Google L33T Browsing Part 2

This article is a continuation of Google-ing the Wikipedia, Uber 1337 Browsing Steeze, Which can be found at the following:

http://ren3g4de.blogspot.com/2007/03/google-ing-wikipedia-uber-1337-browing.html

In this artile I will cover different fun and useful examples of how these syntaxes covered in the above article can be used. First we will start out with a fun trick to gain access to certain webcams that have online control panels. Some of these you can even control the pan, tilt, zoom, and focus on. Most of these webcams are used as security cameras. They are the Axis series webcams. To access these we will be using the 'inurl'command as follows:

inurl:view/index:shtml

Just by typing in this simple statement you will have access to all of these webcams. I usually pull up over 10,000 of these webcams with this search.



Now we all know how much limewire and other pvp downloading tools are just inefficent and usually result in too much spyware and viruses. Torrents are great if you want everything by an artist or an entire album. If you want 1 song, there's a google goodie for that too. This can be used for all sorts of media, including videos and movies. This is done by using the 'intitle' command while search for 'index.of' which is a common trick with google.

intitle:"index.of" (mp3|mp4|avi) SEARCH.FOR.THIS -html -htm -php -asp -cf -jsp

All you have to do is replace SEARCH.FOR.THIS with what you want to find. The reason for the periods is because it stands for a space, underscore, backslash, ect., in google searches. The reason for the | between the mp3, mp4, and avi is because it is the symbol for OR on google. This will make it search for mp3, mp4, or avi. The -html -htm -php -asp -cf -jsp is to rule out any other type of media from being found in the search.



Another good 'intitle' 'index.of' trick is to find some cookies, and everyone loves cookies.

intitle:"index.of" cookies.txt


Another commonly seen google goodie is the 'inurl' command to find vulnerable websites. There is a file called service.pwd found in the _vti_pvt file on websites made with microsoft frontpage.

inurl:_vti_pvt "service.pwd"

Although this is a common vulnerablity, the password located in this file is encrypted. The encryption is in DES, and I will not be discussing this in this article. However, I will be writing a seperate article on DES cracking through brute forcing.


Another good 'inurl' trick is used to access PHPhotoalbum control panels. Which can be quite fun if you want to tag your logo into other peoples photo albums.

inurl:"phphotoalbum/upload"


There are pages that websites disallow from being pulled up by a search engine. Fortunately a list of these sites can be found by google. Using the following:

"robots.txt" "disallow:" filetype:txt

robots.txt contains a list of the pages that the domain disallows search engines from pulling up.


Some printer control panels can be accessed online through google using the following:

intext:"UAA (MSB)" Lexmark -ext:pdf


Hopefully this gives you a little bit better understanding of how the google advanced syntax works. Have fun.

REN3G4DE

The Open Source Movement

What is open source? "Open source doesn't just mean access to the source code."^¹ The open source software license must additionally not restrict anyone from selling or giving away the software. The software must include the source code and allow for modifications and derived works. The license can restrict the source code from being distributed only if the license allows patch files to be distributed as well. An open source software license must not discriminate against any person, group of persons, or field of endeavor. The license must not be specific to a product or restrict any other software from being used along with the source code. Lastly, the license must allow the source code to be used with any technology style.

There are both advantages and disadvantages of the open source movement. A very beneficial quality of the open source movement is that it allows technology to develop much faster and with fewer bugs than if source code and distribution is limited. However, this has a double-edged sword effect, in that the source code could be used for something completely different than what may have been intended by the original code author. This, in turn, may lead to several moral issues, given that open source software must not restrict any software from being used for any field of endeavor. Fortunately the open source license rules protect the original code writer by stating that he/she cannot be put to blame for how the source code is used after it is distributed.

The controversy over the open source movement is apparent in the different stances taken by computer companies. Microsoft is one company that does not appear to appreciate the idea of the open source movement, which may result in many problems in the future. BBC News reported an article on Microsoft and open source formats. The article elaborated upon the issue of file formats changing. With Windows Vista coming out, all of the older file formats will become unreadable. At present, Microsoft dominates ninety percent of the desktop and office market.^¹ The UK National Archives is the house to a large amount of electronic documents. With Microsoft switching file formats, these will all very shortly become unreadable. Microsoft offers two main solutions to this problem, both giving the appearance that they are trying to help. The first solution is to emulate the older versions of their operating systems so these files can be read, which is a workable solution but not a very effective one. Their other solution is a new format called MS-OOXML, which wraps together all sorts of older formats like “Word 95” and “Word6”. Though this seems to be a good answer, there is a catch. These formats will only be able to be read on Microsoft systems and none of the completely open source companies. If Microsoft were to have used open standards then this would not be a problem today.

Another issue arising in the open source movement is that the Asian society is being left out of the process. “The open source community risks leaving Asian users and developers behind, thanks to cultural differences and western business's tendency to treat programmers there as code monkeys rather than software designers”^² Presently the western countries(i.e. USA, Europe, Russia) are doing the majority of the software designing, while Asia contains most of the people programming the ideas that are sent to them from the designers. Since open source stipulates not to discriminate against any person or groups of persons, the Asian community should be part of the open source process. If the Asian community is included, we would not only have better designed software, but more software ideas for new projects would emerge faster as well.

Some say that the open source movement is a negative cause because it limits the ability to make money. However, this could not be further from the truth. The open source movement can lead to businesses flourishing. Consider the company Digium for example. Digium created Asterisk, a voice-over IP program, which they made open source.^¹ Since they were offering a service and open sourced the code that makes it work, the code can only become more streamlined as people use and improve the code. This is possible because the license was open source to begin with, and any redistribution of the code would be under the same license guidelines. Therefore, when the code is improved and redistributed, then Digium can look at the redistributed code and use the improvements for themselves as well. Since the income of Digium is based upon the service being used and not upon keeping the code secret, they continue to make money.

Another open source company is Sun Microsystems, which offers services such as Java, an online language which has revolutionized how the Internet works. Sun Microsystems also offers a software program suite called OpenOffice, which can be found at OpenOffice.org. OpenOffice is an alternative to Microsoft Office. OpenOffice looks identical to Microsoft Office, but because it has been open sourced, it is not as problematic. In fact, this paper was written using OpenOffice. However, one would never be able to tell simply by looking at it, and it can be opened in Microsoft Office with no complications.

The open source movement has moved more into the mainstream in recent years. A prime example of this is Ernie Ball, a guitar strings company. In 2000, Ernie Ball was put through an electronic audit which turned up a few dozen unlicensed copies of software. They were fined $65,000 plus $35,000 in legal fees.^¹ Subsequent to this entire ordeal, Ernie Ball switched to Red Hat Linux, OpenOffice.org Suite, and Mozilla Firefox, all of which are open source software. Ernie Ball recently addressed the LinuxWorld trade show, and is now a strong advocate of the open source movement.

The open source movement's benefits to society far outweigh its negative social implications. Money-hungry companies such as Microsoft would have us believe that the open source movement has no future. If this were true, they would continue to monopolize the market. Fortunately this is not the case. The open source movement has gained sufficient momentum that will allow it continue to prosper and enhance technology and society as a whole.

¹OpenSource.org. Fri, 2006-07-07 15:49. Opensource.org. 7/12/07 .

¹BBC News. Wed, 2007-07-11 10:02. BBC. 7/11/07

²Open source 'leaving Asia behind'. Tue, 2007-06-26 16:22. Reg Developer. 7/12/07

¹Making Money With Open Source. Tue, 2005-06-28. SearchEnterpriseLinux. 7/15/07.

¹Rockin' On Without Microsoft. Wed, 2003-08-20. CNET News. 7/15/07.

