you know longer need to go to warez :)
just type: list keygen softwarename
Archive for the ‘Google’ Category
Im my last weeks blog i mentioned about google indexing binary files and some tricks for searching malware. Playing around with different queries on google i realized how large the count is for open directory browsing enabled servers. By default on apache based servers if the Option directive in directory tag is not set to none or index the webserver is completely browsable. Many free hosting services and pernonal site servers also keep it enabled by default.
I started of with searching for some not-publicly-available softwares and encouraged by the results modified the searches for some mp3′s as well.
A simple query:
intitle:”index of” +”last modified” +”parent directory” +description +size +(wma | mp3) ArtistName SongName
got me to numerous sites that hosted the songs i needed. You can also modify the file extensions to any kind of files you want and precise your search by adding more extensions in the OR list in brackets.
For more adventerous the same trick works for IIS as well :).
Blogged with Flock.
There have been a few blogs out there on the subject of Google indexing not only PDFs and Docs, but executable files as well. A simple query for “Signature: 00004550” results in 192,000 (if Google’s count is accurate) links to executable files. The reason this search works is because when Google indexes the executable file, it parses the Portabe Executable (PE) file format of the windows executable. One of the things that is extracted from the PE file is the signature “4550″, the NT signature, present in all valid win32 PE files. if you look at the cache, you’ll see something like this:
WINDOWS EXECUTABLE
32bit for Windows 95 and Windows NT
Technical File Information:
Image File Header
Signature: 00004550
Machine: Intel 386
Number of Sections: 0003
Time Date Stamp: 3b7dc821
Symbols Pointer: 00000000
You can even many find innocent-looking sites that redirect to EXE files with spyware.
What’s interesting is that the results have addresses that make you think there’s nothing wrong with them (like for instance : http://www.crcdatatech.com/help/), they don’t have an EXE extension and when you go to the site you’re prompted to download the file. And if you click “run” instead of “save” or “cancel”, ahh, be prepare for the worst.
HDM (Metasploit) went on his own and developed a Malware search engine and he’s generous enough to release the code as well. You just have to type the name of a virus and you can find the queries that produce malware as search results. Some examples: MyDoom, Klez, BadTrans and other worms and trojans. He used some very well written Ruby scripts and Google API to search for almost 300 malware signatures. More info on his tool can be found here.
Blogged with Flock
