Wednesday 29 September 2010

Running firefox inside firefox

This is not a useful thing but still is a fun trick to show to your friends.

Just paste the following code in your mozilla firefox address bar and hit ENTER to see the new firefox inside the firefox.


View the screenshot below to see how it looks like:


Batch to C Converter

This small snippet of C source code converts the commands of batch (i.e. the commands you type in command prompt) into the C source code. It was compiled in Dev-CPP and is pretty basic. I hope some of you might find it useful. It just uses the system() command of stdlib.h header file.

Source code:

 * Batch DOS To C Source Code Converter v.1.1 *  
 * Coded by Samar Dhwoj Acharya aka $yph3r$am *  
 * Website =>  *  
 * E-mail meh at samar_acharya[at] *  
 * I know to code: PHP, PERL, C, JAVA, PYTHON *  
 //include header files...  
 #include <stdio.h>  
 #include <conio.h>  
 #include <stdlib.h>  
 #include <ctype.h>  
 #include <string.h>  
 int main()  
   FILE *fp;  
   char filename[30];     //filename for source code  
   // starting header of outputted file  
   char header[300] = "/*\nBatch DOS command To C Source Converter\nBy sam207 (samar_acharya[at]\n\n\n*/\n";  
   //all the includes in output file  
   char incs[200] = "#include <stdio.h>\n#include <conio.h>\n#include <stdlib.h>\nint main()\n{\n";  
   //end part of output file  
   char end[50] = "\tgetch();\n}";  
   //for command  
   char cmd[150];  
   printf("\t|BATCH TO C SOURCE CONVERTER |\n");  
   printf("\t|CODED BY SAMARDHWOJ ACHARYA |\n");  
   printf("\nEnter the filename(with .c extension): ");  
   fp = fopen(filename,"w");  
   if (fp==NULL)  
    printf("Some error occurred while opening file");  
     printf("\nNow start entering DOS commands: \n");  
     printf("When finished, type 'end' for the end of commands\n");  
     while (1)  
        if (!strcmp(cmd,"end"))  
          break;       //if end is typed, get out of loop  
     printf("\n\nFile successfully created");  
     printf("\nNow compile it with any C compiler");  
     printf("\nThanks for using this little app");  

Have fun :)


Tuesday 28 September 2010

Full path disclosure tutorial

Full path disclosure(FPD) is the revelation of the full operating path of a vulnerable script. Full Path Disclosure vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/samar/public_html/. FPD bugs are executed by providing unexpected characters to the vulnerable functions that will in return output the full path of the vulnerable script.

FPD bugs are often overlooked and are not considered as the security threat by many webmasters but that's not true. FPD might be useful for the hackers to determine the structure of the server and they can utilize it to perform other attacks such as file inclusion attacks or load_file() attacks via sql injection.

How to execute FPD
a) Nulled session cookie
Nulled session injection or illegal session injection is done by changing the value of session cookie to an invalid or illegal character.
Illegal Session Injection is made possible via changing the value of the session cookie to an invalid, or illegal character. The most common method is by injecting the NULL character to the PHPSESSID cookie. To inject a PHPSESSID cookie, use JavaScript injection via the URL bar:

On setting the PHPSESSID cookie value to NULL, we can see the result like:

Warning: session_start() [function.session-start]: The session id contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in /home/samar/public_html/includes/functions.php on line 3

b) Array parameter injection(Empty array)
This is another common method of executing the full path disclosure vulnerabilities and usually works for me in many sites. There are different PHP functions which will output warning message along with the full path of the script such as htmlentities(), mysql_num_rows(), opendir(), etc.
We can exploit the $_GET variables... Lets take a simple example:


Now, lets exploit the $_GET['page'] variable which will look as below:


The full path disclosure can be prevented by turning off the display of errors either in php.ini configuration file or in the script itself:

display_errors = 'off'

in php scripts


ini_set('display_errors', false);


Nepali MP3 Songs Downloads [My Playlist]

Some of the nepali songs from my playlist, they are great songs to listen. If you need any other songs, request in this post and I shall try to find them for you.

Download different MP3 songs from the following folder:
Nepali MP3 collection

The songs available for the downloads are:
1) Amar rahos timro maya - phursang lama
2) Antim maya
3) bhoolmaa bhulyo - Robin
4) Bihana pahile ghaama udaune[patriotic song] - Sindhu Jalesa
5) Birsana - Aastha
6) Birshu Bhanchhu - Impulse 21 (confused :p)
7) Harpal tyo timro - Aastha
8) Malai bholi kei bhaye - Karna Das
9) Nabhana mero - Adrian Pradhan [1974 A.D.]
10) Pagal nabhana malai - The Edge
11) Prayas - The Edge
12) Sadhai sadhai
13) Samikshya - Vedh (confused again)
14) timi binaako jeevan
15) timilai odaidiyeko ghumto - sayas
16) Timro sparsa - Basan Shrestha

I'm confused with the name of singers of some songs(I usually don't try to know the artists)...
Enjoy my playlist. :)


Monday 27 September 2010

Edjpgcom - add comments inside a jpg image

We can sometimes exploit the image upload features and then use file inclusion vulnerabilities to get shell in a server. If the image upload form only allows the .jpg and other valid image files and you locate a local file inclusion vulnerability, you can upload the malicious jpg file containing the PHP code as the commment in it.

In order to add the comment easily inside the jpg images, we can use a small tool called edjpgcom, a jpg commenter. You can drag a jpg image to the edjpgcom icon which will open a window to add comment to the jpg image.



Friday 24 September 2010

Making a autorun in Pen[USB] drive [autorun.inf]

In this post, I shall be writing about creating autorun file in order to run or execute any program from your pendrive. Autorun.inf is a special file that can contain the information regarding the icon for drive, autorun programs, etc.

Using autorun.inf can also be useful for running the virii and worms automatically from the USB drive.

How to:
1) Open notepad
2) Type the following:


This autorun.inf file now should be saved in the root directory of your USB drive and you'll have your autorun file... :)

Now let me say the way of changing icon of the drive. In order to change the icon of your USB drive, type the following in autorun.inf file.


That's all. :)


Wednesday 22 September 2010

Funny Google Tricks

In this post, I'm listing few funny google tricks I have learnt in the recent days. Though not so useful, they are something cool to know...

1) Hidden game from google:
- Go to
You'll be able to play the hidden game offered by google. :)

2) Google reversed
- Go to Google homepage
On the search box, type google reverse or elgoog and press on I am feeling lucky button.
You'll see reversed google. :)

3) Find Chuck Noris
- Go to Google homepage
On the search box, type find Chuck Noris and press on I am feeling lucky button. See the result.. :p

4) Answer to life the universe and everything
- On the google homepage search box, type answer to life the universe and everything. You'll see the google's calculation of the answer to life the universe and everything.

5) Who's the cutest
- Go to google homepage
On the search box, type who's the cutest and press on I am feeling lucky button. You'll be so happy with the result... :P

6) Google epic
- Go to google homepage
On the search box, type google epic and press on I am feeling lucky button. Wait for a while and you'll see everything expanding in the page.

7) Google rainbow
- Go to google homepage
On the search box, type google rainbow and press on I am feeling lucky button. You'll reach the page with colourful texts.


Replacing All Instances of a Word in string [PHP]

PHP offers a useful function called str_replace() that can be used to replace every instance of a word in a string. This function takes three compulsory arguments and one optional argument.

The first argument represents the string to be replaced, the second the replacement value and the third the target string. The function returns the modified string.


function replace($string)
    return str_replace("dog", "samar", $string);

$str = "I am dog so you call me dog";
echo $str;
echo "
".replace($str); //call replace function

I am dog so you call me dog
I am samar so you call me samar

Now, what if you want to work with arrays of words to replace with, for instance, in the censoring tasks. You can write some PHP stuff as below to perform the task.

function badword_censor($string)
    $string = strtolower($string);
    $badwords = array("fuck","bitch","cunt","faggot","penis","vagina","dick","pussy");
// add as per your requirement
    $string = str_replace($badwords,"*censored*",$string);
    return $string;
$str = "Fuck you bitch.";
//echo $str;
echo "

*censored* you *censored*.

Also, refer to the str_ireplace(), the case insensitive version of this function.
Hope this helps. :)

Edit: Thanks to cr4ck3r for the comments. Updated the post... :)


EmailTrackerPro - Email tracking software for tracking the sender

eMailTrackerPro is the tool that can help you track down the email senders by analyzing the email headers. This tool is a product from the VisualWare Inc. which works in network assessment and connection analysis solutions.

eMailTrackerPro asks for the email header and all the tasks is done by this tool. eMailTrackerPro analyzes the email header to find the route or path of the email. And hence it helps to track down the email sender's IP address which can be very useful for dealing with spam emails.

In order to find the email header, you'll have to open the email in your inbox and there should be some location from where you can view the email header. For instance, Yahoo mail has the option called view full header in Actions tab when you're viewing the email(See the screenshot below).

Now, all you've to do is copy these email headers and let the eMailTrackerPro analyze the headers and provide you the IP address of the originating location.

The software will generate the report in HTML format too.

Go to eMailTrackerPro home

Have fun... :)


Working with text case of PHP string

PHP provides number of functions to work with the case of the string. All these functions take the source string as their argument and return the modified string. The original source string will not be modified by any of these functions.

The PHP functions for working on case are:
strtolower() - Converts the entire string to lowercase

strtoupper() - Converts the entire string to uppercase

ucfirst() - Converts the first letter of the sentence to uppercase

ucwords() - Converts the first letter of every word in string to uppercase

//usage of ucfirst() function
$str = "i am samar";
$str = ucfirst($str);
echo $str;

Output: I am samar

//usage of ucwords() function
$str = "i am samar";
$str = ucwords($str);
echo $str;

Output: I Am Samar

//usage of strtoupper() function
//similarly use strtolower() function
$str = "i am samar";
$str = strtoupper($str);
echo $str;

Output: I AM SAMAR


Tuesday 21 September 2010

Online Photo Editor - Lightweight web-based Alternatives to Desktop Photo Editors

With the ease in web access, internet users are using more and more online photo editing services available at different sites. And, I am also one of the regular users of the online photo editing service.

