Sign in to follow this
Followers
0
-
Similar Content
-
Instagram Marketing Masterclass: Learn How to Grow an Impressive Community on Instagram, Monetize ItBy itsMe
Hidden Content
Give reaction to this post to see the hidden content. Instagram Marketing Masterclass: Learn How to Grow an Impressive Community on Instagram, Monetize It
This course is easy to understand and is designed in explainer video format to convey basic information about Instagram in a way that makes everything clear and simple. You will receive detailed explanations, with examples. The course begins by introducing the first steps in Instagram and what you need to do and ends with effective page monetization strategies.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Builder's Guide
In the "Host" field, enter the domain or IP. For example: example.com or 127.0.0.1
In the "Gate" field, enter the path to the gate file relative to your host. It should start with a slash, for example: /gate.php or /my_gate/gate.php
In the "Code encryption pass" field, enter the universal key for encrypting the stiller code. This will temporarily remove your build from the anti-virus databases. Enter TO THE LIMIT!
Next, you have two buttons. The first is to make a regular build. The second is a regular build with disabling protection from LPG.
But I warn you that in order to work on the CIS, you also need to disable the LPG protection inside the gate. How to do it - look in the theme with MarsStealer v3!
Soft:
- Updated cookie collection from Chrome 96+
- Added the ability to disable the self-removal of the build after a tap
- Cleaned up the runtime
Admin panel:
- Added Build self-delete configuration on the Settings page to the Soft Configuration section, which is responsible for enabling or disabling the build's self-removal from the system
READ instruction.html and grab_manual.txt
Hidden Content
Give reaction to this post to see the hidden content. -
-
By dEEpEst
Welcome to another hacking tutorial. Today you will learn how to use
Hidden Content
Give reaction to this post to see the hidden content. to hack passwords and accounts. Not only that you can also hack web servers and find email lists webcams and so on. This technique is called google dorks or Google Dorking. This includes the use of google search operators to find log files. You may not know this but Google has a bad habit of indexing everything. I mean literally everything. With the right dorks, you can hack devices just by Googling the correct parameters and you will have passwords to log in. Below I will show you a demo of how I was able to find passwords of PayPal accounts which were stored openly.
So what is Google Dorking and Google Hacking?
Google Dorking is an advanced application of Google search operators — using google search operators to hunt for specific vulnerable devices, exploitable files, sensitive data and so on through specific search strings.
So basically we can find log files password files email lists etc. openly on the web.
What Kinds of Things Do Dorks Connect to the Internet?
You would be amazed as to what you can find connected and lying on the internet. Everything from controllers to nuclear stations. Luckily people are implementing security measures with the rise of security threats.
So how is it relevant to you? Imagine getting a new house with security cameras or smart IoT devices that provide the ability to control everything via your phone whenever you want. You set it up, connect it to your Wi-Fi and can manage everything.
What’s going on in the background isn’t so simple. The devices call a server stored on the internet and streams video and data in real-time, allowing you to control That server may require no password to access the files from your server so that they can access files making your smart home accessible to anyone who searches for text via the server.
And google just goes and finds all the devices connected on the internet. So without further ado, let’s begin the tutorial.
Finding FTP Servers & Websites Using HTTP
To start, we will be using the following dork to search for FTP servers that are open. Searching for these servers can allow us to find internal files and data as shown below:
intitle:"index of" inurl:ftp intitle:"index of" inurl:http These servers are public because the index file of their FTP and the HTTP server is the kind of thing that Google loves to scan and index— a fact many people tend to forget. Google’s scanning leads to a complete list of all the files contained within the server being publically available on Google.
If we want to start attacking some hacking targets, we can be more specific and search for online forms still using HTTP by changing the text in the search title.
intitle:"forum" inurl:http inurl:"registration" Here you can see we’ve found a list of vulnerable online forums using HTTP which can easily be hacked and compromised.
Find Log Files with Passwords and username
Now we will search for files of the .log type. Searching for LOG files will allow us to look for clues about what the username password to the systems or admin accounts is.
The dork we’ll be using to do this is as follows.
allintext:password filetype:log allintext:username filetype:log With these dorks, you can easily find usernames and passwords for hacking.
Check below I just found a log with all the usernames and passwords for Paypal account and server login and password.
Find Configuration Files with Passwords
Configuration files should never be public but people never really learn and .ENV files are the best examples of this. If we search for .ENV files that contain a string username and password, we instantly find the accounts. This is how hackers make leaked username password lists.
filetype:env "DB_PASSWORD" Find Email Lists on the internet
Email lists are a great way of scraping email addresses for phishing and other campaigns used by hackers. These lists are frequently exposed by companies or schools that are trying to organize email lists for their members who forget to implement even the most basic security.
filetype:xls inurl:"email.xls" Find Open Cameras
If you thought Shodan was scary then your so wrong. Google is scarier. Camera login and viewing pages are usually HTTP, meaning Google always indexes them.
One of the common formats for webcams is searching for “top.htm” in the URL as shown below:
inurl:top.htm inurl:currenttime While you can easily view the cameras as I did without a password; many dorks look for webcam login pages that have a well-known default password. This tactic is illegal since you logged in using a password, it allows easy access to many webcams not intended for public viewing. Meaning you can spy on people and find things you shouldn’t be found.
admin and 12345 are the most common passwords for hacking webcams found by google Dorking.
Which Dorks Are the Most Dangerous?
By far, the most severe kind of danger is the exposed files and configurations being available openly. We can credential important configurations as well as other sensitive data and account information or the entire service itself via google search operators.
This happens in one of two ways. A server or other service is set up incorrectly and exposes its administrative logs to the internet directly. When passwords are changed, or a user fails to log in correctly, these logs can leak the credentials being used to the internet openly as shown in the demo using Google Dorking.
-
By dEEpEst
How does social engineering work?
Social engineers use a variety of tactics to perform attacks.
- The first step in most social engineering attacks is for the attacker to perform research and reconnaissance on the target. If the target is an enterprise, for instance, the hacker may gather intelligence on the organizational structure, internal operations, common lingo used within the industry and possible business partners, among other information.
- One common tactic of social engineers is to focus on the behaviors and patterns of employees who have low-level but initial access, such as a security guard or receptionist; attackers can scan social media profiles for personal information and study their behavior online and in person.
- From there, the social engineer can design an attack based on the information collected and exploit the weakness uncovered during the reconnaissance phase.
- If the attack is successful, the attacker gains access to confidential information, such as Social Security numbers and credit card or bank account information; makes money off the targets; or gains access to protected systems or networks.
-