312-50V10 · Question #211
In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Exam
The correct answer is C. Reconnaissance. Google hacking (Google Dorking) is a passive information-gathering technique used during the Reconnaissance phase to find exposed vulnerabilities without directly touching the target.
Question
In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Example:
allintitle: root passwd
Options
- AMaintaining Access
- BGaining Access
- CReconnaissance
- DScanning and Enumeration
How the community answered
(23 responses)- A4% (1)
- C91% (21)
- D4% (1)
Why each option
Google hacking (Google Dorking) is a passive information-gathering technique used during the Reconnaissance phase to find exposed vulnerabilities without directly touching the target.
Maintaining Access involves installing backdoors and persistence mechanisms after a system has already been compromised.
Gaining Access involves actively exploiting a discovered vulnerability, which occurs after reconnaissance is complete.
Reconnaissance is the pre-attack phase focused on collecting information about a target using passive means. Google Dorking uses advanced search operators such as allintitle:, inurl:, and filetype: to discover misconfigured servers, exposed files, and login pages indexed by search engines - all without sending a single packet to the target.
Scanning and Enumeration involves active probing of the target network with tools like Nmap, not passive search engine queries.
Concept tested: Google Dorking as passive reconnaissance technique
Source: https://owasp.org/www-community/attacks/Web_Parameter_Tampering
Topics
Community Discussion
No community discussion yet for this question.