What is Google Dorks and How Hackers Use Them

Google is a Hacking Tool. The idea of using Google as a hacking tool or platform certainly isn’t a novel idea, and hackers have been leveraging this incredibly popular search engine for years. In fact, Google Dorks have their roots in 2002 when a man by the name of Johnny Long started using custom queries to search for elements of certain websites that he could leverage in an attack.It’s not a new concept, but your website could be advertising its own vulnerabilities on Google’s search engine. The term is called “Google Dorking,” and the process of finding vulnerable web servers through the search engine is easier than you think.

How It Works

One aspect of good web programming is returning user-friendly errors. If your application doesn’t catch coding bugs, the web server returns error details in the browser. In some cases, the error details contain user names, passwords, and database specifics that you don’t want visitors to see. Most users bounce from a website that serves errors, but not Google. Googlebot is just a crawler meant to scan the web for content, index it, and then present results to searchers. If your web server returns errors from coding bugs, Google indexes the content of these errors, which could mean that sensitive login information is indexed. The result is that your web server provides searchable content that can be used to hack your website.

Google Dorking refers to the process of using common error phrases that relate to a specific response code generated by a programming language. For instance, your PHP application might have the wrong database user name and password stored in your backend code. PHP returns a specific database login error that must be handled when coding an application.”Handling” an error refers to trapping it and sending a user-friendly response back to the browser. If you don’t handle the error, the database login credentials are returned to the browser. When Googlebot visits your pages, it sees the PHP errors and indexes the content. This content is then available to anyone who knows what PHP phrases to search for.

Understanding Google Dorks Operators

Just like in simple math equations, programming code, and other types of algorithms, Google Dorks has several operators that aspiring white hat hackers need to understand. There are far too many to include in this guide, but we will go over some of the most common:

• intitle – this allows a hacker to search for pages with specific text in their HTML title. So intitle: “login page” will help a hacker scour the web for login pages.
• allintitle – similar to the previous operator, but only returns results for pages that meet all of the keyword criteria.
• inurl – allows a hacker to search for pages based on the text contained in the URL (i.e. “login.php”).
• allinurl – similar to the previous operator, but only returns matches for URLs that meet all the matching criteria.
• filetype – helps a hacker narrow down search results to specific types of files such as PHP, PDF, or TXT file types.
• ext – very similar to filetype, but this looks for files based on their file extension.
• intext – this operator searches the entire content of a given page for keywords supplied by the hacker.
• allintext – similar to the previous operator, but requires a page to match all of the given keywords.
• site – limits the scope of a query to a single website.

Custom Crafting Google Dork Queries

Now that we have a basic understanding of some of the operators and how Google Dorks can be used to scour the web, it’s time to look at query syntax. The following is the high level structure of Google Dorks that targets a specific domain:

• “inurl: domain/” “additional dorks”

A hacker would simply plug in the desired parameters as follows:

• inurl = the URL of a site you want to query
• domain = the domain for the site
• dorks = the sub-fields and parameters that a hacker wants to scan

If a hacker wishes to search by a field other than the URL, the following can be effectively substituted:

• intitle:
• inurl:
• intext:
• define:
• site:
• phonebook:
• maps:
• book:
• info:
• movie:
• weather:
• related:
• link:

These options will help a hacker uncover a lot of information about a site that isn’t readily apparent without a Google Dork. These options also offer ways to scan the web to located hard to find content. The following is an example of a Google Dork:

inurl:login.jsp intitle:login

Making Effective Use of Operators

It may seem a little cryptic at first, so let me provide a few examples that show how the different operators can be used to locate content and website data. A user can make effective use of the intitle operator to locate anything on a website. Perhaps they are scraping email addresses and want to scan sites for the “@” symbol, or maybe they are looking for an index of other files.

Furthermore, the intext operator can basically be used to scan individual pages for any text you want, such as a target’s email address, name, the name of a web page (like a login screen) or other personal information to collect data about them.

The more you practice, the further you’ll be able to hone your queries to pinpoint different types of websites, pages, and vulnerabilities. Again, I need to caution you not to use these queries to attack another website, because that would be illegal and could get you into a lot of trouble. Still, Google Dorks are a great way to locate hidden information on the web, which is why hackers love to use them to find security flaws in websites.

Hackers Use Sonic and ultrasonic signals to crash Hard Drives

Researchers have demonstrated how sonic and ultrasonic signals (inaudible to human) can be used to cause physical damage to hard drives just by playing ultrasonic sounds through a target computer's own built-in speaker or by exploiting a speaker near the targeted device.

Similar research was conducted last year by a group of researchers from Princeton and Purdue University, who demonstrated a denial-of-service (DoS) attack against HDDs by exploiting a physical phenomenon called acoustic resonance.

Since HDDs are exposed to external vibrations, researchers showed how specially crafted acoustic signals could cause significant vibrations in HDDs internal components, which eventually leads to the failure in systems that relies on the HDD.

To prevent a head crash from acoustic resonance, modern HDDs use shock sensor-driven feed forward controllers that detect such movement and improve the head positioning accuracy while reading and writing the data.

However, according to a new research paper published by a team of researchers from the University of Michigan and Zhejiang University, sonic and ultrasonic sounds causes false positives in the shock sensor, causing a drive to unnecessarily park its head.

By exploiting this disk drive vulnerability, researchers demonstrated how attackers could carry out successful real-world attacks against HDDs found in CCTV (Closed-Circuit Television) systems and desktop computers.

    An attacker can use the effects from hard disk drive vulnerabilities to launch system level consequences such as crashing Windows on a laptop using the built-in speaker and preventing surveillance systems from recording video," the research paper reads.

These attacks can be performed using a nearby external speaker or through the target system's own built-in speakers by tricking the user into playing a malicious sound attached to an email or a web page.

In their experimental set-up, the researchers tested acoustic and ultrasonic interferences against various HDDs from Seagate, Toshiba and Western Digital and found that ultrasonic waves took just 5-8 seconds to induce errors.

However, sound interferences that lasted for 105 seconds or more caused the stock Western Digital HDD in the video-surveillance device to stop recording from the beginning of the vibration until the device was restarted.

    In the case that a victim user is not physically near the system being attacked, an adversary can use any frequency to attack the system," the researchers explain.

    "The system's live camera stream never displays an indication of an attack. Also, the system does not provide any method to learn of audio in the environment. Thus, if a victim user were not physically near the system, an adversary can use audible signals while remaining undetected."

The researchers were also able to disrupt HDDs in desktops and laptops running both Windows and Linux operating system. They took just 45 seconds to cause a Dell XPS 15 9550 laptop to freeze and 125 seconds to crash when the laptop was tricked to play malicious audio over its built-in speaker.

How to Boost Bower Speed

When you buy an internet connection, you are facing slow internet problem, pages load time is too long. If you want to boost your internet speed. You need some simple steps to boost you browse speed.

There are many ways to boost your browse speed in the market to get speedy browser whether you use paid service or free hacks. I am going to share this free speed hack with you.

Steps To Follow

1: Navigate to Control Panel > Network and Internet Options > Network and Sharing Center.

2: Now look for the active internet connection to which you’re currently connected to.

3: Open up Connection Properties of your active connection.

4: Click on IPv4 and open its Properties.

5: Here you will notice your DNS, you just need to change your DNS address with the following DNS.

Preferred DNS server: 208.67.222.222
Alternate DNS server: 208.67.220.220

6: Once done, save it and no configure it for IPv6. Just change the IPv6 DNS with the following DNS.

Preferred DNS server: 2620:0:ccc::2
Alternate DNS server: 2620:0:ccd::2

7: Finally, save and you’re done with it.

That’s all. You have successfully learned how to boost up browsing speed. Hope it will work for you. 

Enjoy speedy internet..!

Download Havij 1.5 Full Cracked

Havij 1.5 is number one advanced SQL injection tool for ethical hacking. It is an automated SQL  injection tool that helps penetration tester to find and exploit SQL injection vulnerability in a web page.It can also be used for finding admin login page and md5 description and many more functions that you want should be automated.This software is the best way to start with SQL injection if you are a beginner. Of course, this is more easy to use an automated SQL tool like Havij that hack a database website with a SQL injection manually.

Havij 1.5 Features

• Back-End database fingerprinting
• Retrieve DBMS users
• Retrieve password hashes
• find admin panel page
• md5 description
• Coun the no of columns
• Fetching data from the database
• Running SQL statements
• accesing underlying file system

Havij 1.5 is totally different from other SQL injection tools. Its success rate is above 95%.The user-friendly GUI of havij 1.5 and its automated setting and detection make it easy to use for everyone.

Download

Havij 1.5

What is Botnet and How Does it Works

Today's Botnets have become one of the biggest threats to security systems. botnet growing popularity among cybercriminals from their ability to infiltrate almost any internet-connected device, from DVR players to corporate mainframes.

Botnets are also becoming a larger part of cultural discussions around cybersecurity. Facebook’s fake ad controversy and the Twitter bot fiasco during the 2016 presidential election worry many politicians and citizens about the disruptive potential of botnets. Recently published studies from MIT have concluded that social media bots and automated accounts play a major role in spreading fake news.

To Many Cybercriminals use botnets to mine cryptocurrencies like bitcoin is growing business for cybercriminals.It’s predicted the trend will continue, resulting in more computers infected with mining software and more digital wallets stolen.

How Botnet Works

For Better understand of botnet functions, consider that the name itself is a blending of the words “robot” and “network”. In a broad sense, that’s exactly what botnets are: a network of robots used to commit cybercrime. The cybercriminals controlling them are called botmasters or bot herders.

Size Matters

To build a botnet, botmasters need as many infected online devices or “bots” under their command as possible. The more bots connected, the bigger the botnet. The bigger the botnet, the bigger the impact. So size matters. The criminal’s ultimate goal is often financial gain, malware propagation, or just general disruption of the internet.

Imagine the following: You’ve enlisted ten of your friends to call the Department of Motor Vehicles at the same time on the same day. Aside from the deafening sounds of ringing phones and the scurrying of State employees, not much else would happen. Now, imagine you wrangled 100 of your friends, to do the same thing. The simultaneous influx of such a large number of signals, pings, and requests would overload the DMV’s phone system, likely shutting it down completely.

Cybercriminals use botnets to create a similar disruption on the internet. They command their infected bot army to overload a website to the point that it stops functioning and/or access is denied. Such an attack is called a denial of service or DDoS.

Botnet Infections

Botnets aren’t typically created to compromise just one individual computer; they’re designed to infect millions of devices. Bot herders often deploy botnets onto computers through a trojan horse virus. The strategy typically requires users to infect their own systems by opening email attachments, clicking on malicious pop-up ads, or downloading dangerous software from a website. After infecting devices, botnets are then free to access and modify personal information, attack other computers, and commit other crimes.

More complex botnets can even self-propagate, finding and infecting devices automatically. Such autonomous bots carry out seek-and-infect missions, constantly searching the web for vulnerable internet-connected devices lacking operating system updates or antivirus software.

Botnets are difficult to detect. They use only small amounts of computing power to avoid disrupting normal device functions and alerting the user. More advanced botnets are even designed to update their behavior so as to thwart detection by cybersecurity software. Users are unaware they’re connected device is being controlled by cybercriminals. What’s worse, botnet design continues to evolve, making newer versions harder to find.

Botnets take time to grow. Many will lay dormant within devices waiting for the botmaster to call them to action for a DDoS attack or for spam dissemination.

Vulnerable Devices

Botnets can infect almost any device connected directly or wirelessly to the internet. PCs, laptops, mobile devices, DVR’s, smartwatches, security cameras, and smart kitchen appliances can all fall within the web of a botnet.

Although it seems absurd to think of a refrigerator or coffee maker becoming the unwitting participant in a cybercrime, it happens more often than most people realize. Often appliance manufacturers use secure passwords to guard entry into their devices, making them easy for autonomous bots scouring the internet to find and exploit.

As the never-ending growth of the Internet of Things brings more devices online, cybercriminals have greater opportunities to grow their botnets, and with it, the level of impact.

In 2016, a large DDoS attack hit the internet infrastructure company Dyn. The attack used a botnet comprised of security cameras and DVRs. The DDoS disrupted internet service for large sections of the country, creating problems for many popular websites like Twitter and Amazon.

