Thursday, 3 October 2013

HOW TO GET SOMEONE PASSWORD

Google is a treasure trove full of important information, especially for the underground world. This Potential fact can also be utilized in the data for the username and password stored on a server.

If the administrator save important data not in the complete system authentication folder, then most likely be reached by the google search engine. If data is successfully steal in by the unauthorized person, then the will be in misuse.

Here, some google search syntax to crawl the password:

1. "Login: *" "password =*" filetype: xls (searching data command to the system files that are stored in Microsoft Excel)

2. allinurl: auth_user_file.txt (to find files auth_user_file.txt containing password on server).

3. filetype: xls inurl: "password.xls" (looking for username and password in ms excel format). This command can change with admin.xls)

4. intitle: login password (get link to the login page with the login words on the title and password words anywhere. If you want to the query index more pages, type allintitle)

5. intitle: "Index of" master.passwd (index the master password page)

6. index of / backup (will search the index backup file on server)

7. intitle: index.of people.lst (will find web pages that contain user list).

8. intitle: index.of passwd.bak ( will search the index backup password files)

9. intitle: "Index of" pwd.db (searching database password files).

10. intitle: "Index of .. etc" passwd (this command will index the password sequence page).

11. index.of passlist.txt (will load the page containing password list in the clear text format).

12. index.of.secret (google will bring on the page contains confidential document). This syntax also changed with government query site: gov to search for government secret files, including password data) or use syntax: index.of.private

13. filetype: xls username password email (will find spreadsheets filese containing a list of username and password).

14. "# PhpMyAdmin MySQL-Dump" filetype: txt (will index the page containing sensitive data administration that build with php)

15. inurl: ipsec.secrets-history-bugs (contains confidential data that have only by the super user). or order with inurl: ipsec.secrets "holds shared secrets"

16. inurl: ipsec.conf-intitle: manpage (useful to find files containing important data for hacking)

17. inurl: "wvdial.conf" intext: "password" (display the dialup connection that contain phone number, username and password)

18. inurl: "user.xls" intext: "password" (showing url that save username and passwords in spread sheet files)

19. filetype: ldb admin (web server will look for the store password in a database that dos not delete by googledork)

20.inurl: search / admin.php (will look for php web page for admin login). If you are lucky, you will find admin configuration page to create a new user.

21. inurl: password.log filetype:log (this keyword is to search for log files in a specific url)

22. filetype: reg HKEY_CURRENT_USER username (this keyword used to look for reg files (registyry) to the path HCU (Hkey_Current_User))

Here, some of the other syntax google that we need to look for confidential data :

"Http://username: password @ www ..." filetype: bak inurl: "htaccess | passwd | shadow | ht users"
(this command is to take the user names and passwords for backup files)

filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdb files (this command is to take the password information)

filetype:ini ws_ftp pwd (searching admin password with ws_ftp.ini file)

intitle: "Index of" pwd.db (searching the encrypted usernames and passwords)

inurl:admin inurl:backup intitle:index.of (searching directories whose names contain the words admin and backup)

“Index of/” “Parent Directory” “WS _ FTP.ini” filetype:ini WS _ FTP PWD (WS_FTP configuration files is to take FTP server access passwords)

ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-” (there is Microsoft FrontPage passwords)

filetype: sql ( "passwd values ****" |" password values ****" | "pass values ****") searching a SQL code and passwords stored in the database)

intitle:index.of trillian.ini (configuration files for the Trillian IM)

eggdrop filetype:user (user configuration files for the Eggdrop ircbot)

filetype:conf slapd.conf (configuration files for OpenLDAP)

inurl:”wvdial.conf” intext:”password” (configuration files for WV Dial)

ext:ini eudora.ini (configuration files for the Eudora mail client)

filetype: mdb inurl: users.mdb (potentially to take user account information with Microsoft Access files)

intext:”powered by Web Wiz Journal” (websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file – just enter http:///journal/journal.mdb instead of the default http:///journal/)

“Powered by DUclassified” -site:duware.com "Powered by DUclassified"-site: duware.com
“Powered by DUcalendar” -site:duware.com "Powered by DUcalendar"-site: duware.com
“Powered by DUdirectory” -site:duware.com "Powered by DUdirectory"-site: duware.com
“Powered by DUclassmate” -site:duware.com "Powered by DUclassmate"-site: duware.com
“Powered by DUdownload” -site:duware.com "Powered by DUdownload"-site: duware.com
“Powered by DUpaypal” -site:duware.com "Powered by DUpaypal"-site: duware.com
“Powered by DUforum” -site:duware.com "Powered by DUforum"-site: duware.com
intitle:dupics inurl:(add.asp | default.asp |view.asp | voting.asp) -site:duware.com (websites that use DUclassified, DUcalendar, DUdirectory, DUclassmate, DUdownload, DUpaypal, DUforum or DUpics applications, by default allows us to retrieve passwords file)

To DUclassified, just visit http:///duClassified/ _private / duclassified.mdb
or http:///duClassified/ or http:///duClassified/

intext: "BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board" (Bitboard2 use the website bulletin board, the default settings make it possible to retrieve the passwords files to be obtained with the ways http:///forum/admin/data _ passwd.dat
or http:///forum/forum.php) or http:///forum/forum.php)

Searching for specific documents :

filetype: xls inurl: "email.xls" (potentially to take the information contact)

“phone * * *” “address *” “e-mail” intitle:”curriculum vitae”
CVs "not for distribution" (confidential documents containing the confidential clause
buddylist.blt)

AIM contacts list AIM contacts list

intitle:index.of mystuff.xml intitle: index.of mystuff.xml

Trillian IM contacts list Trillian IM contacts list

filetype:ctt “msn” filetype: Note "msn"

MSN contacts list MSN contacts list

filetype:QDF (QDF database files for the Quicken financial application)

intitle: index.of finances.xls (finances.xls files, potentially to take information on bank accounts, financial Summaries and credit card numbers)

intitle: "Index Of"-inurl: maillog (potentially to retrieve e-mail account)

Our Partner Site:

Visit https://www.faadoocoupons.com

Saturday, 28 September 2013

View or Hack Unprotected Live Cameras Using Google

21:13 Posted by Nakib Momin
Labels: GOOGLE TRICKS, HACKING

In this tutorial i will teach you to hack or view unprotected cam using a simple google trick. Using this trick you can see live view of streets in china or america. Inner view of some office and lot more. Lets dive into it.

How To View Unprotected Cam ?

1. Go to Google and search for "inurl:view/view.shtml" (without quote).

2. Now open any of the link from the search result and enjoy.
3. Below is the list of google dork you can use to see more cams.

List Of Google Dork

inurl:/view.shtml
intitle:”Live View / - AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
intitle:start inurl:cgistart
intitle:”live view” intitle:axis
liveapplet
intitle:snc-z20 inurl:home/
intitle:liveapplet
intitle:”i-Catcher Console - Web Monitor”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″
inurl:indexFrame.shtml Axis
intitle:”Live View / - AXIS 206M”
inurl:”MultiCameraFrame?Mode=Motion”
allintitle:”Network Camera NetworkCamera”
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu”
intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:”netcam live image”
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login

- See more at: http://www.coolhackingtrick.com/2011/11/see-unprotected-cam-using-google.html#sthash.SogbfUXx.dpuf

BOOTABLE USB/FLASH DRIVE|MAKE BOOTABLE PEN DRIVE

MAKE BOOTABLE PEN DRIVE|BOOT FROM USB DRIV

--::REQUIRED::--

***USB Flash Drive (Minimum 4GB)****Windows 7 or Vista installation files(the ISO file or DVD)*
--::PROCESS::--
Follow the below steps to create bootable Windows 7/Vista USB drive using which you can install Windows 7/Vista easily.
1. Plug-in your USB flash drive to USB port and move all the contents from USB drive to a safe location on your system.
2. Open Command Prompt with admin rights. Use any of the below methods to open Command Prompt with admin rights.
*Type cmd in Start menu search box and hit Ctrl+ Shift+ Enter.
Or
*Go to Start menu > All programs > Accessories, right click on Command Prompt and select Run as administrator.
3. You need to know about the USB drive a little bit. Type in the following commands in the command prompt:
First type DISKPART and hit enter to see the below message.
Next type LIST DISK command and note down the Disk number (ex: Disk 2 IN THE IMAGE) of your USB flash drive. In the below screenshot my Flash Drive Disk no is Disk 1.
4. Next type all the below commands one by one. Here I assume that your disk drive no is “Disk 2”.If you have Disk 2 as your USB flash drive then use Disk 2.Refer the above step to confirm it.
So below are the commands you need to type and execute one by one:
SELECT DISK 1
CLEAN
CREATE PARTITION PRIMARY
SELECT PARTITION 1
ACTIVE
FORMAT FS=NTFS(Format process may take few seconds)
ASSIGN
EXIT
Don’t close the command prompt as we need to execute one more command at the next step. Just minimize it.

