New Post

Rss

Saturday, October 22, 2011
How to search on Google like elite Hackers

How to search on Google like elite Hackers

Google is best search engine in the world. Actually people think that Google's popularity is because of its simple and fast searching interface but friends, its more popular because it has rich operators and query support that will make your searching experience even better. Most of us doesn't know which operators are supported by Google and if they know some of them, they doesn't know how actually these operators work and enrich our searching practice. Today, i will tell you How we can search on Google like elite hackers or simply say computer experts do. But for this its necessary that you should know and understand all the Google operators properly. So lets learn how we can enrich our searching experience in Google.


search google like elite hackers
Advanced google searching techniques


Google operators:
Google operators are classified into two basic categories:
1. Basic Google Operators like and, or, not etc.
2. Advanced google operators like inurl, intitle etc.
I am also including bonus search queries that are extremely useful for hackers.


Basic Google Operators:-
1) And (+) :- This operator is used to include multiple terms in a query which is to be searched in google.
example:- if we type "hacker+yahoo+science" in google search box and click search, it will reveal the results something which are related to all the three words simultaneously i.e. hacker, yahoo and science.


2 ) OR (|) :- The OR operator, represented by symbol( | ) or simply the word OR in uppercase letters, instructs google to locate either one term or another term in a query.


3) NOT :- It is opposite of AND operator, a NOT operator excludes a word from search.
example:- If we want to search websites containing the terms google and hacking but not security then we enter the query like "google+hacking" NOT "security".


 
Advanced Operators:-
1) Intitle :- This operator searches within the title tags.
Description:- intitle:hacking returns all pages that have the string "hacking" in their title.
intitle:"index of" returns all pages that have string "index of" in their title.
Similar operator:- "allintitle".

2) Inurl :- Returns all matches, where url of the pages contains given word.
Description:- inurl:admin returns all matches, where url of searched pages must contains the word "admin".
Companion operator:- "allinurl".

3) Site :- This operator narrows search to specific website. 
Description : It will search results only from given domain. Can be used to carry out information gathering on specific domain.
example:- site:www.microsoft.com will find results only from the domain www.microsoft.com

4) Link :- This operator allows you to search for pages that links to given website.
example:- link:www.microsoft.com
Here, each of the searched result contains asp links to www.microsoft.com

5) Info :- This operator shows summary information for a site and provides links to other google searches that might pertain to that site.
example:- info:www.yahoo.com

6) Define :- This operator shows definition for any term.
example:- define:security
It gives various definitions for the word "security" in different manner from all over the world.

7) Filetype :- This operator allows us to search specific files on the internet. The supported file types can be pdf, xls, ppt, doc, txt, asp, swf, rtf, etc..
example:- If you want to search for all text documents presented on domain www.microsoft.com then we enter the query something like following.
"inurl:www.microsoft.com filetype:txt"


Other popular search terms only for Hackers:

1. For searching active webcams online:
In Google Search Box type :-
"Active Webcam Page" inurl:8080
Description- Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cross site scripting.

2. For accessing the deleted messages on forums:
In Google Search Box type:- 
"delete entries" inurl:admin/delete.asp
Description- AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered when the authentication method is bypassed and /admin/delete.asp is accessed directly. It is possible that the flaw may allow a malicious user to delete messages resulting in a loss of integrity.

3. For searching personal information of person:
In Google Search box type :- 
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
Description- This search gives hundreds of existing curriculum vitae with names and address. An attacker could steal identity if there is an SSN in the document.

4.For searching secret financial spread sheets:
In Google Search box type :- 
intitle:"index of" finance.xls
Description- Secret financial spreadsheets 'finance.xls' or 'finances.xls' of companies may revealed by this query.

5. In Google Search box :- 
intitle:"index.of" robots.txt
Description- The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff. However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!

6. For locating admin directories of websites:
In Google Search box type :- 
intitle:index.of.admin
Description- Locate "admin" directories that are accessible from directory listings.

7. For searching proxies online:
In Google Search box type :- 
inurl:"nph-proxy.cgi" "start browsing"
Description- Returns lots of proxy servers that protects your identity online.

Note: This is not originally written by me. Thanks to Unknown and Google Search Guide.

If you have any queries ask me in form of comments. Thanks for reading.
Tuesday, October 18, 2011
How to hack crack or bypass cyberoam in college

How to hack crack or bypass cyberoam in college


Hello Friends, today i am going to explain you How to hack crack or bypass cyberoam websense and all other security firewalls that college, institutions, offices use to block websites at their respective places. Most of colleges, school and offices nowadays prefers a hardware firewall to block the users to access the restricted websites. Most of my friends have asked me about that how to access blocked websites or bypass cyberoam or simply cracking the cyberoam to access restricted websites in their college and offices, i have explained some methods earlier also but those loopholes are now fixed and those methods to hack cyberoam and websense doesn't work effectively now and also hacking through proxy is quite tedious task as first of all we have to search for good working proxy websites which in itself is a very tedious task, and most of times it is also blocked. So it actually wastes lot of our precious times and most important daily. So why don't we have a permanent solution for it. The method that i will explain today is really awesome and doesn't require much effort and thus its quite easy and the most important its 100% working. So friends read on for detailed hack....

hack cyberoam, crack or bypass cyberoam client
Hacking or bypassing or cracking cyberoam
For hacking Cyberoam or Websense  you must know How cyberoam and websense works? If you know how it works then you can easily find flaws in it and hack or bypass it very easily. So friends lets learn how cyberoam actually works.

Cyberoam is a 8 layer hardware firewall that offers stateful and deep packet inspection for network and web applications and user based identity security. Thus the firewall is quite secured. Now how we can hack that 8 layer security its the main important question here, as i have mentioned above that main working and blocking of any website or application by cyberoam is basically done at deep packet inspection step, now here the flaw in any security firewall lies, also in case of cyberoam and websense too. They block all websites by parsing their content and if their content contains the restricted keywords then they block that websites. They also use category blocking which also works on same concept. The flaw is with websites that uses SSL feature, the websites that contains SSL lock i.e. the websites that uses https are not blocked by them. They have to block these websites manually which is a very hectic task and believe me nobody blocks them.
So the proxy websites that uses https i.e. SSL proxies are also not blocked by these websites. 
Only those proxies are blocked which are known or being heavily used. But the tool that i give you create SSL proxies by itself that means its proxies cannot be blocked. So friends this tool rocks..:P :)


Things that we need to hack cyberoam, websense and any such such hardware firewall:
1. TOR browser ( a anonymous web browser like Mozilla which has inbuilt proxy finder that bypasses the websites easily that are being blocked by cyberoam or websense).
2. A USB or pendrive ( where you will keep the portable version of TOR browser)
3. If USB drives are disabled we will use different drive for its installation. (also portable version of TOR can be executed from any place).


Steps to hack Cyberoam:
1. Download the TOR web browser.
     To download TOR browser: CLICK HERE

2. Now install the TOR web browser. In case of portable version it will extract.
    For Installation and usage Instructions visit here: CLICK HERE

3. Now open the TOR browser and start surfing your favorite website like facebook, orkut, gmail ..everything at you office....

4. That's all the hack. I hope you all have liked it.


Note: Have a portable version in your pen drive or USB drive and enjoy where ever you want.

For such hacks keep visiting...and subscribe our posts, if you don't wanna miss any such hack....

If you Have any Queries ask me in form of comments. If you like this please comment :)
Thanks for Reading...
Friday, October 7, 2011
Crypters tutorial for Hackers by Hackingloops

Crypters tutorial for Hackers by Hackingloops

Crypters are computer applications which are solely used to bypass the antivirus detection of malwares. Hackers use crypters to hide viruses, Trojans, RATS, keyloggers and other hack tools into a new executable, whose sole purpose is to bypass the detection of the same from antivirus. Crypters are basically dead programs which does not affect the actual functionality of the program, they just spoof the actual program behind their encryption and make antivirus fool. Most antivirus detects viruses on basis of heuristics and normal string based detection. Since we have spoofed the original program, so antivirus stand lame and does not detect it as virus.

Crypters tutorial by hackingloops
Crypter tutorial : only for hackers

Common terms related to crypters:
For understanding and designing crypters, hackers must be aware of certain terms, most of you already know these terms, but as i am writing this tutorial starting from novice level and take it to elite level at the end. So if you know these terms just read them one more time, as that might help you to clear some of your doubts.

1. FUD or UD : Fully undetectable(FUD) means that your virus is not detected by any of the existing antiviruses while undetectable(UD) means detectable by few antiviruses. FUD is our only goal and elite hackers always rely on that. 
Note: Crypter will remain FUD until you have openly shared on internet. Public crypters remains FUD up to maximum 2 to 3 days then they become UD. So if you want to use crypter for long time so never publish and share that on internet. Use it anonymously.

2. STUB : A stub is a small piece of code which contains certain basic functionality which is used again and again. It is similar to package in Java or simply like header files in C ( which already has certain standard functions defined in it). A stub basically simulates the functionality of existing codes similarly like procedures on remote machines or simply PC's. In crypters, client side server is validated using stubs, so never delete stub file from your crypter. Stubs adds portability to crypter code, so that it can be used on any machine without requiring much procedures and resources on other machines.
Let me explain with small example:
Suppose you are writing a code that converts bytes to bits, so we know formula or method for converting bytes to bits will remain same and it will be independent of machine. So our stub (or method stub or procedure) will contain something like this:

BEGIN
    totalBits = calculateBits(inputBytes)
    Compute totalBits = inputBytes * 8
END
Now what we will pass is only number of bytes to this stub. And it will return the resulting bits. Similarly, we include some common machine independent checks and functions in our stub, and in main code we only passes linkage and inputs to these stubs, which in return provides suitable results.
Note: Most of times it happens, suppose you downloaded some keylogger and you complain to provider its not working, only reason for that is stub. Also always kept in your mind, if you are downloading any keylogger or crypter  always check stub is present in it. If not, don't download it, its just a piece of waste and for sure hacker is spreading his virus using that. I recommend that never download any hacking tool on your real machine, always use virtual machine or sandbox to test hack tools.

3. USV: Unique stub version or simply USV is a part of crypter that generates a unique version of stub which differentiates it from its previous stub, thus makes it more undetectable against antiviruses. For detecting this antivirus companies has to reverse engineer your crypter stub, that is not that easy to do, so it will remain undetectable for long time. This consist of one most important component USG ( unique stub generation) which is the actual part of crypter that encrypts and decrypts the original file means its the heart of your algorithm and i will recommend never write this part in stub, rather include this part in main code. Why i am saying this, stub is part of code which is shared with victim, so it will become public and hence your Crypter will not remain FUD for much long time.


Different types of crypters:
1. External Stub based crypters : This category consists of public crypters (those you have downloaded till date :P (noobish one's) and you complains to provider that its detectable by antiviruses. That really foolish complaint, if crypter is public then it can never remain FUD. So don't ever complain to me also after my next article for such noobish things. Ahahah.. i got deviated for real thing.
External Stub based crypters are those crypters in which most of the functionality of the crypter depends of external stub, if your delete that stub file, your crypter is useless. :P Most antivirus only do that. These type of crypters contains two files one is client.exe and other is stub.exe . Stub contains the main procedures and client contains the global functions that call those procedures.

2. Internal or Inbuilt stub based crypters: The crypters that contains only one exe file (i.e client) fall under this category. This client file has inbuilt stub in it. You can separate stub and client part here too using RCE (reverse code engineering) but it is not recommended.

Note: External or Internal stub doesn't make much difference as antivirus detects files on the basis of strings related to offsets. Whenever you reverse engineer any application or program, the program execution flow will gonna remain the same but offsets may change. USV will come into picture at this point. If you include your encryption algorithm separately then it will be more harder for antivirus to detect your crypter.

3. Run time crypters: Run time crypters are those crypters which remain undetected in memory during their execution. We are looking for these type of crypters only. :P These can any of the two above.

4. Scan time crypters: Those crypters which will remain undetected while encrypting the files but will become detectable when resultant file is generated. :P Fking one's that wastes all effort we have put. This really annoys everything is working fine and at last you get your file being detected by noob antiviruses.

So friends, this is for today, i will share more about crypters like how to make internal and external stubs based crypters, how to make stubs absolutely FUD by using packers and obfuscators. So remain connected..
If you have any queries, ask me in form of comments. A comment of appreciation is always heartily accepted.
Saturday, October 1, 2011
How to make a Phisher or Fake Pages

How to make a Phisher or Fake Pages

Phishers are fake pages which are intentionally made by hackers to steal the critical information like identity details, usernames, passwords, IP address and other such stuff. As i mentioned intentional, which clearly means its illegal and its a cyber crime. Phishing is basically a social engineering technique to hack username and passwords by deceiving the legitimate users. Phishers are sent normally using spam or forged mails.

Note: This article is for educational purposes only, any misuse is not covered by Hacking loops or CME.

What is Phishing?
Phishing is basically derived from the word called Fishing which is done by making a trap to catch the fishes. Similarly in case of hacking, hackers make Phish pages (traps) to deceive the normal or unaware user to hack his account details. Phishing technique is advancing day by day, its really tough to believe that on what extent this technique is reached but this is always remains far away from normal internet users and most of hackers.
Most of hackers and computer geeks still believe that Phishing attempt can be easily detected by seeing the URL in address bar. Below are some myths that hacking industry still have about Phishing. I will mention only few because then article will become sensitive and major security agencies will flag my website for posting sensitive data. So i will only explain the facts, if you need the same you need to fill the form and give us assurance that you will not misuse it.

Myth's about Phishing among Computer Geeks and Hackers
1. Almost each and every Hacker or computer Geek, thinks that Phishing attempt can be detected by just having a look on the URL. Let me tell you friends it was old days when you recognize Phishers by seeing URL's. But nowadays recent development in Cross site scripting(XSS) and Cross site Script forgery has made it possible that we can embed our scripts in the URL of famous websites, and you must know scripting has no limitations. Below are some examples that you can do from scripting:
a. Embed a Ajax Keylogger into the main URL and user clicks on the URL, keylogger script will get executed and all the keystrokes of the user will get record.
b. Spoof the fake URL: If you are little bit good in scripting and web browser exploits recognition then this can be easily done. What you need to do you need to write a script which will tell web browser to open fake page URL whenever user opens some website like Facebook. Just you need to manipulate the host file and manipulate the IP address of that website from Host file(found in windows folder).
c. Simply retrieving the information saved in the web browser like saved passwords, and bookmarks etc. Just need to write a script which will explore the locations in Windows user profile (where actually the stored information of web browsers saved). 
2. One biggest myth, when you enter the data into the fake page, it will show either some warning message or show login information is incorrect. Rofl, new phishers are bit smart, now they don't show warning messages, when you login through fake page. They will actually login you into your account, and simultaneously at the back end they will steal your information using batch scripts.

So  friends i think this is enough back ground about new phishing technologies. Let's learn how to make a basic Phisher of any website in less than one or two minutes.

Steps to make your own Phisher:
1. Open the website Login or Sign in page whose phisher you want to make. Suppose you pick Gmail.
2. Right click to view the source and simultaneously open notepad.
3. Copy all the contents of the source into the notepad file.
4. Now you need to search for word action in the copied source code. You will find something like below:
how to make phishers or fake pages
Manipulate action and method

Now in this line you need to edit two things, first method and then action. Method Post is used for security purposes which encrypts the plain text, so we need to change it to GET.
Action field contains the link to next page, where it should go when you click on login or press enter. You need to change it to something.php (say lokesh.php).
5. Now save the above page.
6. Now open the Notepad again and paste the below code in that:
sample batch scripts for hacking account or password
Batch script for Phisher
7. Location contains the next page URL, where you wish to send to user and passwords.html will contains the passwords.
8. Now save this file as lokesh.php as told in step number 4.
9. Now create an empty file and name it as passwords.html, where the password get stored.
10. Upload all the three file to any web server and test it.

Note: In case of facebook, it will show error after user login, for that you need to use tabnabbing trick.
Note: Always keep the extension correct, otherwise it will not work. So always use save as trick rather than save otherwise it will save files as lokesh.php.txt. 

That's all from my side today, I hope you all enjoyed this article..
If you have any issues ask me in form of comments..
Designed by Hackingloops.