DIY Detective's Blog

Many aren’t aware of the sheer power that the Google offers users when it comes to  information gathering.  Google has literally hundreds of thousands of servers that actively collect information about the Internet.

They have programs called web crawlers that do just that, crawl the web reporting back to Google what they have found. You would be hard pressed to find a site that doesn’t have a google bot on it at any given time, or a site running the google-analytics script in it’s source code reporting things back as well.

So what kinds secrets does Google hold? They have after all been indexing every movement on the web for over 10 years.

Well, they hold alot. Let’s go over some of the techniques for pulling data out the google that would be otherwise hard to find.

Let’s take a look at these obscure operands pulled from the web:

Category: Files Containing Passwords

intitle:”Index of” .mysql_history

The .mysql_history file contains commands that were performed against a mysql database. A “history” of said commands. First, you shouldn’t show this file to anyone, especially not a MAJOR SEARCH ENGINE! Secondly, I sure hope you wouldn’t type anything sensitive while interacting with your databases, like oh say USERNAMES AND PASSWORDS…

filetype:xls username password email

This search shows Microsoft Excel spreadsheets containing the words username, password and email. Beware that there are a ton of blank “template” forms to weed through, but you can tell from the Google summary that some of these are winners… err losers.. depending on your perspective.

inurl:passlist.txt

Cleartext passwords. No decryption required!

Category: Various Online Devices (Very Fun)inurl:indexFrame.shtml Axis

The AXIS 2400 is a Web server of its own. This means that the server is secured like any other Internet host. It is up to the network manager to restrict access to the AXIS Web Cameras camera server. AXIS Network cams have a cam control page called indexFrame.shtml which can easily be found by searching Google. An attacker can look for the ADMIN button and try the default passwords found in the documentation. An attacker may also find that the directories are brow-sable. Additional security related information was found on the Internet.Securityfocus(www.securityfocus.com):—————————————————-”It has been reported that the Axis Video Servers do not properly handle input to the ‘command.cgi’ script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution.” Core Security Technologies Advisory (http://www.coresecurity.com):—————————————————”We have discovered the following security vulnerability: by accessing http://camera-ip//admin/admin.shtml (notice the double slash) the authentication for “admin” is bypassed and an attacker gains direct access to the configuration.

All in all there is really one place onlin that has been the mecca for Google “Hacking”  The Google Hacking database for Jonny I hack stuff.

http://johnny.ihackstuff.com/ghdb/ There is a collection of operands like you never seen before.

It doesn’t  end there though. Some people have discovered their own operands that can pull amazing things from the web and will never make them public. You should have the basic idea of how they can go from reading this blog and visiting that site.

experiment with these operators to see what you can mine from google:

allinanchor:, allintext:, allintitle:, allinurl:, cache:, define:, filetype:, id:, inanchor:, info:, intext:, intitle:, inurl:, phonebook:, related:, site:

After the semi colon you would simply add what your looking for. ie. allintitle:cellphone secrets

This will mine various postings with content related to that and related to exactly that. You can pull things you are not supposed to see like this also.

why this works?

It works because googlw has access parts of web sites that regular users do not have. when the Google bots see content, they send it back to their servers for indexing. Thus making it searchale if you figure out what to type. Things like email addresses,passwords, hidden logins and sensitive directories are not exempt. Try these teqniques on yourself and see what info Google holds on you. Many forums I belong to will show my post instantly on Google as soon as I serach for my forum name….

happy hunting. Cheers!

WTF!

Sometimes you will find yourself in a situation where the local IT guy has placed some tight restrictions on internet access. For example, in some schools you have no access period. Easily bypassed.

Another form of restriction is when you are at work, the library or wherever and you have access but it’s limiting what you can view. This means no chatting , social networking  or anything like that is what they usually block. This can be bypassed even when they are blocking proxies. No problem.

First we’ll discuss the first scenario, getting online period. We will assume that the operating system is windows here and I believe this works on all versions to the current version which is 7.  If you happen to be using Linux then use the lynx, a browser inside your terminal. ($ wget  http://lynx.isc.org/lynx2.8.7/lynx2.8.7.tar.gz)

• Simply open up calculator or notepad.

• Go to the help tab in the taskbar of that of that program.

• now right click the taskbar of the help index that opens up.

• You should  see an option saying “jump to url”

• Simply click that and manually type the url you want to go to.

• profit

What else is this good for? Sometimes there is software set up at work and school that shows teachers what you are browsing. Getting online this way will make it look like you are simply have notepad or calculator up.

Next we’ll discuss how to bypass outgoing firewall restrictions at the workplace or any other place that is filtering what you can view on the web. (can’t go to so and so sight somewhere)

Every major web browser nowadays has a section where you can edit your web preferences. We’ll discuss how to use proxies in Firefox and Internet Explorer since these are the two most popular and learning with these will give you the jist of how to do it with any other browser. ie. Mac, Avant, Opera….etc.

In computer networks, a proxy server is a server (a computer system or an application program) that acts as a go-between for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server

In Firefox you go to Edit > Preferences > Advanced > Network > Settings > the  enter in a new IP address into the manual proxy section. There will be a field for  HTTP proxy followed by a section to input for the correct port to use.

What do we put here you ask?

Go to these sites to get some proxies to use:

http://proxy-list.org/en/index.php

http://www.proxylist.net/

As a matter of fact just Google for proxy list. you’ll be sure to find plenty. Some site are set to work in a way where you just enter whereyou want to go on their site and then that site becomes a proxy.

IE users do this:  In your browser go to > Tools > Internet options > Connections > proxy Settings, then input your proxy URL.

