GAGBOX is your one source to humor and fun

27 June, 2008

Wednesday, October 24, 2007

G talk secret Parameters
There are a few secret parameters you can add to Google Talk and make it function differently. Following is the list of parameters

/nomutex: This allows you to open more than one instance of Google Talk
/autostart: Starts on it's own.
/forcestart: It forces it to start no matter what option was set.
/factoryreset: set settings back to default.
/S upgrade: Used when upgrading Google Talk
/register: This registers Google Talk in the registry, includig GMail Compose method.
/checkupdate: This keeps on checking for newer versions
/plaintextauth: It makes use of plain authentication mechanism instead then Google's GAIA mechanism.
/nogaiaauth: This disables GAIA authentication method. The same as above.
/gaiaserver servername.com: uses a different GAIA server to connect to Google Talk. Used for debug purposes only, there are no other known GAIA servers.
/mailto email@host.com: send an email with Gmail
/diag: start Google Talk in diagnostic mode

Most of them can be ued in the following way

Rifgt- click on the desktop.
Select "New " >>>"Shortcut"
Now browse through "My COMPUTER">>>"C:/">>>>"Program Files">>>>"Google">>"Google Talk">>>"Gtalk.exe"
Now add the extention that you want.
eg:- "......../gtalk.exe"/log.

Emotions!!
Following is the list of emoticons supported by gtalk.All these emotions appears in color in a conversation
:- :-O :-x :-P :-D :O :x :P :D
:) :( :) ;) ;( :'( : ;-) :-( :-)
B- B-O B-x B-P B-D B-) B-( B’( BO Bx BD
& some more

Gmail & talk supports animated emotions and they are
:- :=P :-D ;-) :-( :P :D :) :( ;-) ;) B-)

Chat Bots
A chatbot is a computer program designed to simulate conversation through a variety of methods.
They converse as much like people as their programming allows. If you want to add a chatbot to your Google Talk,
just add the account name as a friend.

Examples

indeedjobs@gmail.com (sends you fresh job postings matching your search query)

Conference Bot

Conference Bot is a bot that links together Google Talk users into one public conference room. This bot has been used as the basis of many bots for Google Talk. You can find a list of the active bots below.
If you want to create your own bot?
visit here



WM_COMMAND codes
Chat Window:
8001 - Start Call
40081 - Start muting microphone
8007 - Stop muting microphone
8008 - Stop Call
8015 - Show Send File dialog
8003 - Email
8013 - Start Voicemail
8008 - Stop Voicemail
8010 - Go off the record (both on and off)
8017 - View past chats
8011 - Block/unblock
Main Window:
40011 - Add Friend
40080 - Enable/Disable all notifications
40065 - Connection Monitor
40080 - Save all settings
40087 - Check for Updates Now
40088 - Inbox
40023 - About
40089 - Check Mail Now
40003 - Settings
40020 - Help
40088 - Email
40002 - Sign out
1404 - Voicemail

Add items to tray menu
Open Google Talk in Resource Hacker.
Go to menu -> 110 -> Click on 0. It will open as text.
Play with the menu items, for example you can add the item
MENUITEM "Settings", 40003, MFT_STRING, MFS_ENABLED
Click 'compile script'.
Close all instances of Google Talk!
Click File -> Save.


User Interface Editing
Open googletalk.exe in Resource Hacker.
Expand the Bitmap tree.
Save bitmaps 139, 5001-5104.
Edit the bitmaps in your image editor of choice to make them the color(s) you like.
Replace the original bitmaps with your edited bitmaps in Resource Hacker (Action > Replace Bitmap).
Save and try it out!.


