Jump to content


Photo
* * * * * 1 votes

Goolag from cDc w/download


  • Please log in to reply
18 replies to this topic

#1 Phail_Saph

Phail_Saph

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 323 posts
  • Country:
  • Gender:Male
  • Location:Philly

Posted 24 February 2008 - 03:34 PM

Hi Everyone,

Cult of the Dead Cow has done it again and so now the hacking community has another wonderful tool. It is called Goolag and it uses Google itself to determine security vulnerabilities on their websites. If you guys had been wondering why for the past two weeks or so you would sometimes have Google asking you to type in some jibberish into a text box that was displayed in Graphical form well now you know why. It looks like Google has had a difficult time zeroing in on the malicious and unmalicious. Be warned however, that Google will pick up on your scans after some time. A simple counter to this is to use ipconfig and then /release followed by a /renew. This works in all public spots like a library or Tmobile. Overtime you will have difficulty keeping yourself undercover if you do this at home since they can easily block your router alone.

Anyway have fun....GoolagAttached File  Goolag.txt   1.21MB   89 downloads

As always in order to defeat the trivial .exe file type protector this file was renamed Goolag.txt. Once you download it rename it back to Goolag.exe and the setup program begins immediately. Hopefully the voice on the other end was an actual female...you'll see what I mean when you download it.

Have Fun,
-----Phail_Saph-----

#2 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,075 posts
  • Country:
  • Gender:Male

Posted 24 February 2008 - 09:27 PM

As always in order to defeat the trivial .exe file type protector this file was renamed Goolag.txt. Once you download it rename it back to Goolag.exe and the setup program begins immediately. Hopefully the voice on the other end was an actual female...you'll see what I mean when you download it.

Have Fun,
-----Phail_Saph-----


As always, scan anything that is ever posted here, not matter how trivial it may be to get around the .exe limitation.

Or you could simply go to http://www.goolag.org/download.html and download it directly from the source. :roll:

#3 BMF

BMF

    DDP Fan club member

  • Members
  • 40 posts

Posted 25 February 2008 - 04:00 AM

Their "war" is pure fail. You get blocked right away then over and over again. You might as well cut and paste into Scroogle.

#4 WhatChout

WhatChout

    Dangerous free thinker

  • Members
  • 814 posts

Posted 25 February 2008 - 10:35 AM

What's the point of this, again?

#5 Phail_Saph

Phail_Saph

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 323 posts
  • Country:
  • Gender:Male
  • Location:Philly

Posted 26 February 2008 - 01:29 AM

Hi All,

In general to all those who are having problems with the software, in the sense that it keeps getting blocked, I would like you to keep a few things in mind. First, if you keep getting blocked, well then this is your first hack test so to speak. There are multiple ways to ameloriate Google blocking you. I named an easy one up above that everyone here should already know. As Google zeros you in you'll notice that your blocking ratio skyrockets; also, if you test piece meal or perform specific tests the ratio nearly collapses unless once again you have been targeted. Second, you aren't doing anything illegal, unless of course you are using it against other sites to probe their weakness/defenses. That is ILLEGAL. The fact that Google is going out of its way to interfere with the legal uses of this software to allow oneself to use Google in order to test, quickly and efficiently, one's own website or honeypot is going too far. Google and Yahoo will hand over to the Chinese information that can get a person executed all so they can continue to make a buck or yaun (or whatever), so I don't have much good will and understanding towards them when they want to go out of their way and attempt to block my use of their site for legitimate reasons, or even illegitimate reasons. Therefore, hacking in this sense is in the true Spirit of Hacking- not letting someone who has no right over you to tell you how you should behave. They are not the police. It isn't their role to "safeguard" the net. If you use the software for malicious reasons and get in trouble-good, but that shouldn't affect my uses of it for legitimate reasons.

Enough of the philosophical rant...anyway for those who don't get it. This piece of software is like an encyclopedia of web threats (exploits). I can't see any true hacker not getting a little aroused at the collection of awesome material in one package. The information captions alone are enough for the downloads. Sorry for my ignorance but some of the exploits I wasn't even aware of. This is like Netscan, Netsweep, etc. but for web exploits. We still play with those tools for the learning experience and to collect information. Just because some people have an evil mind and think that with this tool they can just hack into a bank and are disappointed when they cannot should not deter the rest of us, who are into hacking for the shear love of knowledge and the possibilities that that knowledge allows us to realize, to value this great piece of software.