Though there exists several sites providing the free photo editing software, I have been using a single service available at

The photo editing interface it provides is so similar to photoshop that it seems to be the lightweight version of the Adobe Photoshop.

Go to Photo Editor

Hope this helps you. :)


Online Hex Color Value Picker

For my raw HTML designs and other similar tasks, I do not keep on opening adobe photoshop or even the tiny color picker programs. Instead I depend upon the online color picking site in order to get the hex values of the colors I choose for my works.

ColorPicker.Com works perfectly fine for me for getting the hex color codes of the useful colours for me.

Go to ColorPicker.Com

Have fun with the online color picker. Hope this helps. :)


GPRS/WAP Setting for Ncell

NCELL, the second biggest telecommunication company in Nepal is providing GPRS, EDGE and WAP services so that it users can surf the net easily using their capable handsets. This post is about how to activate and make setting of GPRS for NCELL provider.

By default, all the NCELL users have GPRS activated(that's what NCELL says). In case, your handset doesn't have the GPRS data transfer service activated, do one of the following:
1) Type A in message box and send the SMS to 900224. (note that you can type R and send the SMS to same number to deactivate the GPRS service.)

2) Dial *100# and follow the instructions

In order to get settings for your phone, type ALL and send SMS to 9595. Save the settings.

General settings for NCELL:
Access point name(APN): web
IP/Proxy IP:
Port: 9201 (For WAP1)/ 8080 (For HTTP or WAP2)


Google sphere: google trick

In this post, I'm going to post a google trick which I read on another site. This trick is the google sphere animation.

First, open the webpage of google(
Now, in the search box, enter the text "google sphere" without quotes. Then, press on I'm feeling lucky.
You'll see the animating google sphere page.


Sunday 19 September 2010

Mozilla Firefox Keyboard Shortcuts

Firefox is becoming more and more popular among the web browsers and this page lists the keyboard shortcuts that can be used with Mozilla Firefox.

F1     Opens Firefox help
F3     Find more text within the same webpage
F5     Reload the current webpage
F6     Toggles the cursor between the addressbar and current webpage
F7     Toggles Caret Browsing on and off.
       Used to be able to select text on a webpage with the keyboard
F11     Switch to Full Screen mode 
CTRL + A  Select all text on a webpage
CTRL + B  Open the Bookmarks sidebar
CTRL + C  Copy the selected text to the Windows clipboard
CTRL + D  Bookmark the current webpage
CTRL + F  Find text within the current webpage
CTRL + G  Find more text within the same webpage
CTRL + H  Opens the webpage History sidebar
CTRL + I  Open the Bookmarks sidebar
CTRL + J  Opens the Download Dialogue Box
CTRL + K  Places the cursor in the Web Search box
CTRL + L  Places the cursor into the URL box
CTRL + M  Opens your mail program to create a new email message
CTRL + N  Opens a new Firefox window
CTRL + O  Open a local file
CTRL + P  Print the current webpage
CTRL + R  Reloads the current webpage
CTRL + S  Save the current webpage on your PC
CTRL + T  Opens a new Firefox Tab
CTRL + U  View the page source of the current webpage
CTRL + V  Paste the contents of the Windows clipboard
CTRL + W  Closes the current Firefox Tab or Window
CTRL + X  Cut the selected text
CTRL + Z  Undo the last action


TrueCrypt - Free open-source disk encryption software

TrueCrypt is a free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux which is capable of encrypting your hard disk efficiently. TrueCrypt performs on-the-fly encryption(OTFE) and is capable of creating a virtual encrypted disk within a file and mounting it as a real disk. It also can encrypt an entire partition or storage device such as USB flash drive or hard drive.

The encryption provided by TrueCrypt is automatic, real and transparent. You can read more about TrueCrypt in TrueCrypt's Documentation HERE.

You can download TrueCrypt from HERE.


Fun Video - १० बर्षपछिको नेपाल(२०७५ B.S.)

सुप्रसिद्ध कलाकार मनोज गजुरेल अभिनित यो भिडियोमा मनोज गजुरेलको १० बर्षपछिको नेपालको परिकल्पना प्रस्तुत गरिएकोछ। भिडियोमा मनोज गजुरेलले नेकपा maawobaadi पार्टी प्रमुख प्रचन्डको भूमिका निवाएकाछन।

भिडियो डाउनलोद गर्ने link

This video is the fun video featuring the interview of Mr. Prachanda(Mr. Manoj Gajurel) in year 2075 B.S.

Download It From HERE


KeyScrambler - A breakthrough in battling Keyloggers

Keyloggers are malware planted by cyber criminals along the crucial path to observe and record your keystrokes, a way to steal your private information so they can use it to steal your money from your bank accounts, open credit card accounts in your name, or assume your identity in other criminal pursuits.

KeyScrambler is an important security tool that works well as anti-keylogger tool and helps prevent people from getting hacked. This software encrypts your keystrokes deep in the kernel and decrypts back in the destination application and hence, keystrokes only catch the scrambled and meaningless keystrokes thus making the keylogging nearly impossible.

KeyScrambler is available in personal, professional and premium versions.



Saturday 18 September 2010

Bypassing safe mode[Hack Windows Box]

Another old time video from me, this video demonstrates the exploitation of the windows server by the use of the shell. This video demonstrates few useful things you can do on the server you get access to.

In the video, I have demonstrated the exploiting of the windows by adding the user account using the shell in the server.

Download Video From HERE

Happy Hacking :)


Thursday 16 September 2010

Installing GCC with Mingw Automated Installer

The beginners might always be stuck on how to install GCC suite in their windows so this post might prove useful for such beginners. GCC is a very popular open source compiler suite that is widely used by open source guys. Its pretty flexible, robust and secure compiler.

In order to install GCC in windows, you can either use CYGWIN port of windows or MINGW port for windows. Both are easy to install but in this post, I'm going to be specific about MINGW because thats what I'm using in my PC.

You'll have to download MINGW-GET installer.

Next run the installer file and you'll reach the following stage of your installation:

Select the required compilers from there and click on Next and finish the installation. The installer will download necessary files from its online repository and you'll have the GCC suite installed in your Windows.


Wednesday 15 September 2010

Adding programs to Startup in Windows

This time, I am going to discuss on few methods of adding the programs to the startup in windows. My descriptions will be based on Windows XP machine and I hope you will find this information useful. Here I'll list out few such methods to add programs to startup in windows.

1. Startup folder: One of the simplest method of adding programs in startup, it provides easy and detectable method of adding any program to startup. For the user Administrator, the startup folder in Windows XP is located at:

C:\Documents and Settings\Administrator\Start Menu\Programs

So for any user you can find startup folder at

C:\Documents and Settings\{Username}\Start Menu\Programs

Replace the {Username} by the username you want.

2) Registry editing
: Registry editing is another powerful method of adding programs in startup and is one of the most popular methods for adding virii and trojans in startup.
The following registry paths can contain the string to the path of the executable to be run at startup


Similarly, you'll find similar registry paths for HKEY_CURRENT_USER. All you have to do is add new string of type REG_SZ containing the path of the executable.

3) Autoexec.bat: Root folder of your windows installation will consist of a file called autoexec.bat which can be edited to add any program in startup. Open the autoexec.bat file and add the path of the executable in the autoexec.bat file.

There are other methods too such as editing win.ini and system.ini editing. I leave them for you to google. Have fun. :)


Escape simple game

I found this game when I was searching for something in google. I tried to cross 18 secs but could not achieve that... Anyway, you may want to try it...
Check the game HERE

Have fun...


I Love You in different languages

A non-technical post in the blog, I thought to share what I found on the net. This post lists the translation of "I Love You" in different languages. Please send any other translation you know and I'll be adding them here...

ABÉ mon ko lo fon
ABOURÉ u'm wloloho
AFAR ko kicinio
AFRIKAANS ek het jou lief / ek is lief vir jou
ALSATIAN ich hab die lieb
AMHARIC afekirahalehu (woman to man) / afekirishalehu (man to woman)
Dialectal ARABIC (North African) n'bghick
Dialectal ARABIC (Eastern) bahebbak (to a man) / bahebbik (to a woman)
Literary ARABIC أُحِبُّكَ (ouhibbouka) - to a man
أُحِبُّكِ (ouhibbouki) - to a woman
Tunisian ARABIC nhebbik
ARMENIAN Ես Քեզ սիրում եմ (yes kez siroum em)
ASTURIAN quiérote
ATIKAMEKW ki sakihitin
ATTIÉ min bou la yé
AZERI men seni sevirem
BAMBARA né bi fè
BAOULE mi klôa
BASHKIR мин хинэ яратау (min khine yaratau)
BASQUE maite zaitut
BASSA me gwes wè
BELARUSIAN Кахаю цябе (kahaju ciabie)
BENGALI aami tomakey bhalo bashi
BERBER hamlagh-kem (to a woman) / hamlagh-k (to a man)
BOBO ma kia bé nà
BOSNIAN volim te
BRETON karout a ran ac'hanout / da garout a ran / me az kar
BULGARIAN обичам те
CATALAN t'estimo
CH'TI j't'aquiers
CHAMORRO hu guiya hao
CHECHEN sun ho ez (to a woman)
sun ho vez (to a man)
CHEROKEE gvgeyui
CHEYENNE ne'mehotatse
CHINESE (MANDARIN) 我爱你 (wo ai ni)
CORSICAN amu tè / ti tengu cara (to a woman) / ti tengu caru (to a man)
CROATIAN volim te
CZECH miluji tě
DAKOTA chantechiciya
DANISH jeg elsker dig
DARI man tu ra dost darom
DIOULA m'bi fê
DOUALA na tondi wa
DUTCH ik houd van jou / ik hou van je
ENGLISH I love you
ESPERANTO mi amas vin
ESTONIAN ma armastan sind
EWE me lonwo
EWONDO ma ding wa
FANG ma dzing wa / ma gnôre wa
FAROESE eg elski teg
FINNISH minä rakastan sinua
FLEMISH (WESTERN) 'k zien je geeren
FON un nyi wan nu we
FRENCH je t'aime
FRISIAN ik hâld fan dy
FRIULAN o ti vuei ben
FULA mido yidouma
GALICIAN amo-te / ámote / quero-te / quérote
GALLO j'sea un diot do tae
GBAYA mi ko me
GEORGIAN me shen mikvarxar
GERMAN ich liebe Dich
GREEK Σ' αγαπώ (s'agapo)
GUARANÍ rojhayhû
GUJARATI hun tane prem karun chhun
HAITIAN CREOLE mwen renmen'w / mouin rinmin'w
HAUSA ina sonki (man to woman)
ina sonka (woman to man)
HAWAIAN aloha wau iā ‘oe
HEBREW ani ohev otakh (man to woman)
ani ohevet otkha (woman to man)
HINDI main tumse pyar karta hoo (man to woman>
mai tumse pyar karathi hun (woman to man)
HMONG kuv hlub koj
HUNGARIAN szeretlek
ICELANDIC ég elska þig
INDONESIAN saya cinta padamu / saya cinta kamu
IRISH GAELIC tá grá agam duit
ITALIAN ti amo
JAPANESE aishitemasu / aishiteru (barely used)
anata ga daisuki desu ("cute")
KABYLIAN hamlagh-kem (man to woman)
hamlaghk (woman to man)
KANNADA naanu ninnanna pritisutteney
KAZAKH myen syeni sooyom / myen syeni zhaksi koryem
KHMER bang srolaïgn ôn (man to woman)
ôn srolaïgn bang (woman to man)
KIKONGO mu me zola nge
KIKUYU ningwendete
KILUBAKAT ami nkuswele
KINYARWANDA ndagukunda
KIRGHIZ men seni sueum
KIRUNDI ndagukunda
KOREAN saranghe
KURDISH ez te hez dikim
LAO khoi hak tchao lai
LATIN te amo
LATVIAN es tevi mīlu
LIGURIAN mi te amu / t'amo / t'amu
LINGALA na lingi yo
LITHUANIAN aš tave myliu
LOW SAXON ik hou van ju
LUSOGA nkwendha
LUXEMBOURGEOIS ech hun dech gäer
MACEDONIAN te sakam (courant) / te ljubam (littéraire)
MALAGASY tiako ianao / tia anao aho (stronger)
MALAY aku cinta padamu
MALAYALAM enikku ninné ishtamaanu
MALTESE inħobbok
MANX ta graih aym ort
MAORI kei te aroha au i a koe
MARATHI majha tujhyavar prem aahe / mi tujhyavar prem karto
MARQUESAN hinenao au ia oe
MAURITIAN CREOLE mo konten twa
MBO mi ding wo
MINA un lon o
MONGOLIAN Би чамд хайртай (bi chamd khairtai)
MORÉ mam nong-a fo
MUNUKUTUBA mu zola ngé
NAPOLETANO te voglio bene
NDEBELE niya ku tanda
NEPALI ma timilai prem garchhu
NORWEGIAN jeg elsker deg
OCCITAN t'aimi
OSSETIAN æз дæ уарзын (æž dæ waržyn)
PAPIAMENTU mi ta stima bo
PERSIAN دوستت دارم (dustat dâram - formal) / duset dâram (informal)
POLISH kocham cię
PORTUGUESE amo-te / eu te amo (Brazilian Portuguese)
PUNJABI mein tenu pyar karda han (male speaker)
mein tenu pyar kardi han (female speaker)
QUECHUA de CUZCO munakuyki
RAPA NUI hanga rahi au kia koe
ROMANI kamaù tut
ROMANIAN te iubesc
RUSSIAN Я тебя люблю (ya tebya l'ubl'u)
SAMOAN ou te alofa ia te oe
SANGO mbi yé mô
SANSKRIT स्निह्यामि त्वयि (snihyāmi tvayi)
SARDINIAN deo t’amo (logudorese) / deu t’amu (campidanese)
SCOTTISH GAELIC tha gaol agam ort / tha gaol agam oirbh
SENUFO mô mi dènè
SERBIAN я те волим (ja te volim) / волим те (volim te)
SESOTHO ke ya ho rata
SHIBUSHI anaou tiakou / zahou mitiya anaou
SHIKOMORI ngam hwandzo
SHIMAORE ni su hu vendza
SHONA ndinokuda
SINDHI moon khay tu saan piyar aahay
SINHALA mama oyata aadareyi (spoken) / mama obata aadareyi (formal)
SLOVAK ľúbim ťa / milujem ťa
SLOVENIAN ljubim te / rad te imam (male speaker) / rada te imam (female speaker)
SOBOTA volim te / se te volime (lit.)
SOMALI waan ku jecelahay
SONHRAÏ aye go bani
SONINKÉ na moula
SPANISH te amo / te quiero
SUSU ira fan ma
SWAHILI nakupenda
SWEDISH jag älskar dig
TAGALOG mahal kita / ini-ibig kita
TAHITIAN ua here vau ia oe
TAJIKI jigarata bihrum duhtari hola (man to woman)
tra lav dorum (woman to man)
TAMIL naan unnai kadalikiren
TATAR мин сини яратам (min sini yaratam)
TELUGU nenu ninnu premisthunnanu
TETUN hau hadomi o
THAI ผมรักคุณ (phom rak khun) - man speaking
ฉันรักคุณ (chan rak khun) - woman speaking
TIBETAN na kirinla gaguidou
TIGRIGNA ye fikireka eye (woman to man) / ye fikireki eye (man to woman)
TONGAN ofa atu
TSHILUBA ndji mukunanga
TURKISH seni seviyorum
TURKMEN seni söýärin
TUVAN мэн сэни ынакшир (men seni ynakshir)
UDMURT mon tone jaratiśko
UKRAINIAN Я тебе кохаю (ia tebe kohaiu)
URDU mein tumse mohabbat karta hoon (man to woman)
main tumse mohabbat karti hoon (woman to man)
mujhe tum se pyar heh
UZBEK men seni sevaman / men seni yahshi ko'raman (less formal)
VALENCIAN te vullk
VEPS minä armastan sindai
VIETNAMESE anh yêu em (man to woman)
em yêu anh (woman to man)
VUTE ma wou ndoune
WALLISIAN eau manako ia koe / eau ofa ia koe
WALOON (orthographe à betchfessîs) dji vs voe voltî
WELSH rydw i'n dy garu di
WOLOF damala nob / damala beug
XHOSA ndiyakuthanda
YAKUT Мин эйиигин таптыыбын (min eyiigin taptyybyn)
YEMBA men nkon' wou
YENICHE y hob ti
YIDDISH ich hob dir lib
YIPUNU ni wu rondi
YORUBA moni ife e


Nepali Hack Challenge Site

I had to develop a reversing challenge site for KU IT Meet 2010 organized by Kathmandu University Computer Club in IT Park, Panauti Road. The challenge was done by few great hackers from Nepal like fr3ak, dpac_, etc. and they finished around 90% of the challenges. But other users were far behind in the challenge so now I want to make this challenge open for everyone.

If you want to participate in the Reversing challenge, you can visit The site is pretty basic in its interface and design as it had to be done very quickly. But still this site might prove useful for some of you to learn hacking as the challenges in the site will guide you to read the related hacking and security articles by searching on your own on google. So I hope you will have fun doing these challenges.

Click to visit the site

If you need any sort of help regarding the challenges, you can always contact me. Best of luck for the challenges.


Tuesday 14 September 2010

Few Online Docx to Doc conversion

With the release of the Microsoft Office 2007, the new XML formats were implemented for the office documents and the new file extensions with the added letter x were created, such as .docx, .pptx, .xlsx, etc. But, this new file format creates problem when the older versions of Microsoft Office are widely in use as the file formats such as .docx can't be opened by the older versions.

And, today I had the same problem when I had received the proposal sample of .docx format and had to open in my microsoft word 2003. Then, I started searching for the online conversion tools for converting .docx to .doc
While searching, I found some working websites for the conversion. This site offers you the conversion of various file formats including .docx to .doc. The service worked perfectly for me... Check the service at

Docx2Doc: This free web service allows you to convert Docx file format into Doc file by uploading your docx file and lets you download the converted doc file. Check the service at

Edit* This service also allows you to convert .docx file format to .doc. Check it at

If you happen to know any other such online converters, be sure to comment. I'll add them here.


Sunday 12 September 2010 Vulnerable to XSS

Today, I was trying to download some file from ziddu and since the author had already deleted the file, I was redirected to the error message page. And I thought of playing around with the message from GET params which was being displayed into the page.

I first added <i> and </i> in between the message and found that the HTML tags were not being filtered. Then I used the <script> tag and tried to do the alert but they were adding backslashes in the single and double quotes...
Then I used the String.fromCharCode() JS function and the alert appeared in the site..,65,77,65,82%29%29;%3C/script%3E suffers from the XSS and I've notified them.


Monday 6 September 2010

Usefull firefox plugins

The Firefox Web Browser is the faster, more secure, and fully customizable way to surf the web. Moreover, it has got thousands of extensions to improve and optimize various aspects of this cool web browser. So lets talk about some useful extensions you will want to have with your firefox browser.

1) Customize google( If you use Google, this extension will save you hours of your time over the long run. Download this extension, go to options, and enable streaming search results. You will never ever have to press the Next button after seeing every 10 search results. This will increase your productivity at least 2 times when searching because in the same time it would have previously taken for you to click on the Next button and wait for more results, you now will already have seen the next 10 results, decided what to do and moved on. Extremely useful extension.

2) Fasterfox( Loads faster web pages by prefetching parts. Renders a small page timer counting in seconds.

3) Performancing ( Excellent extension for bloggers, Performancing, allows you to instantly blog comments you made to any of the major blog systems, or even your own (if your blog supports Moveable Type or WordPress).

4) WebDeveloper ( My personal favourite, it is a Very useful extension for web developers. It creates a toolbar menu with 100s of useful options.

5) NoScript: An absolute must have security addon for your browser, NoScript gives you the power to specify the sites you trust and only those sites will be allowed to run active content like Javascript, Java code and other executable code. The addon thus protects you from cross-site scripting attacks and clickjacking attacks.

6) FoxyProxy: FoxyProxy automatically switches an internet connection across one or more proxy servers based on URL patterns and switching rules defined by you.

7) Facepad: I was thinking of trying to develop a facebook photo downloader addons and I found one to be already existing on the net. This addon allows you to download whole photo album of your friends. My previous post on this is availabe HERE

8) Adblock Plus: It will filter out hundreds of ads when you surf webpages. Webpages will load cleaner, faster, and will have almost zero ads. If you support the blogger you are reading, you can turn off adblock plus for sites you support with one click.

You will be able to get all these addons from the official mozilla's addons site.


Collection of Samsung Command Codes

I was searching for the E250 java games and while I was searching, I came through the list of the codes for my samsung E250 and I checked few of them and found them working. This post lists the collection of the samsung mobile command codes you might be interested in. The credit goes to the one who posted all these.

The following is the list of all the commands for the samsung mobile. Few are tested in samsung E250 and I think they should work in one or another samsung cellphones.

*#1111# S/W Version
*#1234# Firmware Version
*#2222# H/W Version
*#8999*8376263# All Versions Together

*#8999*8378# Test Menu
*#4777*8665# GPSR Tool
*#8999*523# LCD Brightness
*#8999*377# Error Menu
*#8999*327# EEP Menu
*#8999*3825523# Don't Know.
*#8999*667# Debug Mode
*#92782# PhoneModel (Wap)
#*5737425# JAVA Mode
*#2255# Call List
*#232337# Bluetooth MAC Adress
*#5282837# Java Version

#*4773# Incremental Redundancy
#*7752# 8 PSK uplink capability bit
#*7785# Reset wakeup & RTK timer cariables/variables
#*1200# ????
#*7200# Tone Generator Mute
#*3888# BLUETOOTH Test mode
#*#8999*324# ??
#*7828# Task screen
#*5111# ??
#*#8377466# S/W Version & H/W Version
#*2562# Restarts Phone
#*2565# No Blocking? General Defense.
#*3353# General Defense, Code Erased.
#*3837# Phone Hangs on White screen
#*3849# Restarts Phone
#*3851# Restarts Phone
#*3876# Restarts Phone
#*7222# Operation Typ: (Class C GSM)
#*7224# !!! ERROR !!!
#*7252# Operation Typ: (Class B GPRS)
#*7271# CMD: (Not Available)
#*7274# CMD: (Not Available)
#*7337# Restarts Phone (Resets Wap Settings)
#*2787# CRTP ON/OFF
#*2886# AutoAnswer ON/OFF
#*3737# L1 AFC
#*5133# L1 HO Data
#*7288# GPRS Detached/Attached
#*7287# GPRS Attached
#*7666# White Screen
#*7693# Sleep Deactivate/Activate
#*7284# L1 HO Data
#*2256# Calibration info? (For CMD set DEBUGAUTONOMY in cihard.opt)
#*2286# Databattery
#*2527# GPRS switching set to (Class 4, 8, 9, 10)
#*2679# Copycat feature Activa/Deactivate
#*3940# External looptest 9600 bps
#*4263# Handsfree mode Activate/Deactivate
#*4700# Please use function 2637
#*2558# Time ON
#*3370# Same as 4700
#*3941# External looptest 115200 bps
#*5176# L1 Sleep
#*7462# SIM Phase
#*7983# Voltage/Freq
#*7986# Voltage
#*8466# Old Time
#*2255# Call Failed
#*5187# L1C2G trace Activate/Deactivate
#*5376# DELETE ALL SMS!!!!
#*6837# Official Software Version: (0003000016000702)
#*7524# KCGPRS: (FF FF FF FF FF FF FF FF 07)
#*2337# Permanent Registration Beep
#*2474# Charging Duration
#*2834# Audio Path (Handsfree)
#*3270# DCS Support Activate/Deactivate
#*3282# Data Activate/Deactivate
#*3476# EGSM Activate/Deactivate
#*4760# GSM Activate/Deactivate
#*4864# White Screen
#*5171# L1P1
#*5172# L1P2
#*5173# L1P3
#*7326# Accessory
#*7683# Sleep variable
#*8465# Time in L1
#*2252# Current CAL
#*2836# AVDDSS Management Activate/Deactivate
#*3877# Dump of SPY trace
#*7728# RSAV
#*2677# Same as 4700
#*3797# Blinks 3D030300 in RED
#*3728# Time 2 Decod
#*3725# B4 last off
#*7372# Resetting the time to DPB variables
#*7732# Packet flow context bit Activate/Deactivate
#*6833# New uplink establishment Activate/Deactivate
#*3273# EGPRS multislot (Class 4, 8, 9, 10)
#*7722# RLC bitmap compression Activate/Deactivate
#*2351# Blinks 1347E201 in RED
#*4472# Hysteresis of serving cell: 3 dB
#*2775# Switch to 2 inner speaker
#*9270# Force WBS
#*7878# FirstStartup (0=NO, 1=YES)
#*3757# DSL UART speed set to (LOW, HIGH)
#*8726# Switches USBACM to Normal
#*8724# Switches USBACM to Generator mode
#*8727# Switches USBACM to Slink mode
#*8725# Switches USBACM to Loop-back mode
#*3838# Blinks 3D030300 in RED
#*2077# GPRS Switch
#*2027# GPRS Switch
#*0227# GPRS Switch
#*0277# GPRS Switch
#*22671# AMR REC START
#*22672# Stop AMR REC (File name: /a/multimedia/sounds/voice list/ENGMODE.amr)
#*22673# Pause REC
#*22674# Resume REC
#*22675# AMR Playback
#*22676# AMR Stop Play
#*22677# Pause Play
#*22678# Resume Play
#*77261# PCM Rec Req
#*77262# Stop PCM Rec
#*77263# PCM Playback
#*77264# PCM Stop Play
#*2872# CNT
*#8999*283# ???
#*22679# AMR Get Time
*288666# ???
*2886633# ???
*#8999*364# Watchdog ON/OFF
#*8370# Tfs4.0 Test 0
#*8371# Tfs4.0 Test 1
#*8372# Tfs4.0 Test 2
#*8373# Tfs4.0 Test 3
#*8374# Tfs4.0 Test 4
#*8375# Tfs4.0 Test 5
#*8376# Tfs4.0 Test 6
#*8377# Tfs4.0 Test 7
#*8378# Tfs4.0 Test 8
#*8379# Tfs4.0 Test 9
#837837# error=...

