Sunday, June 9, 2013

My name is Cabin Crew (Mi6), Today I am going to be sharing with you the most powerful tool on the internet for doing so many things, This tool is something you use everyday but you may not be aware of the powerful abilities it really has.

Things you can do with google
  1. Find Botnets
  2. Find People/Info/DoX
  3. Find Vulnerable Sites
  4. View Deleted Files/Sites
  5. Finding things you're not supposed to
  6. Obtaining things for free

Today I'm going to be showing you how to do all of these and more and how to protect yourself against them.

1. Find botnets and hide your botnet

This first one is pretty simple and I have compiled a table of what you need to search for to view each botnet panel.

Botnet Name - Dork - Default Pass

Andromeda - intitle:Andromeda bot webpanel - N/A
Cythosia - intitle:Cythosia V2 Bot Webpanel - Login - admin
BlackShades HTTP - intitle:Blackshades Bot - N/A
UmbraLoader - inurl:"/Panel/Ext.ux.form.CheckboxCombo/" - admin:admin
VetrexNet - allintext:"VertexNet - Loader coded by DarkCoderSc" - N/A

All you need to do is type in the dork in google click a result and try the password or you can bruteforce it.

To prevent this is rather simple open up your botnet source in your favourite text editor and look for the <title></title> tags and change this to something other than *insert botnet name here* for instance
<title>Free WebMail Client</title>
this should fix most dorks but I'm not really sure of a way to hide Umbra without editing the whole source and renaming folders
2. Finding Info and DoXing

This one is pretty simple, you need to find one or two email addresses or usernames and google this intext:emailoruserhere this will bring up more results open all of them up and look through each one until you find another username linked to it then simply repeat until you have a social network account or a full dox.
You can even do intext:phonenumberorrealname
However if you know their real name do intext:username,realname

This is not a tutorial on doxing, it is simply explaining what you can do with google.
3. Find Vulnerable Sites

There is quite a few ways to discover hackable sites, one of the first we will cover is finding websites that have not yet been set up properly, so you can configure them yourself.

PHPMyAdmin

"Welcome to phpMyAdmin" AND " Create new database"

Password Finding

inurl:-cfg intext:"enable password"
filetype:ini "[FFFTP]” (pass|passwd|password|pwd)
filetype:sql “phpmyAdmin SQL Dump” (pass|password|passwd|pwd)
filetype:sql “PostgreSQL database dump” (pass|password|passwd|pwd)
inurl:htpasswd filetype:htpasswd
inurl:service.pwd
allinurl:authuserfile.txt

SQLi Vuln Sites

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:lay_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:age.php?id=
inurl:games.php?id=
inurl:age.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:tray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurl:spr.php?id=
inurl:ages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:rod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=, inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:rod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:ost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()

I just came across this one
inurl:"/root/etc/passwd" intext:"home/*:"
I tried a few results and quite a few seem to 403 but you may be able to find something with this.
4. Find Deleted Files Or Sites

This one is really simple it shows you things that have been removed from the internet, there is a few ways to do this but this is the one I have found most helpful.

I've only managed to get this to work in google chrome but the dork is
cache:siteurlhere.com

I find this helps greatly when looking at removed pastebin entries
5. Finding Things You're Not Supposed To
I personally love this kind of dork as you can find so much useful info
allintitle: restricted filetype:doc site:gov
Will show you some interesting documents hosted on .gov sites.

You can easily do this with your favorite site for instance
allintitle: Secret filetype:txt site:mysite.com
Should show you everything on mysite.com with the word secret in the title with the extension .txt

You can also look at online security cameras.

intitle:”Live View / – AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / – AXIS”
intitle:”Live View / – AXIS 206M”
intitle:”Live View / – AXIS 206W”
intitle:”Live View / – AXIS 210?
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1? intext:”Open Menu”
intext:”MOBOTIX M10? intext:”Open Menu”
intext:”MOBOTIX D10? intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1?
intitle:”sony network camera snc-m1?
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console – Web Monitor”
6. Obtaining things for free

This one is in my opinion the best as who doesn't like free stuff?

6.1 - Free Music

This very simple dork can get you free downloads to music
1 - intitle:songnamehere.mp3
2 - intitle:songnamehere filetype.mp3

6.2 - Paid Stuff For Free

This other simple dork can find pages that people are taken too after they purchase a product
site:*.com intitle:”Thank You For Your Purchase” intext:Click Here to Download
Play about with this one a bit there's quite a few variations.

6.3 - Free Movies and Games

Each of these dorks could be useful it may not be though they all respond to things I have seen people call their folders to contian things like this

“parent directory ” /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory “Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
“parent directory ” MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Thats the end guys,

I hope you have enjoyed this guide and you take something from it.

0 comments :

Post a Comment