REN3G4DE

Diablo II Packet Sniffing

******************************
*Diablo 2 Packet Sniffing 101*
******************************
*By: REN3G4DE *
*Written For: Blizz Sector *
*Version: 1.11b *
******************************

First lets start with the tools that are going to be needed for this project. You are going to need RedVex and its plugin NetStuff. Which will be listed in the download list at the end of this guide. You will also want a decimal to hexadecimal converter. If you dont want to find one you can just use this table:

http://www.prepressure.com/library/binhex.htm

The above table is suitable for pretty much any decimal to hexadecimal conversion you will use in Diablo II, I believe. You will also need a reference list of the packets used in Diablo II. I use the following:

http://packetlist.newd2event.net/


There really isn't too much work to installing RedVex, all you have to do is extract it anywhere. Once it is extracted create a folder called Plugins in wherever you extracted RedVex to. This is where you will extract the NetStuff Plugin into. After you extract NetStuff make sure that RedVex sees it by running RedVex. It should display the following:

Title: NetStuff 1.6 by FooSoft
SDK Version: 1
Modules: G

Now to set RedVex up as a proxy server. First go to Edit-->Options, and select your realm, then click OK. After that go to Edit-->Realms, click on the realm you play on, replace the realm name in the name box to whatever you want your proxy server to be named. Then replace the realm address with "localhost" (without the quotes). Next click add and then ok.

You are now ready to run your RedVex proxy server. To do this just go to Proxy-->Start. It should read the follow now:

Proxy thread started

Accepting connection on port 6112...

It is now time to access battle.net via your proxy server. Start Diablo II and change your realm to whatever you named your proxy server. Then connect to bnet. Now that the installation is over, lets go over what a packet looks like. Each packet is compossed of bytes of data. Each byte is 2 digits long. The First byte is the packet number, this is what you are sniffing out. The following bytes are the objectid of what you are trying to sniff.

Packet Layout:
XXyyyyyyyy

Above the packet number is represented by XX and the objectid is the yyyyyyyy.

Thankfully the NetStuff plugin seperates them into bytes so it is easier to read.

When referencing 2 bytes it is called a word, and 4 bytes is called a DWord.

EX:
XX - Byte - 1 Byte
XX XX - Word - 2 Bytes
XX XX XX XX - DWord - 4 Bytes

Now, you must learn how to sniff for the packets you want. Lets start with something easy. You will be sniffing out packet 19, which is the Remove item from buffer packet. To sniff anything out you will use the watch command, while in a game.

Watch Command:
.watch send add 19

The above will add packet 19 to a watch list for packets being sent. Once packet 19 is sent out it will display packet 19 with all of its data. Since packet 19 is the remove item from buffer packet you need to click on an item in an inventory, cube, stash, belt, of NPC inventory. Click on an item in yoru inventory it should display something list this:

Send a 0x19 packetId with a 5 byte siza: 19 xx xx xx xx

The xx's are the objectid of the item clicked on. Now that you have your item on your cursor lets try dropping it without clicking. You will use packet 17 to do this. If you refer to your packet list you will see that packet 17 is 5 bytes long, or the packet number and then a dword(the objectid). All you have to do to send a packet is use the send command followed by the Packet and its data.

Send Command:
.send 17xxxxxxxx

You will want to type your objectid recieved from sniffing packet 19 into the xxxxxxxx. You will wont a space after send, but no spaces in the packet while sending it. Once you hit enter your item should fall on the ground. Now onto something a little bit more fun and the reason for this guide being written.

Now to sniff out a waypoint and use it to go to any other waypoint. In order to do this you will still need to be standing very close to the waypoint. So lets set packet 13, the "click on" packet, to the watch list with the following:

.watch send add 13

Next go and click on your waypoint and netstuff should display something like this:

Sent a 0x13 packetId with a 9 byte size: 13 20 00 00 00 xx xx xx xx

In the above packet the xx represent the objectid of the waypoint. This is the information you will have to use as which waypoint you are coming from. Which is 1/2 of the packet you will send to use a waypoint. The packet to use a WP/TP is 49.

It is composed of 2 parts, the origin waypoint and the desitnation objectid. Each areaid can be found in the levels.txt in your patch_d2.mpq file. The following is an example of packets 49 usage:

.send 49xxxxxxxxyyyyyyyy

A very good and very useful example of this is being able to get to UberDuriel without any keys. To do this go to act 5 and sniff packet 13. Click on the waypoint and get the objectid. Now just stay there and type in the following, replacing the xx's with your objectid of your waypoint.

