EXCLUSIVELY FROM HAKCERSGANGMOHAN.COM


JUST DOWNLOAD FROM GIVEN LINK AND EXTRACT IT IS IN EXCEL FORMAT,,,USE THESE KEYWORDS IN YOUR SITE BY WRITEING ARTICLE ON THAT OR WRITE FREE ARTICLE FROM GOARTICLES.COM ,,AND POST IT ,,,THEN U WILL SEE GOOGLE WILL PAY U FIVE TIMES THAN YOUR BEFORE EARNING PENNY,,,,
 
http://hotfile.com/dl/120267557/bf8ad0d/TOP_PAYING_ADSENSE_KEYWORDS_BY_MOHAN_KUMAR.xls.html





We all Know Google AdSense is a simple and low-risk way for publishers to quickly monetize their content. The pay-per-click ad system is an great opportunity for anyone to instantly have advertising on their website, without the hassle of having to actively sell ad space. AdSense makes up a good portion of the advertising revenue for many websites, and other websites may use AdSense to earn the bulk of their revenues. Either way, AdSense is an excellent system for monetizing your content. In this Post I going to Mention very important topic of High paying Google adsense keyword, This will Really helpful to Adsense earners.

What is Benchmark Lending?  from http://www.whatwherenhow.com/

__________________________________________________________________________________

Ultra High Paying Keywords   by nichemonkey.blogspot.com

ARTICLE: The Wisconsin lemon Law for Defective Semi-trucks FROM http://www.freearticleforyou.com

_______________________________________________________________________________

Purchasing a vehicle is the second largest investment after a home for most of us. And of course, we would expect that there are laws and procedures in place to protect this investment. Every new vehicle has warranties provided with vehicles that protect consumers.
If your vehicle shows any nonconformity against the warranty it has, the Wisconsin's lemon law would step in to provide you the protection provided you are a Wisconsin consumer. Signed into law on November 3, 1983, the Wisconsin's Lemon Law, one of the strongest in the country, has been protecting the Wisconsin consumer for almost 27 years now. The Wisconsin's Lemon Law requires a manufacturer to refund or replace a new vehicle if it turns out to be a "lemon".

The Wisconsin's Lemon Law covers:

• New cars
• Motorcycles
• Truck
• Semi-trucks
• Motor homes

The Wisconsin lemon Law for Defective Semi-trucks
The Wisconsin's Lemon Law, Wisconsin Statute section 218.0171, provides relief for consumers who have bought or leased a new semi-truck having a substantial defect or condition that cannot be repaired in a certain number of repair visits or a certain amount of time. It entitles the owner of an automobile that meets the statutory definition of a "lemon" to a refund or replacement and payment by the manufacturer of actual attorney fees and costs if you prevail. If you are successful in court under this statute, you are entitled to recover double the amount of any monetary loss, as well as payment of actual attorney fees and costs.

To get the best of the Wisconsin's lemon law:
Each time your equipment is in for repairs, make sure you obtain a repair invoice that shows the problems you reported

• Obtain a repair invoice even if the shop cannot determine or fix the problem
• Log in the date the vehicle was brought in for repairs and the date it was returned
• Save the copies of all purchase contracts, warranties, warranty repair orders, letters about its problems
• Consult an experienced attorney who can advise you on the best recourse for the relief

The Magnuson-Moss Warranty Act:  If the defects with your new semi-truck do not meet the requirements of the Lemon Law, you may have claims under other state and federal laws that protect owners of new or used vehicles.
The Magnuson-Moss Warranty act  is a Federal Law that protects you if your new semi-truck is defective and has an express written warranty. The Magnuson-Moss Warranty act applies to your defective new semi-truck that does not perform as it should. The Magnuson-Moss Warranty act greatly affects the rights of new semi-truck buyers. a vehicle manufacturer cannot void the warranty on a new semi-truck due to an after market unless he can prove that the after market part caused or contributed to the failure in the vehicle as per the Magnuson Moss Warranty Act -15 U.S.C. 2302(C). If your new semi-truck is a lemon and has a written warranty, the warranter must permit you the choice of either a refund or replacement of the defective new semi-trucks.

ARTICLE ON --Hair laser removal Washington DC  from http://www.omniglot.com/

Unwanted hair has been a problem ever since and especially for women. However, these days even men look up to grooming equally as women and wish to get rid of unwanted hair. There are a number of methods that have been used for hair removal like threading, waxing, hair removing creams etc. But none of these methods has resulted in permanent hair removal. However, with the help of laser technology permanent hair removal is possible and you can have a smooth hairless skin.

Laser hair removal works for both men and women equally and works for both small as well as large areas. But there are certain limitations to the use of laser hair removal and not everyone can take up this treatment.
Who is eligible for a laser hair removal treatment? When you approach a laser hair removal center then they would first check whether you are a suitable candidate to undergo a laser hair removal or not. Ideally a laser hair removal treatment is considered to best suit people who have a light skin color in comparison to the color of their hair. Moreover, it is also thought to be ideal for people who are fair and have a light skin color.
For determining whether you are a suitable candidate for laser hair removal the doctor would usually check your skin and hair color. It is considered that people who have a dark skin color absorb a lot of laser radiation and hence are not considered to be ideally suited for laser hair removal treatment.
At times laser hair specialists also do not consider people who are tanned and those who have light colored hair for this treatment."> When you take up laser hair removal treatment you are required to meet the doctor for multiple sessions and more than this the treatment is expensive and you should be able to meet the cost of the treatment.
Doctors or specialists doing the laser hair removal treatment usually advise their clients to avoid having foods that have high content of beta-carotene during the time when they are undergoing laser hair removal.
How much does the laser hair removal treatment cost ?
The cost of laser hair removal can vary greatly. Usually the cost is assessed according to the size of the area that is being treated. If you take up laser hair removal treatment in Washington DC then you can be charged almost $300 to $500 for every treatment session. Generally the permanent laser hair removal treatment requires 4 treatment sessions.
If you are considering a laser hair removal treatment for a larger area like your back or arms of legs then you can be charged more for this. Treating small areas like eyebrows, upper lip, forehead would cost you a lesser amount.
It is advised that before you make an appointment with the laser hair removal specialist you should confirm the price and other details so that you would know that you can afford taking the treatment.
The process of laser hair removal When you go in for laser hair removal then you would have to in for various sessions depending upon the area that is being treated and the specialist who is handling your treatment.
Multiple sessions are required because there are a number of dormant hair follicles under the skin that needs to be killed. If these follicles were left like that then they would replace the follicles that had been killed in the previous session. For making this hair removal permanent it is important that you go in for multiple sessions.
The duration of each of these sessions varies on the area that is being treated and can vary from a few minutes to hours. The treatment does not involve much of pain and you would just have a tingling sensation. However at times when patients have pain the specialist would prescribe certain painkillers.
When you go for treatment the excess hair on the area of treatment is removed and the area is exposed to the pulsing laser beam to destroy the hair follicles. Once this is done then the specialist would provide you with a soothing moisturizing treatment.
Laser hair clinics Washington D.C Some of the laser hair clinics functioning in Washington D.C are mentioned below.
Reveal MedSpa: They are experts in laser hair removal treatments and altogether have an experience of 175,000 procedures at their different locations. The physicians at this center are well-trained and licensed to practice laser therapy. They have different types of laser hair removal treatment therapies that you can opt for. You can contact them at 1028 19th Street, NW ; Washington, D.C. 20036; Phone: 1.888 (Laser 14); 1.888.527.3714.
Renu MedSpa's: http://www.renudc.com
They provide pain free laser hair removal for reducing unwanted hair on the body, including the face, back, neck, legs, bikini line, chest and underarms. YOU can contact them at 1145 19th street, Washington, DC 20007 ; phone: 301.652.RENU (7368)
Dermatology and Cosmetic Surgery Associates:http://www.dermatologycosmetic.com
They provide laser hair removal procedures that are FDA approved and help their clients with the latest technologies that are available. You can call them at 301.345.7375 for an appointment. They are located in Greenbelt, Maryland, just outside of Washington, DC.
Bang Salon & Day Spa: http://www.bangsalon.com
They provide laser hair removal treatment. Their team of laser hair removal specialists is experienced and well trained to practice the therapy. They provide their services at affordable rates. You can contact them at 1612 U St NW; Washington, DC 20009; phone: 202-299-0925.

Picking a Domain Name FROM smallbusiness.yahoo.com

 

You'll need a domain name for your store. A domain name is the "something.com" piece of a web address (or .org, .biz, .whatever). For instance, in the URL www.yahoo.com/index.html, the domain name is the yahoo.com piece. If you've already registered a domain name with a service, that's fine; you'll be able to point it to your Yahoo! store later. Or you can register a domain name during the sign-up process, and Yahoo! will throw it in at no extra charge. But how do you pick a name? Spend a little time thinking about this. It's not easy picking a domain name because most good ones have already been taken! Here are a few things to consider:

• Pick a name that is easy to understand. If you read the domain name on the radio, would listeners be able to understand (and spell!) it?
• If you already have a business name, you really need a domain name that matches (which isn't always possible, of course).
• If at all possible, pick a .com domain, not a .org, .biz, or .anything else. The world thinks .com, and if you select a different one many people may not notice and might end up at the wrong site.
• If all the domains you want have already been purchased, try combining words. Try mixing your primary word with a color or location name (city, state, etc.), a store-type word (store, depot, warehouse, shop, etc.), or something else. Sometimes the only way to get a domain that works for you is by building a combination.
• If your domain name can be confused with any other name-in particular plurals, singulars, and common spelling mistakes-you need to register both terms. You need the one you want and the "confused" term. Registering cooldoll.com? Then you also need cooldolls.com. Getting jobadvisory.com? You also need jobadvisery.com, jobsadvisory.com, and jobsadvisery.com.
• Yahoo! provides a pretty good "brainstorming" tool; you tell it what domain you want, and it suggests alternatives. Spend a little time to make sure you get a good domain name.

Avoid "domain confusion." Don't register a domain name that is likely to be confused with another. Don't register royalsaunas.com if someone else owns royalsauna.com, or bluesauna.org if someone else has bluesauna.com. If you market heavily using the domain name, some of the traffic will go to the other domain, possibly a competitor!

