Google Dorker

This site is good too for google dorks : http://www.exploit-db.com/google-dorks/

Dorks on Google can also work without any software !!!!

• IAmDevil

Will try it out and see :)

Sure go for it .
I found many sites vulnerable to SQLI.
found their admin login page and did stuff beyond imagination !!!!! lol

• IAmDevil

And this one contains a RAT too…. it seems that @llvllikey just joined to post the links here to trick some newbs into joining his botnet.

What’s the lesson? Don’t run everything you dl from the internet, even if your AV -solution doesn’t find anything…

As promised on the other thread, I’ll explain later how I found out about the trojan.

Maybe flabby should delete those threads..

as far as i know you need an api key to access any good dbs like google and they limit teh amount of requests and i assume they monitor them you could make a scraper to do it but it is hard i suggest to just learn how to make your own dorks i have made hundreds plus it makes it harder to find shit because of the amount fo queries against the results you get people monitor that shit to look for zero days so be creative and try to evade logic they use make your own like i said and you will see what i mean

allinurl:index.php?staffid=9

jeez good dork lol

I finally took the time to write about investigating a java application.. And my target was the SQLi Checker, which was also “marketed” by @llvllikey

Have a look at it at http://lamehackersguide.blogspot.com/

Nice post @daMage :) interesting stuff

Very nice daMage and a great blog :)

Agree! Great Article, Amazing job,Damage!!!

daMage, Ive been waiting for this! Its like a detective story, computer forensics. Now I have an idea, what Pen tester do. Thanks and I learn a lot.

This is great work my friend! It’s also really nice to take the time and share all this information.

I know it’s not related to the post… But about the DMA attack, you say that you can gain access to a domain account cached on the system… Does it allow you to access network ressources with this account? Kerberos and all this stuff… Are you able to login to the victim email account? Access network shares? Remove a domain controller!

Thanks again,
DaGr8

No, you only get access to the local resources with the DMA hack.

daMage,

Nice blogpost, and yes that is some nasty looking code. A bit before I joined this site I started looking into branching out into pentesting and have been looking for more and more resources on detailed information. The type that breaks down the in and outs of how some of these work internally. I see more than enough that help use the tools, but I want resources that instruct how they work and how to spot these just as you did with that one and your blog did help a bit in that aspect. Thanks for info.

Thx Damage about the Interesting stuff and great new knowledge for me.