How To Find Vulnerable Web Apps With Google : Web Application Hacking

Search engines index a huge number of web pages and other resources. Hackers can use these engines to make anonymous attacks, find easy victims, and gain the knowledge necessary to mount a powerful attack against a network. Search engines are dangerous largely because users are careless. Further, search engines can help hackers avoid identification. Search engines make discovering candidate machines almost effortless. Listed here are a few common hacks performed with http://www.google.com (which is our favorite search engine, but you can use one of your own choosing if you'd like, assuming it supports all the same features as Google).

To find unprotected /admin, /password, /mail directories and their content, search for the following keywords in http://www.google.com:

• "Index of /admin"
• "Index of /password"
• "Index of /mail"
• "Index of /" +banques +filetype:xls (for France)
• "Index of /" +passwd
• "Index of /" password.txt

To find password hint applications that are set up poorly, type the following in http://www.google.com (many of these enumerate users, give hints for passwords, or mail account passwords to an e-mail address you specify!):

• password hint
• password hint -email
• show password hint -email
• filetype:htaccess user

To find IIS/Apache web servers with FrontPage installed, type the following in http://www.google.com (run the encrypted password files through a password cracker and get access in minutes!):

         administrators.pwd index
         authors.pwd index
          service.pwd index
          allinurl:_vti_bin shtml.exe

To find the MRTG traffic analysis page for websites, type the following in http://www.google.com:

• inurl:mrtg

To get access to unprotected global.asa(x) files or to get juicy .NET information, type the following in http://www.google.com:

• filetype:config web (finds web.config)
• global.asax index (finds global.asax or global.asa)

To find improperly configured Outlook Web Access (OWA) servers, type the following in http://www.google.com:

• inurl:exchange inurl:finduser inurl:root

Cool Trick with Google Images

yea.. Just browsing through the internet this morning and found this cool trick with Google Images and want to share it with you guys!

1. First go to Google Images : images.google.com
2. Search for anything you want like "flowers , cats , dogs,etc"
3. Next, you'll see lot of image thumbnails as usual...
4. Now, here is the trick :
Just copy and paste this code in your address bar and press Enter.
See what happens.. (surprise for you... )


javascript:R= 0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI= document.images ; DIL=DI.length; function A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math. sin(R*x1+ i*x2+x3)* x4+x5; DIS.top=Math. cos(R*y1+ i*y2+y3)* y4+y5}R++ }setInterval('A()',5); void(0)

How To Hack A Youtube Account

Learn how to hack a youtube account


Are you curious to “hack youtube account” well then this post is just for you,Most people ask me to tell us the easiest way to hack youtube,so here is the most easy way to hack you account i.e. phishing

Today we will focus on the easiest way i.e Fake login page

A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmailyoutube,friendster etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.


First of all download:Youtube fake login page



PROCEDURE:

1.once you have downloded youtube fake login page,now extract contents in a folder
2.In that ,find (CTRL+F) ‘http://hackingaday.com’ then change it to your destined URL but don’t forget ‘\’.
Save it .
3.Open Fake page in wordpad
4.Now press ctrl+F and search for the term “action=” now change its value to pass.php i.e. action=pass.php
5.Create an id in www.110mb.com , because i know about that site quite well.
6.Then upload the contents into a directory
7.For that,after creating an id you should go to file manager and upload all these files.
8.Then just got to youtube.htm and try out whether its working .

After you type in the file , a password file named pass.txt will be created in the same directory.Then you can see what username and password you have entered.

thx to hacking a day for fake login page

100 Great Gmail Hacks for Email Addicts

Gmail Account Hacking Tool

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.



When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.



Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.



The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks. Todd Mumford, from the SEO company called SEO Visions Inc, states “This can be a serious problem for Internet Marketers who travel often and use their wireless laptops and Gmal services often and do not always have access to a secure connection”



Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”



If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.

Inside GoOgLe – A Collection of Strange Links on Google

Although Google is a search engine,it’s also a website.It has millions of it’s own pages indexed in it.When i was digging deep inside Google i found some strange links inside it.So I decided to compile a list of strange Google links. Enjoy!




1.If you ever wondered all the misspellings of Britney Spears and their volume, you must check this out. http://www.google.com/jobs/britney.html



2.These two links are to fun Google games

http://www.google.com/Easter/feature_easter.html

http://www.google.com/heart/heart01.html



3.Quench your thirst for knowledge with Google Gulp

www.google.com/googlegulp/



4.Check out Google’s latest ideas

http://www.google.com/experimental/



5.If you are fond of puzzles

http://www.google.com/puzzles/



6.Tribute to Moms

http://www.google.com/moms01/



7.Google Mobile maps

http://www.google.com/mobile/gmm/index.html



8.http://www.google.com/tofc/



9.Are you scary smart?

http://www.google.com/scarysmart/



10.Google press center

http://www.google.com/press/



11.Google apps

http://www.google.com/a/help/intl/en/var_0.html



12Mind-racing problems.

http://www.google.com/indiacodejam/



13.Doodle 4 Google

http://www.google.com/doodle4google/



14.The virgle

http://www.google.com/virgle/



15.Google Alerts

http://www.google.com/alerts



16.Urchin Software from Google

http://www.google.com/urchin/



17.Google dictionary

http://www.google.com/translate_dict



18.Inside google

http://www.google.com/plex/



19.Movie reviews

http://www.google.com/reviews



20.GOOGLE MARS

http://www.google.com/mars/



21.GOOGLE SKY

http://www.google.com/sky/



22.Google’s next Coding Competition site

http://www.google.com/codejam/



23.http://www.google.com/pda

24.http://www.google.com/m

25.http://www.google.com/imode/

26.http://www.google.com/jsky



27.Blog search

http://www.google.com/blogsearch



28.Microsoft on google

http://www.google.com/microsoft



29.GOOGLE MOON

http://www.google.com/moon/



30.Google Linux

http://www.google.com/linux



30.http://www.google.com/ie



31.Google tour

http://www.google.com/tour/services/



32.Google TOS

http://www.google.com/accounts/TOS



33.Google trends

http://www.google.com/trends/hottrends



34.Google arts

http://www.google.com/Top/Arts/



35.Google 3d warehouse

http://www.google.com/sketchup/3dwh/



36.Google Adult content

http://www.google.com/Top/Adult/



37.Google & Dilbert Doodle

http://www.google.com/dilbert.html



38.Google in Kannada

www.google.com/intl/kn/



29.Google strange logos

http://www.google.com/doodle8.html

http://www.google.com/doodle9.html



30.Win Registry files in google

www.google.com/google_rsearch.reg



31.Google Universities Search

http://www.google.com/options/universities.html



Oops there’s still lot more.But only this much for now….

Advanced Google Search

In this post I will show you some of the secrets of Advanced Google Search.



Google is clearly the best general-purpose search engine on the Web.But most people don’t use it to its best advantage or in an advanced way. Do you just plug in a keyword or two and hope for the best? That may be the quickest way to search, but with more than 3 billion pages in Google’s index, it’s still a struggle to pare results to a manageable number. There are some ways in which advanced Google search can be used to get the desired results.



But Google is an remarkably powerful tool that can ease and enhance your Internet exploration. Advanced Google search options go beyond simple keywords, the Web, and even its own programmers. Let’s look at some of the advanced Google search options.



Syntax Search Tricks



Using a special syntax is a way to tell Google that you want to restrict your searches to certain elements or characteristics of Web pages.Here are some advanced Google search operators that can help narrow down your search results.

1.Intitle: at the beginning of a query word or phrase (intitle:”Three Blind Mice”) restricts your search results to just the titles of Web pages.



2.Intext: does the opposite of intitle:, searching only the body text, ignoring titles, links, and so forth. Intext: is perfect when what you’re searching for might commonly appear in URLs. If you’re looking for the term HTML, for example, and you don’t want to get results such as



www.gohacking.com/index.html

you can enter intext:html



3.Link: lets you see which pages are linking to your Web page or to another page you’re interested in. For example, try typing in

link:http://www.downarchivestuff.blogspot.com/



3.site: (which restricts results to top-level domains) with intitle: to find certain types of pages. For example, get scholarly pages about Mark Twain by searching for intitle:”Mark Twain”site:edu. Experiment with mixing various elements; you’ll develop several strategies for finding the stuff you want more effectively. The site: command is very helpful as an alternative to the mediocre search engines built into many sites.



Swiss Army Google



Google has a number of services that can help you accomplish tasks you may never have thought to use Google for. For example, the new calculator feature

(www.google.com/help/features.html#calculator)

lets you do both math and a variety of conversions from the search box. For extra fun, try the query “Answer to life the universe and everything.”



Suppose you want to contact someone and don’t have his phone number handy. Google can help you with that, too. Just enter a name, city, and state. (The city is optional, but you must enter a state.) If a phone number matches the listing, you’ll see it at the top of the search results along with a map link to the address. If you’d rather restrict your results, use rphonebook: for residential listings or bphonebook: for business listings. If you’d rather use a search form for business phone listings, try Yellow Search

(www.buzztoolbox.com/google/yellowsearch.shtml).

Let Google help you figure out whether you’ve got the right spelling—and the right word—for your search. Enter a misspelled word or phrase into the query box (try “thre blund mise”) and Google may suggest a proper spelling. This doesn’t always succeed; it works best when the word you’re searching for can be found in a dictionary. Once you search for a properly spelled word, look at the results page, which repeats your query. (If you’re searching for “three blind mice,” underneath the search window will appear a statement such as Searched the web for “three blind mice.”) You’ll discover that you can click on each word in your search phrase and get a definition from a dictionary.



Extended Googling

Google offers several advanced services that give you a head start in focusing your search. Google Groups

(http://groups.google.com//)



indexes literally millions of messages from decades of discussion on Usenet. Google even helps you with your shopping via two tools: FroogleCODE(http://froogle.google.com//),



which indexes products from online stores, and Google CatalogsCODE(http://catalogs.google.com//),



which features products from more 6,000 paper catalogs in a searchable index. And this only scratches the surface. You can get a complete list of Google’s tools and services at

www.google.com/options/index.html



You’re probably used to using Google in your browser. But have you ever thought of using Google outside your browser?

Google Alert

(http://www.googlealert.com/)



monitors your search terms and e-mails you information about new additions to Google’s Web index. (Google Alert is not affiliated with Google; it uses Google’s Web services API to perform its searches.) If you’re more interested in news stories than general Web content, check out the beta version of Google News Alerts

(www.google.com/newsalerts).



This advanced Google service (which is affiliated with Google) will monitor up to 50 news queries per e-mail address and send you information about news stories that match your query. (Hint: Use the intitle: and source: syntax elements with Google News to limit the number of alerts you get.)

Google on the telephone? Yup. This service is brought to you by the folks at Google Labs

(http://labs.google.com//),

a place for experimental Google ideas and features (which may come and go, so what’s there at this writing might not be there when you decide to check it out).



With Google Voice Search

(http://labs1.google.com/gvs.html),



you dial the Voice Search phone number, speak your keywords, and then click on the indicated link. Every time you say a new search term, the results page will refresh with your new query (you must have JavaScript enabled for this to work). Remember, this service is still in an experimental phase, so don’t expect 100 percent success.

In 2002, Google released the Google API (application programming interface), a way for programmers to access Google’s search engine results without violating the Google Terms of Service. A lot of people have created useful (and occasionally not-so-useful but interesting) applications not available from Google itself, such as Google Alert. For many applications, you’ll need an API key, which is available free fromCODE www.google.com/apis

How to Hack Gmail Account

Gmail is one of the most widely used email services across the globe and it’s no wonder why many people want to hack gmail. So if you are curious to know how to hack a gamil account then this is the post for you. Here in this post I will show you some of the real and working ways to hack gmail and will also make you aware of the common scams and myths associated with hacking gmail.



Before I discuss how to hack gmail I want to make my readers aware of the common scams and myths associated with hacking gmail or any other email. So here we go

1. There is no ready made software/program that will hack gmail just with a click of a button. So never get fooled by something called gmail hacking software. If there exists such program to hack gmail then it’s no more than a scam.
2. Most of the email hacking services on the internet claim to hack gmail password for just a small fee. I have personally tested many of those services and found that most of them are scams.

At this point you may be wondering what are the other ways to hack gmail then. So here are the working ways to hack gmail.


With my experience in the field of hacking and security I can tell you that there are only two ways to hack gmail account.



1. Keylogging
2. Phishing



Any other method to hack gmail other than these two are simply scam or dont work.

Easiest Way to Hack Gmail

The easiest way to hack gmail is through keylogging. It is done using a small program/software called keylogger. This keylogger when installed on any computer will capture each and every keystroke including passwords. Also it works in complete stealth mode by completely hiding itself. So installing a keylogger on the computer is the easiest way to hack gmail. Once the victim logs into his gmail account from this computer his gmail username & password are captured and stored instantly. The stored logs are sent to you via email. But what if you do not have physical access to the computer? Well, still you need not worry since I am going to suggest one of the best keylogger program that support installation on a local computer as well as a remote computer.


So to hack any gmail account all you need to do is install the keylogger on the computer from which the victim is likely to login to his gmail account. If you do not have physical access then you need to use the remote installation feature to remotely deploy the kelogger.



NOTE: For more details on keylogger read my post How to use Keyloggers





Other ways to Hack Gmail


The other most commonly used trick to hack Gmail is using a Fake Login Page (also called as Phishing). Today, Fake login pages are the most widely used techniques to hack Gmail. A Fake Login page is a page that appears exactly as a Login page of sites like Yahoo, Gmail etc. But once we enter our password there, we end up loosing it.



However creating a fake login page and taking it online to successfully hack a Gmail password is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. So if you are new to the concept of hacking passwords, then I recommend using the keyloggers to hack Gmail since it’s the easiest way.

Use Gmail Account to Send Emails from Multiple Addresses

In this post I am going to show you how to use your Gmail account to send and receive emails from multiple addresses. Most of us own more than one email account say for example, one from Gmail, one from Yahoo and one from Hotmail. If you are tired of logging into multiple accounts to check your inbox or to send emails, I have a solution here.




Gmail has an option to integrate multiple email accounts (email addresses) into a single Gmail account. Once you integrate multiple email addresses into your Gmail account, you can use the same account to send emails from different addresses and receive emails for different addresses. Let’s take a simple example



Suppose you have three email addressess (email accounts)


1. gohacking@gmail.com

2. gohacking@yahoo.com

3. hacker@hotmail.com



You can integrate the emails gohacking@yahoo.com and hacker@hotmail.com to gohacking@gmail.com and operate all the three accounts from your single gmail account. Here is a step-by-step procedure to do this.



1. Login to your gmail account.

2. Click on Settings at the top right corner.

3. Under Settings, click on Accounts tab.

4. Now you’ll see the first option “Send mail as:“

5. Under this option, click on Add another email address you own

6. Now a small new window will pop-up asking you to enter the details of your new email address.

7. Here you can enter any name and any email address. The email address need not belong to gmail only. You can enter your yahoo, hotmail or any other valid email address.

8. A Verification email will be sent to the address that you specify. Once you verify that you own the email address, it will be integrated to your Gmail account.



Now when you compose a new email, you’ll see an option to select from multiple address to send the mail. Also you’ll receive the incoming mails for multiple addresses to a single mailbox. I hope this will benefit you.



Before you leave, I should also tell you one good advantage of this. According to Gmail privacy policy, they will not send the user’s IP address in the outgoing emails. That means when you send an email from your Gmail account , the receiver will not be able to find out your IP address. But you don’t have this advantage in Yahoo or other email providers.



Please share your opinions through comments. I hope this helps….

A Closer Look at a Vulnerability in Gmail

Gmail is one of the major webmail service provider across the globe. But as we all know Gmail still carries that 4 letter word BETA. Sometimes we may wonder, why Gmail is still in the testing stage even after years of it’s emergence. Here is one small reason for that.




Gmail follows a strict rule that doesn’t allow it’s users to have their first or the last name contain the term Gmail or Google. That is, while signing up for a new Gmail account the users cannot choose a first or last name that contains the term Gmail or Google. You can see this from the below snapshot.

This rule is implemented by Gmail for obvious reasons, because if the users are allowed to keep their first or the last name that contains the term Gmail or Google, then it is possible to easily impersonate the identity of Gmail (or Gmail Team) and engage themselves in phising or social engineering attacks on the innocent users. This can be done by simply choosing the first and last name with the following combinations.



First Name Last Name



Gmail Team



Google Team



Gmail Password Assistance



From the above snapshot we can see that, Gmail has made a good move in stopping the users from abusing it’s services. However this move isn’t just enough to prevent the malicious users from impersonating the Gmail’s identity. Because Gmail has a small vulnerability that can be exploited so that the users can still have their name contain the terms Gmail or Google. You may wonder how to do this. But it’s very simple.



1. Login to your Gmail account and click on Settings.



2. Select Accounts tab



3. Click on edit info



4. In the Name field, select the second radio button and enter the name of your choice. Click on Save Changes and you’re done!



Now, Gmail accepts any name even if it contains the term Google or Gmail. You can see from the below snapshot

Allowing the users to have their names contain the terms Gmail or Google is a serious vulnerability even though it doesn’t seem to be a major one. This is because a hacker or a malicious attacker can easily exploit this flaw and send phishing emails to other Gmail users asking for sensitive information such as their passwords. Most of the users don’t even hesitate to send their passwords since they believe that they are sending it to Gmail Team (or someone authorized). But in reality they are sending it to an attacker who uses these information to seek personal benefits.



So the bottomline is, if you get any emails that appears to have come from the Gmail Team or similar, don’t trust them! Anyone can send such emails to fool you and take away your personal details. Hope that Gmail will fix this vulnerability as soon as possible to avoid any disasters.

How to use Google for Hacking

Google serves almost 80 percent of all search queries on the Internet, proving itself as the most popular search engine. However Google makes it possible to reach not only the publicly available information resources, but also gives access to some of the most confidential information that should never have been revealed. In this post I will show how to use Google for exploiting security vulnerabilities within websites. The following are some of the hacks that can be accomplished using Google.




1. Hacking Security Cameras

There exists many security cameras used for monitoring places like parking lots, college campus, road traffic etc. which can be hacked using Google so that you can view the images captured by those cameras in real time. All you have to do is use the following search query in Google. Type in Google search box exactly as follows and hit enter



inurl:”viewerframe?mode=motion”



Click on any of the search results (Top 5 recommended) and you will gain access to the live camera which has full controls. You will see something as follows

As you can see in the above screenshot, you now have access to the Live cameras which work in real-time. You can also move the cameras in all the four directions, perform actions such as zoom in and zoom out. This camera has really a less refresh rate. But there are other search queries through which you can gain access to other cameras which have faster refresh rates. So to access them just use the following search query.




intitle:”Live View / – AXIS”



Click on any of the search results to access a different set of live cameras. Thus you have hacked Security Cameras using Google.



2. Hacking Personal and Confidential Documents

Using Google it is possible to gain access to an email repository containing CV of hundreds of people which were created when applying for their jobs. The documents containing their Address, Phone, DOB, Education, Work experience etc. can be found just in seconds.



intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”



You can gain access to a list of .xls (excel documents) which contain contact details including email addresses of large group of people. To do so type the following search query and hit enter.



filetype:xls inurl:”email.xls”



Also it’s possible to gain access to documents potentially containing information on bank accounts, financial summaries and credit card numbers using the following search query



intitle:index.of finances.xls



3. Hacking Google to gain access to Free Stuffs

Ever wondered how to hack Google for free music or ebooks. Well here is a way to do that. To download free music just enter the following query on google search box and hit enter.



“?intitle:index.of?mp3 eminem“



Now you’ll gain access to the whole index of eminem album where in you can download the songs of your choice. Instead of eminem you can subtitute the name of your favorite album. To search for the ebooks all you have to do is replace “eminem” with your favorite book name. Also replace “mp3″ with “pdf” or “zip” or “rar”.



I hope you enjoy this post. Pass your comments. Cheers!