#*36245# Turns Email TestMenu on.

*2767*22236245# Email EPP set (....)!
*2767*837836245# Email Test Account!
*2767*29536245# Email Test2 Account!
*2767*036245# Email EPP reset!
*2767*136245# Email EPP set (1)!
*2767*736245# Email EPP set (7)!
*2767*3036245# Email...
*2767*3136245# Email...
*2767*3336245# Email...
*2767*3436245# Email...
*2767*3936245# Email...
*2767*4136245# Email...
*2767*4336245# Email...
*2767*4436245# Email...
*2767*4536245# Email...
*2767*4636245# Email...
*2767*4936245# Email...
*2767*6036245# Email...
*2767*6136245# Email...
*2767*6236245# Email...
*2767*6336245# Email...
*2767*6536245# Email...
*2767*6636245# Email...
*2767*8636245# Email...
*2767*85236245# Email...

*2767*3855# = E2P Full Reset
*2767*2878# = E2P Custom Reset
*2767*927# = E2P Wap Reset
*2767*226372# = E2P Camera Reset
*2767*688# Reset Mobile TV
#7263867# = RAM Dump (On or Off)
*2767*49927# = Germany WAP Settings
*2767*44927# = UK WAP Settings
*2767*31927# = Netherlands WAP Settings
*2767*420927# = Czech WAP Settings
*2767*43927# = Austria WAP Settings
*2767*39927# = Italy WAP Settings
*2767*33927# = France WAP Settings
*2767*351927# = Portugal WAP Settings
*2767*34927# = Spain WAP Settings
*2767*46927# = Sweden WAP Settings
*2767*380927# = Ukraine WAP Settings
*2767*7927# = Russia WAP Settings
*2767*30927# = GREECE WAP Settings
*2767*73738927# = WAP Settings Reset
*2767*49667# = Germany MMS Settings
*2767*44667# = UK MMS Settings
*2767*31667# = Netherlands MMS Settings
*2767*420667# = Czech MMS Settings
*2767*43667# = Austria MMS Settings
*2767*39667# = Italy MMS Settings
*2767*33667# = France MMS Settings
*2767*351667# = Portugal MMS Settings
*2767*34667# = Spain MMS Settings
*2767*46667# = Sweden MMS Settings
*2767*380667# = Ukraine MMS Settings
*2767*7667#. = Russia MMS Settings
*2767*30667# = GREECE MMS Settings

*#7465625# = Check the locks
*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*27*Code# = Disables CP lock
*7465625*746*Code# = Enables SIM lock
#7465625*746*Code# = Disables SIM lock
*7465625*228# = Activa lock ON
#7465625*228# = Activa lock OFF
*7465625*28638# = Auto Network lock ON
#7465625*28638# = Auto Network lock OFF
*7465625*28782# = Auto subset lock ON
#7465625*28782# = Auto subset lock OFF
*7465625*2877# = Auto SP lock ON
#7465625*2877# = Auto SP lock OFF
*7465625*2827# = Auto CP lock ON
#7465625*2827# = Auto CP lock OFF
*7465625*28746# = Auto SIM lock ON
#7465625*28746# = Auto SIM lock OFF

I will be posting such command codes for other mobile phones too... Hope this helps. :)


Steal your buddy's MSN display pic

I don't know how well this works but it worked well for me... Extra note that I'm using msgplus addon on my windows live so I am not sure about the native Windows live messenger. Anyway I thought it would be worth sharing here.

I was actually looking for the malware that apparently was running from the temporary folder of my computer. So I went to the temporary folder by typing


There I found the folder MessengerCache and then to kill my curiosity, I browsed inside the folder and found some files with their name in base64 encoded format(probably) like:


I then opened one of these files in notepad++ and found the starting of the file containing


which is something like header for the GIF images. Immediately I renamed the file into .gif and when I viewed it, I found it to be display pic of one of the friends in my buddy list. I hope you got me... This is something like stealing buddy's display pic. Have fun. :)