You have a very Advanced Penatration Tool on Your Computer!

Thread: You have a very Advanced Penatration Tool on Your Computer!

  1. Black Oracle's Avatar

    Black Oracle said:

    Info You have a very Advanced Penatration Tool on Your Computer!

    This is only part of the document I have available, I will share much more, depending on the interest of this post. I know there is a character restriction of PM's - because I hit it a few times yesterday, when a member asked me what I was capable of doing, needless to say - I left him overwhelmed on a simple Penatration Test. I would like to know the actual character limit on forum posts if anyone knows can they please PM me.

    The Google Goldmine


    Probably, everyone knows the old find the mp3 hacks using Google! But what about all of the other documents, you know the stuff that gets leaked on to the surface web, is it safe from Google, well that is really a stupid question. Penetration testing using Google can give you data that you wished for but were unable to get even using hack1ng tools.

    Google offers so much data, not even google knows exactly what ‘switches’ can be used to call up a lot of data that really should not be on the internet.
    Okay, there is that many leaks of documents, that you would not believe. Just take a look for yourself, and become a ‘Google Geek’, while having so much data at your fingertips. Now, I’m not talking about mp3’s – that’s last century information. We are talking about huge data, addresses, phone numbers, DOB’s, emails, credit cards, CV’s, bank accounts.


    Pentesting Security
    Type the following in Google search:
    inurl:”viewerframe?mode=motion”


    Want to try ‘Live’ testing a camera?
    Then type this into Google:
    intitle:”Live View / – AXIS”


    Pentesting Personal and Confidential Documents
    Gain access to Email Repositries containing CV’s of hundreds of people that applied for jobs.
    The documents found will contain full addresses, phone numbers, DOB, Education, Work types, etc.
    intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”


    Educational groups of People containing contact details, including email addresses, etc. These are large .xls files (Excel documents).
    Type in Google search the following:
    filetype:xls inurl:”email.xls”


    Documents of containing information on bank accounts, financial summaries and credit card numbers.
    Use the following in Google:
    intitle:index.of finances.xls



    Want to get the config.php data and do not know how, just let Google do the dirty work for you!
    Enter the following and say ‘hello’ to the world of config.php files.
    intitle:”Index of” config.php


    You may well ask what else can Google do? It is not what it can do, it’s more to the point of what it cannot do! I’ve only touched the surface with the above details. There is much more out there than people know about Google.

    The aforementioned information is really easy to do; doesn’t that make you feel unsecure?
    These search types and many others show just how bad security on the web really is, applying for a job online, securely – probably not!

    Websites
    All websites have holes in them, regardless of what type of script you are running, the only way to protect yourself is to get a whitehat hacker to check your website, for you - but in order to do this they need the webmasters permission and probably want you to sign a document to confirm that you have given your permission to run such a task.

    I can show you how to get usr/pwd/database combinations even if the directory is pwd coded with a .htaccess file, with google, there is so much you can do with Google, this is why there is a 'Google Geek Team'. You can even run penatration exploits on any database, some are easier to takedown than others.
    Wordpress you can as much security on it as possible, but it is the easiest script for hack1ng!

    Look at IPB - an hackers forum was hackered ironically, yet IPB only today released patches. That is one whole week that the same exploit could have been used on other IPB forums with Nexus. The hacked forum had many peoples addresses, credit and debit cards on it and paypal accounts. It hit media headlines because of the amount of account details that were stored! It is okay running a site about hack1ng, but many these get hackers to fix the exploits, before opening up to to public.

    If anyone wants me to post more of the Google hack1ng boolean expressions, just let me know, and I'll type them up!
     
  2. satzzz's Avatar

    satzzz said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Great post. You certainly seem to be a useful addition to the forum bud.

    Sent from my LG-H815 using Tapatalk
    Just use enough water to cover your vegetables,the same goes for when you're having a bath....
     
  3. piggzy's Avatar

    piggzy said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Would love to see more of this.

    I always tell all my customers "don't touch wordpress, it is the most insecure piece of crap out there" They usually don't listen, but at least I warned them.
    I know nothing is secure but no point making it easy for the hackers imho

    When one of my servers was hacked about 3 months ago by the Egyptians Islamic hacking group or something like that, the only CMS type sites still up were Joomla and I know that has serious flaws. Shows how bad WP is imho.

    Thanks for the interesting read Oracle...
     
  4. piggzy's Avatar

    piggzy said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    I believe character limit is 10,000 in vBulletin Oracle.
    I tried to PM but it says your inbox is full.

    Also in the 5th example should 'Index.Of' be in quotes or does that make no difference.

    Cheers
     
  5. Mr 250's Avatar

    Mr 250 said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    I love shit like this.
    Please tell us more.
     
  6. Black Oracle's Avatar

    Black Oracle said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Quote Originally Posted by piggzy View Post
    I believe character limit is 10,000 in vBulletin Oracle.
    I tried to PM but it says your inbox is full.

    Also in the 5th example should 'Index.Of' be in quotes or does that make no difference.

    Cheers
    Hi piggzy,

    Actually, it means the same ”Index of” followed byconfig.php informs Google to be able read the contents of the config.php file. The problem with Wordpress is if the install.php file is left in, then the database can be wiped, by just adding a few parameters, that is used initially to setup the database. There are other ways that can actually 'destroy' the database, and all it takes, is a MySQL command. I will go in to this in the next part of this document.

    Nice to see, people like this info! Much more to come yet...
     
  7. piggzy's Avatar

    piggzy said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    The 5th one was the one above that. ;-)

    You can hack but you can't count ?? Keep up lol
     
  8. DJ Overdose's Avatar

    DJ Overdose said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Just bear in mind Google will track you accessing these and the fairy dust left on ur PC afterwards.

    Live distro or VPN. Public network etc etc.


    DJ OD
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
     
  9. Black Oracle's Avatar

    Black Oracle said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Quote Originally Posted by DJ Overdose View Post
    Just bear in mind Google will track you accessing these and the fairy dust left on ur PC afterwards.

    Live distro or VPN. Public network etc etc.

    DJ OD
    Ah, but for them to do that they have to track me in the first place, and since ALL Google is blocked from my system - I can see digital-footprints being blocked all the time, newspapers are the worse for trying to gather information on people. Well, they could if they could see me!

    'Fairy-dust' lol
     
  10. DJ Overdose's Avatar

    DJ Overdose said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Was more of a warning to the other members TBH.


    DJ OD
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
     
  11. DavidF's Avatar

    DavidF said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    More lol....the vulnerability of most of the internet would make you want to wipe all traces and start again lol...not much is safe. Tools such as dork injection tools and sql injectors. Not really toys as such as even just looking "to see" is illegal I would have thought. If you were to dabble you would want to be running on a secure environment behind a proxy at the very least....Have a google for SQL injection tools , google dorks ect ect...but as above remember they are watching you watching them watching you.....
     
  12. Black Oracle's Avatar

    Black Oracle said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Quote Originally Posted by DavidF View Post
    More lol....the vulnerability of most of the internet would make you want to wipe all traces and start again lol...not much is safe. Tools such as dork injection tools and sql injectors. Not really toys as such as even just looking "to see" is illegal I would have thought. If you were to dabble you would want to be running on a secure environment behind a proxy at the very least....Have a google for SQL injection tools , google dorks ect ect...but as above remember they are watching you watching them watching you.....
    'Script-kiddies' are just a PITA IMO - they are the wannabies! Usually fail to hide their IP's, they think that hacking the .htaccess and suspending the account is clever - to me, that is totally stupid and childish!

    It's funny, I travel to more places around the world than is humanly possible and get to them in minutes, chances of back-traces are difficult, since every router 'hit' changes my location! Companies do try and track you, even when I bounce their own IP back at them (this confuses Universities!) - They don't teach you everything - by a long way!!

    Your best tutor is yourself! As long as you know what you are doing, I always monitor myself using other sites, so I can see if at anytime my 'real' IP is shown.
     
  13. DJ Overdose's Avatar

    DJ Overdose said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    I class myself as a script kiddie. But I'm far from blind.

    You can count the amount of real hackers in the UK on ur toes.

    And no one we know knows one.


    DJ OD
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
     
  14. Black Oracle's Avatar

    Black Oracle said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    LOL..

    You must have a lot of toes then, DJ!
     
  15. diablos's Avatar

    diablos said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Great wee read.
     
  16. Mystical_2K's Avatar

    Mystical_2K said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    great post
    You know he grew up as a little shitspark from the old shitflint and then he turned into a shitbonfire and driven by the winds of his monumental ignorance he turned into a raging shitfirestorm. If I get to be married to Barb I'll have total control of Sunnyvale and then I can unleash the shitnami tidal wave that will engulf Ricky and extinguish his shitflames forever. And with any luck he'll drown in the undershit of that wave. Shitwaves.
     
  17. DJ Overdose's Avatar

    DJ Overdose said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Quote Originally Posted by Black Oracle View Post
    LOL..

    You must have a lot of toes then, DJ!
    Depends on ur description of real hackers, script kiddies and ... Toes.


    DJ OD
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
     
  18. Black Oracle's Avatar

    Black Oracle said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Just a black screen & green system default font, nothing more!

    I have friends that setup Linux boxes and code in perl then send emails out to groups of hackers, but these do not live in the UK, they are US and German based.

    It doesn't matter how much protection you have a computer they only need ur IP, it takes them under 5 minutes to get in.. They are not the type of guys you piss off.

    I only know them through a friend I got to know years ago!
     
  19. doughboy's Avatar

    doughboy said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    Quote Originally Posted by Black Oracle View Post

    It doesn't matter how much protection you have a computer they only need ur IP, it takes them under 5 minutes to get in..
    I take it they use methods other than what you find on exploitdb then?

    Sent from my SM-N910F using Tapatalk
     
  20. Black Oracle's Avatar

    Black Oracle said:

    Default Re: You have a very Advanced Penatration Tool on Your Computer!

    When you are left DM's on Twitter like this:

    [Only registered and activated users can see links. ]

    from an ANON Bot - they are telling you something!
    Last edited by Black Oracle; 13th June 2016 at 11:31 PM. Reason: Had to edit the URL - Forum re-write caused an error in url ..