Archive for July, 2006


Im my last weeks blog i mentioned about google indexing binary files and some tricks for searching malware. Playing around with different queries on google i realized how large the count is for open directory browsing enabled servers. By default on apache based servers if the Option directive in directory tag is not set to none or index the webserver is completely browsable. Many free hosting services and pernonal site servers also keep it enabled by default.

I started of with searching for some not-publicly-available softwares and encouraged by the results modified the searches for some mp3′s as well.

A simple query:

intitle:”index of” +”last modified” +”parent directory” +description +size +(wma | mp3) ArtistName SongName

got me to numerous sites that hosted the songs i needed. You can also modify the file extensions to any kind of files you want and precise your search by adding more extensions in the OR list in brackets.

For more adventerous the same trick works for IIS as well :).

Blogged with Flock.


There have been a few blogs out there on the subject of Google indexing not only PDFs and Docs, but executable files as well. A simple query for “Signature: 00004550” results in 192,000 (if Google’s count is accurate) links to executable files. The reason this search works is because when Google indexes the executable file, it parses the Portabe Executable (PE) file format of the windows executable. One of the things that is extracted from the PE file is the signature “4550″, the NT signature, present in all valid win32 PE files. if you look at the cache, you’ll see something like this:

WINDOWS EXECUTABLE
32bit for Windows 95 and Windows NT
Technical File Information:
Image File Header
Signature: 00004550
Machine: Intel 386
Number of Sections: 0003
Time Date Stamp: 3b7dc821
Symbols Pointer: 00000000

You can even many find innocent-looking sites that redirect to EXE files with spyware.

What’s interesting is that the results have addresses that make you think there’s nothing wrong with them (like for instance : http://www.crcdatatech.com/help/), they don’t have an EXE extension and when you go to the site you’re prompted to download the file. And if you click “run” instead of “save” or “cancel”, ahh, be prepare for the worst.

HDM (Metasploit) went on his own and developed a Malware search engine and he’s generous enough to release the code as well. You just have to type the name of a virus and you can find the queries that produce malware as search results. Some examples: MyDoom, Klez, BadTrans and other worms and trojans. He used some very well written Ruby scripts and Google API to search for almost 300 malware signatures. More info on his tool can be found here.

Blogged with Flock

Vista Screenshots

Posted: July 26, 2006 in My Grafix, Random Writings

I’ve uploaded some more screenshots at flickr. You can check them out here:


An excellent resource for security research tools:

http://research.eeye.com/html/tools/

Blogged with Flock

Vista Login Screenshot

Posted: July 25, 2006 in My Grafix

I installed the Vista Community Technlogy Preview today. Wanted to share my first looks at vista. Below is the login screen. A larger version can be found here:

Why Me ?

Posted: July 24, 2006 in Random Writings

Arthur Ashe, the legendary Wimbledon tennis player was dying of AIDS which he got due to infected blood he received during a heart surgery in 1983. From world over, he received letters from his fans, one of which conveyed: “Why does GOD have to select you for such a bad disease”?

To this Arthur Ashe replied: The world over — 50 million children start playing tennis, 5 million learn to play tennis, 500,000 learn professional tennis, 50,000 come to the circuit, 5000 reach the grand slam, 50 reach Wimbledon, 4 to semi final, 2 to the finals. When I was holding the trophy I never asked GOD: “Why me?”. So today in pain, I should not be asking GOD: “Why me?”

Random Quote

Posted: July 23, 2006 in Random Quotes, Random Writings

“Many of us spend half our time wishing for things we could have if we didn’t spend half our time wishing.”


The sitemap:
http://www.google.com/sitemap.xml

The robot:
http://www.google.com/robots.txt

h4x0r3d Google

Posted: July 19, 2006 in Random Writings

this is funny :)
http://www.google.com/intl/xx-hacker/

The Crown

Posted: July 17, 2006 in My Grafix

A shot of the staircase i took in my hotel. A larger version can be found here.