5. Next insert your Windows7/Vista DVD into the optical drive and check the drive letter of the DVD drive. In this guide I will assume(in the picture) that your DVD drive letter is “J” and USB drive letter is “M” (open my computer to know about it).

6. Maximize the minimized Command Prompt in the 4th step.Type the following command now:
M: CD BOOT and hit enter.Where “J” is your DVD drive letter.
CD BOOT and hit enter to see the below message.
7. Type another command given below to update the USB drive with BOOTMGR compatible code.
BOOTSECT.EXE /NT60 J:

Where “J” is your USB drive letter. Once you enter the above command you will see the below message.
8. Copy your Windows 7/Vista DVD contents(INSIDE THE ISO) to the USB flash drive.

9. Your USB drive is ready to boot and install Windows 7/Vista. Only thing you need to change the boot priority at the BIOS to USB from the HDD or CD ROM drive. I won’t explain it as it’s just the matter the changing the boot priority or enabling the USB boot option in the BIOS.
Note: If you are not able to boot after following this guide means you haven’t set the BIOS priority to USB. If you got any problem in following this guide feel free to ask questions by leaving comment.

Our Partner Site:

Visit https://www.faadoocoupons.com

Request a new IP address from your ISP server

By this method now you can request for a new IP address from your ISP Server

Here's how to do it in windows:

1. Click On Start

2.Now go on run

3. In the run box type cmd.exe and then click OK

4. After the command prompt open- type the following codes in it-

ipconfig /flushdns

ipconfig /release

ipconfig /renew

exit

5. Last step is to delete your all cookies from browser and you are done

Immediately you will be assigned a new IP address when this happens. If you are on a fixed IP address, this method will not work. If this works for you, you may want to save the above commands into a batch file, and just run it when you need it

How to Hack Google Search

ts something you won’t find so easily. Have you ever wondered if you could Hack Google Search, well in this post we are exactly going to do the same.

I am using simple Javascript that I wrote. In my next post I would be providing the explaination for the same along with bookmarklets for the same. If you don’t know much about “What is a bookmarklet” and “what is the use of a bookmarklet” then you may google it.

Now back to topic, about the java scripts.. In this post I would be providing only 5 java scripts which you can use to download Songs , Ebooks , Images , Applications and Games. Though I have made scripts for many more things but right now I would be writing about the most commonly used ones.

NOTE:- To use the Javascript , Just copy the code and paste it in the address bar of your browser ( the same plzce where you enter the url of any site) and press Enter.

Its as simple as that.

Script 1 :- Download any Song

javascript:Qr=”;if(!Qr){void(Qr=prompt(‘http://learnhacking.in/’,'ENTER ARTIST OR SONG NAME:’,”))};if(Qr)location.href=’http://www.google.com/search?q=%22parent+directory%22+%22‘+escape(Qr)+’%22+mp3+OR+wma+OR+ogg+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N’

Script 2 :- Download any Ebook

javascript:Qr=”;if(!Qr){void(Qr=prompt(‘http://learnhacking.in/’,'Enter Author name OR Book name:’,”))};if(Qr)location.href=’http://www.google.com/search?q=%22parent+directory%22+%22‘+escape(Qr)+’%22+pdf+OR+rar+OR+zip+OR+lit+OR+djvu+OR+pdb+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N’

Script 3 ownload any Image

javascript:Qr=”;if(!Qr){void(Qr=prompt(‘http://learnhacking.in/’,'ENTER IMAGE NAME:’,”))};if(Qr)location.href=’http://www.google.com/search?q=%22parent+directory%22+%22‘+escape(Qr)+’%22+jpg+OR+png+OR+bmp+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N’

Script 4:- Download any Application

javascript:Qr=”;if(!Qr){void(Qr=prompt(‘http://learnhacking.in/’,'ENTER Application NAME:’,”))};if(Qr)location.href=’http://www.google.com/search?q=%22parent+directory%22+%22‘+escape(Qr)+’%22+exe+OR+rar+OR+zip+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N’