Change Language
To change the language of Google Talk you will need to:

1.Open resource hacker.
2.Choose the menu: file, open.
3.Open the file c:\program files\google\google talk\googletalk.exe.
4.Now you will see a treeview on the left.
5.Double click on dialog.
6.Double click on 130.
7.Click on 0.
8.You will see a window and a bunch of text like 'CONTROL "Password:", 1003, STATIC'...
9.Change the text to another language, for example: 'CONTROL "Wachtwoord:", 1003, STATIC'...
10.Click 'Compile Script'.
11.Do this for all the dialogs.
12.Double click on 'String Table' in the treeview.
13.Click on 36.
14.Click on 0.
15.You will see a bunch of text like '567, "encountered an internal error'...
16.Change the text to another language, for example: '567, "er is een interne fout voorgekomen'...
17.Click 'Compile Script'.
18.Do this for all the string tables.
19.Make sure Google Talk is closed!!! and then click file, save.
20.When you reopen Google Talk it should now be in another language.


Registry Tweaks
You can edit most settings by opening regedit (start -> regedit),
and navigating to the key HKEY_CURRENT_USER\Software\Google\Google Talk

The "Google/Google Talk" key has several sub-keys that hold different option values:

Accounts: This one has subkeys for each different account that has logged in on the client. These keys have different values that store the username, password and connection options.
Autoupdate: Stores the current version information. When the client checks for updates it compares Google's response with these values. If an update is needed, it will download and update the new version.
Options: This is the most interesting part, where most of the current hacks should be used
Process: Stores the process ID. Probably used by Google Talk to detect if it's already running or not.
HKEY_CURRENT_USER\Software\Google\Google Talk\Options\api

The Google Talk API UID (unique ID).

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\chat_rect

Stores chat windows size/position.

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\filter_online

Only show online contacts.

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\font_charset

Stores what charset the font is in.

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\has_checked_orkut_picture

?

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\logged_in_once

Stores if you've ever signed in.

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\mailto_backup_handler

Path to default mail application (if not GMail).

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\mailto_backup_icon

Path to the default mail application's icon, index is separated with comma.

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\mailto_backup_registred

If the mail application is registred.

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\presence_note

?

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\theme

Specifys what theme you're using.

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\welcome_shown

If the welcome messages are shown or not.

HKEY_CURRENT_USER\Software\Google\Google Talk\Options\window_rect

Stores main windows size/position.



Google Talk Tips and Tricks
Shortcuts

* CTRL + Mousewheel up/down over input textbox: Change the font size of the textbox.
* F9: Open Gmail to send an email to your friend
* F11: Start a call with your friend
* F12: Stop the current call
* ESC: Close the current window
* ALT + ESC: Minimize the current window
* TAB: Switch between multiple chat windows
* CTRL + I: Same as TAB
* SHIFT + TAB: Same as TAB but in reverse order
* CTRL + TAB: Same as SHIFT + TAB
* Windows + ESC: Open Google Talk (if it's minimized, or in the tray)

Conversation Text

* A message can be 32767 characters long.
* Certain smileys are recognized by Google Talk and will be shown in blue.
:-| :-O :-x :-P :-D ;-) :-( :| :O :x :P :D :) :( ;-| ;-O ;-x ;-P ;-D ;-) ;-( ;| ;O ;x ;P ;D ;) ;( B-| B-O B-x B-P B-D B-) B-( B'( BO Bx BD B) B( B) And you can put a ' between the characters to get another one shown in blue.
* To write text in bold, put it between *asteriks*
* To write text in italic, put it between _underscores_
* You can insert special characters like ♥♫☺ with 'Start / Programs / Accessories / System Tools / Character Maps'.

Conversation Window

* Drag a conversation window on top of another and they will dock together.
* Drag a file onto the chat history and you'll send the file to the selected contact.
* When you see a message notification, you can right click it to close it without focusing the conversation window.

Conference Calls

* What you need to do to have conference calls: Open up a copy of Google Talk on all computers with which you wish to conference. After one copy is opened make a new shortcut for Google Talk but at the end of it add /nomutex. If you installed it to the default folder then your shortcut should read "C:\Program Files\Google\Google Talk\googletalk.exe" /nomutex. Open 2 instances of the software on every user's computer. After this start a chain: User 1 should connect on one instance to user 2. User 2 will connect on his second instance to user 3. User 3 will connect using his second instance back to user 1. With this chain everyone is connected to everyone.