A structured settlement   is a financial or insurance arrangement, defined by Internal Revenue Code as periodic payments; a claimant accepts to resolve a personal injury tort claim or to compromise a statutory periodic payment obligation. Structured settlements were first utilized in Canada after a settlement for children affected by Thalidomide. Structured settlement cases became more popular in the United States during the 1970s as an alternative to lump sum settlements. The increased popularity was also due to several rulings by the IRS and an increase in personal injury awards. The IRS rulings changed policies such that if the requirements were met then claimants could have federal income tax waived.
Structured settlements have become part of the statutory tort law of several common law countries including Australia, Canada, England and the United States. Structured settlements may include income tax and spendthrift requirements as well as benefits and are considered to be an asset-backed security. Often the periodic payment will be created through the purchase of one or more annuities, which guarantee the future payments. Structured settlement payments are sometimes called "periodic payments" and when incorporated into a trial judgment is called a "periodic payment judgment." These payments are also called a coupon for a regular bond.

Structured Settlements in the United States

The United States has enacted structured settlement laws and regulations at both the federal and state levels. Federal structured settlement laws include sections of the (federal) Internal Revenue Code. State structured settlement laws include structured settlement protection statutes and periodic payment of judgment statutes. Forty-seven of the states have structured settlement protection acts created using a model promulgated by the National Conference of Insurance Legislations ("NCOIL"). Of the 47 states, 37 are based in whole or in part on the NCOIL model act.Medicaid and Medicare laws and regulations affect structured settlements. To preserve a claimant's Medicare and Medicaid benefits, structured settlement payments may be incorporated into "Medicare Set Aside Arrangements" "Special Needs Trusts."
Structured settlements have been endorsed by many of the nation's largest disability rights organizations, including the American Association of People with Disabilities  and the National Organization on Disability.
In April 2009, financial writer Suze Orman wrote in a column  that structured settlements "provide ongoing income and reduce the risk of blowing a lump sum through poor financial choices." In response to a reader's question, she added that financial security can be improved "if you use the structured payouts wisely."

Mesothelioma (Form of Cancer)

Mesothelioma, more precisely malignant mesothelioma, is a rare form of cancer that develops from the protective lining that covers many of the body's internal organs, the mesothelium. It is usually caused by exposure to asbestos.
Its most common site is the pleura (outer lining of the lungs and internal chest wall), but it may also occur in the peritoneum (the lining of the abdominal cavity), the pericardium (a sac that surrounds the heart), or the tunica vaginalis (a sac that surrounds the testis).
Most people who develop mesothelioma have worked on jobs where they inhaled asbestos and glass particles, or they have been exposed to asbestos dust and fiber in other ways. It has also been suggested that washing the clothes of a family member who worked with asbestos or glass can put a person at risk for developing mesothelioma. Unlike lung cancer, there is no association between mesothelioma and smoking, but smoking greatly increases the risk of other asbestos-induced cancers. Those who have been exposed to asbestos often utilize attorneys to collect damages for asbestos-related disease, including mesothelioma. Compensation via asbestos funds or lawsuits is an important issue in law practices regarding mesothelioma (see asbestos and the law).
The symptoms of mesothelioma include shortness of breath due to pleural effusion (fluid between the lung and the chest wall) or chest wall pain, and general symptoms such as weight loss. The diagnosis may be suspected with chest X-ray and CT scan, and is confirmed with a biopsy (tissue sample) and microscopic examination. A thoracoscopy (inserting a tube with a camera into the chest) can be used to take biopsies. It allows the introduction of substances such as talc to obliterate the pleural space (called pleurodesis), which prevents more fluid from accumulating and pressing on the lung. Despite treatment with chemotherapy, radiation therapy or sometimes surgery, the disease carries a poor prognosis. Research about screening tests for the early detection of mesothelioma is ongoing.

 

Features of cheap web hosting – email accounts and bandwidth

When it comes to cheap web hosting, it is always going to be something that many of us are not going to really think is the most effective for our sites and just go for the ones that are the cheapest.

That can be a good thing but it might not be also.Sometimes going for the cheapest web host works when people are setting up their first websites, taking a chance on a risky adventure is something that not a lot of people can actually afford to do and paying out only a few dollars each month could be the only way to get their site off the ground.

Whether that works out or not is another matter. Sometimes it will also be very bad for websites when people are planning on setting up a huge website, something that is going to handle the high amounts of traffic coming into the site - that can actually happen a lot of the times.

These websites are really unsure over what companies they are supposed to be doing for - some think that it is going to be the most expensive option that is the best but in reality neither cheap nor expensive hosting might work out.

Hosting can be a really tricky thing at times and for most of the times it will be that many people find that it is neither the cheap nor the expensive options work.

People just really need to find the best web host and whether that the price is affordable or not is just going to be a piece of luck.

There are many people out there that do not want to go for the cheap web hosts because they really cannot be quite trusting at all but people will not be sure whether which web host is going to be the best for their websites.

Whether that works out or not is another matter. Sometimes it will also be very bad for websites when people are planning on setting up a huge website, something that is going to handle the high amounts of traffic coming into the site - that can actually happen a lot of the times.