Script 5:- Download any Game

javascript:Qr=”;if(!Qr){void(Qr=prompt(‘http://learnhacking.in/‘,’ENTER GAME NAME:’,”))};if(Qr)location.href=’http://www.google.com/search?q=%22parent+directory%22+%22‘+escape(Qr)+’%22+exe+OR+iso+OR+rar+-html+-htm&num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=active&sa=N’

Well this is one cool script that will help you in your everyday life. Just enjoy and keep learning

Our Partner Site:

Visit https://www.faadoocoupons.com

Remove Write Protection On Any USB Device

Write Protection on any portable USB Device can be applied by the physical lock provided on the card adjuster or some times provided on the pen drives, so make sure to make your drive not write protected by moving the lock in right direction. But even after moving the physical lock for write protection the problem can happen due to some virus action. This happens when some virus or script which applies the registry hack to make any drive write protect when connected to the computer, In that case follow the procedure below to remove write protection from your pen drive.

1. Open Start Menu >> Run, type regedit and press Enter, this will open the registry editor.

2. Navigate to the following path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\StorageDevicePolicies

Note: If the registry key StorageDevicePolicies key does not exist, you will need to create it Download the batch file called add.bat by clicking below link, and double click after download the key will be automatically added to registry.   DOWNLOAD

3. Double click the key WriteProtect in the right pane and set the value to 0 in the Value Data Box and press OK button

4. Exit Registry, restart your computer and then again re-connect your USB pendrive on your computer.
That is it, done.

Our Partner Site:

Visit https://www.faadoocoupons.com

Hack Website using Local File Inclusion Vulnerability

Hello friends, after a short break m back with an interesting post on Web-Hacking. So today m gonna teach you one of the most dangerous vulnerability called "Local File Inclusion-(LFI)". OWASP Top 10 - A4 Insecure Direct Object References.

Local File Inclusion - (LFI)
Local File Inclusion (LFI) is a type of vulnerability most often found on websites. It allows an attacker to include a local file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.

In Simple words LFI Vulnerability allows an attacker to add any local file to Website Server through script. LFI is very dangerous vulnerability can lead to website Defacement, Command Execution, Creating more vulnerabilities, Website Defacement and Complete Database takeover. So let's learn LFI Today.

An attacker can do following things :

Open Redirects

Shell Upload

Website Defacement

Directory Travesal

Sensitive Data Leakage

Database Takeover

Creating Multiple Vulnerabilities

LFI Vulnerability Exploitation and Website Hacking : As you know guys our all post doesn't teach any kind of Black hat Hacking or Cyber Crime. We Always use Penetration testing lab to teach Pure Ethical Hacking tutorials with Complete Guide. So same we're using DVWA Penetration testing lab for this tutorial. If you don't have Vulnerable Website Always use Penetration testing lab.

Requirements :

DVWA Pentest Lab [Click to Created]

Little bit knowledge of HTTP and Networking

Understanding LFI Vulnerability :

Start DVWA and Click on [File Inclusion] - Security on [Low]

Click on Image to Enlarge it

Mostly in LFI Vulnerabilities URL looks little bit different and if you're experienced hacker, you'll understand that the Website is vulnerable to LFI. So look carefully in URL.

Okay let's just replace include.php with http://google.com/robots.txt

As I said LFI vulnerability can include any local file to web-pages,http://127.0.0.1/dvwa/vulnerabilities/fi/?page=http://google.com/robots.txt Enter

Now you'll see that google Robots.txt file will comes into DVWA Web-page. did you understand? that means the web-page is including any file and that is really very dangerous this can lead to Shell Upload and Command Execution so web server can be Hacked.

Click on Image to Enlarge it

An attacker can do many things with this vulnerability.

Now as you know if you can include any local file than how about to include some Source file on Web Server like password :D

Guess some file inclusion commands like : ../../etc/passwd but in DVWA this will work try it in URL ../../../../../etc/passwd

Click on Image to Enlarge it

Now try to include .html file : As m using my own Hackw0rm .html post like :
http://192.168.32.133/dvwa/vulnerabilities/fi/?page=http://hackw0rm.blogspot.in/2013/03/facebook-message-spoofing-trick-send.html

Click on Image to Enlarge it

#Cool, I hope you can understand how an attacker can include his own .php, .html or any other file to Hack Website Server.