In any case, the format is usually 127.0.0.1:8080 with the part before the semi colon being the IP address you input where it says to  and the part after the port number you enter to use.

how does this work? It works because the IT guy is blocking connections to a list of banned sites. usually the site list doesn’t include the proxy list sites. Which would be where you connect to first instead of  the banned sites.

What to do when  even those are banned?

Easy, try using a search engine to find you site then  connect click your site in the results. Google, Dogpile and so on would be the proxy in this case.

There are more advanced methods of getting a way out when none of these work and your really locked down. These will be covered in a separate post.

This article is about how to remotely get into someones voicemail box and listen to there messages without the other party knowing . Nefarious users can even change passwords using methods described here.  Voicemail is vulnerable and is often left unprotected. Who knows what the messages may reveal?

The first method of attack I will describe is the popular caller ID spoof attack. This is done very easily with a service such as spoofcard.  What Spoofcard does is provide a service for you too call that allows you to input what number you want to show up on someone else’s caller ID. Think of the possibilities, you can be FBI, the white house, impersonate someone or just whatever.

In order to access someone’s voicemail with SpoofCard,  simply enter their phone number as the number you wish to call and provide the exact same number as the number you wish to appear on the caller id. Their voicemail system will think that the call is being made from the home phone number or cellphone and pass you directly into the voicemail.

This SpoofCard trick works especially well on cellphone voicemail systems. I have found that AT&T, Sprint, Boost Mobile, Cingular Wireless, and T-Mobile USA telephone networks use Caller ID to identify voicemail users without requiring passwords. So users on these networks are totally vulnerable to this trick.

There was even an article two years ago talking about how Paris Hilton got into trouble for using SpoofCard to break into Lindsay Lohan’s voicemail. Paris also used SpoofCard to make harassing calls and made them appear to be made from Lindsay’s cellphone.

The second vector of attack is calling the phone number, usally for a cell phone attack, continue to the recording> press # > enter 0000 or the last 4 of the victims phone number> and walla.

You will find that most people never set their voicemail password to something other then the default. therefore it is easy to use this knoweledge against them to gain access to their voicemail box.

EDIT: Why does Snoop Dogg carry and umbrella? For tha drizzel.

So your trying to look-up someones phone number are ya? Wanna find out who is behind that phone number, where they live, work, what carrier they use, is it cell or landline? We’ll , there are a few ways to go about this and a few things you can do with someones phone number. The difficulty will vary between land line numbers and cell phone numbers. With land line numbers it is fairly easy using the web to find out someones location, name, address and carrier information.

Understanding the format of phone numbers is a good place to start here. Let’s look at this example number: (555)-230-5555.  The first three numbers are the NPA (area code) which you are likely familiar with. The next three are the NXX number. The last 4 are just specific to the customer renting or owning the number. The NPA when looked up gives this information:  State, Rate Center, OCN, the Switch and the carriers name.

Confused yet? Good, let’s try a look-up with a number. Go to http://www.telephreak.org/?pbx_npa. These guys have been playing with phones for decades. Insert your number and see what comes up to get familiar with it the information it provides and the format. Try lots of numbers. This information comes in handy when putting gathering information on somebody or a business.

Okay so you have some basic info on what the numbers mean, now you want the juicy stuff: address, name and the like. For this the web will be our best resource again for this. The web stores data on everyone. You can literally find anyone on it given some time and knowledge of where to look.  I’ve used many resources over the years to do this and using a compilation of the best ones will get you the information you need.

Refer to this list:

https://www.referenceusa.com/Static/Home  This site is an excellent source for looking up more than just a phone number. It has very detailed and comprehensive results on address, numbers, names, businesses and a few other things.  The correct way to access the site is usually done by having an online account with your local library. Then go to their database listings and your are very likely to find this in there. This is how the site requires you to log in, it’s worth the effort.

http://www.whitepages.com/5175/reverse-lookup This site is not too shabby and is a good resource for basic look-ups. High percentage of correct reverse look-ups for land lines, names and addresses.

http://www22.verizon.com/utilities/reverselookup/ Verizon specific number lookup. Remember back to the NPA/NXX look-ups. If you see the carrier as Verizon, then this may be useful to you.

http://www.anywho.com/rl.html The AnyWho service from AT&T. Very good for reverse look-ups, also works well with other types of look-ups.

http://800notes.com/ A site that includes reverse look-up and a forum for finding out who is behind those 1-800 numbers.

http://tnid.org/ Telephone number Identification.  Exactly that and just that. Includes handy area code chart.

http://nanpa.com This site is the official site of the North American Numbering Plan Administration. A wealth of information on phone numbers and look-ups. Probably the most comprehensive, but difficult to navigate if your new to it.

CELL PHONES!!!! You may be wandering, why getting information on cell phones hasn’t netted you the information you have been looking for. This is because that private information about who is renting that line is protected in a different way than land and business phones are. Is it possible to get the information anyways. Of course.  Problem is you will likely pay a few bucks for it.  Paying just a few bucks for a source that is consistent and reliable is really  not to bad. Here are a few good sources for that:

http://www.reversemobile.com/index.php Most popular site for cell look-up. Small fee but well worth it. Always accurate and current with it’s database resources. Includes geographical location, users address, name, carrier and just about every other detail I can think of.

http://www.reversephonedetective.com/ Another great site for cell phone enumeration. Check this one out, also get address, name, carrier..etc Also current and accurate databases at all times

Summary: So why is cell phone enumeration cheap? Well the companies that provide this are actually paying for a service themselves from background investigation companies with large contracts. If you went through a typical background service you would pay a hefty fee for getting even just one cell numbers details.  Since the companies I have mentioned do bulk, they can provide the service to you for the cheap.

With the given links and information provided, one can really put together a profile on anybody or place.  Use this inforamtion to your advantage.