These websites are really unsure over what companies they are supposed to be doing for - some think that it is going to be the most expensive option that is the best but in reality neither cheap nor expensive hosting might work out.

Hosting can be a really tricky thing at times and for most of the times it will be that many people find that it is neither the cheap nor the expensive options work.

People just really need to find the best web host and whether that the price is affordable or not is just going to be a piece of luck.

There are many people out there that do not want to go for the cheap web hosts because they really cannot be quite trusting at all but people will not be sure whether which web host is going to be the best for their websites.

 TATA D0C0M0 TRICK WORKING 100% (SPEED IS BIT SLOW)


Use any handler browser(i tested on operamini4.3 handler mod), just leave all field untouched except front query, where you put-

 10.124.72.171.html.flyproxy.com/nph-proxy.pl/010110A/http/

here you have another proxys for front query- try n find out which one is fastest for you-

10.124.72.171.php.lelook.com/cgi-bin/nph-get.cgi/000110A/http/
.
10.124.72.171.php.gowingo.com/cgi-bin/nph-get.cgi/000100A/http/
.
10.124.72.171.php.concealme.com/nph-proxy.pl/000010A/http/
.
10.124.72.171.php.scarewar.com/cgi-bin/nph-get.cgi/000110A/http/

10.124.72.171.php.anonlove.com/cgi-bin/nph-get.cgi/000000A/http/

Note-use divein setting for this tck. Balance should be above rs 1.



OTHER TRICK-USE ANY OPERAMINI HANDLER MOD, DON;T CHANGE ANY PRIMARY N SECONDARY SERVER, ANY QUERTIES ETC, ONLY  CHANGE PROXY TYPE TO HTTP AND  ENTER THIS IN PROXY SERVER
10.124.88.22.server4.operamini.com.
ENJOY FAST SPEED.......

Indian Rupees to FOREIGN CURRENCY


1. USD

Indian Rupees to 1 USD

120 days latest (Jun 3) 44.8219 lowest (Apr 8) 44.0747 highest (Jan 31) 45.9303

2. EURO

Indian Rupees to 1 EUR  120 days latest (Jun 3) 64.938 lowest (Jan 11) 58.52 highest (May 5) 66.307

Privacy or Security Policies and Technical Details Indicating 
the Types of Security Mechanisms in Place



Any piece of information that provides insight into the target organization's privacy or 
security policies or technical details regarding hardware and software used to protect the 



organization can be useful to an attacker for obvious reasons. Opportunities will most 
likely present themselves when this information is acquired.
Archived Information
It's important to be aware that there are sites on the Internet where you can retrieve 
archived copies of information that may no longer be available from the original source. 
This could allow an attacker to gain access to information that has been deliberately 
removed for security reasons. Some examples of this are the Wayback Machine at http://
www.archive.org, http://www.thememoryhole.org , and 
the cached results you see under Google's cached results (see Figure 1-6).
Disgruntled Employees
Another real threat to an organization's security can come from disgruntled employees, 
exemployees, or sites that distribute sensitive information about an organization's 



internal dealings. If you ask anyone about disgruntled employee stories, you are likely 
to hear some pretty amazing tales of revenge. It's not uncommon for people to steal, sell, 
and give away company secrets; damage equipment; destroy data; set logic bombs to go 
off at predetermined times; leave back doors for easy access later; or perform any number 
of other dubious acts. This is one of the reasons today's dismissal procedures often 
include security guards, HR personnel, and a personal escort out of the building. One of 
Google's advanced searches, "link: www.company.com," reveals any site that Google 
knows about with a link to the target organization. This can prove to be a good way to 
find nefarious sites with information about the target organization.
Search Engines, Usenet, and Resumes
The search engines available today are truly fantastic. Within seconds, you can find just 
about anything you could ever want to know. Many of today's popular search engines 
provide for advanced searching capabilities that can help you home in on that tidbit 
of information that makes the difference. Some of our favorite search engines are 



http://www.google.com, http://search.yahoo.com, http://www.altavista.com, and 
http://www.dogpile.com (which sends your search to multiple search engines such as 
Google, Yahoo, Microsoft Live Search, and Ask.com). It is worth the effort to become 
familiar with the advanced searching capabilities of these sites. There is so much sensitive 
information available through these sites that there have even been books written on 
how to "hack" with search engines—for example, Google Hacking for Penetration Testers 
Vol. 2, by Johnny Long (Syngress, 2007).
Here is a simple example: If you search Google for "allinurl:tsweb/default.htm," 
Google will reveal Microsoft Windows servers with Remote Desktop Web Connection 
exposed. This could eventually lead to full graphical console access to the server via the 
Remote Desktop Protocol (RDP) using only Internet Explorer and the ActiveX RDP client 
that the target Windows server offers to the attacker when this feature is enabled. There 
are literally hundreds of other searches that reveal everything from exposed web cameras 
to remote admin services to passwords to databases. We won't attempt to reinvent the 
wheel here but instead will refer you to one of the definitive Google hacking sites 



available at http://johnny.ihackstuff.com. Johnny Long compiled the Google Hacking 
Database (GHDB): http://johnny.ihackstuff.com/ghdb.php. Despite this hacking 
database not being updated frequently, it offers a fantastic basic listing of many of the 
best Google search strings that hackers will use to dig up information on the Web.
Of course, just having the database of searches isn't good enough, right? A few tools 
have been released recently that take this concept to the next level: Athena 2.0 by Steve 
at snakeoillabs (http://www.snakeoillabs.com); SiteDigger 2.0 (http://www.foundstone.
com); and Wikto 2.0 by Roelof and the crew (http://www.sensepost.com/research/
wikto). They search Google's cache to look for the plethora of vulnerabilities, errors, 
configuration issues, proprietary information, and interesting security nuggets hiding 
on websites around the world. SiteDigger (Figure 1-7) allows you to target specific 
domains, uses the GHDB or the streamlined Foundstone list of searches, allows you to 
submit new searches to be added to the database, allows for raw searches, and—best of 



all—has an update feature that downloads the latest GHDB and/or Foundstone searches 
right into the tool so you never miss a beat.
The Usenet discussion forums or news groups are a rich resource of sensitive 
information, as well. One of the most common uses of the news groups among IT 
professionals is to get quick access to help with problems they can't easily solve 
themselves. Google provides a nice web interface to the Usenet news groups, complete 
with its now-famous advanced searching capabilities. For example, a simple search for 
"pix firewall config help" yields hundreds of postings from people requesting help with 
their Cisco PIX firewall configurations, as shown in Figure 1-8. Some of these postings 
actually include cut-and-pasted copies of their production configuration, including IP 
addresses, ACLs, password hashes, network address translation (NAT) mappings, and 
so on. This type of search can be further refined to home in on postings from e-mail .

Current Events (FOOTPRINTINGS)



Current events are often of significant interest to attackers. Mergers, acquisitions, 
scandals, layoffs, rapid hiring, reorganizations, outsourcing, extensive use of temporary 
contractors, and other events may provide clues, opportunities, and situations that didn't 
exist before. For instance, one of the first things to happen after a merger or acquisition 
is a blending of the organizations' networks. Security is often placed on the back burner 
in order to expedite the exchange of data. How many times have you heard, "I know it 
isn't the most secure way to do it, but we need to get this done ASAP. We'll fix it later."? 
In reality, "later" often never comes, thus allowing an attacker to exploit this frailty in the 
name of availability in order to access a back-end connection to the primary target.
The human factor comes into play during these events, too. Morale is often low 
during times like these, and when morale is low, people may be more interested in 
updating their resumes than watching the security logs or applying the latest patch. At 
best, they are somewhat distracted. There is usually a great deal of confusion and change 
during these times, and most people don't want to be perceived as uncooperative or as 
inhibiting progress. This provides for increased opportunities for exploitation by a skilled 
social engineer.
The reverse of "bad times" opportunities can also be true. When a company 
experiences rapid growth, oftentimes their processes and procedures lag behind. Who's 
making sure there isn't an unauthorized guest at the new-hire orientation? Is that another 
new employee walking around the office, or is it an unwanted guest? Who's that with 
the laptop in the conference room? Is that the normal paper-shredder company? Janitor?
If the company is a publicly traded company, information about current events is 
widely available on the Internet. In fact, publicly traded companies are required to file 
certain periodic reports to the Securities and Exchange Commission (SEC) on a regular 
basis; these reports provide a wealth of information. Two reports of particular interest 
are the 10-Q (quarterly) and the 10-K (annual) reports, and you can search the EDGAR 
database at http://www.sec.gov  to view them. When you find one of 
these reports, search for keywords like "merger," "acquisition," "acquire," and "subsequent 
event." With a little patience, you can build a detailed organizational chart of the entire 
organization and its subsidiaries.
Business information and stock trading sites can provide similar data such as Yahoo 
Finance message boards. For example, check out the message board for any company 
and you will find a wealth of potential dirt—er, I mean information—that could be used 
to get in the head of the target company. Comparable sites exist for major markets around 
the world. An attacker can use this information to target weak points in the organization. 
Most hackers will choose the path of least resistance—and why not?

