Running firefox inside firefox

This is not a useful thing but still is a fun trick to show to your friends.

Just paste the following code in your mozilla firefox address bar and hit ENTER to see the new firefox inside the firefox.

chrome://browser/content/browser.xul

View the screenshot below to see how it looks like:

Read more...

Batch to C Converter

This small snippet of C source code converts the commands of batch (i.e. the commands you type in command prompt) into the C source code. It was compiled in Dev-CPP and is pretty basic. I hope some of you might find it useful. It just uses the system() command of stdlib.h header file.

Source code:

 /*********************************************  
 * Batch DOS To C Source Code Converter v.1.1 *  
 * Coded by Samar Dhwoj Acharya aka $yph3r$am *  
 * Website => http://techgaun.blogspot.com  *  
 * E-mail meh at samar_acharya[at]hotmail.com *  
 * I know to code: PHP, PERL, C, JAVA, PYTHON *  
 *********************************************/  
 //include header files...  
 #include <stdio.h>  
 #include <conio.h>  
 #include <stdlib.h>  
 #include <ctype.h>  
 #include <string.h>  
 int main()  
 {  
   FILE *fp;  
   char filename[30];     //filename for source code  
   // starting header of outputted file  
   char header[300] = "/*\nBatch DOS command To C Source Converter\nBy sam207 (samar_acharya[at]hotmail.com)\nhttp://www.sampctricks.blogspot.com\nhttp://nepali.netau.net\n*/\n";  
   //all the includes in output file  
   char incs[200] = "#include <stdio.h>\n#include <conio.h>\n#include <stdlib.h>\nint main()\n{\n";  
   //end part of output file  
   char end[50] = "\tgetch();\n}";  
   //for command  
   char cmd[150];  
   printf("\t+----------------------------+\n");  
   printf("\t|BATCH TO C SOURCE CONVERTER |\n");  
   printf("\t|CODED BY SAMARDHWOJ ACHARYA |\n");  
   printf("\t+----------------------------+\n");  
   printf("\nEnter the filename(with .c extension): ");  
   scanf("%s",filename);  
   fp = fopen(filename,"w");  
   if (fp==NULL)  
   {  
    printf("Some error occurred while opening file");  
    getch();  
    exit(1);  
   }  
   else  
   {  
     fprintf(fp,"%s%s",header,incs);  
     printf("\nNow start entering DOS commands: \n");  
     printf("When finished, type 'end' for the end of commands\n");  
     printf("\nStart:\n\n");  
     gets(cmd);  
     while (1)  
     {  
        gets(cmd);  
        if (!strcmp(cmd,"end"))  
          {  
          break;       //if end is typed, get out of loop  
          }  
        fprintf(fp,"\tsystem(\"%s\");\n",cmd);  
     }  
     fprintf(fp,"\tprintf(\"\\n\");");  
     fprintf(fp,"\n%s",end);  
     printf("\n\nFile successfully created");  
     printf("\nNow compile it with any C compiler");  
     printf("\nThanks for using this little app");  
     fclose(fp);  
   }  
   getch();  
 }     

Have fun :)

Read more...

Full path disclosure tutorial

Full path disclosure(FPD) is the revelation of the full operating path of a vulnerable script. Full Path Disclosure vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/samar/public_html/. FPD bugs are executed by providing unexpected characters to the vulnerable functions that will in return output the full path of the vulnerable script.

FPD bugs are often overlooked and are not considered as the security threat by many webmasters but that's not true. FPD might be useful for the hackers to determine the structure of the server and they can utilize it to perform other attacks such as file inclusion attacks or load_file() attacks via sql injection.

How to execute FPD
a) Nulled session cookie
Nulled session injection or illegal session injection is done by changing the value of session cookie to an invalid or illegal character.
Illegal Session Injection is made possible via changing the value of the session cookie to an invalid, or illegal character. The most common method is by injecting the NULL character to the PHPSESSID cookie. To inject a PHPSESSID cookie, use JavaScript injection via the URL bar:

javascript:void(document.cookie="PHPSESSID=");

On setting the PHPSESSID cookie value to NULL, we can see the result like:

Warning: session_start() [function.session-start]: The session id contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in /home/samar/public_html/includes/functions.php on line 3

b) Array parameter injection(Empty array)
This is another common method of executing the full path disclosure vulnerabilities and usually works for me in many sites. There are different PHP functions which will output warning message along with the full path of the script such as htmlentities(), mysql_num_rows(), opendir(), etc.
We can exploit the $_GET variables... Lets take a simple example:

http://localhost/index.php?page=main

Now, lets exploit the $_GET['page'] variable which will look as below:

http://localhost/index.php?page[]=main

The full path disclosure can be prevented by turning off the display of errors either in php.ini configuration file or in the script itself:

php.ini

display_errors = 'off'

in php scripts

error_reporting(0);

//or

ini_set('display_errors', false);

Read more...

Nepali MP3 Songs Downloads [My Playlist]

Some of the nepali songs from my playlist, they are great songs to listen. If you need any other songs, request in this post and I shall try to find them for you.

Download different MP3 songs from the following folder:
Nepali MP3 collection

The songs available for the downloads are:
1) Amar rahos timro maya - phursang lama
2) Antim maya
3) bhoolmaa bhulyo - Robin
4) Bihana pahile ghaama udaune[patriotic song] - Sindhu Jalesa
5) Birsana - Aastha
6) Birshu Bhanchhu - Impulse 21 (confused :p)
7) Harpal tyo timro - Aastha
8) Malai bholi kei bhaye - Karna Das
9) Nabhana mero - Adrian Pradhan [1974 A.D.]
10) Pagal nabhana malai - The Edge
11) Prayas - The Edge
12) Sadhai sadhai
13) Samikshya - Vedh (confused again)
14) timi binaako jeevan
15) timilai odaidiyeko ghumto - sayas
16) Timro sparsa - Basan Shrestha

I'm confused with the name of singers of some songs(I usually don't try to know the artists)...
Enjoy my playlist. :)

Read more...

Edjpgcom - add comments inside a jpg image

We can sometimes exploit the image upload features and then use file inclusion vulnerabilities to get shell in a server. If the image upload form only allows the .jpg and other valid image files and you locate a local file inclusion vulnerability, you can upload the malicious jpg file containing the PHP code as the commment in it.

In order to add the comment easily inside the jpg images, we can use a small tool called edjpgcom, a jpg commenter. You can drag a jpg image to the edjpgcom icon which will open a window to add comment to the jpg image.

Download EDJPGCOM

Read more...

Making a autorun in Pen[USB] drive [autorun.inf]

In this post, I shall be writing about creating autorun file in order to run or execute any program from your pendrive. Autorun.inf is a special file that can contain the information regarding the icon for drive, autorun programs, etc.

Using autorun.inf can also be useful for running the virii and worms automatically from the USB drive.

How to:
1) Open notepad
2) Type the following:

[autorun]
Icon=default
label=[YourLabelHere]
open=targetprogramname.exe

This autorun.inf file now should be saved in the root directory of your USB drive and you'll have your autorun file... :)

Now let me say the way of changing icon of the drive. In order to change the icon of your USB drive, type the following in autorun.inf file.

[autorun]
icon=[youricon.ico]
label=[YourLabelHere]

That's all. :)

Read more...

Funny Google Tricks

In this post, I'm listing few funny google tricks I have learnt in the recent days. Though not so useful, they are something cool to know...

1) Hidden game from google:
- Go to http://www.google.com/Easter/feature_easter.html
You'll be able to play the hidden game offered by google. :)

2) Google reversed
- Go to Google homepage
On the search box, type google reverse or elgoog and press on I am feeling lucky button.
You'll see reversed google. :)

3) Find Chuck Noris
- Go to Google homepage
On the search box, type find Chuck Noris and press on I am feeling lucky button. See the result.. :p

4) Answer to life the universe and everything
- On the google homepage search box, type answer to life the universe and everything. You'll see the google's calculation of the answer to life the universe and everything.

5) Who's the cutest
- Go to google homepage
On the search box, type who's the cutest and press on I am feeling lucky button. You'll be so happy with the result... :P

6) Google epic
- Go to google homepage
On the search box, type google epic and press on I am feeling lucky button. Wait for a while and you'll see everything expanding in the page.

7) Google rainbow
- Go to google homepage
On the search box, type google rainbow and press on I am feeling lucky button. You'll reach the page with colourful texts.

Read more...

Replacing All Instances of a Word in string [PHP]

PHP offers a useful function called str_replace() that can be used to replace every instance of a word in a string. This function takes three compulsory arguments and one optional argument.

The first argument represents the string to be replaced, the second the replacement value and the third the target string. The function returns the modified string.

Example:

<?php
function replace($string)
{
    return str_replace("dog", "samar", $string);
}

$str = "I am dog so you call me dog";
echo $str;
echo "
".replace($str); //call replace function
?>

Output:
I am dog so you call me dog
I am samar so you call me samar

Now, what if you want to work with arrays of words to replace with, for instance, in the censoring tasks. You can write some PHP stuff as below to perform the task.

<?php
function badword_censor($string)
{
    $string = strtolower($string);
    $badwords = array("fuck","bitch","cunt","faggot","penis","vagina","dick","pussy");
// add as per your requirement
    $string = str_replace($badwords,"*censored*",$string);
    return $string;
}
$str = "Fuck you bitch.";
//echo $str;
echo "
".badword_censor($str);
?>

Output:
*censored* you *censored*.

Also, refer to the str_ireplace(), the case insensitive version of this function.
Hope this helps. :)

Edit: Thanks to cr4ck3r for the comments. Updated the post... :)

Read more...

EmailTrackerPro - Email tracking software for tracking the sender

eMailTrackerPro is the tool that can help you track down the email senders by analyzing the email headers. This tool is a product from the VisualWare Inc. which works in network assessment and connection analysis solutions.

eMailTrackerPro asks for the email header and all the tasks is done by this tool. eMailTrackerPro analyzes the email header to find the route or path of the email. And hence it helps to track down the email sender's IP address which can be very useful for dealing with spam emails.

In order to find the email header, you'll have to open the email in your inbox and there should be some location from where you can view the email header. For instance, Yahoo mail has the option called view full header in Actions tab when you're viewing the email(See the screenshot below).

Now, all you've to do is copy these email headers and let the eMailTrackerPro analyze the headers and provide you the IP address of the originating location.

The software will generate the report in HTML format too.

Go to eMailTrackerPro home

Have fun... :)

Read more...

Working with text case of PHP string

PHP provides number of functions to work with the case of the string. All these functions take the source string as their argument and return the modified string. The original source string will not be modified by any of these functions.

The PHP functions for working on case are:
strtolower() - Converts the entire string to lowercase

strtoupper() - Converts the entire string to uppercase

ucfirst() - Converts the first letter of the sentence to uppercase

ucwords() - Converts the first letter of every word in string to uppercase

<?php
//usage of ucfirst() function
$str = "i am samar";
$str = ucfirst($str);
echo $str;
?>

Output: I am samar

<?php
//usage of ucwords() function
$str = "i am samar";
$str = ucwords($str);
echo $str;
?>

Output: I Am Samar

<?php
//usage of strtoupper() function
//similarly use strtolower() function
$str = "i am samar";
$str = strtoupper($str);
echo $str;
?>

Output: I AM SAMAR

Read more...

