🔍 Miscellaneous

pr0xh4ck © 2024

---

Agenda

• Search Engine
• Keywords Research
• Mega Download Bypass
• Activation
• Google Dorks
• Shodan Dork
• Ports list
• Open Sources
• Never Stop Learning
• Others

---

search-engine

• google

• bing

• yahoo

• duckduckgo

• yandex

• baidu

• ask

• excite

• fofa

  • Google hacking database
  • Searchengine
  • Programable search
  • Anonfiles search
  • Pastebin search
  • Zippy Share Search
  • File listing
  • Odcrawler
  • Filechef
  • Dedigger
  • Weboas
  • Searchfiles
  • Filesearch
  • Eyeofjustice
  • Megadb

---

---

keyword-research

• keyword
• prnt.sc/hexfky

---

---

mega-download-bypass

Tool

• megabasterd - Yet another unofficial (and ugly) cross-platform MEGA downloader/uploader/streaming suite.

Proxy List

• free-proxy-list
• us-proxy - Get your free proxy 1
• proxyscrape - Get your free proxy 2
• advanced - Get your free proxy 3
• premproxy - Get your free proxy 4
• sslproxies - Get your free proxy 5
• proxynova - Get your free proxy 6
• proxydb - Get your free proxy 7

Filter Proxies

x = """
# delete this line and paste your proxy list then run
"""
for y in x.split("\n"):
  if(y[-4:] == "8080"):
    print(y)

Or Go

• onecompiler

---

---

Activation

• Microsoft-Activation-Scripts - A collection of scripts for activating Microsoft products using HWID / KMS38 / Online KMS activation methods with a focus on open-source code, less antivirus detection and user-friendliness.

---

---

---

---

google-dork

• google-dorks - Bug bounty google dork

• google-hacking-database

intitle – Specifying intitle, will tell google to show only those pages that have the term in their html title. For example intitle:”login page” will show those pages which have the term “login page” in the title text.

allintitle – Similar to intitle, but looks for all the specified terms in the title.

inurl – Searches for the specified term in the url. – For example inurl:”login.php” or inurl:login.jsp intitle:login.

allinurl – Same as inurl, but searches for all terms in the url.

filetype – Searches for specific file types. filetype:pdf will looks for pdf files in websites. Similarly filetype:txt looks for files with extension .txt – For example “sensitive but unclassified” filetype:pdf

ext – Similar to filetype. ext:pdf finds pdf extension files.

intext – Searches the content of the page. Somewhat like a plain google search. For example intext:”index of /” or Host=. intext:enc_UserPassword=* ext:pcf

allintext – Similar to intext, but searches for all terms to be present in the text.

site – Limits the search to a specific site only. – For example site:example.com

cache - this dork will show you the cached version of any website

'*' - wildcard used to search pages that contain “anything” before your word.

+ - used to concatenate words, useful to detect pages that use more than one specific key

- - minus operator is used to avoiding showing results that contain certain words

| - this is a logical operator,

If a hacker wishes to search by a field other than the URL, the following can be effectively substituted:

• intitle:
• allinurl:
• allintitle:
• filetype:
• ext:
• inurl:
• intext:
• define:
• site:
• phonebook:
• maps:
• book:
• froogle:
• info:
• movie:
• weather:
• related:
• link:
• after:
• before:
• link
• inanchor
• daterange
• cache
• info
• phonebook
• rphonebook
• bphonebook
• author
• group
• msgid
• insubject
• stocks
• define

---

---

Google Dork

• Extension

site: *.example.com ext:php OR ext:js OR ext:txt OR ext:pdf

• Open Redirect

site: *.example.com inurl:& AND inurl:url

• SQL Injection

site: *.example.com intext:"You have an error in your SQL syntax"

• File Type

site: *.example.com filetype:pdf

• GraphQL

site: *.example.com inurl:/graphql/

---

---

Shodan-Dork

Citrix - Find Citrix Gateway. Example: title:“citrix gateway”[/align]

Wifi Passwords - Helps to find the cleartext wifi passwords in Shodan. Example: html:“def_wirelesspassword”

Surveillance Cams - With username admin and password. Example: NETSurveillance uc-httpd

Fuel Pumps connected to internet - No auth required to access CLI terminal. Example: “privileged command” GET

Windows RDP Password - But may contain secondary windows auth. Example: “\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00”

Mongo DB servers - It may give info about mongo db servers and dashboard. Example: “MongoDB Server Information” port:27017 -authentication

FTP servers allowing anonymous access - Complete Anon access. Example: “220” “230 Login successful.” port:21

Jenkins - Jenkins Unrestricted Dashboard. Example: x-jenkins 200

Hacked routers - Routers which got compromised. Example: hacked-router-help-sos

Open ATM - May allow for ATM Access availability. Example: NCR Port:“161”

Telnet Access - NO password required for telnet access. Example: port:23 console gateway

Misconfigured Wordpress Sites - The wp-config.php if accessed can give out the database credentials. Example: http.html:"* The wp-config.php creation script uses this file"

Hiring - Find sites hiring. Example: “X-Recruiting:”

Android Root Bridge - Find android root bridges with port 5555. Example: “Android Debug Bridge” “Device” port:5555

Etherium Miners - Shows the miners running ETH. Example: “ETH - Total speed”

Tesla Powerpack charging Status - Helps to find the charging status of tesla powerpack. Example: http.title:“Tesla PowerPack System” http.component:“d3” -ga3ca4f2

---

---

PGP(Pretty Good Privacy)

• Command for tool installation

sudo apt-get install gnupg2 gpa

• Create your key command

gpg --full-generate-key

• Open GUI tool

sudo gpa

---

port-list

• ports-list - Offical list of UDP/TCP ports to descriptions

---

open-sources

• videvo - Get your free video

---

---

never-stop-learning

• How to Convert web browser to a Notepad

data:text/html, <html contenteditable>

• Best Site to Download Free Software
• getintopc
• piratepc
• free4pc
• ask4pc
• up4pc
• dr-farfar
• mutaz
• filecr

---

---

Others

Mobile apps monetization

• start

(back to top)