Finally, if the above didn't give you a woody or wet your pants then this should- You can download the source code. It is written in the greatest language ever conceived by Man- C#, and it is well documented in MS's copy of Java docs. That's right not only do we now have another example of some awesome code in the C# language which shall soon put Java in the ground (I despise Java by the way as if you couldn't tell; it ruined programming by being too good of a language before its time if that makes sense; it does all the thinking for you so any idiot can be a programmer that's why its been outsourced), but it gives us the source code of the exploits that we all water our lips over when we hear about them. Between the texts of what the exploits are in the captions of the program and the associated code for them, this is perhaps one of the best learning resources out there for a hacker in addition to its geniune hacking powers.

So hopefully people get it by now and see how this piece of software rolls into one many of the skills a hacker needs to be successful: from evading Google to learning how to program exploits yourself.


-----Phail_Saph-----

#6 kitche

kitche

    Hakker addict

  • Members
  • 549 posts

Posted 26 February 2008 - 04:36 PM

umm yeah do a search next time this has already been posted.

#7 Phail_Saph

Phail_Saph

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 323 posts
  • Country:
  • Gender:Male
  • Location:Philly

Posted 27 February 2008 - 12:08 AM

umm..so..umm..what..umm..douche......

Get over it.

You posted it in the wrong area- this is great news that should go up on the front page, so to speak. Not to mention, the conversation you guys had was not very deep. Look at the contrast between the views of this thread vs. yours, despite having a few hours lead time.

Instead you should be helping the rest of us with good ideas like ways to evade Google from blocking you. Or passing along to everyone what you "mined" from the well written source code.

What kind of hacker are you? You goddamn Microso...wait I go to far.

Lighten Up. ;)

-----Phail_Saph-----

#8 M0ralGray

M0ralGray

    H4x0r

  • Members
  • 39 posts
  • Location:The Street

Posted 27 February 2008 - 01:51 PM

"It is written in the greatest language ever conceived by Man- C#"
"What kind of hacker are you? You goddamn Microso...wait I go to far."

So... do you like Microsoft or not? I can't tell... :huh:

#9 kitche

kitche

    Hakker addict

  • Members
  • 549 posts

Posted 29 February 2008 - 05:05 PM

I don't use GooLag sicne I see no need for it.

And Also I m not a programmer so the code does not matter to me one bit.

And it's not a hard program to make if you actually look at the Google API's.

#10 Majest|c

Majest|c

    Dangerous free thinker

  • Members
  • 883 posts

Posted 29 February 2008 - 08:26 PM

Q: Did you make this?

A: NO

Q: So by Scene Standards you are usinging someone elses materials to get your end done, does this make you a Hacker or a Skiddie?

A: By this Scene ... You are a Skiddie ...

#11 Phail_Saph

Phail_Saph

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 323 posts
  • Country:
  • Gender:Male
  • Location:Philly

Posted 04 March 2008 - 10:25 PM

Hi Everyone,

cDc used Goolag to scan Chinese government websites and they exposed some very naughty things by the commies...

-----Phail_Saph-----

#12 XxthugstylezxX

XxthugstylezxX

    a55 k1553r

  • Members
  • 693 posts
  • Location:734/313

Posted 05 March 2008 - 12:20 AM

1. When you ipconfig /release /renew your not getting a new outside address. Your getting a new internal lan address from your dhcp. Thus making no difference when your ip is blocked.

2. As automated tools are nice. If you cannot use your own brain at least once in a while to perform tasks you will be a "epic fail" in the community and life in general.

3. Proxies ;)

4. As once put to me and no offense to you majestic (as i like you alot) but by re-inventing the wheel when the tool is already out there does not make you a skiddie. However like i put in #2 if you cannot use your own brain then yes your a skiddie. If you did not know how to use google as a security tool, script, or code in some way or another and use somebody else's tool then yes skiddie.

5. Learn web app security ;)

6. Thanks for contributing but again as stated do a quick search before posting to make sure your not double posting. The way your phrase things accounts for how it is taken, and the response you will get. For examples search for my early posts from 2004 (They embarrass me but we all started some where) to get an idea of how not to make threads.

</2cents>

Edited by XxthugstylezxX, 05 March 2008 - 08:28 AM.


#13 Phail_Saph

Phail_Saph

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 323 posts
  • Country:
  • Gender:Male
  • Location:Philly

Posted 05 March 2008 - 02:25 AM

Quite amazing. I post very infrequently, only when I get some good news for everybody and wish to share if with my fellow brothers.

I just don't understand why we can't simply comment on the interesting things that I post. I've already done some modifications on Goolag since it is written in lovely C#, but alas it seems pointless to post since someone will simply critique it for any old reason which has no bearing on the conversation. I've also come up with new "defenses" which minimize my blocking, but why give them out, what's the point? I just don't understand why you post if you are just going to be negative. Fortunately for me, unfortunately for you, I am stuck in a distant city with nothing to do but respond to message boards and catch up on the news...at the moment it seems
Clinton took Texas…

Anyway, as my earlier flame shows, I cannot but respond to douches.

1. You have no understanding of networks beyond your Network+ definition. Comcast is DHCP based, that is why you can see other people on your trunk (which I have a feeling YOU can't do yourself...Douche). When you /release, /renew you are effectively changing you IP address since you are on one big happy Comcast local trunk network family. If you understood the reasons why DHCP was invented in the first place, you could easily grasp why Comcast would implement its network that way. However, you are not completely immune since it seems that Google is eventually able to ensure that your router by using its MAC address (this is not hard), no matter what your new address, is zeroed in and so your blocking shoots back up. But this primitive defense works for awhile, especially if you narrow your dorks down. How do I know? Because I have tested this like all good hackers. DSL is also very similar only with different terms for the points where they determine who is on the "local" network...I probably just lost you there.

Oh got a question for you...have you even tried it? Doesn't sound like it. If you did, did you come up with any new defense? Me thinks not...douche.

Anyway you score a double douche for that comment. Why a double? Well you came off like you were lecturing somebody and so since I know it couldn't be me I decided to respond for your intended recipient. I'm a nice guy like that...go figure.

2. Because of (1) it is clear you have no ability to create your own tools or if you do they are cheap knock offs of what somebody else has done. So again in defense of whomever you think you are lecturing...who are you kidding...haha...

So...once again you score a double douche.

3. Web security...haha...(pause)…haahaha…you don't even understand DHCP.
YOU ARE WEB INSECURITY.

A douche to you good sir...

4. “Thanks for contributing...”You must be kidding me. The fact that you still don't understand the significance of Goolag, including the awesome source code only means you are not even close to the scene. This is the first real scene news of the Year. The fact that you are talking about looking up whether or not something was posted within a matter of hours in the wrong spot and with no understanding of the significance only proves you are a hopeless, yes, hopeless kiddie...you aren't even a skiddie...you are still in diapers.

You are probably crying right now. It isn't your fault that I am stuck at an airport and it isn't your fault you were born with limited creative and mental capabilities to think beyond some kiddie forum etiquette box. I don't blame you; I blame your parents.

Nonetheless, you score a double douche overall.
Remember, you could reduce your douche rating if you actually contribute something useful...a counter defense, some interesting information, etc.


To the real hackers out there I know you are not only appreciating Goolaq, its source, and the hack on the Chinese (who I must say I have fun with myself; their security is usually 1-2 years behind us so up to date exploits work a solid number of times), but also on the counter flames. I know there are a lot of mad chuckles out there...just remember me by the joy I try to spread around...

Remember the vagina is a self cleaning organ, however, sometimes a good douche or two...a double douche XxthugstylezxX is needed. :nono:

-----Phail_Saph-----

#14 XxthugstylezxX

XxthugstylezxX

    a55 k1553r

  • Members
  • 693 posts
  • Location:734/313

Posted 05 March 2008 - 08:19 AM

Aww somebody has sand in their vigina. ^_^

I will not bring myself down to your level. However

"This is the first real scene news of the Year."

Leads me to believe you are still living under a rock.

Secondly, if you took time away from your one demension of thinking for a second. Most and by most im going to say ~90% of us are behind some home, or work based routers/servers that act as our dhcp. There for and i quote once again a /release /renew is not going to do SHIT!

Thats all i have for feeding the TROLL!

Do keep in mind half the time i was defending you. Thanks for being an eleetists one day can you show me how to be one?

Edited by XxthugstylezxX, 05 March 2008 - 08:30 AM.


#15 kitche

kitche

    Hakker addict

  • Members
  • 549 posts

Posted 06 March 2008 - 08:59 PM

Also you have no clue what cDc actually does now really their site might look like it did back in the early days but they are much more grown up then you are when dealing with security among other things.

Editted wrong quote :)

Edited by kitche, 06 March 2008 - 09:00 PM.


#16 kingospam

kingospam

    SUP3R 31337

  • Members
  • 177 posts

Posted 06 March 2008 - 09:10 PM

Q: Did you make this?

A: NO

Q: So by Scene Standards you are usinging someone elses materials to get your end done, does this make you a Hacker or a Skiddie?

A: By this Scene ... You are a Skiddie ...


I'm not sure I agree with that. It's okay to use pre-made tools as long as you understand what's going on behind-the-scenes. Using every exploit that you have in your /l33t/spl01t5 directory against a site you know nothing about (didn't do any footprinting, exploring, research, etc.) is being a script-kiddie. Using a well-crafted tool to enhance techniques is not being a script-kiddie.

For example, let us say that you want to drill a hole in a cement wall to string some wire through. Are you going to use your fingernail to do it because you don't want to use other tools? Or are you going to go to Sears, buy a drill and the right cement drill bits and go to work? Personally, I'd prefer to go to Sears.

So, just because you use a tool doesn't mean you're a script-kiddie. Blindly using 500000 tools when you only need to use two probably earns the script-kiddie award.

#17 newbie_guy

newbie_guy

    the 0ne

  • Members
  • 1 posts
  • Country:
  • Gender:Male
  • Location:Delhi

Posted 05 April 2011 - 01:30 PM

Hi Everyone,

Cult of the Dead Cow has done it again and so now the hacking community has another wonderful tool. It is called Goolag and it uses Google itself to determine security vulnerabilities on their websites. If you guys had been wondering why for the past two weeks or so you would sometimes have Google asking you to type in some jibberish into a text box that was displayed in Graphical form well now you know why. It looks like Google has had a difficult time zeroing in on the malicious and unmalicious. Be warned however, that Google will pick up on your scans after some time. A simple counter to this is to use ipconfig and then /release followed by a /renew. This works in all public spots like a library or Tmobile. Overtime you will have difficulty keeping yourself undercover if you do this at home since they can easily block your router alone.

Anyway have fun....GoolagAttached File  Goolag.txt   1.21MB   89 downloads

As always in order to defeat the trivial .exe file type protector this file was renamed Goolag.txt. Once you download it rename it back to Goolag.exe and the setup program begins immediately. Hopefully the voice on the other end was an actual female...you'll see what I mean when you download it.

Have Fun,
-----Phail_Saph-----




@Phail_Saph

thanks for sharing the download link. unfortunately i'm not able to download the "Goolag.txt" as it fails to save once the download complets.Getting an error like this once it completes the download "Goolag.txt could not be saved, because an unknown error occurred.
".
The other link is not even opening :(

please share some alternate link or upload a good version of the software.

Thanks in advance .

Edited by newbie_guy, 05 April 2011 - 01:32 PM.


#18 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 06 April 2011 - 06:33 AM

hey man this thread died in 2008. You brought back to life a thread thats over 3 years old.

It appears the website is no longer in service. It is a good tool tho. I did a few google searches to try to find a mirror and failed. I will help you look more tomorow
  • StankDawg likes this

#19 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 19 April 2011 - 02:46 AM

hey man this thread died in 2008. You brought back to life a thread thats over 3 years old.

It appears the website is no longer in service. It is a good tool tho. I did a few google searches to try to find a mirror and failed. I will help you look more tomorow



If you're still active, I've found the installer for goolag.

The download is attached to this post.


Scan it if you like, It was downloaded directly from the cDc website....

this software is outdated. You may want to look up the google hacking database that exploitDB are working on

Attached Files


Edited by Afterm4th, 19 April 2011 - 02:47 AM.

  • StankDawg likes this




BinRev is hosted by the great people at Lunarpages!