Saturday, May 28, 2011

STEALING PASSWORD WITH GOOGLE HACK


Google is a treasure trove full of important information, especially for the underground world. This Potential fact can also be utilized in the data for the username and password stored on a server.



If the administrator save important data not in the complete system authentifikasi folder, then most likely be reached by the google search engine. If data is successfully steal in by the unauthorized person, then the will be in misuse.

Here, some google search syntax to crawl the password:

1. "Login: *" "password =*" filetype: xls (searching data command to the system files that are stored in Microsoft Excel)

2. allinurl: auth_user_file.txt (to find files auth_user_file.txt containing password on server).

3. filetype: xls inurl: "password.xls" (looking for username and password in ms excel format). This command can change with admin.xls)

4. intitle: login password (get link to the login page with the login words on the title and password words anywhere. If you want to the query index more pages, type allintitle)

5. intitle: "Index of" master.passwd (index the master password page)

6. index of / backup (will search the index backup file on server)

7. intitle: index.of people.lst (will find web pages that contain user list).

8. intitle: index.of passwd.bak ( will search the index backup password files)

9. intitle: "Index of" pwd.db (searching database password files).

10. intitle: "Index of .. etc" passwd (this command will index the password sequence page).

11. index.of passlist.txt (will load the page containing password list in the clear text format).

12. index.of.secret (google will bring on the page contains confidential document). This syntax also changed with government query site: gov to search for government secret files, including password data) or use syntax: index.of.private

13. filetype: xls username password email (will find spreadsheets filese containing a list of username and password).

14. "# PhpMyAdmin MySQL-Dump" filetype: txt (will index the page containing sensitive data administration that build with php)

15. inurl: ipsec.secrets-history-bugs (contains confidential data that have only by the super user). or order with inurl: ipsec.secrets "holds shared secrets"

16. inurl: ipsec.conf-intitle: manpage (useful to find files containing important data for hacking)

17. inurl: "wvdial.conf" intext: "password" (display the dialup connection that contain phone number, username and password)

18. inurl: "user.xls" intext: "password" (showing url that save username and passwords in spread sheet files)

19. filetype: ldb admin (web server will look for the store password in a database that dos not delete by googledork)

20.inurl: search / admin.php (will look for php web page for admin login). If you are lucky, you will find admin configuration page to create a new user.

21. inurl: password.log filetype:log (this keyword is to search for log files in a specific url)

22. filetype: reg HKEY_CURRENT_USER username (this keyword used to look for reg files (registyry) to the path HCU (Hkey_Current_User))


In fact, there are many more commands that google can crawl in use in the password. One who has the ability google reveals in this case is http://johnny.ihackstuff.com. For that, visit the web to add insight about the google ability.

Here, some of the other syntax google that we need to look for confidential data :

"Http://username: password @ www ..." filetype: bak inurl: "htaccess | passwd | shadow | ht users"
(this command is to take the user names and passwords for backup files)

filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdb files (this command is to take the password information)

filetype:ini ws_ftp pwd (searching admin password with ws_ftp.ini file)

intitle: "Index of" pwd.db (searching the encrypted usernames and passwords)

inurl:admin inurl:backup intitle:index.of (searching directories whose names contain the words admin and backup)

“Index of/” “Parent Directory” “WS _ FTP.ini” filetype:ini WS _ FTP PWD(WS_FTP configuration files is to take FTP server access passwords)

ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-” (there is Microsoft FrontPage passwords)

filetype: sql ( "passwd values ****" |" password values ****" | "pass values ****") searching a SQL code and passwords stored in the database)

intitle:index.of trillian.ini (configuration files for the Trillian IM)

eggdrop filetype:user (user configuration files for the Eggdrop ircbot)

filetype:conf slapd.conf (configuration files for OpenLDAP)

inurl:”wvdial.conf” intext:”password” (configuration files for WV Dial)

ext:ini eudora.ini (configuration files for the Eudora mail client)

filetype: mdb inurl: users.mdb (potentially to take user account information with Microsoft Access files)

intext:”powered by Web Wiz Journal” (websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file – just enter http:///journal/journal.mdb instead of the default http:///journal/)

“Powered by DUclassified” -site:duware.com "Powered by DUclassified"-site: duware.com
“Powered by DUcalendar” -site:duware.com "Powered by DUcalendar"-site: duware.com
“Powered by DUdirectory” -site:duware.com "Powered by DUdirectory"-site: duware.com
“Powered by DUclassmate” -site:duware.com "Powered by DUclassmate"-site: duware.com
“Powered by DUdownload” -site:duware.com "Powered by DUdownload"-site: duware.com
“Powered by DUpaypal” -site:duware.com "Powered by DUpaypal"-site: duware.com
“Powered by DUforum” -site:duware.com "Powered by DUforum"-site: duware.com 


intitle:dupics inurl:(add.asp | default.asp |view.asp | voting.asp) -site:duware.com (websites that use DUclassified, DUcalendar, DUdirectory, DUclassmate, DUdownload, DUpaypal, DUforum or DUpics applications, by default allows us to retrieve passwords file)

To DUclassified, just visit http:///duClassified/ _private / duclassified.mdb
or http:///duClassified/ or http:///duClassified/

intext: "BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board" (Bitboard2 use the website bulletin board, the default settings make it possible to retrieve the passwords files to be obtained with the ways http:///forum/admin/data _ passwd.dat
or http:///forum/forum.php) or http:///forum/forum.php)

Searching for specific documents :

filetype: xls inurl: "email.xls" (potentially to take the information contact)

“phone * * *” “address *” “e-mail” intitle:”curriculum vitae”
CVs "not for distribution"
 (confidential documents containing the confidential clause
buddylist.blt)

AIM contacts list AIM contacts list

intitle:index.of mystuff.xml intitle: index.of mystuff.xml

Trillian IM contacts list Trillian IM contacts list

filetype:ctt “msn” filetype: Note "msn"

MSN contacts list MSN contacts list

filetype:QDF
 (QDF database files for the Quicken financial application)

intitle: index.of finances.xls (finances.xls files, potentially to take information on bank accounts, financial Summaries and credit card numbers)

intitle: "Index Of"-inurl: maillog (potentially to retrieve e-mail account

Wednesday, May 25, 2011

FIND ADMIN PANEL OF ANY WEBSITE


hii all so today i'll share you my way to find Admin Panel Of Any website to show you how a hacker or any idiot :D can find admin panelfrom any website !
so first of all Go to Google and search this words : www.websitename.com/robots.txt
Robots.txt is a text  file which is  add by admin on the site to tell search robots which pages that admin would like them not to visit while.
so as you can see above , there are many secret pages are hidden from search engines .like :administrator,images,templates,tmp etc ...
so by typing www.websitename.com/administrator you will find the admin panel of that site !
now, let's see the 2nd way to find admin panel ,
so lets talk about cPanel , so cPanel is a graphical user interface to control the whole website.
to get into cpanel it's very Easy , just type www.websitename.com:2082
you can replace the port numbers after the ":"

Port 2082  Cpanel default port
Port 2083  Cpanel over SSL
Port 2086  Cpanel Webhost Manager (default)
Port 2087  Cpanel Webhost Manager (with https)
Port 2095  Cpanel Webmail
Port 2096  Cpanel secure webmail over SSL
okay, so now third way

download this admin finder tool From Here


so guys, these are my poor ways to what's your's share it . :)
and Enjoy .....

Monday, May 23, 2011

Top 5 Hack Tools for Hackers to Investigate Computer System

List of top 5 hack tools for hackers to Inverstigate or Forensic Computer system or PC:
1. Live View
2. Start up List
3. Open Files View
4. Wireshark
5. Helix 3

Working of above tools stepwise:
1. Live View
Live View is an open source utility that creates a virtual machine of the existing system. Live View creates a virtual disk out of the system that allows you to then safely investigate a copy of the system without interfering with anything installed. So you can easily investigate your system virtually without affecting the original system.
Now restart you PC for further investigations and tools to use.
You can download Live View for free here (Click here to download).

2. Start up List
Now you have a virtual copy of your system and now why you are waiting let's start investigating PC. So download the Start Up List (click here to download startup list).This is a great way to start the investigation of a system and determine what things might have potentially been put on the system to restart each time the system does. It will provide you the list of all programs that system use during the boot time. Great way to find the keyloggers and other remote montitoring tools as they are always added to start up. 
Now why i am saying this tool as you can directly do it using MSCONFIG command. Answer is as simple as question, msconfig only displays the list of programs that are attached to start up using registry keys. Normally what happens the viruses attach themself to some of the existing windows service so it will become difficult to identify its instances. Start up list displays all the back ground programs too. 

3. Open Files View
The next step in investigating your computer is to find or determine which other files, other than usual are open. In Linux we can directly do this using the ISOF command in the terminal but there is no similar command in windows. Ahhah now what will you do to investigate this.. Don't worry OpenFilesView is there(click here to download openfileview). Openfilesview is a Windows executable that lists all the files and processes that are active currently – both local and network based – on the system. So you can easily identify which unusual file is opened or which unusual process is running. Now how it helps, all keyloggers or remote administration tools always maintains a temporary file on which they write their logs or other details. Muahhhhhh... Now nothing is hidden from you. You can see each and everything and find out easily that which noob virus or keylogger is running on your system.

4. Wireshark
Mine favorite tool out of 5 tools. Now you have researched your system using above there tools, it time to investigate your network traffic. Several times it happens, when you install some software you doubt that it is sending your personal data or information to someone else. Wireshark is a tool that monitors your network packets and analyse them where its sending data. Now how its helpful for you, Most trojans and keyloggers sends logs using network and upload them to FTP or send them to some email address. Using wireshark you can monitor what they are sending and even the username and password of FTP and email accounts on which it is sending. This is the most promising factor that makes to love wireshark more. So why waiting download the wireshark for free: (Click here to download Wireshark).

5. Helix 3
Now you all will be thinks we have done everything, investigating is done...:D but i am Destructive Mind. So few more things are striking my mind. What more i can investigate in the PC. Any guesses...
Damn.. i forgot i was teaching you.. 
Now how will you determine what the noob viruses has changed in your system, which files they have edited or attached their signatures to which of the programs and most important what they have edited or added. This you can do with the help of Helix 3. Helix 3, a newly updated version of the live Linux forensics tool, can be used to examine the disk safely to see what has been finally changed. So guys now how classy you think you have become. But sorry to inform you that its the first part of hacker's life and i guranttee 99.99% guys doesn't know these tools. Ahhh... If they know about these tools then they surely doesn't know how to use them and more important if they know that also they probably never used them as they are LAZY enough and leave everything on noob antiviruses.
(Click here to download helix3)  Its a 30 day trial version guys, as licensed version is for one system only and i can't share mine :D. But i can tell you some awesome tricks to use it as much as you want. For downloading evalation version again and again just register with new email ID and remove the previous version using WinXP manager which removes registry keys also.

One more suggestion about these noob antiviruses, they detect only those viruses and trojans that are in their database, if a new virus has come then you have to wait till next database upgrade for getting it detected.

Friday, May 20, 2011

Reveal Hidden Password Using Asterisk Key

It’s a good practice not to use the same password on everything. This is because if your ONLY password falls in the wrong hands, the next thing you know is you won’t be able to access anything at all. Imagine you loose access to your Hotmail, GMail, Yahoo, Windows Live Messenger, Yahoo Messenger, Google Talk, Internet Bank account and etc. a day! You’ll go crazy loosing all your contacts and you know someone is having a great time reading all your personal emails.

For me, I use different password for softwares/websites and most of it is saved on my laptop for easy access. Problem is, if you use too many different passwords, sometimes we tend to forget the password that we set for the software or website. If the password is saved, you can easily use a tool to show the password hidden under the asterisk *******

I am sure many of you remember “SnadBoy’s Revelation” but unfortunately it doesn’t support showing passwords hidden under asterisks in web pages. So I won’t be recommending this tool because I know a better one.

Asterisk Key shows passwords hidden under asterisks. It is able to instantly uncover hidden passwords on password dialog boxes and web pages. The setup is less than 500KB and it works perfectly.

Reveal hidden password in Google Talk (Software)

Recover Lost Password

 

Reveal hidden password in Internet Explorer (Web Page)

Reveal Lost Password

 

Both Google Talk and Internet Explorer is active. I then launch Asterisk Key and click the “Recover” button. Within a second, Asterisk Key shows the passwords hidden under asterisks.

Show asterisk password

Just a word of advice, please use this tool to recover your OWN password. If you get caught in using this tool to steal people’s password, you can get into serious trouble. Treat this tool as a useful recovery too instead of hacking tool.

Note: Asterisk Key doesn’t reveal password hidden under asterisk in Firefox browser.

Download Asterisk Key here.

Enjoy HaCkInG.....

Thursday, May 19, 2011

Batch File Programming Ebook




Batch File programming refers to a batch file which are essentially sequences of DOS commands and are stored in a text file with an extension of “.BAT”.
Usually batch files are used to do repeated tasks i.e To do a regular task you do not need to type in the commands over and over again, instead you can 

create a batch file which consists set of commands, So when you execute it it will do your task automatically!

Why Do You Need to learn Batch Programming ?
Yes every user will get to this question because they don't know the real power of Batch Coding and many of them think that its only a funny thing which can do a few notepad tricks....
You have to believe that Batch Coding is widely used by hackers for some attacks like DNS poisoning, Creating Viruses, service Disabler, Bombers, Extension Changer, Keylogger remapper etc.., So if you really want to become a specialist in security stuff get to the basic and learn Batch File Programming.

So what are you waiting for Just download it now for FREE!

Saturday, May 14, 2011

26 Underground Hacking Exploit Kits available for Download !





















List of Hacking Exploit Kits :

  • Unknow
  • Tor
  • Target-Exploit
  • Smart pack
  • RDS
  • My poly sploit
  • multisploit
  • mypack-009
  • mypack-091
  • mypack-086
  •  mypack-081
  • Mpack
  • Infector
  • Ice-pack-1
  • Ice-pack-2
  • Ice-pack-3
  • G-pack
  • Fire pack -1
  • Fire Pack -2
  • Fiesta -1
  • Fiesta -2
  • Cry 217
  • Armitage
  • Adpack -1
  • Adpack -2
  • 0x88


Download : http://www.multiupload.com/EFDCHHZ9ZD
Rar password : thn