Company Web Pages



Company Web Pages
Perusing the target organization's web page will often get you off to a good start. Many 
times, a website will provide excessive amounts of information that can aid attackers. 
Believe it or not, we have actually seen organizations list security configuration details 
and detailed asset inventory spreadsheets directly on their Internet web servers.
In addition, try reviewing the HTML source code for comments. Many items not 
listed for public consumption are buried in HTML comment tags, such as <, !, and --. 
Viewing the source code offline may be faster than viewing it online, so it is often 
beneficial to mirror the entire site for offline viewing, provided the website is in a format 
that is easily downloadable—that is, HTML and not Adobe Flash, usually in a Shockwave 
Flash (SWF) format. Having a copy of the targeted site locally may allow you to 
programmatically search for comments or other items of interest, thus making your 
footprinting activities more efficient. A couple of tried and true website mirroring tools are
• Wget (http://www.gnu.org/software/wget/wget.html) for UNIX
• Teleport Pro (http://www.tenmax.com) for Windows
Be sure to investigate other sites beyond the main "http://www" and "https://
www" sites as well. Hostnames such as www1, www2, web, web1, test, test1, etc., are all 
great places to start in your footprinting adventure. But there are others, many others.
Many organizations have sites to handle remote access to internal resources via a 
web browser. Microsoft's Outlook Web Access is a very common example. It acts as a 
proxy to the internal Microsoft Exchange servers from the Internet. Typical URLs for this 
resource are https://owa.example.com or https://outlook.example.com. Similarly, 
organizations that make use of mainframes, System/36s or AS/400s may offer remote 
access via a web browser via services like WebConnect by OpenConnect (http://www
.openconnect.com), which serves up a Java-based 3270 and 5250 emulator and allows for 
"green screen" access to mainframes and midrange systems such as AS/400s via the 
client's browser.
Virtual Private Networks (VPN) are very common in most organizations as well, so 
looking for sites like http://vpn.example.com, https://vpn.example.com, or http://www
. example.com/vpn will often reveal websites designed to help end users connect to their 
companies' VPNs. You may find VPN vendor and version details as well as detailed 
instructions on how to download and configure the VPN client software. These sites may 
even include a phone number to call for assistance if the hacker—er, I mean, employee—
has any trouble getting connected.
Related Organizations
Be on the lookout for references or links to other organizations that are somehow related 
to the target organization. For example, many targets outsource much of their web 
development and design. It's very common to find comments from an author in a file 
you find on the main web page. For example, we found the company and author of a 
CSS file (Cascading Style Sheet) just recently, indicating that the target's web development 



was done outside the company. In other words, this partner company is now a potential 
target for attack.
/*
Author:
Developer: ,
Client:
*/
Even if an organization keeps a close eye on what it posts about itself, its partners are 
usually not as security-minded. They often reveal additional details that, when combined 
with your other findings, could result in a more sensitive aggregate than your sites 
revealed on their own. Additionally, this partner information could be used later in a 
direct or indirect attack such as a social engineering attack. Taking the time to check out 
all the leads will often pay nice dividends in the end.
Location Details
A physical address can prove very useful to a determined attacker. It may lead to 
dumpster-diving, surveillance, social-engineering, and other nontechnical attacks. 
Physical addresses can also lead to unauthorized access to buildings, wired and wireless 
networks, computers, mobile devices, and so on. It is even possible for attackers to attain 
detailed satellite imagery of your location from various sources on the Internet. Our 
personal favorite is Google Earth (formerly KeyHole) and can be found at http://earth
.google.com/ (see Figure 1-1). It essentially puts the world (or at least most major metro 
areas around the world) in your hands and lets you zoom in on addresses with amazing 
clarity and detail via a well-designed client application.
Another popular source is http://terraserver.microsoft.com.
Using Google Maps (http://maps.google.com), you can utilize the Street View (see 
Figure 1-2) feature, which actually provides a "drive-by" series of images so you can 
familiarize yourself with the building, its surroundings, the streets, and traffic of the 
area. All this helpful information to the average Internet user is a treasure trove of 
information for the bad guys.
Employees: Phone Numbers, Contact Names, E-mail Addresses, 
and Personal Details
Attackers can use phone numbers to look up your physical address via sites like http://
www.phonenumber.com, http://www.411.com, and http://www.yellowpages.com. 
They may also use your phone number to help them target their war-dialing ranges, or 
to launch social-engineering attacks to gain additional information and/or access.
Contact names and e-mail addresses are particularly useful datum. Most organizations 
use some derivative of the employee's name for their username and e-mail address (for 
example, John Smith's username is jsmith, johnsmith, john.smith, john_smith, or smithj, 
and his e-mail address is jsmith@example.com or something similar). If we know one of 
these items, we can probably figure out the others. Having a username is very useful 

INTERNET FOOTPRINTING



INTERNET FOOTPRINTING
Although many footprinting techniques are similar across technologies (Internet and 
intranet), this chapter focuses on footprinting an organization's connection(s) to the 
Internet. Remote access is covered in detail in Chapter 6.
It is difficult to provide a step-by-step guide on footprinting because it is an activity 
that may lead you down many-tentacled paths. However, this chapter delineates basic 
steps that should allow you to complete a thorough footprinting analysis. Many of these 
techniques can be applied to the other technologies mentioned earlier.
Step 1: Determine the Scope of Your Activities
The first item of business is to determine the scope of your footprinting activities. Are 
you going to footprint the entire organization, or limit your activities to certain subsidiaries 
or locations? What about business partner connections (extranets), or disaster-recovery 
sites? Are there other relationships or considerations? In some cases, it may be a daunting 
task to determine all the entities associated with an organization, let alone properly 
secure them all. Unfortunately, hackers have no sympathy for our struggles. They exploit 
our weaknesses in whatever forms they manifest themselves. You do not want hackers 
to know more about your security posture than you do, so figure out  every potential 
crack in your armor!
Step 2: Get Proper Authorization
One thing hackers can usually disregard that you must pay particular attention to is 
what we techies affectionately refer to as layers 8 and 9 of the seven-layer OSI Model—



Politics and Funding. These layers often find their way into our work one way or another, 
but when it comes to authorization, they can be particularly tricky. Do you have 
authorization to proceed with your activities? For that matter, what exactly are your 
activities? Is the authorization from the right person(s)? Is it in writing? Are the target IP 
addresses the right ones? Ask any penetration tester about the "get-out-of-jail-free card," 
and you're sure to get a smile.
While the very nature of footprinting is to tread lightly (if at all) in discovering 
publicly available target information, it is always a good idea to inform the powers that 
be at your organization before taking on a footprinting exercise.
Step 3: Publicly Available Information
After all these years on the web, we still regularly find ourselves experiencing moments 
of awed reverence at the sheer vastness of the Internet—and to think it's still quite young! 
Setting awe aside, here we go…
Publicly Available Information
Popularity: 9
Simplicity: 9
Impact: 2
Risk Rating: 7
The amount of information that is readily available about you, your organization, its 
employees, and anything else you can image is nothing short of amazing.
So what are the needles in the proverbial haystack that we're looking for?
• Company web pages
• Related organizations
• Location details
• Employees: phone numbers, contact names, e-mail addresses, and personal 
details
• Current events: mergers, acquisitions, layoffs, rapid growth, and so on
• Privacy or security policies and technical details indicating the types of security 
mechanisms in place
• Archived information
• Disgruntled employees
• Search engines, Usenet, and resumes
• Other information of interest

Why Is Footprinting Necessary? BY MOHAN



Footprinting is necessary for one basic reason: it gives you a picture of what the hacker 
sees. And if you know what the hacker sees, you know what potential security exposures 
you have in your environment. And when you know what exposures you have, you 
know how to prevent exploitation.
Hackers are very good at one thing: getting inside your head, and you don't even know 
it. They are systematic and methodical in gathering all pieces of information related to 
the technologies used in your environment. Without a sound methodology for performing 
this type of reconnaissance yourself, you are likely to miss key pieces of information 
related to a specific technology or organization—but trust me, the hacker won't.
Be forewarned, however, footprinting is often the most arduous task of trying to 
determine the security posture of an entity; and it tends to be the most boring for freshly 
minted security professionals eager to cut their teeth on some test hacking. However, 
footprinting is one of the most important steps and it must be performed accurately and 
in a controlled fashion.
INTERNET FOOTPRINTING
Although many footprinting techniques are similar across technologies (Internet and 
intranet), this chapter focuses on footprinting an organization's connection(s) to the 
Internet. Remote access is covered in detail in Chapter 6.
It is difficult to provide a step-by-step guide on footprinting because it is an activity 
that may lead you down many-tentacled paths. However, this chapter delineates basic 
steps that should allow you to complete a thorough footprinting analysis. Many of these 
techniques can be applied to the other technologies mentioned earlier.

WHAT IS FOOTPRINTING IN HACKING ARENA BY MOHAN KUMAR



Before the real fun for the hacker begins, three essential steps must be performed. 
This chapter will discuss the first one:  footprinting, the fine art of gathering 
information. Footprinting is about scoping out your target of interest, understanding 
everything there is to know about that target and how it interrelates with everything 
around it, often without sending a single packet to your target. And because the direct 
target of your efforts may be tightly shut down, you will want to understand your target's 
related or peripheral entities as well.
Let's look at how physical theft is carried out. When thieves decide to rob a bank, 
they don't just walk in and start demanding money (not the high IQ ones, anyway). 
Instead, they take great pains to gather information about the bank—the armored car 
routes and delivery times, the security cameras and alarm triggers, the number of tellers 
and escape exits, the money vault access paths and authorized personnel, and anything 
else that will help in a successful attack.
The same requirement applies to successful cyber attackers. They must harvest a 
wealth of information to execute a focused and surgical attack (one that won't be readily 
caught). As a result, attackers will gather as much information as possible about all 
aspects of an organization's security posture. In the end, and if done properly, hackers 
end up with a unique  footprint, or profile of their target's Internet, remote access, intranet/
extranet, and business partner presence. By following a structured methodology, 
attackers can systematically glean information from a multitude of sources to compile 
this critical footprint of nearly any organization.
Sun Tzu had this figured out centuries ago when he penned the following in The Art 
of War: "If you know the enemy and know yourself, you need not fear the result of a 
hundred battles. If you know yourself but not the enemy, for every victory gained you 
will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb 
in every battle."
You may be surprised to find out just how much information is readily and publicly 
available about your organization's security posture to anyone willing to look for it. 
After all, all a successful attack requires is motivation and opportunity. So it is essential 
for you to know what the enemy already knows about you!
WHAT IS FOOTPRINTING?
The systematic and methodical footprinting of an organization enables attackers to create 
a near complete profile of an organization's security posture. Using a combination of 
tools and techniques coupled with a healthy dose of patience and mind-melding, 
attackers can take an unknown entity and reduce it to a specific range of domain names, 
network blocks, subnets, routers, and individual IP addresses of systems directly 
connected to the Internet, as well as many other details pertaining to its security posture. 
Although there are many types of footprinting techniques, they are primarily aimed at 
discovering information related to the following environments: Internet, intranet, remote 
access, and extranet. Table 1-1 lists these environments and the critical information an 
attacker will try to identify.



Technology Identifi  es
Internet Domain names
Network blocks and subnets
Specifi c IP addresses of systems reachable via the Internet
TCP and UDP services running on each system identifi  ed
System architecture (for example, Sparc vs. x86)
Access control mechanisms and related access control lists 
(ACLs)
Intrusion-detection systems (IDSs)
System enumeration (user and group names, system 
banners, routing tables, and SNMP information)
DNS hostnames
Intranet Networking protocols in use (for example, IP, IPX, DecNET, 
and so on)
Internal domain names
Network blocks
Specifi c IP addresses of systems reachable via the intranet
TCP and UDP services running on each system identifi  ed
System architecture (for example, SPARC vs. x86)
Access control mechanisms and related ACLs
Intrusion-detection systems
System enumeration (user and group names, system 
banners, routing tables, and SNMP information)
Remote access Analog/digital telephone numbers
Remote system type
Authentication mechanisms
VPNs and related protocols (IPSec and PPTP)
Extranet Domain names
Connection origination and destination
Type of connection
Access control mechanism

IAAAS—IT'S ALL ABOUT ANONYMITY, STUPID by MOHAN KUMAR



IAAAS—IT'S ALL ABOUT ANONYMITY, STUPID
As the Internet has evolved, protecting your anonymity has become a quest like no othe
There have been many systems developed in an attempt to provide strong anonymit
while at the same time providing practicality. Most have fallen short in comparison 
"The Onion Router," or Tor for short. Tor is the second-generation low-latency anonymi
network of onion routers that enables users to communicate anonymously across th
Internet. The system was originally sponsored by the U.S. Naval Research Laborator
and became an Electronic Frontier Foundation (EFF) project in 2004. Onion routing ma
sound like the Iron Chef gone wild, but in reality it is a very sophisticated technique fo
pseudonymous or anonymous communication over a network. Volunteers operate a
onion proxy server on their system that allows users of the Tor network to mak
anonymous outgoing connections via TCP. Users of the Tor network must run an onio
proxy on their system, which allows them to communicate to the Tor network an
negotiate a virtual circuit. Tor employs advanced cryptography in a layered manne
thus the name "Onion" Router. The key advantage that Tor has over other anonymi
networks is its application independence and that it works at the TCP stream level. It 
SOCKetS (SOCKS) proxy aware and commonly works with instant messaging, Intern
Relay Chat (IRC), and web browsing. While not 100 percent foolproof or stable, Tor 
truly an amazing advance in anonymous communications across the Internet.
While most people enjoy the Tor network for the comfort of knowing they can su
the Internet anonymously, Joe Hacker seems to enjoy it for making your life miserabl
Joe knows that the advances in intrusion detection and anomaly behavior technolog
have come a long way. He also knows that if he wants to keep on doing what he feels 
his God-given right—that is, hacking your system—he needs to remain anonymou
Let's take a look at several ways he can anonymize his activities.



Tor-menting the Good Guys
Joe Hacker is an expert at finding systems and slicing and dicing them for fun. Part of his 
modus operandi (MO) is using nmap to scan for open services (like web servers or 



Windows file sharing services). Of course, he is well versed in the ninja technique of 
using Tor to hide his identity. Let's peer into his world and examine his handiwork 
firsthand.
His first order of business is to make sure that he is able to surf anonymously. Not 
only does he want to surf anonymously via the Tor network, but he also wants to ensure 
that his browser, notorious for leaking information, doesn't give up the goods on him. 
He decides to download and install the Tor client, Vidalia (GUI for TOR) and Privoxy (a 
web filtering proxy) to ensure his anonymity. He hits http://www.torproject.org/
download.html.en to download a complete bundle of all of this software. One of the 
components installed by Vidalia is the Torbutton, a quick and easy way to enable and 
disable surfing via the Tor network (https://addons.mozilla.org/en-US/firefox/
addon/2275). After some quick configuration, the Tor proxy is installed and listening on 
local port 9050, Privoxy is installed and listening on port 8118, and the Torbutton Firefox 
extension is installed and ready to go in the bottom-right corner of the Firefox browser. 
He goes to Tor's check website (https://check.torproject.org) and it reveals his success: 
"Congratulations. You are using Tor." Locked and loaded, he begins to hunt for 
unsuspecting web servers with default installations. Knowing that Google is a great way 
to search for all kinds of juicy targets, he types the following in his search box:
intitle:Test.Page.for.Apache "It worked!" "this Web site!"
Instantly, a list of systems running a default install of the Apache web server are 
displayed. He clicks the link with impunity, knowing that his IP is anonymized and there 
is little chance his activities will be traced back to him. He is greeted with the all too 
familiar, "It Worked! The Apache Web Server is Installed on this Web Site!" Game on. 
Now that he has your web server and associated domain name, he is going to want to 
resolve this information to a specific IP address. Rather than just using something like 
the host command, which will give away his location, he uses tor-resolve, which is 
included with the Tor package. Joe Hacker knows it is critically important not to use any 
tools that will send UDP or ICMP packets directly to the target system. All lookups must 
go through the Tor network to preserve anonymity.
bt ~ # tor-resolve www.example.com
10.10.10.100