The U.S. National Security Agency has published a 643-page document titled, “Untangling the Web: A Guide to Internet Research,” Wired reports.
The book offers advice on how to use search engines, the Internet Archive, and various online tools, but Wired points out that the most interesting chapter is titled, “Google Hacking”.
Google hacking is nothing new but this previously classified document was released to the public because of a request filed by a website called MuckRock, which charges fees to process public records for activists.
While nothing in the book is illegal, the chapters detail ways the average citizen can discover spreadsheets full of passwords in Russia just by typing random strings of characters into Google.
Wired explains further,
Misconfigured web servers “that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities — intitle: “index of” site:kr password.
Before you run off and start trying to become an amateur hacker, the author warns that users must be careful with handling Microsoft file types on the internet. “Never open a Microsoft file type on the internet,” the authors warn. “Instead, use one of the techniques described [in the book]” they write.