive site.
Climbing into the clouds
In addition to accidentally declassified government documents, links to personal files from Dropbox and other data storage services that create “private” links to publicly published data occasionally pop up in Google's cache. It’s even worse with alternative and homemade services. For example, the following query finds data for all Verizon customers who have an FTP server installed and actively using their router.
Allinurl:ftp:// verizon.net
There are now more than forty thousand such smart people, and in the spring of 2015 there were many more of them. Instead of Verizon.net, you can substitute the name of any well-known provider, and the more famous it is, the larger the catch can be. Through the built-in FTP server, you can see files on an external storage device connected to the router. Usually this is a NAS for remote work, a personal cloud, or some kind of peer-to-peer file downloading. All contents of such media are indexed by Google and other search engines, so you can access files stored on external drives via a direct link.
Looking at the configs
Before the widespread migration to the cloud, simple FTP servers ruled as remote storage, which also had a lot of vulnerabilities. Many of them are still relevant today. For example, the popular WS_FTP Professional program stores configuration data, user accounts and passwords in the ws_ftp.ini file. It is easy to find and read, since all records are saved in text format, and passwords are encrypted with the Triple DES algorithm after minimal obfuscation. In most versions, simply discarding the first byte is sufficient.
It is easy to decrypt such passwords using the WS_FTP Password Decryptor utility or a free web service.
When talking about hacking an arbitrary website, they usually mean obtaining a password from logs and backups of configuration files of CMS or e-commerce applications. If you know their typical structure, you can easily indicate the keywords. Lines like those found in ws_ftp.ini are extremely common. For example, in Drupal and PrestaShop there is always a user identifier (UID) and a corresponding password (pwd), and all information is stored in files with the .inc extension. You can search for them as follows:
"pwd=" "UID=" ext:inc
Revealing DBMS passwords
In the configuration files of SQL servers, user names and email addresses are stored in clear text, and their MD5 hashes are written instead of passwords. Strictly speaking, it is impossible to decrypt them, but you can find a match among the known hash-password pairs.
There are still DBMSs that do not even use password hashing. The configuration files of any of them can simply be viewed in the browser.
Intext:DB_PASSWORD filetype:env 
With the advent of Windows servers, the place of configuration files was partially taken by the registry. You can search through its branches in exactly the same way, using reg as the file type. For example, like this:
Filetype:reg HKEY_CURRENT_USER "Password"= 
Let's not forget the obvious
Sometimes it is possible to get to classified information using data that was accidentally opened and came to the attention of Google. The ideal option is to find a list of passwords in some common format. Only desperate people can store account information in a text file, Word document or Excel spreadsheet, but there is always enough of them.
Filetype:xls inurl:password 
On the one hand, there are a lot of means to prevent such incidents. It is necessary to specify adequate access rights in htaccess, patch the CMS, not use left-handed scripts and close other holes. There is also a file with a list of robots.txt exceptions that prohibits search engines from indexing the files and directories specified in it. On the other hand, if the structure of robots.txt on some server differs from the standard one, then it immediately becomes clear what they are trying to hide on it.
The list of directories and files on any site is preceded by the standard index of. Since for service purposes it must appear in the title, it makes sense to limit its search to the intitle operator. Interesting things are in the /admin/, /personal/, /etc/ and even /secret/ directories.
Stay tuned for updates
Relevance is extremely important here: old vulnerabilities are closed very slowly, but Google and its search results are constantly changing. There is even a difference between a “last second” filter (&tbs=qdr:s at the end of the request URL) and a “real time” filter (&tbs=qdr:1).
The time interval of the date of the last update of the file is also indicated implicitly by Google. Through the graphical web interface, you can select one of the standard periods (hour, day, week, etc.) or set a date range, but this method is not suitable for automation.
From the look of the address bar, you can only guess about a way to limit the output of results using the &tbs=qdr: construction. The letter y after it sets the limit of one year (&tbs=qdr:y), m shows the results for the last month, w - for the week, d - for the past day, h - for the last hour, n - for the minute, and s - for give me a sec. The most recent results that Google has just made known are found using the filter &tbs=qdr:1 .
If you need to write a clever script, it will be useful to know that the date range is set in Google in Julian format using the daterange operator. For example, this is how you can find a list of PDF documents with the word confidential, downloaded from January 1 to July 1, 2015.
Confidential filetype:pdf daterange:2457024-2457205
The range is indicated in Julian date format without taking into account the fractional part. Translating them manually from the Gregorian calendar is inconvenient. It's easier to use a date converter.
Targeting and filtering again
In addition to specifying additional operators in the search query, they can be sent directly in the body of the link. For example, the filetype:pdf specification corresponds to the construction as_filetype=pdf . This makes it convenient to ask any clarifications. Let's say that the output of results only from the Republic of Honduras is specified by adding the construction cr=countryHN to the search URL, and only from the city of Bobruisk - gcs=Bobruisk. You can find a complete list in the developer section.
Google's automation tools are designed to make life easier, but they often add problems. For example, the user’s city is determined by the user’s IP through WHOIS. Based on this information, Google not only balances the load between servers, but also changes the search results. Depending on the region, for the same request, different results will appear on the first page, and some of them may be completely hidden. The two-letter code after the gl=country directive will help you feel like a cosmopolitan and search for information from any country. For example, the code of the Netherlands is NL, but the Vatican and North Korea do not have their own code in Google.
Often, search results end up cluttered even after using several advanced filters. In this case, it is easy to clarify the request by adding several exception words to it (a minus sign is placed in front of each of them). For example, banking, names and tutorial are often used with the word Personal. Therefore, cleaner search results will be shown not by a textbook example of a query, but by a refined one:
Intitle:"Index of /Personal/" -names -tutorial -banking
One last example
A sophisticated hacker is distinguished by the fact that he provides himself with everything he needs on his own. For example, VPN is a convenient thing, but either expensive, or temporary and with restrictions. Signing up for a subscription for yourself is too expensive. It's good that there are group subscriptions, and with the help of Google it's easy to become part of a group. To do this, just find the Cisco VPN configuration file, which has a rather non-standard PCF extension and a recognizable path: Program Files\Cisco Systems\VPN Client\Profiles. One request and you join, for example, the friendly team of the University of Bonn.
Filetype:pcf vpn OR Group 
INFO
Google finds password configuration files, but many of them are encrypted or replaced with hashes. If you see strings of a fixed length, then immediately look for a decryption service.Passwords are stored encrypted, but Maurice Massard has already written a program to decrypt them and provides it for free through thecampusgeeks.com.
Google runs hundreds of different types of attacks and penetration tests. There are many options, affecting popular programs, major database formats, numerous vulnerabilities of PHP, clouds, and so on. Knowing exactly what you're looking for will make it much easier to find the information you need (especially information you didn't intend to make public). Shodan is not the only one that feeds with interesting ideas, but every database of indexed network resources!