Cult of the Dead Cow (cDc) released a program and website called Goolag a few weeks ago, it provides an easy front end to running well known Google Dorks (Google hack strings) against your website to see if you have any of the common vulnerabilities indexed by Google. You can also find out quite a bit about your company's organization if you know what you're doing. It includes scans for server errors, well known files that contain password information, webcams, server errors, well known vulnerable files, and alot more. Unfortunately, the only binary available right now is for Windows but us Linux users can always just fire up a virtual machine and get it to work (it might work in Wine too, with a little tweaking). Its an interesting experiment in using Google to gather information about a target (of a LEGAL penetration test or vulnerability scan).

Check it out

Johnny Long, of johnny.ihackstuff.com fame, has started a new charity foundation with his wife that enlists the aid of hackers to help with IT problems in the developing world, a place that honestly can't afford real IT guys. This is a really great thing for Johnny and the hacker community to take part in and it really does make a difference in the lives of people in various African countries.

In case you're a selfish asshole and don't have the desire to help people for the sake of help, there's something in it for you as well, especially if you need resume fodder. For each project you help complete, you are able to reference the project on your resume and you'll get a professional reference from Johnny Long on LinkedIn. For more details, watch his video on Google Video about No-Tech hacking, which really opened my eyes to some great techniques for seeing things important to security without the use of technology.

IHACKCHARITY.ORG

Defcon 15 - NoTech Hacking

The great thing about the internet is that you can access all kinds of information at the touch of your fingertips. Some of that information is being broadcast LIVE 24/7 over unsecured webcams. Given, some of them are meant to be open and available to anyone, but then again, some aren't. The great thing is, its legal to look at any of them that don't require you to login! Here's a great list of Google hacks on finding open webcams.

Hacking Internet Web Cameras @ GeniusHackers

There are a few online MD5sum crackers/search engines. They do the job for alot of md5sums but if you've got a complex password that you wanna crack, you're still better off bruteforcing it. But its still fun to throw a few hashes at it and see what it actually can get. Here are a couple:

• Rednoize
• GData
• milw0rm
• Waraxe
• Passcracking

I've written this handy little bash script for simple network enumeration. It pings all the hosts on the specified private network range, then portscans (nmap) and gets Netbios information from them and writes it to a file.

The script requires nmap and nmbstatus be present on the system on which you're using the script. Further documentation can be found in the script's comments.

Get NetBore!

That's right, I've coded my new blog from scratch and I'll finally start posting again. Only this time, things will be a bit different with the site's content focusing more on security and programming. Hope you all enjoy! :)
BTW, if you find any bugs, please let me know.