Nickname & Status Message

* You can change your name in the Google Account page.
or To change the nickname need to go to your Gmail account and change the name there. Choose Settings, Accounts, and then Edit info. Click on the second radio button, and enter your custom name.
As a result all of your emails will have that nick as well, there is no way to seperate the two.
* You can add a website in your custom message, it will be clickable when someone opens a conversation window with you.

Contacts

* You don’t need to say Yes or No when someone wants to add you as a friend; you can simply ignore it, the request will go away. (On the other hand, someone with whom you chat often will automatically turn to be your friend, unless you disable this).
* The Gmail account 'user@gmail.com' can't be invited as your friend.

Sound & Video

* It's possible to broadcast music, MP3, etc.. through Google Talk.
Unplug your microphone. Double click on the speaker icon in the lower right corner. This will open
up "Volume Control". Select "Options" and then "Properties". Then check the button
next to "Recording" then click OK. You may also have to change your setting under
Mixer Device. Now the Recording Control screen should be up. On my computer I selected "Wave Out Mix". Click on the green phone in Google Talk and call your friend.

Secret Startup Parameters

* /nomutex: allows you to open more than one instance of Google Talk
* /autostart: when Google Talk is run with this parameter, it will check the registry settings to see if it needs to be started or not. If the "Start automatically with Windows" option is unchecked, it won't start.
* /forcestart: same as /autostart, but forces it to start no matter what option was set.
* /S upgrade: Used when upgrading Google Talk
* /register: registers Google Talk in the registry, includig the GMail Compose method.
* /checkupdate: check for newer versions
* /plaintextauth: uses plain authentication mechanism instead then Google's GAIA mechanism. Used for testing the plain method on Google's servers.
* /nogaiaauth: disables GAIA authentication method. The same as above.
* /factoryreset: set settings back to default.
* /gaiaserver servername.com: uses a different GAIA server to connect to Google Talk. Used for debug purposes only, there are no other known GAIA servers.
* /mailto email@host.com: send an email with Gmail
* /diag: start Google Talk in diagnostic mode
* /log: probably has something to do with the diagnostic logging
* /unregister: ?
* /embedding: ?

Others

* If there’s something you think is missing in Google Talk, send off a message to Google.
* There was a hidden game in Google Talk. In the about screen you could see 'play 23 21 13 16 21 19 . 7 1 13 5'. Each number represented a letter. a=1, b=2, c=3 .... When you translated this message it said: 'play wumpus.game'. To play this game you had to invite wumpus.game@gmail.com as a friend. wumpus.game@gmail.com is always offline now. You can still play Hunt the Wumpus here.
* Google Talk can dock into the Google Desktop Sidebar. Doubleclick on the titlebar in the Google Talk main window and it docks as a panel into the GDS and slides out when you click the top of the docked panel..

Google Hacks
Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.

Now Google being so intelligent search engine, hackers don’t mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.

Index Of

Using “Index of ” syntax to find sites enabled with Index browsing.

A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of “index of” syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.

Index of /admin
Index of /passwd
Index of /password
Index of /mail

"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess

"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"

Looking for vulnerable sites or servers using “inurl:” or “allinurl:”.

a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and is able to execute it.


b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:

http://www.securiteam.com/exploits/2BUQ4S0SAW.html

c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.

d. Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.

For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html

Other similar search using “inurl:” or “allinurl:” combined with other syntax


inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php

inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto


Looking for vulnerable sites or servers using “intitle:” or “allintitle:”

a. Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.

b. Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.

Other similar search using “intitle:” or “allintitle:” combined with other syntax

intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov



Other interesting Search Queries

To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:

allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php


To search for sites vulnerable to SQL Injection attacks:

allinurl:/privmsg.php
allinurl:/privmsg.php

Share Your Thoughts!

0 comments:

Post a Comment

Copyright © 2013 GagBox™ is a registered trademark.

Designed by GagBox Inc. Desiged By Templateism.com. Blogger Hosting by Blogger.