Botnet Attacks

Aside from DDoS attacks, botmasters also employ botnets for other malicious purposes.

Ad Fraud

Cybercriminals can use the combined processing power of botnets to run fraudulent schemes. For example, botmasters build ad fraud schemes by commanding thousands of infected devices to visit fraudulent websites and “click” on ads placed there. For every click, the hacker then gets a percentage of the advertising fees.

Selling and Renting Botnets

Botnets can even be sold or rented on the internet. After infecting and wrangling thousands of devices, botmasters look for other cybercriminals interested in using them to propagate malware. Botnet buyers then carry out cyber attacks, spread ransomware, or steal personal information.

Laws surrounding botnets and cybercrime continue to evolve. As botnets become bigger threats to internet infrastructure, communications systems, and electrical grids, users will be required to ensure their devices are adequately protected from infection. Its likely cyber laws will begin to hold users more responsible for crimes committed by their own devices.

Where do botnets come from?

To be a part of a botnet, it first needs to become infected with the type of specific malware that either contact a remote server or other infected systems present into the network. To get commands from whoever is controlling the botnet, which is hackers and cybercriminals. Despite being magnificent in scope and scale, although a botnet malware infection is no different from a traditional malware infection.

How do you recognize botnets?

So how do you recognize the botnet! You can recognize the botnet in the same way as you can distinguish a computer infected with other types of malware. Signs that includes the computer running slowly, and acting very strangely, giving error messages or the fan starting up suddenly when the computer is idle. These are all possible symptoms that some other person using the computer remotely as part of a bot network.

What is Website Defacement ?

Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of defacers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti and, as other forms of vandalism, is also used to spread messages by politically motivated "cyber protesters" or hacktivists.

What is Website Defacement?

An anonymous hacking group starts Website Defacement like hactivist. Website Defacement means hack any website and change website home page.Friends you also know that black hat hackers who hack the website and change the index page coding with his own page coding, mostly hacker hack the website just for fun and only post her name in the website.

Website Defacement Method

The most common method of defacement is using SQL Injections to log on to administrator accounts. Defacements usually consist of an entire page. This page usually includes the defacer’s pseudonym or “Hacking Codename.” Sometimes, the Website Defacer makes fun of the system administrator for failing to maintain server security. Most times, the defacement is harmless, however, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware or deleting essential files from the server.

Top 5 websites to learn advance ethical Hacking

There are many websites who provide you free ethical hacking, but we provide you top 5-websites for advance ethical hacking. To learn advance ethical hacking website at Free of cost and you will become a master hacker or best hacker. These websites only are given to you and you will become a master level hacker or best hacker.

Friends you can also find too many websites who provide you hacking contents but these websites that I am going to provide you with beginning to advance level hacking.

• Null Byte
• hacking tutorial
• Evilzone
• blackmoreops
• security tube

Null Byte

Null Byte Website is one of the best websites for hacking you will learn about the advanced level of hacking in the null byte.you get daily updates of hacking and news.In this website, You will learn about Metasploit basics, Facebook Hacks, Password Cracking, wifi Hacking, Linux Basics and One of a Great hacker in the world MR. ROBOTs Hack Topics.

Hacking tutorial

Hacking Tutorial is the associate moral web site you'll study hacking(How to install Linux, all Linux Tools) use and windows Tools like the way to bypass any password in windows, the way to use Remote Administration Tool, Man-in-Middle-Attack, Phone hacking and hacking news you'll get during this website.

Evilzone

If you are interested in cybersecurity and wants to become cybersecurity experts then we recommend you must visit evil zone hacking and security website. 

Blackmore

Blackmore Ops is the leading source for Kali Linux, InfoSec, Hacking, Network, and Cyber Security, How to, Guides and Tutorials with technical details.If You are also learned ethical hacking so you need to go this website for advanced hacking skills.this website is looking strange but you can set you hacking skills from beginning to advance

Security tube

security tube is a website where you get advance level hacking. If you are beginning level hacker so please do not go to this website because you never understand the logic, methods, and security.this website also bans in many countries.you can visit this website by using VPN or proxy.