nerdexam
EC-Council

312-50V10 · Question #211

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Exam

The correct answer is C. Reconnaissance. Google hacking (Google Dorking) is a passive information-gathering technique used during the Reconnaissance phase to find exposed vulnerabilities without directly touching the target.

Footprinting and Reconnaissance

Question

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Example:

allintitle: root passwd

Options

  • AMaintaining Access
  • BGaining Access
  • CReconnaissance
  • DScanning and Enumeration

How the community answered

(23 responses)
  • A
    4% (1)
  • C
    91% (21)
  • D
    4% (1)

Why each option

Google hacking (Google Dorking) is a passive information-gathering technique used during the Reconnaissance phase to find exposed vulnerabilities without directly touching the target.

AMaintaining Access

Maintaining Access involves installing backdoors and persistence mechanisms after a system has already been compromised.

BGaining Access

Gaining Access involves actively exploiting a discovered vulnerability, which occurs after reconnaissance is complete.

CReconnaissanceCorrect

Reconnaissance is the pre-attack phase focused on collecting information about a target using passive means. Google Dorking uses advanced search operators such as allintitle:, inurl:, and filetype: to discover misconfigured servers, exposed files, and login pages indexed by search engines - all without sending a single packet to the target.

DScanning and Enumeration

Scanning and Enumeration involves active probing of the target network with tools like Nmap, not passive search engine queries.

Concept tested: Google Dorking as passive reconnaissance technique

Source: https://owasp.org/www-community/attacks/Web_Parameter_Tampering

Topics

#Google hacking#Google dorks#OSINT#passive reconnaissance

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice