This is next part to Google Hacking, here we will discus some more search queries used for foot-printing. So following are your new queries, don't just read them practice them, you'll need a good practice of advanced operators just because they are more prone to give false positives.
Related:
This query will search web pages for the word specified after related. Please copy paste example in search engine and press enter.
Example: related:bill gates
define:
This query not only brings you definition and dictionary meaning of word but can also reveal you information about victims company. Try following query.
define:microsoft
define:your name
define:google
info:
This query is used to reveal history geography of word typed after it. Try following queries,
info:days of life of devil
info:microsoft
info:google
intext:
This will search every occurrence of word typed after it, it will not only search URL and title but also the text in body. Try this,
intext: google hacking
intext:days of life of devil
links:
This will search links to the URL that you will specify after it. Try following queries,
Please try them and let me know if you are facing any problem or any of those queries are not performing as you expected. Once you are good enough to use them we will discus how to use search queries to find files, folders, songs, movies, user-names and passwords.
Google hacking, most commonly misunderstood words by newbies as making queries on Google search to find out songs and movies. But it is just part of scope that Google hacking covers, experienced hackers will find this article as incomplete though it is stuffed with lot of things.
What is Google hacking:
Google hacking is term given to create and use complex queries on search box to get expected results from Google. But in reality it includes using each and every tool that is provided by Google as hacking weapon. Did I forget to mention Google Hacking is part of Reconnaissance, that means if you have skipped previous posts then it will be harder for you to understand power of Google Hacking. In this section I 'll show you using some of its applications as hacking related tool rest is left to your creativity.
Cached Pages:
I know each and everyone of you have some day used Google in spite of what your favorite search engine is. You must have seen a link to “Cached Similar” pages whenever you run any search query. Cached pages store history pages for its users like you and me. Cached pages is good source of tracking down website activities. Suppose site contains a file whose link is removed from main website, now you want access to that file, cached pages can help you out.
OK now please type “DAYS OF LIFE OF DEVIL” in Google and browse for cached pages, note differences between main site and cached site.
Google Translator:
You might not be knowing but you don't need proxy servers to bypass security because we already have a online proxy tool known as “Google Website Language Convertor”. This is Google’s online tool for converting language of website to your native language(The Language Convertor you can see on this website is nothing but derivative of this tool), the powerful feature of this Google applications is that it can be used as proxy server. When you'll type “Google Website Language Convertor” it'll open for you following link,
http://www.google.com/language_tools?hl=EN
Now type URL of website you want select language conversion and press enter, if your page is already in language you want to browse it then select any language from “from” section and select your language in “to” section.
Basic Search Queries:
link:
This query searches for all links that ends to site mentioned after query.
Syntax: link:“http://nrupentheking.blogspot.com”
inurl:
This query will search occurrences of word specified in URL 's.
Syntax: inurl:“NRUPEN”
site:
This query is used by combining it with other queries. So we will discus it later.
Intitle:
This query will search occurrences of word specified in title or website.
Syntax: intitle:“NRUPEN”
filetype:
This query will search occurrences of filetype specified.
Syntax: filetype:doc “Google hacking”
Directories And Files Listing:
Apache server by default uses “Index of ” type title to transverse navigation which can be exploited using Google queries to get specific file or folder.
Syntax: intitle:index.of “songs”
Now try to figure out what what above query will do.
Grabbing Banner:
Banner Grabbing is method in Scanning phase which is used for getting type and version of application. Here for now, we will skip it and will open our look for it while discussing scanning phase.
Combining Queries:
Now all above queries mentioned above can be combined to get powerful information from search engine via victim. It can open nearly everything about victim about software, hardware, documents if victim is unprotected against Google Crawlers. Depending upon your skills we leave how to use them combined for purpose but will show you how to combine them.
Try following one by one, one you use them you'll know which combination can be used when,
site:nrupentheking.blogspot.com + inurl:hacking
site:nrupentheking.blogspot.com inurl:hacking
inurl:admin inurl:php
Johnny Long:
Johnny Long maintains a website which keeps a brief database of using Google search queries. Browse for his name and you'll be lead to his website were you can click on Google Hacking Database to learn more than what we discussed here.
Google Hacking Tools:
There are several search quires that you can make using Google but remembering them is not that easy task so we have some ready made tools that do our job for us. Following are some of them,
Site Digger Tool: Uses Google hacking database to give out results from caches and also traces errors.
Gooscan: This tool also uses Google Hacking database and is also able to mark out vulnerabilities.
Google Hacks: It is one the most used Google hacking tools. Have very easy and understandable user interface, can solve all your download needs, must use tool for everyone.
Note: Please be sure we have not covered everything related to Google Hacking. I just gave some brush up so that you can practice them then I 'll cover Advanced Google Hacking, please note that maximum of our Google hacking queries are formed using above search queries so please practice, advanced Google hacking will be covered at last stage of reconnaissance phase. Please don't forget to ask whatever you were unable to understand in this post. Thanks for reading and keep visiting.
As mentioned earlier reconnaissance/foot-printing is very first step in hacking. In involves gathering all potential information about target system that may help attacker plan and execute attack. It is not bluff that attacker spends 90% of his/her time for this phase only then uses his/her technical skills to find and exploit weakness in system according to his/her conclusion. Even foot-printing/reconnaissance involves various things depending on type of victim you are planning to attack. In this post we'll discuss how you can extract information like domain name, domain name provider, owner of domain, his/her name, address telephone number etc.. Whenever we purchase a domain it must be registered, this registry of domain names and their owner is known as domain information database and it is shared over internet for other users to get information about whether a domain is available for them or not. This information is also known as whois information of a domain. Here you will learn how to extract this information from database stored over network. Following is list of websites and tools that can help you extract this information. Sam Spade (tool) Smart Whois (tool) http://samspade.org http://whois.domaintools.com/ http://robtex.com
You'll not require any skills to use these tools. They are very easy to operate as taking a lolly pop from a kid, what really difficult is to analyze the information you will be getting after using them. In Sam Spade type name of domain you want to get information for example www.google.com and press enter. My next choice is Smart Whois which also works like Sam Spade but the fact is that usually all prefer Sam Spade, even I am not exception. When Sam Spade will fetch you results look on left side, there you'll find several options try them one by one and analyze the result it had fetched for you. Next is using websites that can fetch you that result. As you can see I mentioned three online tools but before you read further I must tell you there are thousands of websites and tools that can fetch you whois information, the one that are mentioned here are my personal preferences. Type domain name in search box of http://robtex.com and press “Lucky” and inhttp://whois.domaintools.com type domain name in search box and press lookup. Do it yourself and ask if you encounter any problem.
I know many of you always receive a special kinda e-mail with advertisements known as spam and you might be asking yourself from where a spammer might have got your e-mail ID. So here's the answer, following are some of the methods via which spammers gets your email ids.
Social Networking Sites:
If you are a social network animal then you might be knowing that sometimes we just add anyone as our friend without even knowing who the person is. Reason, most of us just wanna show off that we have a big friend list. But there are some people who are actually preparing this friend list to get your e-mail ids. People hardly care about privacy settings and leave their telephone numbers and e-mail ids open for spammers to have a look on. Now how they extract your email ids, all major e-mail clients like gmail and yahoo provide their users with API(Application Programming Interface) to pull e-mail ids of friend list available on social networking sites. Once all emails are pulled spammer download this email list as excel sheet and your e-mail ids are now ready to get spammed.
Online Applications:
If you have ever used facebook then you might be knowing whenever you access any facebook application it asks for access to all your private data, once you allow application access you give your e-mail to them, now they can use it for any purpose.
Online Games And Contests:
Many people have habit of playing games online and contests that appears free with prize. The fact is that many people might be playing those games and only one gets prize via lucky draw. How much legitimate that appears. These contests are nothing but sure shot fundas of companies to grab personal details of people visiting their sites. How this pays them, this list helps them prepare job lists for eligible and needy persons thus they don't pay a penny for job recruitment and also gets an employee ready to work on minimum payments. Next they can use this list to spam you with advertisement of their own products or they may even plan to sell their e-mail list to spammers for hefty amount.
Job/Technology/Career/Game Fairs:
You might have seen many people standing with some kinda forms in these kinda fairs to lure people with job opportunity, free stuff delivery or contest, which actually never is the case. Such fairs are good targets since by spending just few bucks a contact list with several thousand e-mail IDS and phone numbers is built that too without anyone suspecting.
Online Forums:
Hey don't worry I don't mean they sell e-mail ids or their database are hackable. While on forums many people unknowingly don't set privacy settings, also they post their e-mail ids as it is as comment or reply. These e-mail ids can be extracted using software used for extracting e-mail ids.
Web Mail Extractors:
Web Mail Extractors are software that search websites for patterns like this “@domain.com/@domain.net,/@domain.org etc”. Once found they extract complete email ids and save them in their database. One such tool is “Web e-mail Miner”. For today I would advise you to download it and try to find out how it works. Don't worry about how to use it, you just have to enter name of site and press enter and it'll pull email for you. Try a name of famous online forum, guaranteed to get a list with more than thousand e-mails.
Improperly Configured or Unprotected Servers:
Usually company uses two kinds of domains/servers one valid of all and one valid only for their employees and customers. Sometimes these two are interconnected with each other for employees to make changes to website that is public. The internal server for employees usually contains lot of information about their employees and job recruitment in excel sheets or PDF files which can be opened using browser. If they are not configured properly “Web Mail Extractors” can easily crawl in revealing thousands of quality e-mail ids.
Knowingly or unknowingly we might have made many of above mistakes which has lead our e-mail ids open to spammers. To next section to this we'll learn how we can keep ourselves safe from getting spammed. Feel free to comment about what you think about above information. Thanks for visiting, have a nice time and keep visiting.
How can I browse anonymously or stay invisible
online ? Is these among those questions which bother you for
keeping your privacy online. Anonymizers, proxy servers, VPN and VPS are some
options that can help you out. All above services are also offered as paid
service but for here we will just have our look on free services.
Anonymizers(anonymity server):
Anonymizers are nothing but proxy servers which act as
browsers inside browsers for surfing, their advantage is that they digest
everything from the page you want to visit and hence can not only protect your
privacy but can also prevent you from online malwares. I 'll not recommend you
using some specific anonymizer since firewalls block them someday so better
visithttp://www.proxy4free.com/ which
updates list of anonymizers every hour so that you must get a working anonymity
server. Alternatively you can use a TOR browser which really guarantees 100%
anonymity. Download TOR fromhttp://www.torproject.org/.
Proxy Servers:
Proxy servers needs some manual settings from your internet
configurations. Proxy server lift the limitation that anonymizers had of only
being used in browser by making proxy IP available for every application that
needs internet connection. Visit http://www.proxy-list.org/ for
fresh list of proxies.
Alternatively you always have option of using a proxy
generating software, following is brief list of proxy software with their
download link have your pick.
Please don't ask which is best among them, its hard to say
since working of proxy depends upon load on proxy server and it may vary with
time. As my personal preference I use TOR and Ultra Surf when need proxy level
anonymity. Please don't use transactional type browsing like e-mail, social
networking or financial transactions over proxy servers, its not safe and still
anyhow you want to use them better not use anything else than TOR.
Virtual Private Network:
VPN's are most trusted way of hiding online even secure than
proxy servers and anonymity servers. Following is list of some software that
provide free VPN services.
Ultra VPN is
one of the most used and most trusted free VPN service of world, if you have
problem trusting any other free VPN service better opt this.
The problem with which every VPN suffers it speed and
bandwidth penalty. Also they need registration, only usaip can be used without
registering by using username and password “demo”. The advantage they have
above Anonymizers and proxy servers is that you don't have to bother about
transactional browsing.
Virtual Private Server:
Virtual Private Servers are provided by companies in which
each concept of running multiple virtual systems on same system is adapted.
Though every PC may be residing on same server but for each individual his
system acts as completely separate system. These are most reliable source to
stay invisible online but are only offered as paid service.
I hope I have covered enough so that you can have your pick.
Don't forget to tell us about your views and experience about using above
tools. Please note that no matter which tool you use you will have to suffer
speed penalty but sorry that is that cheap cost that you have to pay to browse
anonymously and stay invisible online.
Using Dynamic IP as Static IP:
As we discussed in Basic Lab Setup For Hacker a hacker needs a static IP which is really very expensive for a normal person to have. Here we will discus how we can counter this problem. Please note that this solution is temporary and can never really take place of static IP but for now it will work.
For this we will use DNS redirect service from www.no-ip.com alternatively you can also use www.dyndns.com.
First of all register with www.no-ip.com by clicking on “No-IP Free” on home page. After you complete registration form hey will send you an confirmation e-mail, once confirmed, then you can log in to your account.
Now click on “Hosts/Redirect”, then type the host redirect name you want to which Dynamic DNS will redirect traffic after associating your IP. Let other options remain as it is if you don't know what they do.
Now create your host name. Now download “Download Client”. After installing DUC client type your e-mail address and password.
To check its working or not, type www.whatismyipaddress.com and check your IP address now ping the host name you created both will have same IP address.
Note: Most of you might be thinking what is use of this setup, you'll know its use when we will cover Trojans and Spywares. Also note that there are several free as well as paid Trojan Clients and Spywares. But free tools are prone to get detected by anti-virus program so better opt for paid ones.
In this tutorial we will discus how you can setup a lab for yourself to practice hacking on your system. At very basic level a hacker is in need of 2-3 systems with a Wired LAN or Wireless LAN. But if you are the one who has started just like me with just one laptop or computer then possibly there's no way you can match this setup. So following was my solution to start practicing with only one laptop or PC meeting above criteria of multiple computers connected in LAN. At most basic level following are your requirements.
Requirements:
A Computer:
First of all a computer which must have minimum following configuration.
A processor with 1.7GHz clock speed,
120GB + Hard disk
2GB RAM, Please note than your RAM must be above 1GB for practicing. If your RAM is less than 1GB or 1GB I 'll highly recommend you buy 512MB module extra or 1GB gigs for you.
A Virtual PC Emulator:
A virtual PC emulator is needed since I assumed you don't have multiple PC's to setup your lab, even if you have it I would prefer to advice you to use a Virtual PC Emulator. There are several options to pick from but our pick is “Oracle's Virtual Box”. Reason its open source means free, low on resources, supports all kind of network types, no problem to setup screen options, it automatically setups resolution once you install guest installation and have nearly all that features that a professional virtual PC emulator may have. Following is download link to virtual box latest version.
http://www.virtualbox.org/wiki/Downloads
A professional choice is VM-Ware. You can purchase it from following link if you want to run it on Mac.
VMware Fusion4
Though VM-Ware have several advantages over Virtual Box, virtual box is just good to go. Prefer it if you want to shed money.
An Online Synchronization Service:
If you think even that needs shedding money, then I want to assure there's again a free alternative available, its name is Drop Box. Go to www.dropbox.com and create your personal free account then download its setup file and install for synchronization.
A Static IP Address:
Now that will be problem to get a static IP address since a static IP Address may cost you nearly $100 I.e approximately Rs.5000. But don't worry about it we have a free alternative solution to counter problem of static IP. So when there'll be need I 'll clear how to tackle it else even if you have money to shed I will not recommend it.
A PC restore utility:
There are no free alternative to PC Restore Utilities so we will work out on evaluation version. Download Farconics Deep Freeze from following link
http://www.faronics.com/en/DownloadEvaluationEditions.aspx
IP Address Hiding Utility:
Proxy Servers, Anonymizors and VPS are some IP address hiding options. We will discuss them when their need will come in to play.
High Speed Internet Connection:
Of course when you want to learn hacking you need a high speed Internet connection. Opt for a USB dongle by BSNL, TATA, Reliance as mobile broadband and BSNL land-line broadband is just much better option. If you don't have high speed connection and you work on slower connection like GPRS and dial-ups its hard to learn hacks done over Internet.
Procedure:
Before you proceed create a separate partition for installation of Virtual system, the partition must be at least 15GB in size. First of all download latest version of Oracle's Virtual Box and install it on your system. While installation it'll ask several times about installing various components just press OK for all of them because you'll need them all.
Watch following video tutorial on how to setup and install OS in Virtual System.
Once installation is done virtual box will come up with several pop ups when you'll be using it, please read each pop up because they are your tutorials to master “Virtual System Environment”. Please please please, don't skip any of those pop ups. When your installation will be over you'll see virtual system isn't really working in full screen. To tackle it run virtually installed system click on devices and “Install Guest Additions”. From next time it will run in full screen.
Setting up virtual system is done, now jump up to the next part start your virtual system open web browser of virtual system and download Drop-Box application and sign in to it. Now onwards whenever you'll download any software for hacking paste it into Drop Box default folder, it'll synchronize it with your online storage. After installing and signing up Drop Box download Deep Freeze don't install it now. Shut down your Virtual System and copy virtual hard disk as backup in another folder, start system and install Deep Freeze, before installing it read its online manual so that you should not get problem using it. Now when your Deep Freeze evaluation time expires just delete older hard disk and copy the backup and start over again. This will keep your evaluation copy last forever. If you haven't yet understood what we actually did with virtual box then I should clear we just setup a Virtual LAN for our practice using just a single computer. So you can't now boast you don't have a LAN to practice or a remote host to practice. You can run two virtual systems simultaneously if you have at least 2GB RAM. This not only solves our problem of private LAN to practice but it indirectly also offers you remote host to attack on. Our personal say is don't install virtual system on Windows XP or Vista, get Windows 7 or Server 2008.
Lab setup tutorial is over now go and setup your systm to get started. Please ask if you have got any problems related to setup, if everything is fine please don't forget to convey me. Thanks for reading keep visiting.