Online Photo Editor - Lightweight web-based Alternatives to Desktop Photo Editors

With the ease in web access, internet users are using more and more online photo editing services available at different sites. And, I am also one of the regular users of the online photo editing service.

Though there exists several sites providing the free photo editing software, I have been using a single service available at www.pixlr.com.

The photo editing interface it provides is so similar to photoshop that it seems to be the lightweight version of the Adobe Photoshop.

Go to Pixlr.com Photo Editor

Hope this helps you. :)

Read more...

Online Hex Color Value Picker

For my raw HTML designs and other similar tasks, I do not keep on opening adobe photoshop or even the tiny color picker programs. Instead I depend upon the online color picking site in order to get the hex values of the colors I choose for my works.

ColorPicker.Com works perfectly fine for me for getting the hex color codes of the useful colours for me.

Go to ColorPicker.Com

Have fun with the online color picker. Hope this helps. :)

Read more...

GPRS/WAP Setting for Ncell

NCELL, the second biggest telecommunication company in Nepal is providing GPRS, EDGE and WAP services so that it users can surf the net easily using their capable handsets. This post is about how to activate and make setting of GPRS for NCELL provider.

By default, all the NCELL users have GPRS activated(that's what NCELL says). In case, your handset doesn't have the GPRS data transfer service activated, do one of the following:
1) Type A in message box and send the SMS to 900224. (note that you can type R and send the SMS to same number to deactivate the GPRS service.)

2) Dial *100# and follow the instructions

In order to get settings for your phone, type ALL and send SMS to 9595. Save the settings.

General settings for NCELL:
Access point name(APN): web
IP/Proxy IP: 192.168.19.15
Port: 9201 (For WAP1)/ 8080 (For HTTP or WAP2)

Read more...

Google sphere: google trick

In this post, I'm going to post a google trick which I read on another site. This trick is the google sphere animation.

First, open the webpage of google(http://www.google.com)
Now, in the search box, enter the text "google sphere" without quotes. Then, press on I'm feeling lucky.
You'll see the animating google sphere page.


Read more...

Mozilla Firefox Keyboard Shortcuts

Firefox is becoming more and more popular among the web browsers and this page lists the keyboard shortcuts that can be used with Mozilla Firefox.

F1     Opens Firefox help
F3     Find more text within the same webpage
F5     Reload the current webpage
F6     Toggles the cursor between the addressbar and current webpage
F7     Toggles Caret Browsing on and off.
       Used to be able to select text on a webpage with the keyboard
F11     Switch to Full Screen mode 
CTRL + A  Select all text on a webpage
CTRL + B  Open the Bookmarks sidebar
CTRL + C  Copy the selected text to the Windows clipboard
CTRL + D  Bookmark the current webpage
CTRL + F  Find text within the current webpage
CTRL + G  Find more text within the same webpage
CTRL + H  Opens the webpage History sidebar
CTRL + I  Open the Bookmarks sidebar
CTRL + J  Opens the Download Dialogue Box
CTRL + K  Places the cursor in the Web Search box
CTRL + L  Places the cursor into the URL box
CTRL + M  Opens your mail program to create a new email message
CTRL + N  Opens a new Firefox window
CTRL + O  Open a local file
CTRL + P  Print the current webpage
CTRL + R  Reloads the current webpage
CTRL + S  Save the current webpage on your PC
CTRL + T  Opens a new Firefox Tab
CTRL + U  View the page source of the current webpage
CTRL + V  Paste the contents of the Windows clipboard
CTRL + W  Closes the current Firefox Tab or Window
CTRL + X  Cut the selected text
CTRL + Z  Undo the last action

Read more...

TrueCrypt - Free open-source disk encryption software

TrueCrypt is a free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux which is capable of encrypting your hard disk efficiently. TrueCrypt performs on-the-fly encryption(OTFE) and is capable of creating a virtual encrypted disk within a file and mounting it as a real disk. It also can encrypt an entire partition or storage device such as USB flash drive or hard drive.

The encryption provided by TrueCrypt is automatic, real and transparent. You can read more about TrueCrypt in TrueCrypt's Documentation HERE.

You can download TrueCrypt from HERE.

Read more...

Fun Video - १० बर्षपछिको नेपाल(२०७५ B.S.)

सुप्रसिद्ध कलाकार मनोज गजुरेल अभिनित यो भिडियोमा मनोज गजुरेलको १० बर्षपछिको नेपालको परिकल्पना प्रस्तुत गरिएकोछ। भिडियोमा मनोज गजुरेलले नेकपा maawobaadi पार्टी प्रमुख प्रचन्डको भूमिका निवाएकाछन।

भिडियो डाउनलोद गर्ने link

This video is the fun video featuring the interview of Mr. Prachanda(Mr. Manoj Gajurel) in year 2075 B.S.

Download It From HERE

Read more...

KeyScrambler - A breakthrough in battling Keyloggers

Keyloggers are malware planted by cyber criminals along the crucial path to observe and record your keystrokes, a way to steal your private information so they can use it to steal your money from your bank accounts, open credit card accounts in your name, or assume your identity in other criminal pursuits.

KeyScrambler is an important security tool that works well as anti-keylogger tool and helps prevent people from getting hacked. This software encrypts your keystrokes deep in the kernel and decrypts back in the destination application and hence, keystrokes only catch the scrambled and meaningless keystrokes thus making the keylogging nearly impossible.

KeyScrambler is available in personal, professional and premium versions.

CLICK HERE TO GO TO DOWNLOAD PAGE

Read more...

Bypassing safe mode[Hack Windows Box]

Another old time video from me, this video demonstrates the exploitation of the windows server by the use of the shell. This video demonstrates few useful things you can do on the server you get access to.

In the video, I have demonstrated the exploiting of the windows by adding the user account using the shell in the server.

Download Video From HERE

Happy Hacking :)

Read more...

Installing GCC with Mingw Automated Installer

The beginners might always be stuck on how to install GCC suite in their windows so this post might prove useful for such beginners. GCC is a very popular open source compiler suite that is widely used by open source guys. Its pretty flexible, robust and secure compiler.


In order to install GCC in windows, you can either use CYGWIN port of windows or MINGW port for windows. Both are easy to install but in this post, I'm going to be specific about MINGW because thats what I'm using in my PC.

You'll have to download MINGW-GET installer.

Next run the installer file and you'll reach the following stage of your installation:

Select the required compilers from there and click on Next and finish the installation. The installer will download necessary files from its online repository and you'll have the GCC suite installed in your Windows.

Read more...

Adding programs to Startup in Windows

This time, I am going to discuss on few methods of adding the programs to the startup in windows. My descriptions will be based on Windows XP machine and I hope you will find this information useful. Here I'll list out few such methods to add programs to startup in windows.

1. Startup folder: One of the simplest method of adding programs in startup, it provides easy and detectable method of adding any program to startup. For the user Administrator, the startup folder in Windows XP is located at:

C:\Documents and Settings\Administrator\Start Menu\Programs

So for any user you can find startup folder at

C:\Documents and Settings\{Username}\Start Menu\Programs

Replace the {Username} by the username you want.

2) Registry editing: Registry editing is another powerful method of adding programs in startup and is one of the most popular methods for adding virii and trojans in startup.
The following registry paths can contain the string to the path of the executable to be run at startup

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

Similarly, you'll find similar registry paths for HKEY_CURRENT_USER. All you have to do is add new string of type REG_SZ containing the path of the executable.

3) Autoexec.bat: Root folder of your windows installation will consist of a file called autoexec.bat which can be edited to add any program in startup. Open the autoexec.bat file and add the path of the executable in the autoexec.bat file.

There are other methods too such as editing win.ini and system.ini editing. I leave them for you to google. Have fun. :)

Read more...

Escape simple game

I found this game when I was searching for something in google. I tried to cross 18 secs but could not achieve that... Anyway, you may want to try it...
Check the game HERE

Have fun...

Read more...

I Love You in different languages

A non-technical post in the blog, I thought to share what I found on the net. This post lists the translation of "I Love You" in different languages. Please send any other translation you know and I'll be adding them here...

ABÉ	mon ko lo fon
ABOURÉ	u'm wloloho
AFAR	ko kicinio
AFRIKAANS	ek het jou lief / ek is lief vir jou
ALBANIAN	të dua
ALSATIAN	ich hab die lieb
AMHARIC	afekirahalehu (woman to man) / afekirishalehu (man to woman)
Dialectal ARABIC (North African)	n'bghick
Dialectal ARABIC (Eastern)	bahebbak (to a man) / bahebbik (to a woman)
Literary ARABIC	أُحِبُّكَ (ouhibbouka) - to a man أُحِبُّكِ (ouhibbouki) - to a woman
Tunisian ARABIC	nhebbik
ARMENIAN	Ես Քեզ սիրում եմ (yes kez siroum em)
ASTURIAN	quiérote
ATIKAMEKW	ki sakihitin
ATTIÉ	min bou la yé
AZERI	men seni sevirem
BAMBARA	né bi fè
BAOULE	mi klôa
BASHKIR	мин хинэ яратау (min khine yaratau)
BASQUE	maite zaitut
BASSA	me gwes wè
BELARUSIAN	Кахаю цябе (kahaju ciabie)
BENGALI	aami tomakey bhalo bashi
BERBER	hamlagh-kem (to a woman) / hamlagh-k (to a man)
BOBO	ma kia bé nà
BOSNIAN	volim te
BRETON	karout a ran ac'hanout / da garout a ran / me az kar
BULGARIAN	обичам те
BURMESE
BUSHI-NENGÉ TONGO	mi lobi you
CATALAN	t'estimo
CH'TI	j't'aquiers
CHAMORRO	hu guiya hao
CHECHEN	sun ho ez (to a woman) sun ho vez (to a man)
CHEROKEE	gvgeyui
CHEYENNE	ne'mehotatse
CHINESE (MANDARIN)	我爱你 (wo ai ni)
CORSICAN	amu tè / ti tengu cara (to a woman) / ti tengu caru (to a man)
CROATIAN	volim te
CZECH	miluji tě
DAKOTA	chantechiciya
DANISH	jeg elsker dig
DARI	man tu ra dost darom
DIOULA	m'bi fê
DOUALA	na tondi wa
DUTCH	ik houd van jou / ik hou van je
ENGLISH	I love you
ESPERANTO	mi amas vin
ESTONIAN	ma armastan sind
EWE	me lonwo
EWONDO	ma ding wa
FANG	ma dzing wa / ma gnôre wa
FAROESE	eg elski teg
FINNISH	minä rakastan sinua
FLEMISH (WESTERN)	'k zien je geeren
FON	un nyi wan nu we
FRENCH	je t'aime
FRISIAN	ik hâld fan dy
FRIULAN	o ti vuei ben
FULA	mido yidouma
GALICIAN	amo-te / ámote / quero-te / quérote
GALLO	j'sea un diot do tae
GBAYA	mi ko me
GEORGIAN	me shen mikvarxar
GERMAN	ich liebe Dich
GREEK	Σ' αγαπώ (s'agapo)
GUARANÍ	rojhayhû
GUJARATI	hun tane prem karun chhun
HAITIAN CREOLE	mwen renmen'w / mouin rinmin'w
HAUSA	ina sonki (man to woman) ina sonka (woman to man)
HAWAIAN	aloha wau iā ‘oe
HEBREW	ani ohev otakh (man to woman) ani ohevet otkha (woman to man)
HINDI	main tumse pyar karta hoo (man to woman> mai tumse pyar karathi hun (woman to man)
HMONG	kuv hlub koj
HUNGARIAN	szeretlek
ICELANDIC	ég elska þig
INDONESIAN	saya cinta padamu / saya cinta kamu
INUKTITUT (KALAALLISUT)	asavakkit
IRISH GAELIC	tá grá agam duit
ITALIAN	ti amo
JAPANESE	aishitemasu / aishiteru (barely used) anata ga daisuki desu ("cute")
KABYLIAN	hamlagh-kem (man to woman) hamlaghk (woman to man)
KANNADA	naanu ninnanna pritisutteney
KAZAKH	myen syeni sooyom / myen syeni zhaksi koryem
KHMER	bang srolaïgn ôn (man to woman) ôn srolaïgn bang (woman to man)
KIKONGO	mu me zola nge
KIKUYU	ningwendete
KILUBAKAT	ami nkuswele
KINYARWANDA	ndagukunda
KIRGHIZ	men seni sueum
KIRUNDI	ndagukunda
KOREAN	saranghe
KURDISH	ez te hez dikim
LAO	khoi hak tchao lai
LATIN	te amo
LATVIAN	es tevi mīlu
LIGURIAN	mi te amu / t'amo / t'amu
LINGALA	na lingi yo
LITHUANIAN	aš tave myliu
LOW SAXON	ik hou van ju
LUSOGA	nkwendha
LUXEMBOURGEOIS	ech hun dech gäer
MACEDONIAN	te sakam (courant) / te ljubam (littéraire)
MALAGASY	tiako ianao / tia anao aho (stronger)
MALAY	aku cinta padamu
MALAYALAM	enikku ninné ishtamaanu
MALTESE	inħobbok
MANX	ta graih aym ort
MAORI	kei te aroha au i a koe
MARATHI	majha tujhyavar prem aahe / mi tujhyavar prem karto
MARQUESAN	hinenao au ia oe
MAURITIAN CREOLE	mo konten twa
MBO	mi ding wo
MINA	un lon o
MONGOLIAN	Би чамд хайртай (bi chamd khairtai)
MORÉ	mam nong-a fo
MUNUKUTUBA	mu zola ngé
NAPOLETANO	te voglio bene
NDEBELE	niya ku tanda
NEPALI	ma timilai prem garchhu
NORWEGIAN	jeg elsker deg
OCCITAN	t'aimi
OSSETIAN	æз дæ уарзын (æž dæ waržyn)
PAPIAMENTU	mi ta stima bo
PERSIAN	دوستت دارم (dustat dâram - formal) / duset dâram (informal)
POLISH	kocham cię
PORTUGUESE	amo-te / eu te amo (Brazilian Portuguese)
PUNJABI	mein tenu pyar karda han (male speaker) mein tenu pyar kardi han (female speaker)
QUECHUA de CUZCO	munakuyki
RAPA NUI	hanga rahi au kia koe
ROMANI	kamaù tut
ROMANIAN	te iubesc
RUSSIAN	Я тебя люблю (ya tebya l'ubl'u)
SAMOAN	ou te alofa ia te oe
SANGO	mbi yé mô
SANSKRIT	स्निह्यामि त्वयि (snihyāmi tvayi)
SARDINIAN	deo t’amo (logudorese) / deu t’amu (campidanese)
SCOTTISH GAELIC	tha gaol agam ort / tha gaol agam oirbh
SENUFO	mô mi dènè
SERBIAN	я те волим (ja te volim) / волим те (volim te)
SESOTHO	ke ya ho rata
SHIBUSHI	anaou tiakou / zahou mitiya anaou
SHIKOMORI	ngam hwandzo
SHIMAORE	ni su hu vendza
SHONA	ndinokuda
SINDHI	moon khay tu saan piyar aahay
SINHALA	mama oyata aadareyi (spoken) / mama obata aadareyi (formal)
SLOVAK	ľúbim ťa / milujem ťa
SLOVENIAN	ljubim te / rad te imam (male speaker) / rada te imam (female speaker)
SOBOTA	volim te / se te volime (lit.)
SOMALI	waan ku jecelahay
SONHRAÏ	aye go bani
SONINKÉ	na moula
SPANISH	te amo / te quiero
SUSU	ira fan ma
SWAHILI	nakupenda
SWEDISH	jag älskar dig
TAGALOG	mahal kita / ini-ibig kita
TAHITIAN	ua here vau ia oe
TAJIKI	jigarata bihrum duhtari hola (man to woman) tra lav dorum (woman to man)
TAMIL	naan unnai kadalikiren
TATAR	мин сини яратам (min sini yaratam)
TELUGU	nenu ninnu premisthunnanu
TETUN	hau hadomi o
THAI	ผมรักคุณ (phom rak khun) - man speaking ฉันรักคุณ (chan rak khun) - woman speaking
TIBETAN	na kirinla gaguidou
TIGRIGNA	ye fikireka eye (woman to man) / ye fikireki eye (man to woman)
TONGAN	ofa atu
TSHILUBA	ndji mukunanga
TURKISH	seni seviyorum
TURKMEN	seni söýärin
TUVAN	мэн сэни ынакшир (men seni ynakshir)
UDMURT	mon tone jaratiśko
UKRAINIAN	Я тебе кохаю (ia tebe kohaiu)
URDU	mein tumse mohabbat karta hoon (man to woman) main tumse mohabbat karti hoon (woman to man) mujhe tum se pyar heh
UZBEK	men seni sevaman / men seni yahshi ko'raman (less formal)
VALENCIAN	te vullk
VENETIAN	t'amo
VEPS	minä armastan sindai
VIETNAMESE	anh yêu em (man to woman) em yêu anh (woman to man)
VUTE	ma wou ndoune
WALLISIAN	eau manako ia koe / eau ofa ia koe
WALOON (orthographe à betchfessîs)	dji vs voe voltî
WELSH	rydw i'n dy garu di
WEST INDIAN CREOLE	mwen enmen'w
WOLOF	damala nob / damala beug
XHOSA	ndiyakuthanda
YAKUT	Мин эйиигин таптыыбын (min eyiigin taptyybyn)
YEMBA	men nkon' wou
YENICHE	y hob ti
YIDDISH	ich hob dir lib
YIPUNU	ni wu rondi
YORUBA	moni ife e
ZULU	ngiyakuthanda

Read more...

Nepali Hack Challenge Site

I had to develop a reversing challenge site for KU IT Meet 2010 organized by Kathmandu University Computer Club in IT Park, Panauti Road. The challenge was done by few great hackers from Nepal like fr3ak, dpac_, etc. and they finished around 90% of the challenges. But other users were far behind in the challenge so now I want to make this challenge open for everyone.

If you want to participate in the Reversing challenge, you can visit www.nepali.netau.net. The site is pretty basic in its interface and design as it had to be done very quickly. But still this site might prove useful for some of you to learn hacking as the challenges in the site will guide you to read the related hacking and security articles by searching on your own on google. So I hope you will have fun doing these challenges.

Click to visit the site

If you need any sort of help regarding the challenges, you can always contact me. Best of luck for the challenges.

Read more...

Few Online Docx to Doc conversion

With the release of the Microsoft Office 2007, the new XML formats were implemented for the office documents and the new file extensions with the added letter x were created, such as .docx, .pptx, .xlsx, etc. But, this new file format creates problem when the older versions of Microsoft Office are widely in use as the file formats such as .docx can't be opened by the older versions.

And, today I had the same problem when I had received the proposal sample of .docx format and had to open in my microsoft word 2003. Then, I started searching for the online conversion tools for converting .docx to .doc
While searching, I found some working websites for the conversion.

www.zamzar.com: This site offers you the conversion of various file formats including .docx to .doc. The service worked perfectly for me... Check the service at www.zamzar.com

Docx2Doc: This free web service allows you to convert Docx file format into Doc file by uploading your docx file and lets you download the converted doc file. Check the service at www.docx2doc.com

Edit*
http://docx-converter.com/: This service also allows you to convert .docx file format to .doc. Check it at docx-converter.com

If you happen to know any other such online converters, be sure to comment. I'll add them here.

Read more...

Ziddu.com Vulnerable to XSS

Today, I was trying to download some file from ziddu and since the author had already deleted the file, I was redirected to the error message page. And I thought of playing around with the message from GET params which was being displayed into the page.

I first added <i> and </i> in between the message and found that the HTML tags were not being filtered. Then I used the <script> tag and tried to do the alert but they were adding backslashes in the single and double quotes...
Then I used the String.fromCharCode() JS function and the alert appeared in the site..

http://www.ziddu.com/errortracking.php?msg=%3Cscript%3Ealert%28String.fromCharCode%2883,65,77,65,82%29%29;%3C/script%3E

Ziddu.com suffers from the XSS and I've notified them.

Read more...

Usefull firefox plugins

The Firefox Web Browser is the faster, more secure, and fully customizable way to surf the web. Moreover, it has got thousands of extensions to improve and optimize various aspects of this cool web browser. So lets talk about some useful extensions you will want to have with your firefox browser.

1) Customize google(www.customizegoogle.com): If you use Google, this extension will save you hours of your time over the long run. Download this extension, go to options, and enable streaming search results. You will never ever have to press the Next button after seeing every 10 search results. This will increase your productivity at least 2 times when searching because in the same time it would have previously taken for you to click on the Next button and wait for more results, you now will already have seen the next 10 results, decided what to do and moved on. Extremely useful extension.

2) Fasterfox(http://fasterfox.mozdev.org): Loads faster web pages by prefetching parts. Renders a small page timer counting in seconds.

3) Performancing (http://performancing.com): Excellent extension for bloggers, Performancing, allows you to instantly blog comments you made to any of the major blog systems, or even your own (if your blog supports Moveable Type or WordPress).

4) WebDeveloper (http://chrispederick.com/work/webdeveloper): My personal favourite, it is a Very useful extension for web developers. It creates a toolbar menu with 100s of useful options.

5) NoScript: An absolute must have security addon for your browser, NoScript gives you the power to specify the sites you trust and only those sites will be allowed to run active content like Javascript, Java code and other executable code. The addon thus protects you from cross-site scripting attacks and clickjacking attacks.

6) FoxyProxy: FoxyProxy automatically switches an internet connection across one or more proxy servers based on URL patterns and switching rules defined by you.

7) Facepad: I was thinking of trying to develop a facebook photo downloader addons and I found one to be already existing on the net. This addon allows you to download whole photo album of your friends. My previous post on this is availabe HERE

8) Adblock Plus: It will filter out hundreds of ads when you surf webpages. Webpages will load cleaner, faster, and will have almost zero ads. If you support the blogger you are reading, you can turn off adblock plus for sites you support with one click.

You will be able to get all these addons from https://addons.mozilla.org/en-US/firefox/ the official mozilla's addons site.

Read more...

Collection of Samsung Command Codes

I was searching for the E250 java games and while I was searching, I came through the list of the codes for my samsung E250 and I checked few of them and found them working. This post lists the collection of the samsung mobile command codes you might be interested in. The credit goes to the one who posted all these.

The following is the list of all the commands for the samsung mobile. Few are tested in samsung E250 and I think they should work in one or another samsung cellphones.

*#1111# S/W Version
*#1234# Firmware Version
*#2222# H/W Version
*#8999*8376263# All Versions Together

*#8999*8378# Test Menu
*#4777*8665# GPSR Tool
*#8999*523# LCD Brightness
*#8999*377# Error Menu
*#8999*327# EEP Menu
*#8999*3825523# Don't Know.
*#8999*667# Debug Mode
*#92782# PhoneModel (Wap)
#*5737425# JAVA Mode
*#2255# Call List
*#232337# Bluetooth MAC Adress
*#5282837# Java Version

#*4773# Incremental Redundancy
#*7752# 8 PSK uplink capability bit
#*7785# Reset wakeup & RTK timer cariables/variables
#*1200# ????
#*7200# Tone Generator Mute
#*3888# BLUETOOTH Test mode
#*#8999*324# ??
#*7828# Task screen
#*5111# ??
#*#8377466# S/W Version & H/W Version
#*2562# Restarts Phone
#*2565# No Blocking? General Defense.
#*3353# General Defense, Code Erased.
#*3837# Phone Hangs on White screen
#*3849# Restarts Phone
#*3851# Restarts Phone
#*3876# Restarts Phone
#*7222# Operation Typ: (Class C GSM)
#*7224# !!! ERROR !!!
#*7252# Operation Typ: (Class B GPRS)
#*7271# CMD: (Not Available)
#*7274# CMD: (Not Available)
#*7337# Restarts Phone (Resets Wap Settings)
#*2787# CRTP ON/OFF
#*2886# AutoAnswer ON/OFF
#*3737# L1 AFC
#*5133# L1 HO Data
#*7288# GPRS Detached/Attached
#*7287# GPRS Attached
#*7666# White Screen
#*7693# Sleep Deactivate/Activate
#*7284# L1 HO Data
#*2256# Calibration info? (For CMD set DEBUGAUTONOMY in cihard.opt)
#*2286# Databattery
#*2527# GPRS switching set to (Class 4, 8, 9, 10)
#*2679# Copycat feature Activa/Deactivate
#*3940# External looptest 9600 bps
#*4263# Handsfree mode Activate/Deactivate
#*4700# Please use function 2637
#*7352# BVMC Reg value (LOW_SWTOFF, NOMINAL_SWTOFF)
#*2558# Time ON
#*3370# Same as 4700
#*3941# External looptest 115200 bps
#*5176# L1 Sleep
#*7462# SIM Phase
#*7983# Voltage/Freq
#*7986# Voltage
#*8466# Old Time
#*2255# Call Failed
#*5187# L1C2G trace Activate/Deactivate
#*5376# DELETE ALL SMS!!!!
#*6837# Official Software Version: (0003000016000702)
#*7524# KCGPRS: (FF FF FF FF FF FF FF FF 07)
#*7562# LOCI GPRS: (FF FF FF FF FF FF FF FF FF FF FF FE FF 01)
#*2337# Permanent Registration Beep
#*2474# Charging Duration
#*2834# Audio Path (Handsfree)
#*3270# DCS Support Activate/Deactivate
#*3282# Data Activate/Deactivate
#*3476# EGSM Activate/Deactivate
#*3676# FORMAT FLASH VOLUME!!!
#*4760# GSM Activate/Deactivate
#*4864# White Screen
#*5171# L1P1
#*5172# L1P2
#*5173# L1P3
#*7326# Accessory
#*7683# Sleep variable
#*8465# Time in L1
#*2252# Current CAL
#*2836# AVDDSS Management Activate/Deactivate
#*3877# Dump of SPY trace
#*7728# RSAV
#*2677# Same as 4700
#*3797# Blinks 3D030300 in RED
#*3728# Time 2 Decod
#*3725# B4 last off
#*7372# Resetting the time to DPB variables
#*7732# Packet flow context bit Activate/Deactivate
#*6833# New uplink establishment Activate/Deactivate
#*3273# EGPRS multislot (Class 4, 8, 9, 10)
#*7722# RLC bitmap compression Activate/Deactivate
#*2351# Blinks 1347E201 in RED
#*4472# Hysteresis of serving cell: 3 dB
#*2775# Switch to 2 inner speaker
#*9270# Force WBS
#*7878# FirstStartup (0=NO, 1=YES)
#*3757# DSL UART speed set to (LOW, HIGH)
#*8726# Switches USBACM to Normal
#*8724# Switches USBACM to Generator mode
#*8727# Switches USBACM to Slink mode
#*8725# Switches USBACM to Loop-back mode
#*3838# Blinks 3D030300 in RED
#*2077# GPRS Switch
#*2027# GPRS Switch
#*0227# GPRS Switch
#*0277# GPRS Switch
#*22671# AMR REC START
#*22672# Stop AMR REC (File name: /a/multimedia/sounds/voice list/ENGMODE.amr)
#*22673# Pause REC
#*22674# Resume REC
#*22675# AMR Playback
#*22676# AMR Stop Play
#*22677# Pause Play
#*22678# Resume Play
#*77261# PCM Rec Req
#*77262# Stop PCM Rec
#*77263# PCM Playback
#*77264# PCM Stop Play
#*2872# CNT
*#8999*283# ???
#*22679# AMR Get Time
*288666# ???
*2886633# ???
*#8999*364# Watchdog ON/OFF
#*8370# Tfs4.0 Test 0
#*8371# Tfs4.0 Test 1
#*8372# Tfs4.0 Test 2
#*8373# Tfs4.0 Test 3
#*8374# Tfs4.0 Test 4
#*8375# Tfs4.0 Test 5
#*8376# Tfs4.0 Test 6
#*8377# Tfs4.0 Test 7
#*8378# Tfs4.0 Test 8
#*8379# Tfs4.0 Test 9
#837837# error=...

#*36245# Turns Email TestMenu on.

*2767*22236245# Email EPP set (....)!
*2767*837836245# Email Test Account!
*2767*29536245# Email Test2 Account!
*2767*036245# Email EPP reset!
*2767*136245# Email EPP set (1)!
*2767*736245# Email EPP set (7)!
*2767*3036245# Email...
*2767*3136245# Email...
*2767*3336245# Email...
*2767*3436245# Email...
*2767*3936245# Email...
*2767*4136245# Email...
*2767*4336245# Email...
*2767*4436245# Email...
*2767*4536245# Email...
*2767*4636245# Email...
*2767*4936245# Email...
*2767*6036245# Email...
*2767*6136245# Email...
*2767*6236245# Email...
*2767*6336245# Email...
*2767*6536245# Email...
*2767*6636245# Email...
*2767*8636245# Email...
*2767*85236245# Email...

*2767*3855# = E2P Full Reset
*2767*2878# = E2P Custom Reset
*2767*927# = E2P Wap Reset
*2767*226372# = E2P Camera Reset
*2767*688# Reset Mobile TV
#7263867# = RAM Dump (On or Off)
*2767*49927# = Germany WAP Settings
*2767*44927# = UK WAP Settings
*2767*31927# = Netherlands WAP Settings
*2767*420927# = Czech WAP Settings
*2767*43927# = Austria WAP Settings
*2767*39927# = Italy WAP Settings
*2767*33927# = France WAP Settings
*2767*351927# = Portugal WAP Settings
*2767*34927# = Spain WAP Settings
*2767*46927# = Sweden WAP Settings
*2767*380927# = Ukraine WAP Settings
*2767*7927# = Russia WAP Settings
*2767*30927# = GREECE WAP Settings
*2767*73738927# = WAP Settings Reset
*2767*49667# = Germany MMS Settings
*2767*44667# = UK MMS Settings
*2767*31667# = Netherlands MMS Settings
*2767*420667# = Czech MMS Settings
*2767*43667# = Austria MMS Settings
*2767*39667# = Italy MMS Settings
*2767*33667# = France MMS Settings
*2767*351667# = Portugal MMS Settings
*2767*34667# = Spain MMS Settings
*2767*46667# = Sweden MMS Settings
*2767*380667# = Ukraine MMS Settings
*2767*7667#. = Russia MMS Settings
*2767*30667# = GREECE MMS Settings

*#7465625# = Check the locks
*7465625*638*Code# = Enables Network lock
#7465625*638*Code# = Disables Network lock
*7465625*782*Code# = Enables Subset lock
#7465625*782*Code# = Disables Subset lock
*7465625*77*Code# = Enables SP lock
#7465625*77*Code# = Disables SP lock
*7465625*27*Code# = Enables CP lock
#7465625*27*Code# = Disables CP lock
*7465625*746*Code# = Enables SIM lock
#7465625*746*Code# = Disables SIM lock
*7465625*228# = Activa lock ON
#7465625*228# = Activa lock OFF
*7465625*28638# = Auto Network lock ON
#7465625*28638# = Auto Network lock OFF
*7465625*28782# = Auto subset lock ON
#7465625*28782# = Auto subset lock OFF
*7465625*2877# = Auto SP lock ON
#7465625*2877# = Auto SP lock OFF
*7465625*2827# = Auto CP lock ON
#7465625*2827# = Auto CP lock OFF
*7465625*28746# = Auto SIM lock ON
#7465625*28746# = Auto SIM lock OFF

I will be posting such command codes for other mobile phones too... Hope this helps. :)

Read more...

Steal your buddy's MSN display pic

I don't know how well this works but it worked well for me... Extra note that I'm using msgplus addon on my windows live so I am not sure about the native Windows live messenger. Anyway I thought it would be worth sharing here.


I was actually looking for the malware that apparently was running from the temporary folder of my computer. So I went to the temporary folder by typing

%temp%

There I found the folder MessengerCache and then to kill my curiosity, I browsed inside the folder and found some files with their name in base64 encoded format(probably) like:

5MUxRvUiwvrxjV2LPv16yrBUhKs=
fffaxlzPZXqjTQMBjaQqrIhOQtc=
RMsNq5KjYXJA2LKOCzpJX2FY4Wzo=
etc...

I then opened one of these files in notepad++ and found the starting of the file containing

GIF89a

which is something like header for the GIF images. Immediately I renamed the file into .gif and when I viewed it, I found it to be display pic of one of the friends in my buddy list. I hope you got me... This is something like stealing buddy's display pic. Have fun. :)

Read more...