Click on Image to Enlarge it

Okay! now just look into Source code on Web-Page to know why this vulnerability occurred : [Click on View Source]

Click on Image to Enlarge it

I hope you can understand that coding : Its simply easy - the code is $_GET['Page']without any type of filter or Protection. Simply it will add any type of file on web-pages? Now use some more evil mind : What if we'll create one Shell and include it in Web Server. So simply we can completely Deface Website and Get Database :D. well this is just study of Vulnerability in our upcoming post Part 2 of LFI will contain more advance methods and techniques of LFI Vulnerability exploitation.

Our Partner Site:

Visit https://www.faadoocoupons.com

How to compress 1 Gb data to 10 mb

Hey guyz this time i has brought something very interesting for you guyz. Many times ourhard disk runs out of space and we have to delete some data or the other for no reason. Even I used to face the problem sometime back in history and by doing some research on the topic, I actually found a working and an awesome way to save my hard disk space.

How effective is it?

Well by this method I converted NFS UNDERGROUND 2 which is somewhat around 2 Gb tb 21 Mb. And same is the case with everything important I wanted to save.

How did I do it?

You are just about to know… Read on.

I used a software named KGB Archiver.

About KGB archiver: KGB Archiver , an open source compression tool like 7zip and UHARC with an unbelievably high compression rate .It uses AES-256 encryption (one of the strongest encryptionknown for man) to encrypt archives . The disappointing thing with KGB Archiver is due to its high compression rate its minimum hardware requirement is high ( recommend processor with 1,5GHz clock and 256MB of RAM ) and compression and decompression process is time consuming.

Its strength: Very high compression power with very accurate results and no loss of data.

Its weeknss: Due to high compression , the time required to compress and decompress the file is high. High system requirement

From where can you download this software.?

Learn Hacking has already done that for you. Just click on the link given to Download KGB archiver for free.

Click Here to Download KGB Archiver for free.

I am sure you loved this post

Just enjoy and keep learning

Our Partner Site:

Visit https://www.faadoocoupons.com

Finding Serial Key Of Any Software Using Simple Google Trick

FINDING SERIAL KEY OF ANY SOFTWARE USING SIMPLE GOOGLE TRICK

Most of you download and use pirated software from torrents or any such other sites, but sometime it gets very difficult to find serial key of those softwares. I will make it easy for you by showing you simple yet very intersting google trick which will allow you to find serial key of any software very easily.

How To Find Serial Key Of Any Software ?

The key 94FBR is a part of Office 2000 Pro CD activation key that is widely distributed as it bypasses the activation requirements of Office 2000 Pro. By searching for 94fbr and the product name, you are guarantee that the pages that are returned are pages dealing specifically with the product you're wanting a serial for. Follow simple steps given below to learn this trick

1. Go to Google
2. Then type Software Name 94FBR

Replace Software Name with the name of software whose serial key you want to find
Eg: To find serial key of Nero i will type Nero 94fbr

3. Now press Enter and you will find serial key of software you are looking for as shown below.

Saturday, 24 August 2013

DEFACING A WEBSITE WITH HAVIJ TOOL

How to use Havij Tool to Hack and Deface a websites.

As per Request we are Posting Hacking Tool and how to use it. Firstly, if you haven’t downloaded Havij, I strongly recommend you do download before moving on with this tutorial. Click Download Button at the End of the tutorial and if you have not read Sql Injection Tutorial i suggest you also do that before moving ahead for your own good so Click Here To Read about It
=>NOW TO TODAY'S TUTORIAL

Step 1: Run Havij. Now copy paste the SQL Injection vulnerable website into TARGET and click the ANALYZE BUTTON .To find vulnerable sites Learn More

Step 2: Be patient while havij gets all the information about the website like Database Name, Server, Etc.

Step 3: Now, we need to get the table of the website. Now click on Tables and click on Get tables and exercise some patience to get the database tables .

After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure.

Now to the final stage, Click on 'get data' to get the password and username of admin.

Now you have the admin usernames and password. Simply take note of only the username.

The password you got is in Md5 format and cannot be used to login to the website directly. What we need to do is too simply click on the MD5 tab on havij and paste the password into the text field and click on start.