Today i want show you how surf on onion website a part of the Deep Web.
I write what say wikipedia about Deep Web:
The Deep Web is World Wide Web content that is not part of the Surface Web, which is indexable by standard search engines like Google.
It should not be confused with the dark Internet, the computers that can no longer be reached via Internet, or with the distributed filesharing network Darknet, which could be classified as a smaller part of the Deep Web.
We can visit the onion website only using tor. Yuo can see how install tor here.
On onion website we can find what is illegal for traditional website.
In most cases we must know the url of website that it is composed to a string of words and numbers .onion
But there is some search engine, the most popular is torch !
We can visit torch copying this url : xmh57jrzrnw6insl.onion or click here.
Other search engine is Deep Search, but Deep Search returns only the first ten pages.
At the moment Deep Search is offline but maybe it will return !
You can visit Deep Search copying this url : xycpusearchon2mc.onion or click here.
Other search engine is Onioon. Onioon can be expanded by its users.
You can visit Onioon copying this url : dts563ge5y7c2ika.onion or click here.
For other information about onion website you can visit Hidden Wiki copying this url : 7jguhsfwruviatqe.onion or click here.
If you have any problem or you need some explanations just write under this post !
Thursday, September 27, 2012
Monday, September 17, 2012
Google Dorks
Google is the most popular search engine.
Through google dork allows us to find all your private documents, passwords lists, emails, etc...
For use the dork we just wirte after one "code":
For example if we want search all address of www.sito.it we do:
site:www.sito.it
Site: restricts results to a domain
intitle: restricts result to website that contain a specific word in title
allintitle: restricts result to website that contan a specific words in title
With intitle we can search one word that is in title of website, instead with allintitle we can search two or more words that is in title of website.
filetype: restricts result to type of fyle that we are searching
link: restricts result to website that have the same link, es, link:hackforlulz.blogspot.it
allintext:restricts result to web page that contein the same text
define:describe term and related link
related:search similar webpage
info: provides information and links to a specific url
With * we not defined a specific word, es : site: *.aspx
With this we search all site in aspx.
For a list of dork that we can use to search vulnerabilities click here
I don't say you that with google dork you can hack wesites, only that if you use rightly the google dorks you can find a lot of private documents and so find passwords, emails ec..
If you have any problem or you need some explanations just write under this post !
Through google dork allows us to find all your private documents, passwords lists, emails, etc...
For use the dork we just wirte after one "code":
For example if we want search all address of www.sito.it we do:
site:www.sito.it
Site: restricts results to a domain
intitle: restricts result to website that contain a specific word in title
allintitle: restricts result to website that contan a specific words in title
With intitle we can search one word that is in title of website, instead with allintitle we can search two or more words that is in title of website.
filetype: restricts result to type of fyle that we are searching
link: restricts result to website that have the same link, es, link:hackforlulz.blogspot.it
allintext:restricts result to web page that contein the same text
define:describe term and related link
related:search similar webpage
info: provides information and links to a specific url
With * we not defined a specific word, es : site: *.aspx
With this we search all site in aspx.
For a list of dork that we can use to search vulnerabilities click here
I don't say you that with google dork you can hack wesites, only that if you use rightly the google dorks you can find a lot of private documents and so find passwords, emails ec..
If you have any problem or you need some explanations just write under this post !
Thursday, September 6, 2012
How to send anonymous email
There are a lot of web site that allow to send anonymous mail. But i want present you a tool that allow to send anonymous mail without any browser.
We use mixmaster, the most popular program that lets you send anonymous emails through remailer type II and beyond.
For use mixmaster if you use a firewall you must unlocked port 25 (SMTP).
To default mixmaster send email with sendmail. I recommend to install sendmail else you can edit mix.cfg
In some distro you can just find mixmaster in repository, but if you want install from source code you can download the archive from here
Extract the archive and move in directory, launch the install script.
Answer the question , but when it ask you - Do you want to set up a remailer? - answer NO.
Now we install the library openssl and ncurses. For start mixmaster move in to directory and digits : ./mixmaster
Will be open a window, aftre for send a message digits - m -
Now we write the email address and the subject. After digits e for write the message.
For write a message we must use text editor Vim. After write the message press SHITT+Q and digits exit.
To choose a chain of remailers just type the key - c - there you will see a list of all the available remailers.
Before choosing remailers should check its status. To check the status of remailers click here or digits - u - in mixmaster's window and press - * - now will do the update.
For send email digits - m - and after digits - s -
It may happen that some mail is lost. If you choose a chain of 3-4 remailers it may happen that email will arrive after 1-2 days.
In windows we can use telnet for send anonymous mail.
Firstable we choice the SMTP server for send email, for list click here
Now digits : open nameserver port , es : open pop.tiscali.it 25
When the connection is established digits : helo hostname
After digits : 250 nameserver , we start to send email.
With : mail from: mail@address.com we set the sender
With : rctp to: mail@address.com we set the recipient
Digits data to start write the message. When you finish digits twice enter after digits dot (.) and after again enter.
So you send the mail , now for exit digits : quit
We can use tenlent also in Linux but i prefer mixmaster !
If you have a problem or you need some explanations just write under this post!
Linux
We use mixmaster, the most popular program that lets you send anonymous emails through remailer type II and beyond.
For use mixmaster if you use a firewall you must unlocked port 25 (SMTP).
To default mixmaster send email with sendmail. I recommend to install sendmail else you can edit mix.cfg
In some distro you can just find mixmaster in repository, but if you want install from source code you can download the archive from here
Extract the archive and move in directory, launch the install script.
Answer the question , but when it ask you - Do you want to set up a remailer? - answer NO.
