hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Beginners Section
Yorn
Mar 8 2004, 09:00 PM
I decided to write this as a result of this thread. It may prove to be invaluable to some of you.

Say you ask about how to go about using an open Wingate machine to connect to IRC. I know this is an old, tired topic that will most likely not work anymore, but let's do a search anyway, cause you just found out your buddy's Wingate is set up to allow outside connections and you want to show him why this is a bad thing.

Step 1: Determine your question's prime subject(s)
The subjects in this matter are Wingate and IRC. A google search for Wingate will turn up 1,320,000 results while a search for IRC turns up 11,300,000 results. Intersection of said results can be done with a search for Wingate IRC for about 47,800 results.

Step 2: Go further than page one.
So you start looking at the results you're getting. You go through the Google pages and can't find any answer. Guess what? There *IS* a page two. It's okay to nest in a few pages by default. On page two you'll find the link to:

Proxy/WinGate/SOCKS Tutorial By Jatt More tutorials at http ...
http://blacksun.box.sk/proxy.txt

Only the link you find is dead!! Oh my God!

Step 3: Use caches when you only need the text of the page.
No, don't fret. This is where the "Cached" link becomes valuable. It will still show you the text (which is what we want) sometimes without the images. So down below, where it says: "blacksun.box.sk/proxy.txt - 11k - Cached - Similar pages" you click on the "Cached" link and will get a URL like:
http://216.239.39.104/search?q=cache:oahH8...&hl=en&ie=UTF-8

This is great! The full text is there. So let's read it!

QUOTE
Wingates with IRC:

To configure your IRC client to use a Wingate, simply tell it that you're behind a SOCKS4 or SOCKS5 (again, depending on the Wingate. Try both and see which one of them work) and enter the Wingate's IP. If you are asked for a username and a password, leave these fields blank. Since there are so many IRC clients out there, I won't explain further and let you explore your own client by yourself.


Step 4: Evalute results and determine what went wrong.
Wait a minute. This doesn't really tell me much, and it is the port 23 that is open on my buddy's Wingate server, not the SOCKS server. Hmmm. I know it is vulnerable, but how am I going to prove that to him?

Suppose I remember one tutorial I read a long time ago. It told me how to get mIRC to work with a wingate, and even included what I needed to type in great detail. Where did that tutorial go?

I was also getting lot of results/returns from IRC networks that I didn't care to get. Maybe I need to filter out those as well. Let's start to assemble a Google search string based on what it is we'd like.

Step 5: Create a new query string based on what you want.
I want to get results for:
A tutorial or FAQ about using a Wingate connection on port 23 to connect to an IRC network using mIRC. I do not want to get results from IRC Networks themselves.

Query string:
tutorial OR FAQ Wingate "port 23" IRC mIRC -"IRC network"

Okay, I get results, but it's the same stupid tutorial by Jatt. Wait, maybe that's a good thing! Let's make a new query!

Query string:
tutorial OR FAQ Wingate "port 23" IRC mIRC -"IRC network" -Jatt

The caches for the third and fourth items from your Google query are going to return items you want. But still, suppose you cannot find that specific item you were looking for. Let's try one more time.

Step 6: Adjust queries to remove keywords that you aren't certain of and search specific to a site.

I remember which website I found the tutorial/FAQ on, it was on www.cyberarmy.com. I don't think it talked about IRC, but I know it mentioned mIRC and wingates and using port 23.

I want to get results for:
A tutorial or FAQ about using a Wingate connection on port 23 from an mIRC client. I want to search specific to www.cyberarmy.com.

Query string:
tutorial OR FAQ Wingate "port 23" mIRC site:cyberarmy.com
Result:
http://www.cyberarmy.com/wwwboard/programming/faq2.shtml

And there you have it. The best tutorial for spoofing your IP using Wingate and mIRC. Written by the most elite hax0r evar!

Step 7: Learn how to properly use Google.

Google Basics: http://www.google.com/help/basics.html
This merely tells you how to use the OR and quotes around words for literal interpretations.

Google Advanced: http://www.google.com/help/refinesearch.html
Most of you can start here. Teaches site searching and how to exclude pages with certain words.

Phrase Searching:
Using quotes around words, "like this", is called phrase searching and very well may be the most powerful searching method for most of the items you are looking for. Especially when you throw in the asterisk for a term you may not know.

Do a Google search for: "how to hack *" to see what I mean (include the quotes).

Phone and Location:
An entire tutorial can be done on this, mainly because it's an easy way to make side cash to find out an online person's real identity. Some people have been doing it for years. Google provides some decent tools, but social engineering someone who has access to SS# databases within the government is probably the best way.

phonebook:lastname ST
or, as an example:
rphonebook:William Hung CA

Good luck.

Note: Google and other server web links are bound to change since this posting. Please be aware that if you click on a link, it very well may not exist. This is merely meant as a tutorial to help people use Google.
Jay
Mar 8 2004, 09:50 PM
Thanks Yorn. Topic moved up here so all newbies can read.
Blackknight
Mar 8 2004, 10:42 PM
One thing to keep in mind.. With the google algorithim, people have been exploiting it lately and alot of false positives get brought back and you end up with sites linking to other sites.. in a constant loop.. I personally made my own search bot That queries all the search engines i like.
Whats the point of using different search engines you may ask.. well this is so that you can get a more definitive search.. Search engines are made to search a certain way.. and your more likely to get a better result using different algorithims and different methods of getting the information
check out nice tutorial at
www.searchlores.org a recommended read for those who aren't to lazy to do their own searching unsure.gif
Yorn
Mar 10 2004, 03:08 PM
QUOTE (Blackknight @ Mar 8 2004, 04:42 PM)
One thing to keep in mind.. With the google algorithim, people have been exploiting it lately and alot of false positives get brought back and you end up with sites linking to other sites.. in a constant loop..

I haven't noticed this as being much of a problem the way I run my searches. I have used AllTheWeb.com in place of Google on occasion though.
Niekos
Mar 11 2004, 12:36 AM
Yorn thx for the turorial. It was a good read for me.
fuze
Mar 20 2004, 03:48 PM
Great stuff! Good read, and very handy smile.gif

cheers!
Marticj
Apr 12 2004, 02:06 AM
Nice, came in very handy for me, thanks for the tips smile.gif
nemesis
Apr 14 2004, 08:38 PM
nice, thx smile.gif

did know about + AND OR but not " - " very helpful sometimes tongue.gif
Infinite
Apr 18 2004, 10:02 AM
Not many people seem to know how to use Google, or any search engine, effectively. It's called "a hacker's best resource" for a reason, and once you figure out the best ways to use Google to your benefit, it comes in very handy.

Something available is this article, by Alpha_Geek of AnomalousSecurity, titled
"Try Google, Mate", with the original article available here.

-Infinite
Nessuno
Apr 19 2004, 09:49 AM
good post man wink.gif i appreciate so much + and - functions! google rulez!
s3ntinel
Sep 6 2004, 02:16 PM
It's also worthwhile looking at this site - http://johnny.ihackstuff.com

There's a lot of good info on it with regards to google hacking. In my experience, using google to show a company what information they are leaking is a big eye opener for them (How many techs still ask questions on problems with their firewall/server/db etc giving full version information and their corporate email signature block including all contact numbers?) It's scary!!
tommmmmm
Sep 6 2004, 06:50 PM
for those who feel messy here www.searchlores.org try
http://www.searchlores.org/advanced.htm

Google Hacks is copyrighted yet again plz read the rules posting suspended for a term of 7 days.
dissolutions
Ragabash
Sep 29 2004, 05:47 PM
Thx Yorn. Google search-techniques was a course I had to take in school, while studying multimedia. But i've forgotten almost everything about that, because i don't use google that often anymore. And we never got a question about it on an exam or something so... you know students rolleyes.gif
b00mer
Nov 2 2004, 09:57 PM
QUOTE(Ragabash @ Sep 29 2004, 12:47 PM)
Thx Yorn. Google search-techniques was a course I had to take in school, while studying multimedia. But i've forgotten almost everything about that, because i don't use google that often anymore. And we never got a question about it on an exam or something so... you know students rolleyes.gif
*




ohmy.gif how in the heck does ur high school offer a google search techniques??
my school sucks now
belgther
Dec 20 2004, 02:01 PM
once i hit a site that shows some searching/hacking tricks using google, it contained how you can find usernames and passwords with google, and not only that, some other useful things, too...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.