1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Gat backlinks from .gov sites

Discussion in 'Black Hat SEO' started by kubel, Jan 26, 2008.

  1. kubel

    kubel Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 30, 2007
    Messages:
    231
    Likes Received:
    332
    Hello,

    This is my first post so please, don't be cruel;)

    Here's a list of some .gov sites that I have found to be exploitable.
    I have used a method described in an original version of the Project Black Mask, which, as far as I know, was never published.
    The idea is that you will change the forms on these sites so that instead of
    getting information, they will be posting it. You will place your link in the
    search box, and after modifying the form, the link will get posted instead of
    searched when you hit submit.

    Here's what you have to do:
    1. Get Firefox
    2. Download webmaster toolbar from:
    http://chrispederick.com/work/webdeveloper/
    3. Use the Firefox Extension by going to "forms" and selecting convert
    form methods, change from "post" to "get".
    4. Place the link and anchor text you want to use in the search box and hit
    submit. The link needs to be posted in the format below.
    <a href="http://www.spam.com" title="anchor text" target="_blank">spam</a>

    And here's a list of sites I have used to get the links back:


    hxxp://www.ed.gov/help/site/advsearch/advSearch.jsp
    hxxp://search.ocrwm.doe.gov/search/
    hxxp://www.irs.gov/
    hxxp://yosemite.epa.gov/oar/globalwarming.nsf/searchresult?OpenForm
    hxxp://www.cancer.gov/clinicaltrials/search
    hxxps://fortress.wa.gov/esd/worksource/Employment.aspx
    hxxp://www.imls.gov/search.asp
    hxxp://fwp.mt.gov/lands/search.aspx?q=ACT_4_0
    hxxp://www.usmint.gov/search/index.cfm?flash=yes
    hxxp://www.miamidade.gov/buildingcode/online_product_search.asp
    hxxp://www.usa.gov/
    hxxp://tax.idaho.gov/ucp_search_idaho.htm
    hxxp://www.wsdot.wa.gov/communications/WebManual/Tools/Search.htm
    hxxp://xxx.lanl.gov/form
    hxxp://www.energystar.gov/index.cfm?fuseaction=dishwash.search_dishwashers
    hxxp://www.courts.mo.gov/casenet/cases/searchCases.do?searchType=name
    hxxp://www.nal.usda.gov/fnic/foodcomp/search/
    hxxp://wireless2.fcc.gov/UlsApp/UlsSearch/searchAmateur.jsp
    hxxp://www.gao.gov/docsearch/keyword.php
    hxxp://www.ca5.uscourts.gov:8081/
    hxxp://www.medicare.gov/NHCompare/Include/DataSection/Questions/SearchCriteria.asp?version=default&browser=IE|6|Win2000&language=English&defaultstatus=0&pagelist=Home
    hxxp://scoweb.sco.ca.gov/UCP/
    hxxp://www.ce9.uscourts.gov/web/newopinions.nsf/f606ac175e010d64882566eb00658118/$searchForm?SearchView
    hxxp://www.nsf.gov/awardsearch/
    hxxps://fortress.wa.gov/esd/worksource/AdvancedJobSearch.aspx
    hxxp://wireless2.fcc.gov/UlsApp/UlsSearch/searchLicense.jsp
    hxxp://www.yorkcounty.gov/search.htm
    hxxps://nevadatreasurer.gov/ucsearch/


    I hope it's going to work for you too.

    Cheers,


    kubel
     
    • Thanks Thanks x 3
  2. ummo

    ummo Newbie

    Joined:
    Dec 25, 2007
    Messages:
    27
    Likes Received:
    2
    Hi kubel, that technique only works for when you are in the search results yourself. In the random sampling I did, all the links were for local pages and not other sites.

    I didn't check if they accept HTML tags (link injection), but I doubt sites like irs.gov would be vulnerable to something like that. Anyway, Google doesn't pages with HTML in the URL.
     
  3. Fouad Aslam

    Fouad Aslam Registered Member

    Joined:
    Jan 16, 2008
    Messages:
    54
    Likes Received:
    11
    Location:
    planet earth
    wow, if this works then this should be very valuable. thanks for posting this. Rep given.
     
  4. kubel

    kubel Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 30, 2007
    Messages:
    231
    Likes Received:
    332
    Thanks man!
    :D
     
  5. kubel

    kubel Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 30, 2007
    Messages:
    231
    Likes Received:
    332
    @ummo

    That's right. The method does not work in all circumstances, but sometimes, all you need is just 1 lousy gov link from a single page to get you ranked.
    RE: irs site - it is vulnerable, I checked it 5 minutes ago. See Capture.jpg attached.[​IMG]

    Regards,

    kubel
     
  6. torched

    torched Junior Member

    Joined:
    Mar 6, 2007
    Messages:
    146
    Likes Received:
    416
    LOL guys seriously pick your targets more carefully, theres a big difference between using xss on a 24 yr old's surfing blog vs a government website.
     
  7. xXKingdom_SEOXx

    xXKingdom_SEOXx BANNED BANNED

    Joined:
    Nov 1, 2007
    Messages:
    646
    Likes Received:
    51
    It so sad that google is smart LOL. kubel good stuff presented....
     
  8. RiTu

    RiTu Regular Member

    Joined:
    Oct 28, 2007
    Messages:
    403
    Likes Received:
    158
    Location:
    shiver down your spine
    Google no more give credits using to sites using XSS (this method you described).
    If html with a href is in url, you wont get link juice.

    btw, this method is from Black Mask Project ebook :)
     
  9. kubel

    kubel Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 30, 2007
    Messages:
    231
    Likes Received:
    332
    I've mentioned the source already:)
     
  10. RiTu

    RiTu Regular Member

    Joined:
    Oct 28, 2007
    Messages:
    403
    Likes Received:
    158
    Location:
    shiver down your spine
    Yup, you're right :)

    anyway, i will try to use it as parasite host...on pr8 university site with xrumer :D
     
  11. kubel

    kubel Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 30, 2007
    Messages:
    231
    Likes Received:
    332
    Let us know how it went:D
     
    • Thanks Thanks x 1
  12. RiTu

    RiTu Regular Member

    Joined:
    Oct 28, 2007
    Messages:
    403
    Likes Received:
    158
    Location:
    shiver down your spine
    btw how is it possible on usa.gov? didn't found any search that allow html
     
  13. ballot

    ballot Registered Member

    Joined:
    Dec 17, 2007
    Messages:
    92
    Likes Received:
    8
    what are u plannig about getting pr10 .gov site's pr0 link :confused:
    want to get sandboxed for getting thousands of pr0 links
     
  14. RiTu

    RiTu Regular Member

    Joined:
    Oct 28, 2007
    Messages:
    403
    Likes Received:
    158
    Location:
    shiver down your spine
    Search Engines count only clickable links as backlinks :p
     
  15. ummo

    ummo Newbie

    Joined:
    Dec 25, 2007
    Messages:
    27
    Likes Received:
    2
    kubel, the irs.gov site is not vulnerable. There is no link to http://anysitetoprovemypoint.com in your screenshot, the < and > characters are escaped in every instance.
     
  16. poo

    poo Power Member

    Joined:
    Jan 13, 2008
    Messages:
    618
    Likes Received:
    5
    Great post, only if that worked..
     
  17. nme

    nme Junior Member

    Joined:
    Jan 17, 2008
    Messages:
    124
    Likes Received:
    36
    I see nothing but fail in this strategy. Somethings are best left alone.
     
  18. blackhatpro

    blackhatpro Newbie

    Joined:
    Jan 30, 2008
    Messages:
    12
    Likes Received:
    2
    Occupation:
    Black Hat SEO Pro
    Location:
    London
    Home Page:
    GAWWWD, I've got more chance of getting links on .gov sites if I got a job at the IRS and got access to the server and posted the links myself, what bo..am I allowed to swear ?
     
  19. pary07

    pary07 Newbie

    Joined:
    Sep 3, 2007
    Messages:
    23
    Likes Received:
    0
    tough to make it worthwhile:-

    1. a lot of vulnerable sites hve actually plugged the loopholes

    2. this used 2 work long ago, but now Goole n company has cracked down on it n don't give weight to it. btw, the author of project black hat stole the idea from a blackhat blog called boogybonbon or or something ;-

    anyways...there are still many secrets in blackhat world....so keep trying guys....:D

    google me
    :fight: