Saturday, 2 October 2010
Removing the unwanted programs from startup
Many programs such as messengers and other utilities stick up to the startup. Because of the increase in the number of startup items in your system, the startup process might become slower gradually. Also, sometimes unnecessary programs and even virii and worms might be in the startup so it can come handy when you need to speed up your system.
There are different locations from where a program can run at startup. You can refer to my previous post HERE for the startup related information.
All the startup items entries is made on the microsoft configuration utility called msconfig which can be accessed by running the msconfig command through run box. Switch to the startup tab in the msconfig utility window which lists all the programs and shortcuts that run at the startup in the background.
From here, you can remove the unnecessary programs and virus/worms startup by unchecking them. Just be careful to work correctly and note that many virus/worms have the filename similar to that of the windows system files so you'll have to be careful while editing the startup from here.
Have fun. :)
Read more...
There are different locations from where a program can run at startup. You can refer to my previous post HERE for the startup related information.
All the startup items entries is made on the microsoft configuration utility called msconfig which can be accessed by running the msconfig command through run box. Switch to the startup tab in the msconfig utility window which lists all the programs and shortcuts that run at the startup in the background.
From here, you can remove the unnecessary programs and virus/worms startup by unchecking them. Just be careful to work correctly and note that many virus/worms have the filename similar to that of the windows system files so you'll have to be careful while editing the startup from here.
Have fun. :)
Read more...
Removing the unwanted programs from startup
2010-10-02T23:09:00+05:45
Cool Samar
beginner|tricks and tips|windows|
Comments
Labels:
beginner,
tricks and tips,
windows
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Basic Linux Commands For Beginners [Part I]
I thought I would be sharing the different linux commands from basic to advanced so that the new linux users will be benefited so I'm starting this post and I'll continue to post more commands. This is the first one with the most basic commands to use in terminal.
Note that the linux commands are case-sensitive so be careful with the case while executing the commands.
Command to change directory
cd /home: This changes the current working directory to /home. The '/' indicates the path relative to root, and the directory will be changed to "/home", no matter what directory you are in when you execute this command.
cd samar: This changes the current working directory to samar, relative to the current location which is "/home". The full path of the new working directory is "/home/samar".
cd ..: This moves to the parent directory from the current directory. Hence on executing this command, our new directory will be "/home".
cd ~: This changes the current directory to the user's home directory which is "/home/samar" for the user "samar". The ~ indicates the home directory of the currently logged in user.
List the files and folders present in the current directory
ls: List the files and folders in the current working directory except those starting with . and only show the file name.
Using the different switches such as ls -lia, ls -al would output other more information such as ownership, chmod info, etc. of the files in the current directory.
concatenate files and send the contents to the standard output. This command comes quite handy in many cases and with the use of the redirection, we can send the contents to other outputs such as files and others.
cat /etc/passwd: sends the file content of the file "/etc/passwd" to the standard output i.e. monitor.
cat /etc/passwd>/home/samar/Desktop/pass.txt: writes the content of the "/etc/passwd" file to the "/home/samar/Desktop/pass.txt" file.
cat file1 file2 > file3.txt: concatenates the content of "file1" with that of "file2" and writes to "file3.txt"
For now, I will leave you to do some study on these commands. You can use man page or info to find more about these commands(I'll leave it for you to research). Have fun. :)
Read more...
Note that the linux commands are case-sensitive so be careful with the case while executing the commands.
cd
Command to change directory
cd /home: This changes the current working directory to /home. The '/' indicates the path relative to root, and the directory will be changed to "/home", no matter what directory you are in when you execute this command.
cd samar: This changes the current working directory to samar, relative to the current location which is "/home". The full path of the new working directory is "/home/samar".
cd ..: This moves to the parent directory from the current directory. Hence on executing this command, our new directory will be "/home".
cd ~: This changes the current directory to the user's home directory which is "/home/samar" for the user "samar". The ~ indicates the home directory of the currently logged in user.
ls
List the files and folders present in the current directory
ls: List the files and folders in the current working directory except those starting with . and only show the file name.
Using the different switches such as ls -lia, ls -al would output other more information such as ownership, chmod info, etc. of the files in the current directory.
cat
concatenate files and send the contents to the standard output. This command comes quite handy in many cases and with the use of the redirection, we can send the contents to other outputs such as files and others.
cat /etc/passwd: sends the file content of the file "/etc/passwd" to the standard output i.e. monitor.
cat /etc/passwd>/home/samar/Desktop/pass.txt: writes the content of the "/etc/passwd" file to the "/home/samar/Desktop/pass.txt" file.
cat file1 file2 > file3.txt: concatenates the content of "file1" with that of "file2" and writes to "file3.txt"
For now, I will leave you to do some study on these commands. You can use man page or info to find more about these commands(I'll leave it for you to research). Have fun. :)
Read more...
Basic Linux Commands For Beginners [Part I]
2010-10-02T22:00:00+05:45
Cool Samar
beginner|linux|tricks and tips|
Comments
Labels:
beginner,
linux,
tricks and tips
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Friday, 1 October 2010
Checking MD5 sum of file in Linux
Linux offers a command line tool called md5sum which can be used to find the md5 checksum of the files in LINUX.
The info md5sum displays the following information about this command.
File: *manpages*, Node: md5sum, Up: (dir)
MD5SUM(1) User Commands MD5SUM(1)
NAME
md5sum - compute and check MD5 message digest
SYNOPSIS
md5sum [OPTION] [FILE]...
DESCRIPTION
Print or check MD5 (128-bit) checksums. With no FILE, or when FILE is
-, read standard input.
-b, --binary
read in binary mode
-c, --check
read MD5 sums from the FILEs and check them
-t, --text
read in text mode (default)
The following two options are useful only when verifying checksums:
--status
don't output anything, status code shows success
-w, --warn
warn about improperly formatted checksum lines
--help display this help and exit
--version
output version information and exit
The sums are computed as described in RFC 1321. When checking, the
input should be a former output of this program. The default mode is
to print a line with checksum, a character indicating type (`*' for
binary, ` ' for text), and name for each FILE.
AUTHOR
Written by Ulrich Drepper, Scott Miller, and David Madore.
REPORTING BUGS
Report bugs to.
COPYRIGHT
Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
SEE ALSO
The full documentation for md5sum is maintained as a Texinfo manual.
If the info and md5sum programs are properly installed at your site,
the command
info md5sum
should give you access to the complete manual.
GNU coreutils 6.9.92.4-f088d-dirtJanuary 2008 MD5SUM(1)
Read more...
The info md5sum displays the following information about this command.
File: *manpages*, Node: md5sum, Up: (dir)
MD5SUM(1) User Commands MD5SUM(1)
NAME
md5sum - compute and check MD5 message digest
SYNOPSIS
md5sum [OPTION] [FILE]...
DESCRIPTION
Print or check MD5 (128-bit) checksums. With no FILE, or when FILE is
-, read standard input.
-b, --binary
read in binary mode
-c, --check
read MD5 sums from the FILEs and check them
-t, --text
read in text mode (default)
The following two options are useful only when verifying checksums:
--status
don't output anything, status code shows success
-w, --warn
warn about improperly formatted checksum lines
--help display this help and exit
--version
output version information and exit
The sums are computed as described in RFC 1321. When checking, the
input should be a former output of this program. The default mode is
to print a line with checksum, a character indicating type (`*' for
binary, ` ' for text), and name for each FILE.
AUTHOR
Written by Ulrich Drepper, Scott Miller, and David Madore.
REPORTING BUGS
Report bugs to
COPYRIGHT
Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
SEE ALSO
The full documentation for md5sum is maintained as a Texinfo manual.
If the info and md5sum programs are properly installed at your site,
the command
info md5sum
should give you access to the complete manual.
GNU coreutils 6.9.92.4-f088d-dirtJanuary 2008 MD5SUM(1)
Read more...
Checking MD5 sum of file in Linux
2010-10-01T22:55:00+05:45
Cool Samar
linux|tricks and tips|
Comments
Labels:
linux,
tricks and tips
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Wednesday, 29 September 2010
Running firefox inside firefox
This is not a useful thing but still is a fun trick to show to your friends.
Just paste the following code in your mozilla firefox address bar and hit ENTER to see the new firefox inside the firefox.
View the screenshot below to see how it looks like:
Read more...
Just paste the following code in your mozilla firefox address bar and hit ENTER to see the new firefox inside the firefox.
chrome://browser/content/browser.xul
View the screenshot below to see how it looks like:
Read more...
Running firefox inside firefox
2010-09-29T23:54:00+05:45
Cool Samar
fun|mozilla firefox|tricks and tips|
Comments
Labels:
fun,
mozilla firefox,
tricks and tips
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Batch to C Converter
This small snippet of C source code converts the commands of batch (i.e. the commands you type in command prompt) into the C source code. It was compiled in Dev-CPP and is pretty basic. I hope some of you might find it useful. It just uses the system() command of stdlib.h header file.
Source code:
Have fun :)
Read more...
Source code:
/*********************************************
* Batch DOS To C Source Code Converter v.1.1 *
* Coded by Samar Dhwoj Acharya aka $yph3r$am *
* Website => http://techgaun.blogspot.com *
* E-mail meh at samar_acharya[at]hotmail.com *
* I know to code: PHP, PERL, C, JAVA, PYTHON *
*********************************************/
//include header files...
#include <stdio.h>
#include <conio.h>
#include <stdlib.h>
#include <ctype.h>
#include <string.h>
int main()
{
FILE *fp;
char filename[30]; //filename for source code
// starting header of outputted file
char header[300] = "/*\nBatch DOS command To C Source Converter\nBy sam207 (samar_acharya[at]hotmail.com)\nhttp://www.sampctricks.blogspot.com\nhttp://nepali.netau.net\n*/\n";
//all the includes in output file
char incs[200] = "#include <stdio.h>\n#include <conio.h>\n#include <stdlib.h>\nint main()\n{\n";
//end part of output file
char end[50] = "\tgetch();\n}";
//for command
char cmd[150];
printf("\t+----------------------------+\n");
printf("\t|BATCH TO C SOURCE CONVERTER |\n");
printf("\t|CODED BY SAMARDHWOJ ACHARYA |\n");
printf("\t+----------------------------+\n");
printf("\nEnter the filename(with .c extension): ");
scanf("%s",filename);
fp = fopen(filename,"w");
if (fp==NULL)
{
printf("Some error occurred while opening file");
getch();
exit(1);
}
else
{
fprintf(fp,"%s%s",header,incs);
printf("\nNow start entering DOS commands: \n");
printf("When finished, type 'end' for the end of commands\n");
printf("\nStart:\n\n");
gets(cmd);
while (1)
{
gets(cmd);
if (!strcmp(cmd,"end"))
{
break; //if end is typed, get out of loop
}
fprintf(fp,"\tsystem(\"%s\");\n",cmd);
}
fprintf(fp,"\tprintf(\"\\n\");");
fprintf(fp,"\n%s",end);
printf("\n\nFile successfully created");
printf("\nNow compile it with any C compiler");
printf("\nThanks for using this little app");
fclose(fp);
}
getch();
}
Read more...
Batch to C Converter
2010-09-29T22:00:00+05:45
Cool Samar
C/C++|programming|
Comments
Labels:
C/C++,
programming
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Tuesday, 28 September 2010
Full path disclosure tutorial
Full path disclosure(FPD) is the revelation of the full operating path of a vulnerable script. Full Path Disclosure vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/samar/public_html/. FPD bugs are executed by providing unexpected characters to the vulnerable functions that will in return output the full path of the vulnerable script.
FPD bugs are often overlooked and are not considered as the security threat by many webmasters but that's not true. FPD might be useful for the hackers to determine the structure of the server and they can utilize it to perform other attacks such as file inclusion attacks or load_file() attacks via sql injection.
How to execute FPD
a) Nulled session cookie
Nulled session injection or illegal session injection is done by changing the value of session cookie to an invalid or illegal character.
Illegal Session Injection is made possible via changing the value of the session cookie to an invalid, or illegal character. The most common method is by injecting the NULL character to the PHPSESSID cookie. To inject a PHPSESSID cookie, use JavaScript injection via the URL bar:
On setting the PHPSESSID cookie value to NULL, we can see the result like:
b) Array parameter injection(Empty array)
This is another common method of executing the full path disclosure vulnerabilities and usually works for me in many sites. There are different PHP functions which will output warning message along with the full path of the script such as htmlentities(), mysql_num_rows(), opendir(), etc.
We can exploit the $_GET variables... Lets take a simple example:
Now, lets exploit the $_GET['page'] variable which will look as below:
The full path disclosure can be prevented by turning off the display of errors either in php.ini configuration file or in the script itself:
php.ini
in php scripts
Read more...
FPD bugs are often overlooked and are not considered as the security threat by many webmasters but that's not true. FPD might be useful for the hackers to determine the structure of the server and they can utilize it to perform other attacks such as file inclusion attacks or load_file() attacks via sql injection.
How to execute FPD
a) Nulled session cookie
Nulled session injection or illegal session injection is done by changing the value of session cookie to an invalid or illegal character.
Illegal Session Injection is made possible via changing the value of the session cookie to an invalid, or illegal character. The most common method is by injecting the NULL character to the PHPSESSID cookie. To inject a PHPSESSID cookie, use JavaScript injection via the URL bar:
javascript:void(document.cookie="PHPSESSID=");
On setting the PHPSESSID cookie value to NULL, we can see the result like:
Warning: session_start() [function.session-start]: The session id contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in /home/samar/public_html/includes/functions.php on line 3
valid characters are a-z, A-Z, 0-9 and '-,' in /home/samar/public_html/includes/functions.php on line 3
b) Array parameter injection(Empty array)
This is another common method of executing the full path disclosure vulnerabilities and usually works for me in many sites. There are different PHP functions which will output warning message along with the full path of the script such as htmlentities(), mysql_num_rows(), opendir(), etc.
We can exploit the $_GET variables... Lets take a simple example:
http://localhost/index.php?page=main
Now, lets exploit the $_GET['page'] variable which will look as below:
http://localhost/index.php?page[]=main
The full path disclosure can be prevented by turning off the display of errors either in php.ini configuration file or in the script itself:
php.ini
display_errors = 'off'
in php scripts
error_reporting(0);
//or
ini_set('display_errors', false);
//or
ini_set('display_errors', false);
Read more...
Full path disclosure tutorial
2010-09-28T20:53:00+05:45
Cool Samar
hacking|php|security|
Comments
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Nepali MP3 Songs Downloads [My Playlist]
Some of the nepali songs from my playlist, they are great songs to listen. If you need any other songs, request in this post and I shall try to find them for you.
Download different MP3 songs from the following folder:
Nepali MP3 collection
The songs available for the downloads are:
1) Amar rahos timro maya - phursang lama
2) Antim maya
3) bhoolmaa bhulyo - Robin
4) Bihana pahile ghaama udaune[patriotic song] - Sindhu Jalesa
5) Birsana - Aastha
6) Birshu Bhanchhu - Impulse 21 (confused :p)
7) Harpal tyo timro - Aastha
8) Malai bholi kei bhaye - Karna Das
9) Nabhana mero - Adrian Pradhan [1974 A.D.]
10) Pagal nabhana malai - The Edge
11) Prayas - The Edge
12) Sadhai sadhai
13) Samikshya - Vedh (confused again)
14) timi binaako jeevan
15) timilai odaidiyeko ghumto - sayas
16) Timro sparsa - Basan Shrestha
I'm confused with the name of singers of some songs(I usually don't try to know the artists)...
Enjoy my playlist. :)
Read more...
Download different MP3 songs from the following folder:
Nepali MP3 collection
The songs available for the downloads are:
1) Amar rahos timro maya - phursang lama
2) Antim maya
3) bhoolmaa bhulyo - Robin
4) Bihana pahile ghaama udaune[patriotic song] - Sindhu Jalesa
5) Birsana - Aastha
6) Birshu Bhanchhu - Impulse 21 (confused :p)
7) Harpal tyo timro - Aastha
8) Malai bholi kei bhaye - Karna Das
9) Nabhana mero - Adrian Pradhan [1974 A.D.]
10) Pagal nabhana malai - The Edge
11) Prayas - The Edge
12) Sadhai sadhai
13) Samikshya - Vedh (confused again)
14) timi binaako jeevan
15) timilai odaidiyeko ghumto - sayas
16) Timro sparsa - Basan Shrestha
I'm confused with the name of singers of some songs(I usually don't try to know the artists)...
Enjoy my playlist. :)
Read more...
Nepali MP3 Songs Downloads [My Playlist]
2010-09-28T20:02:00+05:45
Cool Samar
music|nepali songs|
Comments
Labels:
music,
nepali songs
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Monday, 27 September 2010
Edjpgcom - add comments inside a jpg image
We can sometimes exploit the image upload features and then use file inclusion vulnerabilities to get shell in a server. If the image upload form only allows the .jpg and other valid image files and you locate a local file inclusion vulnerability, you can upload the malicious jpg file containing the PHP code as the commment in it.
In order to add the comment easily inside the jpg images, we can use a small tool called edjpgcom, a jpg commenter. You can drag a jpg image to the edjpgcom icon which will open a window to add comment to the jpg image.
Download EDJPGCOM
Read more...
In order to add the comment easily inside the jpg images, we can use a small tool called edjpgcom, a jpg commenter. You can drag a jpg image to the edjpgcom icon which will open a window to add comment to the jpg image.
Download EDJPGCOM
Read more...
Edjpgcom - add comments inside a jpg image
2010-09-27T07:57:00+05:45
Cool Samar
hacking|remote code exection|tricks and tips|
Comments
Labels:
hacking,
remote code exection,
tricks and tips
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Subscribe to:
Posts (Atom)