How To Gain Access To Unprotected Webcams Using Google

Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. The following search query would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve..

1.Search on Google for the following Keyword "inurl:/view.index.shtml"


2. Next Choose a webcam and Enjoy






Google Dorks


Here is the list of Few Google Dorks used for this purpose:



inurl:/view.shtml
intitle:�Live View / - AXIS� | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:�live view� intitle:axis
intitle:liveapplet
allintitle:�Network Camera NetworkCamera�
intitle:axis intitle:�video server�
intitle:liveapplet inurl:LvAppl
intitle:�EvoCam� inurl:�webcam.html�
intitle:�Live NetSnap Cam-Server feed�
intitle:�Live View / - AXIS�
intitle:�Live View / - AXIS 206M�
intitle:�Live View / - AXIS 206W�
intitle:�Live View / - AXIS 210?
inurl:indexFrame.shtml Axis
inurl:�MultiCameraFrame?Mode=Motion�
intitle:start inurl:cgistart
intitle:�WJ-NT104 Main Page�
intext:�MOBOTIX M1? intext:�Open Menu�
intext:�MOBOTIX M10? intext:�Open Menu�
intext:�MOBOTIX D10? intext:�Open Menu�
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:�sony network camera snc-p1?
intitle:�sony network camera snc-m1?
site:.viewnetcam.com -www.viewnetcam.com
intitle:�Toshiba Network Camera� user login
intitle:�netcam live image�
intitle:�i-Catcher Console - Web Monitor�

Posted: Anshuman kak

Securing Your Network From Hackers With HoneyPots?

First thing any hacker would do to compromise any network is gathering information passively and seeking vulnerable services as well as ports. And this is where Honeypots play a role of fake vulnerability in network.
Honeypots are fake theoretically, but not practically. They are real vulnerabilities in Network intentionally kept open & designed to gather information about the possible attack / attacker.

How Honeypots Work?

Download:
KFSensor

Advanced Windows Honeypot System

This fake vulnerability attracts any hacker towards it & he would try to compromise it. The Honeypot will itself stores the data regarding how hacker is trying to break it, what tools he might be using, his intentions, keystrokes and many such things.



This information is useful to network security administrator in many ways. Generally the attack is not done in one shot. Hackers try some initial attacks. And based on its results he hacks into major network flaws after some days.

So Honeypots help security people to secure the networks from the information they have gathered from initial attack. They are called as honey pots only because they are made available in network of vulnerabilities like Honey Comb.

Are Honeypots Vulnerable itself?

Sure they are. There are lot of smart ass hackers � who if anyhow come to know that they are dealing with Honeypots, They can totally screw things up.

Because, they are actually dealing with the system file in the network. So they are already inside it without any breakdown. If they can compromise this fake vulnerability Honeypot i.e. that they can surely break in to the system in less time.

Vulnerability is a vulnerable after all & Honeypots too. But there are very rare chances for attacker to identify it & needs great experience. So, planting Honeypot into any network architecture would be a more secure scenario for any host or network.

About The Author

Amol wagh is a tech blogger and an Ethical hacker, He writes at his blog Hackersengima.

Website Hacking with Dot net nuke exploit

Note:The Purpose of this tutorial is not to excite hackers but to make your aware of how hackers can Hack your websites

Google Dork

A google dork is an act of using google provided search terms to obtain a specific result and this DNN vulnerability occurs only in those websites which have "/portals/0" in their navigation, So goahead and search for inurl:�/portals/0? where inurl asks the google to display all the url's who have /portals/0 in their navigation

1.Lets say the vulnerable website is:

www.vulnerablewebsite.com//portals/0

2.Now we will just add Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx after the url so www.vulnerablewebsite.com/portals/0 will become www.vulnerablewebsite.com/portals/0Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

3.Now a website is vulnerable to this type of attack you will get a similar windows:

4.Next enter the following Javascript in the address bar:

javascript:__doPostBack(�ctlURL$cmdUpload�,�)

What this javascript will do is that it will enable us to upload our image to the server:

5.The hacker could upload any image on victims website.

Countermeasures

1.The easiest method is to rename your fcklinkgallery to some thing else but it will not prevent this attack, but you can protect it from script kiddie's in this way, A skilled hacker can easily find the renamed file by using some Footprinting methods

2.Another way to prevent this attack is to upgrade to IIS 7 or higher and a DNN version of 4.9.4 or higher

Posted: Anshuman Kak

How to Fix the corrupted files in windows using XP cd?

Requirements:
1. Windows XP operating system
2. Windows XP cd



Procedure:
1. Place the xp cd in your cd/dvd drive
2. Go to start
3. run
4. type in 'sfc /scannow' (without the ')


Now your windows will load perfectly.

How to find a vulnerable Website?

Website security is a major problem today and should be a priority in any organization or a webmaster, Now a days Hackers are concentrating alot of their efforts to find holes in a web application, If you are a website owner and having a High Page rank and High Traffic then there is a chance that you might be a victim of these Hackers.
Few years back their existed no proper tools search for vulnerability, but now a days there are tons of tools available through which even a newbie can find a vulnerable site and start Hacking

Common Methods used for Website Hacking

There are lots of methods that can be used to hack a website but most common ones are as follows:




1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Directory Traversal attack
5.Local File inclusion(LFI)
6.DDOS attack

Acunetix


Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.



Download Acunetix Web Security Scanner

Nessus

Nessus is the best unix venerability testing tool and among the best to run on windows. Key features of this software include Remote and local file securitychecks a client/server architecture with a GTK graphical interface etc.

Download Nessus from the link below
http://www.nessus.org/download

Retina-

Retina is another Vulnerability assessment tool,It scans all the hosts on a network and report on any vulnerabilities found.

Download Retina from the link below
http://www.eeye.com/Downloads/Trial-Software/Retina-Network-Security-
Scanner.aspx

Metasploit Framework

The Metasploit Framework is the open source penetration testing framework with the world's largest database of public and tested exploits.

Download Metasploit(For Windows users) from the link below
http://www.metasploit.com/releases/framework-3.2.exe

Download Metaspolit(For Linux users) from the link below
http://www.metasploit.com/releases/framework-3.2.tar.gz

Posted: Anshuman Kak

How To Gain Credentials Of Any Website

 BugMeNot is a website which shows the username and password of most websites....

For example: Type NyTimes in search box. This will then give you a list of usernames and passwords that you can use to login to the website and view the content. Along with the username and passwords, it provides their accuracy percentage. This way, you don't have to go through the annoyance of registering yourself.





Firefox users can use the extension to automate this process. Upon installing the extension, the websites can be visited by a mere right click on the username/email address text box.

Happy E-Hacking

BE AWARE OF LATEST FAKE ANTIVIRUS

Attention please! There is a new adware "Anti-Virus-1". Its a fake anti-virus program which looks like Windows default "Security Center".



Here is what the "Panda Labs" says:



It is designed to simulate a scan of the computer, supposedly detecting thousands of strains of (non-existent) malware. The end aim is to sell users a pay version of the fake antivirus in order to eliminate the threats.
When run, this adware warns the user that the computer is not protected. The main screen displayed is a spoof of the Window Security Center.
It then pretends to scan the system for malware. If users do not immediately take the bait and buy the pay version of the fake antivirus, the malicious code will sporadically display a message reminding the user that the computer is infected.
In warning messages, and after the fake scan, a link is provided from which users can download the fake antivirus. Anyone clicking on the link will be redirected to a page like this.
Additionally, when infected users visit certain Web pages with comparative reviews of antivirus products, there will be redirected to a spoof page showing a review of an 'antivirus', called Antivirus2010, with functions and characteristics similar to Anti-Virus-1.

So make sure you don't install this or any other fake-antivirus program. If your system is suffering with virus infection, then follow instructions given in following topic:
Is Your System Infected with a Virus / Spyware / Adware / Trojan?
Also install a good and genuine anti-virus. You can use following article to test the efficiency of your existing security programs:
Put Your Favorite Anti-Virus, Anti-Spyware and Firewall Apps to the Test
Thanks to "warwagon" @ Neowin for the heads-up..

Posted: Anshuman Kak

RAT(Remote Administration Tool)

RAT(Remote Administration Tool):

A remote access tool (a RAT) is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity. Malicious RAT software is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software.It is a tool by which a hacker can access any server installed computer remotely.

Requirements:

• no-ip.biz account (see below for instructions)
• RAT of your choice, I will be showing Poison Ivy
• No-IP client

Know how to port forward (people behind routers only)

Intro to RATs

So here we go. I'm going to show you how to setup a RAT. A RAT can stand for a few things:
Remote Administration Tool
Remote Access Tool
Remote Access Trojan
Remote Administration Trojan
and probably more.
In any event, it doesn't matter. What you need to know is that it allows you to access the target computer from yours, using the trojan. Now it may help you to look this up on:

wikipedia. http://en.wikipedia.org/wiki/Remote_administration_tool ---------------------------------

No IP

---------------------------------
First of all, go here:


http://www.no-ip.com/newUser.php

and sign up for an account there. After that log into the site with the account you just created and add your new domain. SEE PIC no-ip.png
Now download the dynamic update client from the downloads tab at the top of the no-ip site. Install that when you are done, and you can update your IP for your domain by logging into the client and updating. Pretty easy.

Port Forwarding
If you are not behind a router, skip this. If you are, read on.
You should know how to forward ports on your router. If you dont, head to google, and find out. Each router is different. Usually you can type 192.168.1.1 (or your router's IP address for your LAN) in the address bar of your browser. If you got the right LAN IP, a login box will appear, log in. Default is usually admin:password, or something similar. You're on your own here.
When you finally get int, forward port 3460. That's all.
Hulk11 pointed out that admin:admin is commonly used in routers as well.

Getting the RAT
Head over to:
http://www.poisonivy-rat.com/index.php?link=download
and download the latest version. At the time of posting it was 2.3.2.
Download that and unzip it.

Using the RAT
Hack computer remotely Poison ivy
Open up poison ivy, and click File>New Client. We are going to set up Poison Ivy to listen for connections on the port you forwarded. Default is 3460. Type in a password for your RAT and click start. You will need this password later.

Now File>New Server. Click create profile. Make it look like Server1.png Be sure that the password you put here and the password here match.

Click next and make your server look like Server2.png. You will need to select Active X and click the random button. Having the server melt is up to you, I wouldn't pick melt when it is bound to another file. When the file is sent by itself, usually choose to melt it. Click next

Make your server look like Server3.png. Ignore the thing about the keylogger making it unstable. Not much else here. Click next.

You can choose an icon here, or use a resource editor like ResHacker to chage it later. After you do that, click Generate at the bottom and save the .EXE somewhere.
---------------------------------

Testing the RAT
---------------------------------
You can run the server on yourself to test it, this is relatively safe because you have the password to connect to it. When you run the server, you should see yourself in the Poison Ivy Connection's tab.
Notice the pop up box from the system try alerting you of a new connection. That's nice. You can see this in Working.png I have edited out the IP addresses of those not on my LAN as well as their computer user names and such in order to protect them. To connect to a server, double click the entry in the connections tab. Behold! You are in their PC!
---------------------------------

Distributing
---------------------------------
You can distribute the server file by itself, or bind it to other files. This is where you get to do as you please. Get creative!
---------------------------------

Well that is about it. You can use this knowledge with other RATs and such. So guys, i assume that this tutorial will help you in hacking or accessing any computer remotely. Just download the software poison ivy and start hacking remote computers/pc. By using Poison ivy, one can extract/crack all password hashes present in victim's computer, take a screenshot of victim's computer and many more.

Posted by: Anshuman Kak