.send 49xxxxxxxx86000000

The 8600000 is the area id of the forgotten sands. The actually object id is only 86 in hexadecimal, in the levels.txt file it is 134 in decimal. Any of the id numbers you read in the levels.txt file must be converted into hexidecimal. Since in hex it is only a byte long you must add in 0's to fill up the rest of the dword.

When you send this information in packet 49, you will instantly transported to the "dummy" waypoint in the forgotten sands.

If you look at the whole reference packet list there is alot of things you can control, something things have been patched, such as using the command:

.receive 770c

while in chat. This will enable a "onesided trade" where you can drop items while in trade, but as soon as your connection will be interupted. This used to be a dupe method because you could drop the item then cancel the trade, which would revert all items in your inventory to what they were before the trade, but the dropped item would be on the ground still along with the one in your inventory.

Unfortunately it does not work anymore.

I really hope this information helps you along your Diablo II hacking journey.

DOWNLOAD LIST:
RedVex 2.5:
http://newd2event.net/download_/confirm.php?get=hacks/redvex/RedVex_v2.5.zip

NetStuff Plugin:
http://newd2event.net/index.php?id=hacks/redvex/NetStuff_Plugin

Google-ing the Wikipedia, Uber 1337 Browsing Steeze...

The "site:" advanced syntax in Google's ridiculously powerful search engine allows you to now browse wikipedia with more precision then the standard searching. Using multiple syntaxes, first being:
site:http://en.wikipedia.org/
Then any other filtering syntaxes you wish. Which includes limiting your keywords to the title(intitle:/allintitle:), URL(inurl:/allinurl:), text"body"(intext:) in all Wikipedia pages in english. There's a few other syntaxes like:
phonebook:
which is not great for Wikipedia, but social engineering is a fun side hobby. Another syntax is:
filetype:
Which really helps when you want to find a document with very specific contents, when you throw in some quotes and keywords. One is more "interesting" on Wikipedia, which is:
Link:
Which limits your keywords to pages that link to a specific page. The reason this is interesting is to set the link syntax URL to a wikipedia topic. Then your keywords would be limited to topics in some way related to your topic. Of course the site syntax must be on also. This is a little bit more confusing, but at the end of this there are examples of correct syntax usage. Also there is a picture of the notes/cheatsheet which was created when I learned these neat little syntaxes and shows some of the security notes that can really teach you a thing or two.

Take a look at that and you will see why this was called Uber 1337 Browing Steeze...and always remember to think that there is much more then just quoting off words when you are browing the largest source of any type of information, and its all here for you. This is not just Wikipedia anymore.

___________________________________________
___________________________________________


Basic Syntax Info:
-All syntax talked about here can just be typed into the regular search box on Google.
-Space should not be put after the colons(:)

CORRECT SYNTAX USAGE:

Site Syntax:
site:{URL}

EX.
site:http://en.wikipedia.org/

Intitle Syntax:
Single Keyword:
intitle:{keyword}

EX.
intitle:ren3g4de

Multiple Keyword:
allintitle:{keyword1} {keyword2}

EX.
allintitle:ren3g4de technologies

NOTE: Space between keywords when using allintitle syntax

InURL Syntax:
Single Keyword:
inurl:{keyword}

EX.
inurl:ren3g4de

Multiple Keyword:
allinurl:{keyword1}/{keyword2}

EX.
allinurl:ren3g4de/technologies

Intext Syntax:
intext:{keyword}

EX.
intext:ren3g4de

Phonebook Syntax:
phonebook:{name}+{address}+{phone#}

EX.
phonebook:John+FL

NOTE: example would look for John's from Florida. Search 1 or multiple fields at a time by using plus sign(+)

Filetype Syntax:
filetype:{extensiontype}

EX.
filetype:txt

Link Syntax:
link:{LinkedPageURL}

EX.
link:http://ren3g4de.technologies.tripod.com

NOTE: searches all pages that have links to LinkedPageURL

___________________________________________
___________________________________________
Click picture below for Notes/Cheatsheet: