Search infinite security cameras on Google

 List Commands Cameras For Google Search

inurl:"ViewerFrame?Mode=
intitle:Axis 2400 video server
inurl:/view.shtml
intitle:"Live View / - AXIS" | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:"live view" intitle:axis
intitle:liveapplet
allintitle:"Network Camera NetworkCamera"
intitle:axis intitle:"video server"
intitle:liveapplet inurl:LvAppl
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS"
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210?
inurl:indexFrame.shtml Axis
inurl:"MultiCameraFrame?Mode=Motion"
intitle:start inurl:cgistart
intitle:"WJ-NT104 Main Page"
intext:"MOBOTIX M1? intext:"Open Menu"
intext:"MOBOTIX M10? intext:"Open Menu" wow
intext:"MOBOTIX D10? intext:"Open Menu"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-p1?
intitle:"sony network camera snc-m1?
site:.viewnetcam.com -www.viewnetcam.com
intitle:"Toshiba Network Camera" user login
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"
inurl:/view.shtml
intitle:”Live View / - AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console - Web Monitor”
allintitle: "Network Camera NetworkCamera" Network cameras
intitle:Axis 2400 video server Mostly security cameras, car parks, colleges, clubs, bars, etc.
intitle:axis intitle:"video server" Mostly security cameras, car parks, colleges, bars, ski slopes etc.<
intitle:"EvoCam" inurl:"webcam.html" Mostly European security cameras
intitle:"Live NetSnap Cam-Server feed" Network cameras, private and non private web cameras
intitle:"Live View / - AXIS" Mostly security cameras, car parks, colleges etc.
intitle:"LiveView / - AXIS" | inurl:view/view.shtml Mostly security cameras, car parks, colleges etc.
intitle:liveapplet Mostly security cameras, car parks, colleges, clubs, bars etc.
intitle:snc-cs3 inurl:home/ Mostly security cameras, swimming pools and more etc.
intitle:"snc-rz30 home" Mostly security cameras, shops, car parks
intitle:snc-z20 inurl:home/ Mostly security cameras, swimming pools and more etc.
intitle:"WJ-NT104 Main" Mostly security cameras, shops, car parks
inurl:LvAppl intitle:liveapplet Mostly security cameras, car parks, colleges etc.
inurl:indexFrame.shtml "Axis Video Server" Mostly security cameras, car parks, colleges etc.
inurl:lvappl A huge list of webcams around the world, mostly security cameras, car parks, colleges etc.
inurl:axis-cgi/jpg Mostly security cameras
inurl:indexFrame.shtml Axis Mostly security cameras, car parks, colleges etc.
inurl:"MultiCameraFrame?Mode=Motion" Mostly security cameras, pet shops, colleges etc.
inurl:/view.shtml Mostly security cameras, car parks, colleges etc.
inurl:/view/index.shtml Mostly security cameras, airports, car parks, back gardens, traffic cams etc.
inurl:viewerframe?mode= Network cameras, mostly private webcams etc.
inurl:"viewerframe?mode=motion" Network cameras
inurl:ViewerFrame?Mode=Refresh Mostly security cameras, parks, bird tables etc.

Other searches:

control/userimage.html
liveapplet
inurl:indexframe.shtml
inurl:"view/index.shtml"
inurl:"view/indexFrame.shtml"
inurl:view/view.shtml
inurl:/view/view.shtml?videos=
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Motion
inurl:ViewerFrame?Mode=Refresh
site:.viewnetcam.com -www.viewnetcam.com
/view/index.shtml

In Title:

intitle:"live view" intitle:axis
intitle:"EvoCam" inurl:"webcam.html"
intitle:"i-Catcher Console - Web Monitor"
intitle:"Live NetSnap Cam-Server feed"
allintitle:liveapplet
intitle:liveapplet
intitle:"netcam live image"
intitle:"snc-rz30 home"
intitle:"WJ-NT104 Main"

In URL:

inurl:axis-cgi/jpg
inurl:indexFrame.shtml Axis
inurl:indexFrame.shtml "Axis Video Server"
inurl:lvappl live webcams
inurl:LvAppl intitle:liveapplet
inurl:"MultiCameraFrame?Mode=Motion"
inurl:/view:shtml
inurl:/view/index.shtml
inurl:view/indexframe.shtml
inurl:view/view.shtml
viewerframe?mode=
inurl:"viewerframe?mode=motion"
inurl:ViewerFrame?Mode=Refresh
intitle:"Live NetSnap Cam-Server feed"
inurl:"MultiCameraFrame?Mode="
inurl:CgiStart?page=Single
inurl:indexFrame.shtml?newstyle=Quad
intitle:liveapplet inurl:LvAppl
inurl:video.cgi?resolution=
intitle:"Live View / - AXIS"
inurl:view/view.shtml
intitle:snc-rz30
intitle:"EvoCam" inurl:"webcam.html"
inurl:indexFrame.shtml Axis
inurl:" ViewerFrame?Mode= "
inurl:"MultiCameraFrame?Mode=Motion"
intitle:start inurl:cgistart
intext:"MOBOTIX M1" intext:"Open Menu"
intext:"MOBOTIX M10" intext:"Open Menu"
intext:"MOBOTIX D10" intext:"Open Menu"
intitle:"sony network camera snc-p1"
intitle:"Toshiba Network Camera" user login
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"
inurl:home/homeJ.html
intitle:"WJ-NT104 Main Page"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-m1"
inurl:/home/home
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210"
inurl:ViewerFrame?Mode=
inurl:MUltiCameraFrame:?Mode=
inurl:view/index.shtml
inurl:indexFrame.shtml Axis
inurl:"ViewerFrame?Mode="
intitle:snc-rz30 inurl:home/
inurl:/view/index.shtml
inurl:"ViewerFrame?Mode="
inurl:netw_tcp.shtml
intitle:"supervisioncam protocol"
inurl:CgiStart?page=Single
inurl:indexFrame.shtml?newstyle=Quad
intitle:liveapplet inurl:LvAppl
inurl:/showcam.php?camid
inurl:video.cgi?resolution=
inurl:image?cachebust=
intitle:"Live View / - AXIS"
inurl:view/view.shtml
intext:"MOBOTIX M1"
intext:"Open Menu"
intitle:snc-rz30
inurl:home/
inurl:"MultiCameraFrame?Mode="
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210"
inurl:indexFrame.shtml Axis
inurl:"ViewerFrame?Mode="
inurl:"MultiCameraFrame?Mode=Motion"
intitle:start inurl:cgistart
intitle:"WJ-NT104 Main Page"
intext:"MOBOTIX M1" intext:"Open Menu"
intext:"MOBOTIX M10" intext:"Open Menu"
intext:"MOBOTIX D10" intext:"Open Menu"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-p1"
intitle:"sony network camera snc-m1"
site:.viewnetcam.com -www.viewnetcam.com
intitle:"Toshiba Network Camera" user login
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"
inurl:/home/home
"Kamerainformationen anzeigen"
intitle:"AXIS 2100 Network Camera Axis 2100 Network Camera 2.02"
intitle:"Linksys Web Camera" "ver"
Copy/paste to google

Read More

Using Hydra to HACK any e-mail

Type hydra in kali terminal or in terminal in other linux operating systems whereever hydra is installed. After you enter hydra and click on enter, you can find information on how to use hydra. As per this post I will show you command to hack into any email.

hydra -l < mail address> -P -s < port > -S -v -V -t < number of tasks> < mailer server > smtp

Below are port numbers and server links.

Yahoo
Server SMTP.mail.Yahoo.com
Port 465


Gmail
Server smtp.Gmail.com
Port 465


Hotmail
Server smtp. Live.com
Port 587

Read More

Advanced way of searching in GOOGLE

Operator	How to Use It	Examples
* (Asterisk)	Add the asterisk as a placeholder for an unknown word or fact	Find quotes that start with "Life is like": Life is like a *
" (Quotation marks)	Look for an exact word or phrase by putting it in quotes	Find pages that talk about the book One Hundred Years of Solitude: "One Hundred Years of Solitude"
- (Hyphen)	Use a hyphen before a word or site to exclude it from your search results	Omit Wikipedia pages from search results: -site:wikipedia.org. Narrow results to the band R.E.M., not rapid eye movement: R.E.M. -sleep
.. (Two Periods)	Separate numbers with two periods without spaces to search for numbers within that range	Find phones that cost between $200 and $400: Android phone $200..$400. Find computer milestones that took place between 1950 and 2000: "computer milestones" 1950..2000
allintitle:	Use allintext:[search phrase] to find pages with all of those words in the title of the page	Show pages that have both "Apple" and "notebook" in the title: allintitle:Apple notebook
allintext:	Use allintext:[search phrase] to find pages with all of those words in the body of the page	Show pages that mention Roth, IRA, and investments in the body: allintext:Roth IRA investments
allinurl:	Use allinurl:[search phrase] to find pages with all of those words in the URL	Show pages that have both "Microsoft" and "Surface" in the URL: allinurl:Microsoft Surface
AROUND(n)	Add AROUND(n) between two search terms to find pages where those terms are written on the page in close proximity. The number you choose in place of n sets the maximum distance between the terms. This is useful for finding relationships between two search terms.	Find pages that mention Facebook and Microsoft in the same sentence or paragraph: Facebook AROUND(7) Microsoft
site:	Use site:[URL] to limit search results to a specific website	Find pages on Zapier that mention trello: site:zapier.com Trello
related:	Use related:[URL] to find sites similar to a specific website	Find websites similar to Zapier: related:zapier.com
filetype:	Use filetype:[suffix] to limit results to a certain file format, such as PDF or DOC.	Find keyboard shortcuts for Microsoft Office that are shared as PDF: filetype:pdf office keyboard shortcuts
intitle:	Use intitle:[search phrase] to search for pages that have at least one of your search words in the title	Show pages that have "Apple" or "notebook" or both in the title: intitle:Apple notebook
intext:	Use intext:[search phrase] to search for pages that have at least one of your search words in the body of the page	Show pages that mention Roth, IRA, and/or investments in the body: intext:Roth IRA investments
inurl:	Use inurl:[search phrase] to search for pages that have at least one of your search words in the URL	Show pages that mention Roth, IRA, and/or investments in the body: intext:Roth IRA investments
OR	Perform two search queries at the same time by separating your search terms with OR. This will find pages that might one of several words.	Search for pages that reference "Google Drive," "Dropbox," or "OneDrive": "Google Drive" OR Dropbox OR OneDrive

For example if we want to search some txt file or pdf in a website or relevant, we will type in google as

Within website with extension: inurl:"websitename.com" filetype:txt 

Relavent info with extension: intext:"passlist" filetype:txt

Read More

Listing of a number of useful Google dorks

Explanations:

cache: If you include other words in the query, Google will highlight those words within

 the cached document. For instance, [cache:www.google.com web] will show the cached

 content with the word “web” highlighted. This functionality is also accessible by

 clicking on the “Cached” link on Google’s main results page. The query [cache:] will

 show the version of the web page that Google has in its cache. For instance,

 [cache:www.google.com] will show Google’s cache of the Google homepage. Note there

 can be no space between the “cache:” and the web page url.

------------------------------------------------------------------------------------------

link: The query [link:] will list webpages that have links to the specified webpage.

 For instance, [link:www.google.com] will list webpages that have links pointing to the

 Google homepage. Note there can be no space between the “link:” and the web page url.

------------------------------------------------------------------------------------------

related: The query [related:] will list web pages that are “similar” to a specified web

 page. For instance, [related:www.google.com] will list web pages that are similar to

 the Google homepage. Note there can be no space between the “related:” and the web

 page url.

------------------------------------------------------------------------------------------

info: The query [info:] will present some information that Google has about that web

 page. For instance, [info:www.google.com] will show information about the Google

 homepage. Note there can be no space between the “info:” and the web page url.

------------------------------------------------------------------------------------------

define: The query [define:] will provide a definition of the words you enter after it,

 gathered from various online sources. The definition will be for the entire phrase

 entered (i.e., it will include all the words in the exact order you typed them).

------------------------------------------------------------------------------------------

stocks: If you begin a query with the [stocks:] operator, Google will treat the rest

 of the query terms as stock ticker symbols, and will link to a page showing stock

 information for those symbols. For instance, [stocks: intc yhoo] will show information

 about Intel and Yahoo. (Note you must type the ticker symbols, not the company name.)

------------------------------------------------------------------------------------------

site: If you include [site:] in your query, Google will restrict the results to those

 websites in the given domain. For instance, [help site:www.google.com] will find pages

 about help within www.google.com. [help site:com] will find pages about help within

 .com urls. Note there can be no space between the “site:” and the domain.

------------------------------------------------------------------------------------------

allintitle: If you start a query with [allintitle:], Google will restrict the results

 to those with all of the query words in the title. For instance,

 [allintitle: google search] will return only documents that have both “google”

 and “search” in the title.

------------------------------------------------------------------------------------------

intitle: If you include [intitle:] in your query, Google will restrict the results

 to documents containing that word in the title. For instance, [intitle:google search]

 will return documents that mention the word “google” in their title, and mention the

 word “search” anywhere in the document (title or no). Note there can be no space

 between the “intitle:” and the following word. Putting [intitle:] in front of every

 word in your query is equivalent to putting [allintitle:] at the front of your

 query: [intitle:google intitle:search] is the same as [allintitle: google search].

------------------------------------------------------------------------------------------

allinurl: If you start a query with [allinurl:], Google will restrict the results to

 those with all of the query words in the url. For instance, [allinurl: google search]

 will return only documents that have both “google” and “search” in the url. Note

 that [allinurl:] works on words, not url components. In particular, it ignores

 punctuation. Thus, [allinurl: foo/bar] will restrict the results to page with the

 words “foo” and “bar” in the url, but won’t require that they be separated by a

 slash within that url, that they be adjacent, or that they be in that particular

 word order. There is currently no way to enforce these constraints.

------------------------------------------------------------------------------------------

inurl: If you include [inurl:] in your query, Google will restrict the results to

 documents containing that word in the url. For instance, [inurl:google search] will

 return documents that mention the word “google” in their url, and mention the word

 “search” anywhere in the document (url or no). Note there can be no space between

 the “inurl:” and the following word. Putting “inurl:” in front of every word in your

 query is equivalent to putting “allinurl:” at the front of your query:

 [inurl:google inurl:search] is the same as [allinurl: google search].

------------------------------------------------------------------------------------------

Nina Simone intitle:”index.of” “parent directory” “size” “last modified” “description” I Put A Spell On You (mp4|mp3|avi|flac|aac|ape|ogg) -inurl:(jsp|php|html|aspx|htm|cf|shtml|lyrics-realm|mp3-collection) -site:.info

Bill Gates intitle:”index.of” “parent directory” “size” “last modified” “description” Microsoft (pdf|txt|epub|doc|docx) -inurl:(jsp|php|html|aspx|htm|cf|shtml|ebooks|ebook) -site:.info

parent directory /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

parent directory DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

parent directory Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

parent directory Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

parent directory MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

parent directory Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

filetype:config inurl:web.config inurl:ftp

“Windows XP Professional” 94FBR

ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential

ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential

ext:inc "pwd=" "UID="

ext:ini intext:env.ini

ext:ini Version=... password

ext:ini Version=4.0.0.4 password

ext:ini eudora.ini

ext:ini intext:env.ini

ext:log "Software: Microsoft Internet Information Services *.*"

ext:log "Software: Microsoft Internet Information

ext:log "Software: Microsoft Internet Information Services *.*"

ext:log \"Software: Microsoft Internet Information Services *.*\"

ext:mdb   inurl:*.mdb inurl:fpdb shop.mdb

ext:mdb inurl:*.mdb inurl:fpdb shop.mdb

ext:mdb inurl:*.mdb inurl:fpdb shop.mdb

filetype:SWF SWF

filetype:TXT TXT

filetype:XLS XLS

filetype:asp   DBQ=" * Server.MapPath("*.mdb")

filetype:asp "Custom Error Message" Category Source

filetype:asp + "[ODBC SQL"

filetype:asp DBQ=" * Server.MapPath("*.mdb")

filetype:asp DBQ=\" * Server.MapPath(\"*.mdb\") 

filetype:asp “Custom Error Message” Category Source

filetype:bak createobject sa

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

filetype:bak inurl:\"htaccess|passwd|shadow|htusers\" 

filetype:conf inurl:firewall -intitle:cvs 

filetype:conf inurl:proftpd. PROFTP FTP server configuration file reveals

filetype:dat "password.dat

filetype:dat \"password.dat\" 

filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To"

filetype:eml eml +intext:\"Subject\" +intext:\"From\" +intext:\"To\" 

filetype:eml eml +intext:”Subject” +intext:”From” +intext:”To”

filetype:inc dbconn 

filetype:inc intext:mysql_connect

filetype:inc mysql_connect OR mysql_pconnect 

filetype:log inurl:"password.log"

filetype:log username putty PUTTY SSH client logs can reveal usernames

filetype:log “PHP Parse error” | “PHP Warning” | “PHP Error”

filetype:mdb inurl:users.mdb

filetype:ora ora

filetype:ora tnsnames

filetype:pass pass intext:userid

filetype:pdf "Assessment Report" nessus

filetype:pem intext:private

filetype:properties inurl:db intext:password

filetype:pst inurl:"outlook.pst"

filetype:pst pst -from -to -date

filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"

filetype:reg reg +intext:\"defaultusername\" +intext:\"defaultpassword\" 

filetype:reg reg +intext:â? WINVNC3â?

filetype:reg reg +intext:”defaultusername” +intext:”defaultpassword”

filetype:reg reg HKEY_ Windows Registry exports can reveal

filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS

filetype:sql "insert into" (pass|passwd|password)

filetype:sql ("values * MD5" | "values * password" | "values * encrypt")

filetype:sql (\"passwd values\" | \"password values\" | \"pass values\" ) 

filetype:sql (\"values * MD\" | \"values * password\" | \"values * encrypt\") 

filetype:sql +"IDENTIFIED BY" -cvs

filetype:sql password

filetype:sql password 

filetype:sql “insert into” (pass|passwd|password)

filetype:url +inurl:"ftp://" +inurl:";@"

filetype:url +inurl:\"ftp://\" +inurl:\";@\" 

filetype:url +inurl:”ftp://” +inurl:”;@”

filetype:xls inurl:"email.xls"

filetype:xls username password email

index of: intext:Gallery in Configuration mode

index.of passlist

index.of perform.ini mIRC IRC ini file can list IRC usernames and

index.of.dcim 

index.of.password 

intext:" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)

intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"

intext:"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd

intext:"#mysql dump" filetype:sql

intext:"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3

intext:"A syntax error has occurred" filetype:ihtml

intext:"ASP.NET_SessionId" "data source="

intext:"About Mac OS Personal Web Sharing"

intext:"An illegal character has been found in the statement" -"previous message"

intext:"AutoCreate=TRUE password=*"

intext:"Can't connect to local" intitle:warning

intext:"Certificate Practice Statement" filetype:PDF | DOC

intext:"Certificate Practice Statement" inurl:(PDF | DOC)

intext:"Copyright (c) Tektronix, Inc." "printer status"

intext:"Copyright © Tektronix, Inc." "printer status"

intext:"Emergisoft web applications are a part of our"

intext:"Error Diagnostic Information" intitle:"Error Occurred While"

intext:"Error Message : Error loading required libraries."

intext:"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights-

intext:"Fatal error: Call to undefined function" -reply -the -next

intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu

intext:"Generated   by phpSystem"

intext:"Generated by phpSystem"

intext:"Host Vulnerability Summary Report"

intext:"HostingAccelerator" intitle:"login" +"Username" -"news" -demo

intext:"IMail Server Web Messaging" intitle:login

intext:"Incorrect syntax near"

intext:"Index of" /"chat/logs"

intext:"Index of /network" "last modified"

intext:"Index of /" +.htaccess

intext:"Index of /" +passwd

intext:"Index of /" +password.txt

intext:"Index of /admin"

intext:"Index of /backup"

intext:"Index of /mail"

intext:"Index of /password"

intext:"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log

intext:"Microsoft CRM : Unsupported Browser Version"

intext:"Microsoft ® Windows * ™ Version * DrWtsn32 Copyright ©" ext:log

intext:"Network Host Assessment Report" "Internet Scanner"

intext:"Network Vulnerability   Assessment Report"

intext:"Network Vulnerability Assessment Report"

intext:"Network Vulnerability Assessment Report" 本文来自 pc007.com

intext:"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near"

intext:"Thank you for your order"   +receipt

intext:"Thank you for your order" +receipt

intext:"Thank you for your purchase" +download

intext:"The following report contains confidential information" vulnerability -search

intext:"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the"

intext:"phpMyAdmin MySQL-Dump" filetype:txt

intext:"phpMyAdmin" "running on" inurl:"main.php"

intextpassword | passcode)   intextusername | userid | user) filetype:csv

intextpassword | passcode) intextusername | userid | user) filetype:csv

intitle:"index of" +myd size

intitle:"index of" etc/shadow

intitle:"index of" htpasswd

intitle:"index of" intext:connect.inc

intitle:"index of" intext:globals.inc

intitle:"index of" master.passwd

intitle:"index of" master.passwd 007电脑资讯

intitle:"index of" members OR accounts

intitle:"index of" mysql.conf OR mysql_config

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"index of" spwd

intitle:"index of" user_carts OR user_cart

intitle:"index.of *" admin news.asp configview.asp

intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com

intitle:(“TrackerCam Live Video”)|(“TrackerCam Application Login”)|(“Trackercam Remote”) -trackercam.com

inurl:admin inurl:userlist Generic userlist files

------------------------------------------------------------------------------------------

Using special search string to find vulnerable websites:

inurl:php?=id1

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:pageid=

inurl:games.php?id=

inurl:page.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num= andinurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:pageid=

inurl:games.php?id=

inurl:page.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num=

Read More

Dangerious Linux Kernel Vulnerability For ALL 2.4 & 2.6 Kernels

This is a serious bug, it effects all Kernel versions released since May 2001! That goes all the way back to the early 2.4 versions.
It’s also exploitable according to the report – This issue is easily exploitable for local privilege escalation. In order to exploit this, an attacker would create a mapping at address zero containing code to be executed with privileges of the kernel (which I would assume to be root).
At least it only allows local priveledge escalation, if was a remote root exploit in the kernel..it would be a disaster.
Imagine all the Linux boxes out there connected to the net where the admin doesn’t update or read security resources.

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.
The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn’t always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.
“Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit,” security researcher Julien Tinnes writes here. “An attacker can just put code in the first page that will get executed with kernel privileges.”

A patch has been released, so if you have untrusted local users on your system UPDATE YOUR KERNEL NOW!
This is the second time this year there has been a serious exploit in the Linux Kernel, which in a way is good because it means people are looking at it critically.
The more bugs that get exposed, the more secure the Kernel and our operating systems become.

Tinnes and fellow researcher Tavis Ormandy released proof-of-concept code that they said took just a few minutes to adapt from a previous exploit they had. They said all 2.4 and 2.6 version since May 2001 are affected.
Security researchers not involved in the discovery were still studying the advisory at time of writing, but at least one of them said it appeared at first blush to warrant an immediate action.
“This passes my it’s-not-crying-wolf test so far,” said Rodney Thayer, CTO of security research firm Secorix. “If I had some kind of enterprise-class Linux system like a Red Hat Enterprise Linux…I would really go check and see if this looked like it related, and if my vendor was on top of it and did I need to get a kernel patch.”

I wonder if any more major bugs will be disclosed before the end of the year? The less Kernel updates that need to be carried out the better in my books.
Full technical details of the bug can be found here:
Linux NULL pointer dereference due to incorrect proto_ops initializations

Read More

Cracking GSM phone crypto

If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.
Security researcher Karsten Nohl is launching an open-source, distributed computing project designed to crack the encryption used on GSM phones and compile it in to a code book that can be used to decode conversations and any data that gets sent to and from the phone.

Karsten Nohl talks about his distributed computing, open-source AE/1 cracking project at the Hacking at Random conference.

(Credit: Hacking at Random)

he hopes that by doing this it will spur cellular providers in to improving the security of their services and fix a weakness that has been around for 15 years and affects about 3 billion mobile users.
"We're not generating a vulnerability but publicizing a flaw that's already being exploited very widely," he said in a phone interview Monday.
"Clearly we are making the attack more practical and much cheaper, and of course there's a moral query of whether we should do that," he said. "But more importantly, we are informing (people) about a longstanding vulnerability and hopefully preventing more systems from adopting this."
This weakness in the encryption used on the phones, A5/1, has been known about for years. there's at least one commercial tools that permit for decrypting GSM communications that range in price from $100,000 to $250,000 depending on how fast you want the program to work, said Nohl, who previously has publicized weaknesses with wireless clever card chips used in transit systems.
It will take 80 high-performance computers about one months to do a brute force attack on A5/1 and generate a large look-up table that will serve as the code book, said Nohl, who announced the project at the Hacking at Random conference in the Netherlands 10 days ago.
Using the code book, anyone could get the encryption key for any GSM call, SMS message, or other communication encrypted with A5/1 and listen to the call or read the data in the clear. If 160 people donate their computing resources to the project, it should only take one and a half months to complete, he said.
Participants download the program and one months later we share the files created with others, by BitTorrent, for instance, Nohl said. "We have no connection to them," he added.
Once the look-up table is created it would be available for anyone to use.
Distributed computing, which has long been used for research and academic purposes, like SETI@home, and which companies have built businesses around, not only solves the technical hurdle to cracking the A5/1 code, but it could solve the legal ones .
A few years ago a similar GSM cracking project was embarked on but was halted before it was completed after researchers were intimidated, possibly by a cellular provider, Nohl said. By distributing the effort among participants and not having it centralized, the new effort will be less vulnerable to outside interference, he said.
Nohl wasn't certain of the legal ramifications of the project but said it's likely that using such a look-up table is illegal but possession is legal because of the companies that openly advertise their tables for sale.
A T-Mobile spokeswoman said the company had no comment on the matter.
AT&T spokesman Mark Siegel said, "We take strange care to protect the privacy of our customers and use a variety of tools, lots of technical and some human approaches. I can't go in to the details for security reasons." he declined to elaborate or comment further.
Taking precautions
Carriers should upgrade the encryption or move voice services to 3G, which has much stronger encryption, Nohl said.
In the meantime, people can use separate encryption products on the phone, like Cellcrypt, or handsets with their own encryption, Nohl said. Amnesty International and Greenpeace are using phones with stronger encryption, for example, but it only works if both parties to a conversation are using the same technology, he said.
For data encryption there is good Privacy (PGP) for e-mail and virtual private network (VPN) program for connecting to a corporate network, he said.
The encryption problem is serious for people doing online banking, where banks are using text messages as authentication tokens. Banks should instead offer RSA SecurID tokens or send one-time pass phrases through regular mail, Nohl said.
"I reckon, potentially, this could have as much impact as the breaking of WEP (Wired Equivalent Privacy) had a few years ago," said Stan Schatt, security practice director at ABI Research. "That shook up the industry a bit."
As a result of breaking that encryption, enterprises were reluctant to rely on wireless LANs so the Wi-Fi Alliance pushed through an interim standard that strengthened the encryption method, he said.
"Vendors will jump in with interim solutions, like Cellcrypt," Schatt said. "Mobile operators themselves will have to jump in and offer additional levels of encryption as part of a managed service offering for people who want a higher level of encryption."
However, consumers aren't likely to want to pay extra for the boosted encryption strength, he said.
To snoop on someone's phone, a would-be spy would want to be within eyesight of the target, Schatt said. Or, spies could point a recording device in the direction of a building and grab whatever conversations were nearby, he said.
"If you stand outside a building of a competitor you could get conversations between product managers and about sensitive corporation information, like acquisitions," he said. "Corporations put even more sensitive information over their phones, in general, than we do over their e-mail."
 The project web page is here and the the talk with slides is here.
 source:cnet.com

Read More

how to Disable the Remote Registry service in Windows

The "Remote Registry" service enables remote users to alter registry setting on your computer. By default, the "Startup type" setting for the "Remote Registry" service may be set to "Automatic” or "Manual" which is a security risk for a single user (or) laptop computer user.
So, to make sure that only users on your computer can alter the process registry disable this "Remote Registry" service.

Here is how it can be completed:

1. Click Start and pick Control Panel from the Start Menu items.Note:
If you find difficulty in accessing the Control Panel in your computer,
CLICK HERE To Know the Different Ways To Access the Windows Control Panel

2. If your Control Panel is showing items in Classic View, find the icon named Administrative Tools and double click on it.

Alternatively if you are under Category View, click Performance and Maintenance and then Click Administrative Tools

3. Now double-click on Services applet which is used to start, stop and configure windows services on your computer. This open the service window listing all the windows services.
4. From the right pane of the Services Window, find the service named Remote Registry

5. Double-click the "Remote Registry" service which shows the Remote Registry Properties for your Local computer.

Now, press the Stop button first to stop the started service and then pick Disabled from the drop down menu under 'Startup Type' and click Apply->OK.

6.Close the "Services" window and restart your computer for the changes to take effect.

That's it!! you have disabled the "Remote Registry" service on your computer to prevent unauthorized changes to the process registry.

Read More