Monday, March 7, 2011

Tips & tricks - dont misuse it

 No,don't go crazy messing up people sites,this is to make awareness of how negligent can an administrator be.

1- Why deface when you can own it?
Go to Google and type this:
intitle:PhpMyAdmin "Welcome to phpMyAdmin***" running on * as root@*"

This will give you tons of no passworded phpMyAdmin,means you'll have access to all files,can make changes ect.
======================================
To find websites Admin Password type the following in the Google bar:
inurl:vti_pvt "service.pwd"
(password will be encrypted) "convert encrypted password to md5 hash then use milw0rm

Also You can You use this codes when you have free time..enjoy

Google Search strings
-------------------------

    * inurl:/db/main.mdb |ASP-Nuke passwords
    * filetype:cfm "cfapplication |ColdFusion source with potential passwords name" password
    * filetype:pass |dbman credentials pass intext:userid
    * allinurl:auth_user_file.txt |DCForum user passwords
    * eggdrop filetype:user user |Eggdrop IRC user credentials
    * filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
    * filetype:url +inurl:"ftp://" |FTP bookmarks cleartext passwords
      +inurl:"@"
    * inurl:zebra.conf intext: |GNU Zebra passwords
      password -sample -test
      -tutorial –download
    * filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
    * intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
      "htgroup" -intitle:"dist"
      -apache -htpasswd.c
    * intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
      htpasswd.bak
    * "http://*:*@www" bob:bob |HTTP passwords (bob is a sample username)
    * "sets mode: +k" |IRC channel keys (passwords)
    * "Your password is * |Remember IRC NickServ registration passwords
      this for later use"
    * signin filetype:url |JavaScript authentication credentials
    * LeapFTP intitle:"index.of./" |LeapFTP client login credentials
      sites.ini modified
    * inurl:lilo.conf filetype:conf |LILO passwords
      password -tatercounter2000
      -bootpwd –man
    * filetype:config config intext: |Mcft .NET application credentials
      appSettings "User ID"
    * filetype:pwd service |Mcft FrontPage Service Web passwords
    * intitle:index.of |Mcft FrontPage Web credentials
      administrators.pwd
    * "# -FrontPage-" |Mcft FrontPage Web passwords
      inurl:service.pwd
      ext:pwd inurl:_vti_pvt inurl: |Mcft FrontPage Web passwords
      (Service | authors | administrators)
    * inurl:perform filetype:ini |mIRC nickserv credentials
    * intitle:"index of" intext: |mySQL database credentials
      connect.inc
    * intitle:"index of" intext: |mySQL database credentials
      globals.inc
    * filetype:conf oekakibbs |Oekakibss user passwords
    * filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials
    * inurl:ospfd.conf intext: |OSPF Daemon Passwords
      password -sample -test
      -tutorial –download
    * index.of passlist |Passlist user credentials
    * inurl:passlist.txt |passlist.txt file user credentials
    * filetype:dat "password.dat" |password.dat files
    * inurl:password.log filetype:log |password.log file reveals usernames,
      |passwords,and hostnames
    * filetype:log inurl:"password.log" |password.log files cleartext
      |passwords
    * inurl:people.lst filetype:lst |People.lst generic password file
    * intitle:index.of config.php |PHP Configuration File database
      |credentials
    * inurl:config.php dbuname dbpass |PHP Configuration File database
      |credentials
    * inurl:nuke filetype:sql |PHP-Nuke credentials
    * filetype:conf inurl:psybnc.conf |psyBNC IRC user credentials
      "USER.PASS="
    * filetype:ini ServUDaemon |servU FTP Daemon credentials
    * filetype:conf slapd.conf |slapd configuration files root password
    * inurl:"slapd.conf" intext: |slapd LDAP credentials
      "credentials" -manpage
      -"Manual Page" -man: -sample
    * inurl:"slapd.conf" intext: |slapd LDAP root password
      "rootpw" -manpage
      -"Manual Page" -man: -sample
    * filetype:sql "IDENTIFIED BY" –cvs |SQL passwords
    * filetype:sql password |SQL passwords
    * filetype:ini wcx_ftp |Total Commander FTP passwords
    * filetype:netrc password |UNIX .netrc user credentials
    * index.of.etc |UNIX /etc directories contain
      |various credential files
    * intitle:"Index of..etc" passwd |UNIX /etc/passwd user credentials
    * intitle:index.of passwd |UNIX /etc/passwd user credentials
      passwd.bak
    * intitle:"Index of" pwd.db |UNIX /etc/pwd.db credentials
    * intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
    * intitle:index.of master.passwd |UNIX master.passwd user credentials
    * intitle:"Index of" spwd.db |UNIX spwd.db credentials
      passwd -pam.conf
    * filetype:bak inurl:"htaccess| |UNIX various password file backups
      passwd|shadow|htusers
    * filetype:inc dbconn |Various database credentials
    * filetype:inc intext:mysql_ |Various database credentials, server names
      connect
    * filetype:properties inurl:db |Various database credentials, server names
      intext:password
    * inurl:vtund.conf intext:pass –cvs |Virtual Tunnel Daemon passwords
    * inurl:"wvdial.conf" intext: |wdial dialup user credentials
      "password"
    * filetype:mdb wwforum |Web Wiz Forums Web credentials
    * "AutoCreate=TRUE password=*" |Website Access Analyzer user passwords
    * filetype:pwl pwl |Windows Password List user credentials
    * filetype:reg reg +intext: |Windows Registry Keys containing user
      "defaultusername" intext: |credentials
      "defaultpassword"
    * filetype:reg reg +intext: |Windows Registry Keys containing user
      "internet account manager" |credentials
    * "index of/" "ws_ftp.ini" |WS_FTP FTP credentials
      "parent directory"
    * filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
    * inurl:admin filetype: |asp Generic userlist files
      inurl:userlist |
    * inurl:php inurl: |Half-life statistics file, lists username and
      hlstats intext: |other information
      Server Username |
    * filetype:ctl |
      inurl:haccess. |Mcft FrontPage equivalent of htaccess
      ctl Basic |shows Web user credentials
    * filetype:reg |
      reg intext: |Mcft Internet Account Manager can
    * "internet account manager" |reveal usernames and more
      filetype:wab wab |Mcft Outlook Express Mail address
      |books
    * filetype:mdb inurl:profiles |Mcft Access databases containing
      |profiles.
    * index.of perform.ini |mIRC IRC ini file can list IRC usernames and
      |other information
    * inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
      |used to discover usernames
    * filetype:conf inurl:proftpd. |PROFTP FTP server configuration file
      conf –sample |reveals
      |username and server information
    * filetype:log username putty |PUTTY SSH client logs can reveal
      |usernames
      |and server information
    * filetype:rdp rdp |Remote Desktop Connection files reveal user
      |credentials
    * intitle:index.of |UNIX bash shell history reveals commands
      .bash_history |typed at a bash command prompt; usernames
      |are often typed as argument strings
    * intitle:index.of |UNIX shell history reveals commands typed at
      .sh_history |a shell command prompt; usernames are
      |often typed as argument strings
    * "index of " lck |Various lock files list the user currently using
      |a file
    * +intext:webalizer +intext: |Webalizer Web statistics page lists Web user-
      Total Usernames +intext: |names and statistical information
      "Usage Statistics for"
    * filetype:reg reg HKEY_ |Windows Registry exports can reveal
      CURRENT_USER |username usernames and other information
Posted by Sreekumar at 6:39 AM 0 comments
Labels:

Thursday, March 3, 2011

Java Script

What is JavaScript?

JavaScript was designed to add interactivity to HTML pages

JavaScript is a scripting language

A scripting language is a lightweight programming language

JavaScript is usually embedded directly into HTML pages

JavaScript is an interpreted language (means that scripts execute without preliminary compilation)

Everyone can use JavaScript without purchasing a license


Are Java and JavaScript the same?

NO! ... Java and JavaScript are two completely different languages in both concept and design!

Java (developed by Sun Microsystems) is a powerful and much more complex programming language 



JavaScript = ECMAScript

JavaScript is an implementation of the ECMAScript language standard. ECMA-262 is the official JavaScript standard.
JavaScript was invented by Brendan Eich at Netscape (with Navigator 2.0), and has appeared in all browsers since 1996.
The official standardization was adopted by the ECMA organization (an industry standardization association) in 1997.
The ECMA standard (called ECMAScript-262) was approved as an international ISO (ISO/IEC 16262) standard in 1998.
The development is still in progress.....


For further info please visit http://www.w3schools.com/
Posted by Sreekumar at 10:52 PM 0 comments
Labels:

Wednesday, March 2, 2011

How to Disable Write Access to USB Hard Disk and Flash Key Drives


There is a registry hack that able to disable the USB drive access to USB mass storage device such as flash drive, USB key, thumb drive, pendrive and portable hard disk while keeping the USB hardware device such as webcam, mouse, keyboard, printer and scanner connected to USB ports working as usual. However, the hack disable the USB access to disk drive completely. User cannot copy data to the USB disk storage, nor able to read any files and documents from the USB drive.

For user who just want to disable write access to the external removable USB mass storage disk drive, there is another registry hack of WriteProtect in StorageDevicePolicies registry key that able to restrict Windows system from writing to the USB disk drive, and hence effectively user to copy any sensitive or private data from the PC to USB key stick. The trick works in a similar way to write-protect feature used in floppy disk and backup tape which make the disk read-only, only that in this case, it’s system wide implementation that block any writing and recording of data to USB mass storage device.

To disable writing access to USB drives and make all USB drives has only read-only access, follow these steps:

1. Run Registry Editor (regedit).
2. Navigate to the following registry key:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

3.Create a New Key named as StorageDevicePolicies.
4. Highlight StorageDevicePolicies, and then create a New DWORD (32-bit) Value named as WriteProtect.
5. Double click on WriteProtect, and set its value data to 1.


Once set, all users on the computer is now blocked and prevented from copying, transferring or writing any files, documents and data to the USB disk drives, without the need to restart or reboot computer. Any attempt to download or copy files to USB drive will return the following error message:

The disk is write protected.
The media is write-protected.
Remove the write protection or use another disk.


Once set, all users on the computer is now blocked and prevented from copying, transferring or writing any files, documents and data to the USB disk drives, without the need to restart or reboot computer. Any attempt to download or copy files to USB drive will return the following error message:

The disk is write protected.
The media is write-protected.
Remove the write protection or use another disk.

To revert and remove the blocked write access to USB drivers, just delete the StorageDevicePolicies registry key, or delete the WriteProtect registry entry, or change the value data for WriteProtect to 0.

The other way


1. Goto -> Start Menu -> Run -> type 'notepad' in the window
2. Copy the text -
cd\
reg add "HKLM\System\CurrentControlSet\Control\StorageDevicePolicies" /t Reg_dword /v WriteProtect /f /d 1
and paste this into notepad save the file as SomeName.bat 

3. Close and double click on the SomeName.Bat 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++



Posted by Sreekumar at 4:20 AM 2 comments
Subscribe to: Posts (Atom)