Now we install the library openssl and ncurses. For start mixmaster move in to directory and digits : ./mixmaster
Will be open a window, aftre for send a message digits - m -
Now we write the email address and the subject. After digits e for write the message.
For write a message we must use text editor Vim. After write the message press SHITT+Q and digits exit.
To choose a chain of remailers just type the key - c - there you will see a list of all the available remailers.
Before choosing remailers should check its status. To check the status of remailers click here or digits - u - in mixmaster's window and press - * - now will do the update.
For send email digits - m - and after digits - s -
It may happen that some mail is lost. If you choose a chain of 3-4 remailers it may happen that email will arrive after 1-2 days.
Windows or Mac OSX
In windows we can use telnet for send anonymous mail.
Firstable we choice the SMTP server for send email, for list click here
Now digits : open nameserver port , es : open pop.tiscali.it 25
When the connection is established digits : helo hostname
After digits : 250 nameserver , we start to send email.
With : mail from: mail@address.com we set the sender
With : rctp to: mail@address.com we set the recipient
Digits data to start write the message. When you finish digits twice enter after digits dot (.) and after again enter.
So you send the mail , now for exit digits : quit
We can use tenlent also in Linux but i prefer mixmaster !
If you have a problem or you need some explanations just write under this post!
Saturday, September 1, 2012
Let's scan a server
To scan a server we can use a lot of tools like nmap.
You can find a lot of tools with his description here
In this article we'll see in details scan tools like nmap , nikto , load balancer detector and halberd
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network.
To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.
You can donwload nmap from here, nmap works on linux , BSD , soalris, windows and macosx.
In some distro we can find nmap in official repository, then we can install nmap only digits in terminal : sudo apt-get install nmap.
Else we must downlaod nmap.bz2 from here.
After donwload we must extract file from bz2. Move on directory (with cd) where there is the archive just download:
tar -jxvf name archive
cd nmap
./configure
make
sudo make install
In windows you only need to install the exe. You can download the executable from here
Firstable we must donwlaod nmap
Double click on file just donwloaded.
Double click on nmap-
Follow the instructions in the installer.
For more detail to install : Windows , Mac OSX
Now we can use nmap to command line. Nmap have a gui called Zenmap, but we see how to use nmap in command line.
Nmap have a lot of options, we can see all : nmap -help
-sS --> TCP syn scan
-sU --> UDP port scan
-F --> Fast scan (limited port)
-O --> OS detection
-A --> Enable OS detection, version detection, script scanning, and traceroute
-p --> To set port
nmap -sS -A -p 25-30 127.0.0.1
TCP syn scan from port 25 to 30 with os detection , version detection , script scanninc and tracerout.
Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems.
It performs generic and server type specific checks. It also captures and prints any cookies received.
You can donwload nikto from here
Nikto is a perl script then we need perl. On unix system is pre-installed.
You can downlaod perl from here
We move to directory where si nikto.pl.To start nikto :
perl nikto.pl -h ip
For more details : perl nikto.pl -help
Load balancer detector is a bash script.
You can download the script from here
To start script move on directory where is lbd.sh
For start this script we need root (sudo).
./lbd.sh www.sito.it
Halberd is python script, you can download from here
We need python 2.4 or above to install halberd.
Extrack archive, move into new directory and digits:
python setup.py install
Now we have install halberd. To start halberd digits:
halberd www.sito.it
For more details digits : halberd -h
If you have a problem or you need some explanations just write under this post!
You can find a lot of tools with his description here
In this article we'll see in details scan tools like nmap , nikto , load balancer detector and halberd
Nmap
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network.
To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.
You can donwload nmap from here, nmap works on linux , BSD , soalris, windows and macosx.
In Linxu/BSD/solaris
In some distro we can find nmap in official repository, then we can install nmap only digits in terminal : sudo apt-get install nmap.
Else we must downlaod nmap.bz2 from here.
After donwload we must extract file from bz2. Move on directory (with cd) where there is the archive just download:
tar -jxvf name archive
cd nmap
./configure
make
sudo make install
Windows
In windows you only need to install the exe. You can download the executable from here
Mac OSX
Firstable we must donwlaod nmap
Double click on file just donwloaded.
Double click on nmap-
Follow the instructions in the installer.
For more detail to install : Windows , Mac OSX
Now we can use nmap to command line. Nmap have a gui called Zenmap, but we see how to use nmap in command line.
Nmap have a lot of options, we can see all : nmap -help
-sS --> TCP syn scan
-sU --> UDP port scan
-F --> Fast scan (limited port)
-O --> OS detection
-A --> Enable OS detection, version detection, script scanning, and traceroute
-p --> To set port
nmap -sS -A -p 25-30 127.0.0.1
TCP syn scan from port 25 to 30 with os detection , version detection , script scanninc and tracerout.
Nikto
Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems.
It performs generic and server type specific checks. It also captures and prints any cookies received.
You can donwload nikto from here
Nikto is a perl script then we need perl. On unix system is pre-installed.
You can downlaod perl from here
We move to directory where si nikto.pl.To start nikto :
perl nikto.pl -h ip
For more details : perl nikto.pl -help
Load balancer detector
Load balancer detector is a bash script.
You can download the script from here
To start script move on directory where is lbd.sh
For start this script we need root (sudo).
./lbd.sh www.sito.it
Halberd
Halberd is python script, you can download from here
We need python 2.4 or above to install halberd.
Extrack archive, move into new directory and digits:
python setup.py install
Now we have install halberd. To start halberd digits:
halberd www.sito.it
For more details digits : halberd -h
If you have a problem or you need some explanations just write under this post!
Subscribe to:
Posts (Atom)